ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://vy.ijnggpi.com/ftx/.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1837533
IOC: https://vy.ijnggpi.com/ftx/
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown RAT
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS54548 PROFITBRICKS-USA
Country:- US
First seen:2026-06-25 18:52:47 UTC
Last seen:never
UUID:11c5e041-70b0-11f1-97fa-42010aa4000a
Reporter gh0styippe
Reward 5 credits from ThreatFox
Tags:ConnectWise phishing rmm ScreenConnect telegram
Reference: https://app.any.run/tasks/f3810d99-b455-4a43-b184-4a91b53cf278

Avatar
gh0styippe
DocuSign-themed phishing page delivering malicious ScreenConnect MSI. Page performs IP geolocation via ipapi.co and sends victim notification via Telegram bot API. MSI connects to attacker relay instance-g63lkz-relay.screenconnect.com:443.