ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain instance-g63lkz-relay.screenconnect.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1837541
IOC: instance-g63lkz-relay.screenconnect.com
IOC Type :domain
Threat Type :botnet_cc
Malware: Unknown RAT
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS16276 OVH
Country:- FR
First seen:2026-06-25 18:52:41 UTC
Last seen:never
UUID:5644d79f-70b0-11f1-97fa-42010aa4000a
Reporter gh0styippe
Reward 5 credits from ThreatFox
Tags:ConnectWise rmm ScreenConnect
Reference: https://app.any.run/tasks/f3810d99-b455-4a43-b184-4a91b53cf278

Avatar
gh0styippe
Attacker-controlled ScreenConnect relay server. Instance ID 1ed0f3658953909a. Delivered via phishing at vy.ijnggpi.com/ftx/.