ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://bill.shoe88.tk:8443/api/v2/login.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:840583
IOC: https://bill.shoe88.tk:8443/api/v2/login
IOC Type :url
Threat Type :botnet_cc
Malware: Cobalt Strike
Malware alias:Agentemis, BEACON, CobaltStrike, cobeacon
Confidence Level : Confidence level is high (100%)
First seen:2022-07-31 14:10:48 UTC
Last seen:never
UUID:939158d2-10da-11ed-addc-42010aa4000a
Reporter drb_ra
Reward 5 credits from ThreatFox
Tags:ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd. CobaltStrike

Avatar
drb_ra
Cobalt Strike Server Found
C2: HTTPS @ 59[.]110[.]168[.]76:8443
C2 Server: bill[.]shoe88[.]tk,/api/v2/login
POST URI: /api/v2/status
Country: China
ASN: ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd.
Host Header: bill[.]shoe88[.]tk