ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain salinasrent.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1771244
IOC: salinasrent.com
IOC Type :domain
Threat Type :botnet_cc
Malware: EtherRAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS400992 ZHOUYISAT-COMMUNICATIONS
Country:- RU
First seen:2026-03-19 06:25:28 UTC
Last seen:never
UUID:f19f51de-2348-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:blockchain-C2 DDR Ethereum EtherRat
Reference: https://etherscan.io/address/0xe26c57b7fa8de030238b0a71b3d063397ac127d3

Avatar
Lenny_3BO
EtherRAT C2 domains resolved via Ethereum smart contract 0xe26c57b7. Blockchain DDR with 5-min refresh across 9 public RPC endpoints. JS RAT with polymorphic re-obfuscation, long-poll task dispatch, trojanized Kusto Explorer MSI delivery. Register-and-rotate pattern: 9/11 domains registered same day as contract update.