ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain frreliny.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1831592
IOC: frreliny.com
IOC Type :domain
Threat Type :botnet_cc
Malware: Unidentified 001
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
First seen:2026-06-13 15:05:04 UTC
Last seen:never
UUID:54a5e464-667f-11f1-9e0e-42010aa4000a
Reporter gh0styippe
Reward 5 credits from ThreatFox
Tags:ConnectWise Ransomware rmm ScreenConnect
Reference: https://tria.ge/260612-t6hq3sbs8p

Avatar
gh0styippe
Malicious ScreenConnect client deployment using revoked ConnectWise certificate. Connection string: h=frreliny.com, p=8041. Two unique session GUIDs observed across sandbox runs. Registers LSA Authentication Package and Credential Provider for persistence. Volume Shadow Copy interaction suggests ransomware precursor activity.