Home/Cobalt Strike/IOCs
IOCs

Indicators for Cobalt Strike

1,647 indicators · scoped to malware families · back to Cobalt Strike
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

Indicators

100 of 1,647
ip:port
185[.]234[.]157[.]185:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
175[.]178[.]36[.]137:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
106[.]75[.]252[.]66:8080
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]252[.]232[.]23:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
81[.]172[.]90[.]197:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]216[.]54[.]73:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]216[.]116[.]64:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
192[.]200[.]220[.]100:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
106[.]75[.]252[.]66:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]98[.]107[.]233:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
203[.]195[.]157[.]138:8443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
182[.]92[.]115[.]48:7777
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
130[.]94[.]14[.]186:5555
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]86[.]76[.]154:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
119[.]29[.]112[.]239:8005
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
207[.]56[.]229[.]234:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
206[.]119[.]173[.]149:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
101[.]126[.]150[.]253:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
27[.]124[.]19[.]53:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]236[.]91[.]172:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]14[.]248[.]199:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]14[.]248[.]199:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]122[.]118[.]104:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
207[.]56[.]229[.]234:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
155[.]138[.]147[.]166:5555
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
107[.]173[.]186[.]7:8001
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
123[.]57[.]208[.]37:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
118[.]31[.]62[.]238:8080
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
1[.]117[.]61[.]9:8443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
ct[.]feliz[.]icu
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
47[.]102[.]184[.]26:8443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]121[.]117[.]88:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
147[.]78[.]2[.]110:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]121[.]117[.]88:8443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
113[.]31[.]115[.]231:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
43[.]139[.]170[.]200:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
168[.]222[.]97[.]93:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
168[.]222[.]97[.]93:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
161[.]248[.]87[.]10:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
118[.]31[.]62[.]238:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]72[.]168[.]103:50011
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
101[.]132[.]156[.]12:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
101[.]35[.]102[.]87:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]50[.]184[.]221:10080
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
112[.]124[.]71[.]123:55555
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]55[.]124[.]41:16571
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]245[.]28[.]187:4440
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]72[.]198[.]62:9987
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
150[.]158[.]109[.]61:9090
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
112[.]213[.]106[.]53:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
142[.]171[.]172[.]100:17443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
api[.]apifox[.]top
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
39nasm720z98q[.]cfc-execute[.]bj[.]baidubce[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
139[.]226[.]191[.]247:2082
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
139[.]196[.]50[.]117:9930
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
106[.]53[.]82[.]117:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
202[.]95[.]18[.]30:53
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
ns1[.]cacheflow[.]top
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
47[.]94[.]168[.]149:9999
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]83[.]254[.]175:1102
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
1364170351-kld29tgkc1[.]ap-guangzhou[.]tencentscf[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
45[.]202[.]249[.]88:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]202[.]249[.]88:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
49[.]7[.]54[.]204:8901
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
106[.]14[.]116[.]17:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
101[.]33[.]225[.]32:8011
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]207[.]192[.]190:30078
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
207[.]56[.]226[.]75:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]72[.]168[.]103:16337
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
static[.]slbc7890[.]shop
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
68[.]64[.]178[.]130:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
39[.]101[.]78[.]48:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
124[.]223[.]90[.]150:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
103[.]53[.]81[.]232:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
103[.]53[.]81[.]232:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
1[.]15[.]100[.]187:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
www[.]pronhub[.]shop
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
update[.]javashell[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
1325813086-kvn4jlpgeu[.]ap-shanghai[.]tencentscf[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
1364170351-ivarm6apjz[.]ap-guangzhou[.]tencentscf[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
4176rbz8vepn6[.]cfc-execute[.]bj[.]baidubce[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
www[.]cement-chemistry[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
8[.]211[.]130[.]16:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]245[.]156[.]179:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
webshareclouds[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
perfectgo[.]top
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
83[.]147[.]19[.]38:7899
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]130[.]80[.]145:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
154[.]219[.]115[.]123:61443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
119[.]29[.]198[.]193:8555
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
77[.]74[.]201[.]243:53
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
t[.]shakesnap[.]net
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
t2[.]shakesnap[.]net
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
8[.]130[.]173[.]155:30006
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
31[.]7[.]62[.]178:14443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
80[.]78[.]22[.]41:783
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
49[.]232[.]90[.]5:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]227[.]253[.]121:51227
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]165[.]21[.]163:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
151[.]245[.]90[.]45:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
Showing 101-200 of 1,647
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin