ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 178.236.252.157:443.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1771248
IOC: 178.236.252.157:443
IOC Type :ip:port
Threat Type :botnet_cc
Malware: ACR Stealer
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS205775 neoncorenetworks
Country:- US
First seen:2026-03-19 06:25:27 UTC
Last seen:never
UUID:239bd36e-2349-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ACRStealer nginx POST-only VDSINA wke-sideload

Avatar
Lenny_3BO
ACR Stealer C2 node on vdsina.com bulletproof hosting (9 ASN shell labels). Behavioral fingerprint: nginx/1.24.0 Ubuntu, HTTP 405 POST-only (Allow: POST), POST returns Invalid request body (400), self-signed ECDSA secp256r1 cert CN=IP. Stealer uses wke.dll DLL sideloading, encrypted overlay with stream cipher, dead drop resolver via Google Docs/Steam/Telegraph.