IOC Radar
IPMediumSignal 100/100

198.12.73.140

Location
United StatesUnited States
Buffalo, New York
ASN
AS36352
RackNerd LLC
First Seen
Mar 28, 2025
Last Seen
Jan 23, 2026
Mar 28
First Seen
442d ago
Jan 23
Last Seen
141d ago
9
Reports
source reports
99%
Confidence
medium
6/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryUSUnited States
RegionBuffalo, New York
ASNAS36352
OrganizationRackNerd LLC

IP Category

Proxy
Proxy server
Hosting
Hosting provider

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
abuseabusech-threatfox-c2cagent teslaapi contactaptas-colocrossingbeaconbeaconing activitybotnetc2c2 communicationcensyscobaltcobalt strikecobaltstrikecommand and controlcompromised systemcredential harvestingcs-watermark-100000data encryptiondata exfiltrationdistributed attacksextortionfeedfindindicators of compromiseiociocslateral movementlinkedin pagemalicious softwaremalwaremalware distributionnanocore ratnetworknetwork traffic analysisnorth americanvisopayload deliveryphishing attackpost-exploitation activityprocess injectionprotectproxyransomwareransomware feedremote access trojanresearchedsecurity operationssentinel mispshodansocial engineeringstrongsystem disruptiont1005t1016t1021t1027t1041t1047t1049t1053t1055t1059t1059.001t1068t1071t1071.001t1083t1095t1105t1129t1134t1486t1490t1496t1499.002t1499.003t1543t1565t1566t1566.001t1566.002t1566.003t1569.002t1574threat actorthreat feedthreat intelligencethreatfox iocsunited statesvshell

Activity Timeline

1 total obs
Jan 23Jan 23

Threat Activity Heatmap

· Peak: 2026-01-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, represents a critical threat to organizational security and demands immediate attention. With a perfect score of 100.0, this IP address is strongly associated with malicious activities, particularly Command and Control (C2) operations for the sophisticated Cobalt Strike framework and Vshell malware. The presence of this IOC within an organization's network perimeter or logs indicates a high likelihood of an ongoing intrusion or a targeted atta…

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenMar 28, 2025
Last seenJan 23, 2026
GeolocationUS
CountryUnited States
LocationBuffalo, New York
ASNAS36352
OrgRackNerd LLC
Coords42.8864, -78.8784
ProxyHosting

VirusTotal

6/ 91vendors flagged
7% detection rateJun 3, 2026

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
HostPapa CC-09 (NET-198-12-64-0-1) 198.12.64.0 - 198.12.127.255 RackNerd LLC CC-198-12-73-0-24 (NET-198-12-73-0-1) 198.12.73.0 - 198.12.73.255
references
https://threatfox.abuse.ch/export/csv/recent/, https://precisionsec.com/threat-intelligence-feeds/cobaltstrike/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 9 threat reports