IOCs · Cobalt Strike · threatengine.sh

Home/Cobalt Strike/IOCs

IOCs

Indicators for Cobalt Strike

1,647 indicators · scoped to malware families · back to Cobalt Strike

Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this tool uses. All indicators are defanged for safe handling.

⚠

Indicators

100 of 1,647

ip:port

103[.]73[.]66[.]43:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

43[.]199[.]78[.]142:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

n1[.]google-analytcis[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

n2[.]google-analytcis[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

n3[.]google-analytcis[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

lab[.]google-analytcis[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

116[.]62[.]64[.]54:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

183[.]63[.]173[.]29:8008

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

43[.]163[.]112[.]217:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

154[.]201[.]74[.]112:2052

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

dakk5rnsax46s[.]cfc-execute[.]su[.]baidubce[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

178[.]16[.]55[.]53:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

116[.]203[.]31[.]207:9999

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

150[.]187[.]25[.]242:9999

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]138[.]167[.]123:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

119[.]29[.]231[.]118:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

116[.]198[.]233[.]179:6666

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]52[.]208[.]143:46000

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]184[.]172:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

116[.]62[.]64[.]54:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

116[.]198[.]233[.]179:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

129[.]211[.]31[.]181:8088

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

107[.]174[.]115[.]43:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

38[.]38[.]250[.]99:5800

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

45[.]204[.]216[.]24:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

129[.]211[.]31[.]181:4433

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]219[.]76[.]168:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]105[.]36[.]109:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]105[.]165[.]37:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

217[.]154[.]212[.]25:3000

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]181[.]104:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]236[.]130[.]154:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

103[.]125[.]248[.]109:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

193[.]112[.]84[.]248:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ns3[.]nsebseshop[.]cloud

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

ns2[.]nsebseshop[.]cloud

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

ns1[.]nsebseshop[.]cloud

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

47[.]117[.]143[.]185:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]152[.]99[.]85:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

112[.]125[.]19[.]107:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

217[.]154[.]212[.]25:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

156[.]227[.]233[.]153:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]109[.]145[.]121:8080

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

107[.]173[.]122[.]193:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ns3[.]admlistdel[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

ns2[.]admlistdel[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

82[.]156[.]156[.]160:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]147[.]128[.]54:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]107[.]136[.]106:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]137[.]149[.]67:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]109[.]48[.]57:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]109[.]48[.]57:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

39[.]104[.]78[.]25:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]155[.]0[.]238:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

119[.]45[.]29[.]172:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

68[.]64[.]176[.]42:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ns1[.]admlistdel[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

47[.]109[.]198[.]8:6000

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

101[.]43[.]91[.]156:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

59[.]110[.]7[.]32:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

129[.]28[.]85[.]210:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

111[.]229[.]4[.]108:2096

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

1[.]15[.]174[.]189:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]140[.]239[.]162:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

msg[.]msdegeup[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

138[.]124[.]15[.]54:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

117[.]72[.]206[.]39:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]75[.]215[.]96:8081

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]54[.]61[.]188:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

118[.]26[.]39[.]237:8443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

124[.]223[.]114[.]203:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

101[.]35[.]109[.]246:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

103[.]171[.]35[.]26:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

60[.]204[.]169[.]16:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

179[.]43[.]186[.]223:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]134[.]70[.]73:7777

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

8[.]134[.]70[.]73:88

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

38[.]54[.]112[.]234:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

asusupdateserver[.]asuscomm[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

skyprotech[.]ru

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

accesserdsc[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

202[.]146[.]218[.]74:2024

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

118[.]31[.]114[.]149:8081

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

113[.]45[.]253[.]80:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

112[.]126[.]68[.]61:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]93[.]28[.]103:33333

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

43[.]143[.]229[.]126:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ehchq7m7rpvdr[.]cfc-execute[.]bj[.]baidubce[.]com

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

106[.]75[.]224[.]31:8082

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

106[.]75[.]224[.]31:8081

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]116[.]208[.]81:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

120[.]24[.]64[.]74:63211

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

47[.]93[.]28[.]103:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

www[.]dyshop[.]online

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

47[.]129[.]171[.]26:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

domain

ns[.]1[.]3[.]0o0[.]foo

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

domain

ns[.]1[.]4[.]0o0[.]foo

family Cobalt Strike source threatfox

VirusTotal OTX urlscan crt.sh SecurityTrails Talos Pulsedive

ip:port

169[.]239[.]129[.]45:53

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

120[.]24[.]64[.]74:80

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

ip:port

20[.]74[.]209[.]192:443

family Cobalt Strike source threatfox

VirusTotal AbuseIPDB Shodan GreyNoise OTX Censys Talos Pulsedive

Showing 601-700 of 1,647

Prev 7 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin