ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain dktourandtaxi.in.net.
Database Entry
| IOC ID: | 1675356 |
|---|---|
| IOC: | dktourandtaxi.in.net |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | Remcos |
| Malware alias: | RemcosRAT, Remvio, Socmer |
| Confidence Level : | Confidence level is moderate (50%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2025-12-11 13:11:56 UTC |
| Last seen: | 2025-12-11 08:30:58 UTC |
| UUID: | 25f23626-d66a-11f0-a341-42010aa4000a |
| Reporter | Anonymous |
| Reward | 5 credits from ThreatFox |
| Tags: | js RAT RemcosRAT |
| Reference: | https://bazaar.abuse.ch/browse/ |
Anonymous
"The reported IOCs (domains) are associated with a known RemcosRAT campaign.IOC Type: C2 Domain (Command & Control).
Threat Type: botnet_cc
Malware Family: win.remcos (aka Remcos/Remvio/Socmer).
Source of Information: The domains were cross-validated via Abuse.ch's Malware Bazaar (as per the Reference URL: https://bazaar.abuse.ch/browse/).
Confidence Rationale: Confidence is set to Moderate (50%) due to the external validation from a trusted source (Abuse.ch), suggesting active use of these domains for Remcos C2 communication. It is recommended to implement these IOCs into network blocklists for mitigation."