ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 176.65.144.30:1337.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1834913
IOC: 176.65.144.30:1337
IOC Type :ip:port
Threat Type :botnet_cc
Malware: NetSupportManager RAT
Malware alias:NetSupport
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS209413 DEDIK-CH
First seen:2026-06-21 18:27:31 UTC
Last seen:never
UUID:1e568fb6-6d95-11f1-9258-42010aa4000a
Reporter Justice_Hammer
Reward 5 credits from ThreatFox
Tags:ClickFix evalusion jarm:1276612955 merry-florist NetSupport port:1337 single-gateway unc2190

Avatar
Justice_Hammer
NetSupport RAT gateway. JARM: 1276612955. Cert: WIN-NURBRVQA2UR (self-signed, valid 2026-03-31–2026-09-30). 33 rotating C2 domains all resolve here. GSK keys (per-wave): ZSFDSFF(*SS / SADSADFESETRBEY / &TT8{V_3QR / SDFYDFSGDF%FSDF. EVALUSION/UNC2190 cluster attribution (medium confidence). Shared RADIUSSecret + cracked licensee DCVTTTUUEEW23 + infra co-location. Caveat: cracked-toolkit artifacts; cluster-level selectivity only. No country attributed.