ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://1.15.235.47/ga.js.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:839649
IOC: http://1.15.235.47/ga.js
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
ASN:AS45090 TENCENT-NET-AP
Country:- CN
First seen:2022-07-26 14:20:16 UTC
Last seen:never
UUID:11ebdad9-0cee-11ed-8b86-42010aa4000a
Reporter drb_ra
Reward 5 credits from ThreatFox
Tags:CobaltStrike

Avatar
drb_ra
Cobalt Strike Server Found
C2: HTTP @ 1[.]15[.]235[.]47:80
C2 Server: 1[.]15[.]235[.]47,/ga[.]js
POST URI: /submit[.]php
Country: China
ASN: TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited