ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 156.251.162.29:80.

Database Entry


IOC ID:720304
IOC: 156.251.162.29:80
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike
Confidence Level : Confidence level is high (100%)
First seen:2022-06-23 11:36:23 UTC
Last seen:never
UUID:b5ab3362-f2e8-11ec-a2e7-42010aa4000a
Reporter @drb_ra
Reward 5 credits from ThreatFox
Tags:CNSERVERS CobaltStrike

Twitter
@drb_ra
Cobalt Strike Server Found
C2: HTTP @ 156[.]251[.]162[.]29:80
C2 Server: 156[.]251[.]162[.]29,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
POST URI: /N4215/adj/amzn[.]us[.]sr[.]aps
Country: HK
ASN: CNSERVERS
Host Header: www[.]amazon[.]com