IOC Radar
DomainMediumSignal 36/100

jimriehls.com

Location
GermanyGermany
First Seen
Apr 29, 2025
Last Seen
Feb 12, 2026
Apr 29
First Seen
419d ago
Feb 12
Last Seen
129d ago
9
Reports
source reports
36%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Feed Intelligence Summary

9 reports36% confidence
9
Source reports
36%
Confidence score
Category tags
account compromiseawsazurebackdoorbl networksbotnetc2cgi globalclick-based attackcommand and controlcompromised websitecredential harvestingcredential theftcybercxdata encryptiondata exfiltrationdistributed attackseuropeextortionfornex hostinggermanyheadless browserheadless browser automationindicatorinformation technologyinitial accessinjected linkinjected linksit infrastructurejavascript injectionlimitedmalicious linksmalicious pluginmalicious pluginsmalicious softwaremalwaremalware injectionnetworknorth americaphishing attackprivilege escalationprocess injectionprospero oooproton66 ooopublicraasransomwarered bytesremote accessresearchedsecurity operationssftp compromisesmartape ousocial engineeringsoftware developmentsolutions llpsupply chain attacksystem disruptiont1027t1055t1059.007t1068t1071.001t1078t1078.001t1078.004t1105t1133t1189t1190t1195t1195.001t1195.002t1199t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1505.003t1555t1565t1566t1566.001t1566.002t1566.003t1608.001third-party riskthreat intelligenceunited statesuser executionwordpress phishing campaignwp engine

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **jimriehls.com**, originating from Germany, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on April

Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
9
Reports
First seenApr 29, 2025
Last seenFeb 12, 2026

VirusTotal

Not checked

WHOIS

description
CyberCX has discovered a sophisticated phishing campaign named DarkEngine, which targets users of WP Engine, a managed WordPress hosting platform, and has been active since at least June 2024. The campaign employs SEO poisoning to lure victims to phishing sites mimicking the WP Engine login interface, enabling attackers to steal credentials and gain unauthorized access to WP Engine accounts and their associated WordPress sites. Once compromised, the attackers inject backdoors via malicious plugins and execute harmful JavaScript, affecting over 2,353 unique sites primarily in Australia and New Zealand, while also utilizing techniques like ClickFix to manipulate visitors into executing harmful commands. The operation employs a headless browser automation tool for exploitation, maintaining persistence through various backdoors and SFTP accounts..
domain rank
-1
raw
Administrative city: Kuala Lumpur Administrative country: Malaysia Administrative email: [email protected] Administrative state: Wilayah Persekutuan Create date: 2025-04-25 00:00:00 Domain name: jimriehls.com Domain registrar id: 460 Domain registrar url: http://www.webnic.cc Expiry date: 2026-04-25 00:00:00 Name server 1: koa.ns.cloudflare.com Name server 2: kim.ns.cloudflare.com Query time: 2025-04-26 11:08:35 Registrant city: d622b1166b297bee Registrant company: 20c6e82190de8bc4 Registrant country: Malaysia Registrant email: [email protected] Registrant fax: c3344f80ad4a9c61 Registrant name: edeae57e15fec50a Registrant phone: c3344f80ad4a9c61 Registrant state: f4e528a4fdf624a9 Registrant zip: eff8e039538ef902 Technical city: Kuala Lumpur Technical country: Malaysia Technical email: [email protected] Technical state: Wilayah Persekutuan Update date: 2025-04-25 00:00:00
references
https://connect.cybercx.com.au/dark-engine, https://storage.pardot.com/1069042/1748905703CCn8f7sn/CyberCX___WP_Engine_Report.pdf, https://threatfox.abuse.ch/export/csv/recent/
subdomains count
62

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 9 threat reports