IOCs · Cobalt Strike · threatengine.sh

Home/Cobalt Strike/IOCs

IOCs

Indicators for Cobalt Strike

1,647 indicators · scoped to malware families · back to Cobalt Strike

Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

⚠

Indicators

100 of 1,647

ip:port

43[.]133[.]41[.]106:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

42[.]192[.]49[.]72:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]107[.]85[.]83:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]106[.]144[.]162:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]100[.]168[.]4:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

43[.]139[.]169[.]60:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]111[.]146[.]110:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]243[.]175[.]24:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]239[.]188[.]48:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]122[.]30[.]177:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]122[.]1[.]243:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

61[.]166[.]154[.]109:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

49[.]235[.]177[.]231:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

81[.]70[.]255[.]195:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

81[.]69[.]98[.]230:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]210[.]78[.]137:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

83[.]229[.]126[.]65:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

81[.]71[.]159[.]99:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

83[.]229[.]123[.]61:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

83[.]229[.]126[.]183:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]153[.]205[.]30:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]137[.]149[.]67:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]93[.]28[.]103:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

60[.]205[.]139[.]210:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

lcowpowerlite[.]italynorth[.]cloudapp[.]azure[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

47[.]109[.]198[.]8:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]120[.]70[.]161:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]121[.]137[.]8:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]121[.]29[.]60:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

45[.]115[.]236[.]152:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]107[.]136[.]106:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]109[.]145[.]121:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

192[.]140[.]176[.]79:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

36[.]140[.]162[.]173:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]105[.]165[.]37:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

152[.]32[.]251[.]78:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

154[.]201[.]74[.]112:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

179[.]43[.]186[.]214:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

139[.]196[.]41[.]201:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

139[.]224[.]16[.]185:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

14[.]103[.]175[.]50:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

150[.]187[.]25[.]242:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

120[.]48[.]168[.]57:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

121[.]40[.]18[.]128:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

122[.]51[.]93[.]94:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

134[.]122[.]140[.]185:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]102[.]110:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]242[.]9:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

113[.]44[.]67[.]52:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

115[.]190[.]161[.]178:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]38[.]201[.]95:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]75[.]162[.]108:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]75[.]215[.]96:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]75[.]224[.]31:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]12[.]219[.]245:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]13[.]29[.]104:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]239[.]230[.]84:20000

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

149[.]129[.]37[.]105:30002

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

192[.]140[.]176[.]79:12124

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

107[.]150[.]105[.]91:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

111[.]92[.]243[.]40:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]12[.]219[.]245:8072

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]120[.]46[.]230:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

121[.]40[.]37[.]253:50059

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

167[.]179[.]76[.]179:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ns1[.]ns-apache[.]jo3[.]org

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

223[.]26[.]63[.]57:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]120[.]32[.]72:8075

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

121[.]4[.]92[.]72:5000

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

179[.]43[.]189[.]17:9443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

113[.]250[.]188[.]15:8078

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

139[.]196[.]41[.]201:30001

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]178[.]246:4848

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]98[.]253[.]102:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

120[.]48[.]168[.]57:8080

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

83[.]229[.]123[.]61:7777

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

139[.]224[.]16[.]185:1234

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

www[.]quick-shares[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

8[.]148[.]184[.]136:8880

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]178[.]246:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

38[.]49[.]57[.]15:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]243[.]238[.]194:54188

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

api[.]shenzhenschool[.]fun

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

115[.]190[.]233[.]79:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

101[.]34[.]205[.]214:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

103[.]171[.]35[.]66:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

107[.]149[.]192[.]54:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

124[.]222[.]218[.]20:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

124[.]221[.]255[.]78:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

123[.]56[.]78[.]220:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

152[.]32[.]202[.]240:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

150[.]158[.]119[.]242:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

165[.]154[.]244[.]73:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

156[.]225[.]20[.]77:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

182[.]92[.]239[.]94:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]105[.]160[.]175:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

38[.]38[.]250[.]99:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

211[.]184[.]175[.]246:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

45[.]58[.]56[.]34:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]130[.]80[.]145:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

Showing 401-500 of 1,647

Prev 5 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin