DomainMediumSignal 100/100
jrxsafer.top
Location
United StatesFirst Seen
Apr 2, 2025
Last Seen
Jun 5, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
aa25-141bactive scanactive scanningattackauthentication abuseautoitautomotive manufacturingbad reputationbitsight tracebotnetbotnet activitybrowser data theftbrute forcec2certcisacisa advisorycivil servicesclipboard hijackingcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescommunications networkscredential accesscredential harvestingcredential stuffingcredential theftcritical infrastructurecryptocurrencycryptocurrency theftcybercyber threatsdatadata encryptiondata exfiltrationdata store exposuredata theftddosdefense systemsdenial of servicedetected malicious activitydistributed attackselectronic health recordselectronics manufacturingemergency servicesencryptionenergyenergy distributionenergy systemsenumerationexploit deliveryexploitation activityextortionfbi alertfin scanfinancefinancial servicesfinancial systemsftpftp brute forcegenericghostgovernment facilitiesgovernment technologyhashmd5health care and social assistancehealth information technologyhealthcare information systemshigh technologyhospital managementhttp attackhttp brute forcehttp scannerhttpsidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninformation stealerinfostealerinfrastructure acquisitionreconnaissanceinfrastructure takedowningress tool transferinjection activityinput validation bypassiot securityloaderlocallummalumma stealerlumma stealer activitylummaclummac2lummac2 iocslummac2 malwarelummastealerlummastealer activitylummastealer activity detectedmaasmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalvertisingmalwaremalware campaignmalware distributionmalware-as-a-servicemanufacturing technologymatrixmedical servicesmetadata analysismfa token theftmitre attmobile carriersmobile networksmozillamulti-tiered c2netsupport ratnetworknetwork attacksnetwork protocolnetwork scanningnorth americanull scanoil & gasopcodeoperating systempassword attackpassword stealingpassword theftpath traversalpatient carephishingphishing attackphishing campaignpower generationpower systemsprocess injectionprocess manufacturingprotectpublic administrationpublic infrastructurepublic policyquality controlransomwareratreconnaissanceredlineregulatory agenciesremote accessremote servicesrenewable energyresearchedscripting attacksserviceservice scanshamelsocial engineeringsocial media securityssh attacksteamsteam profilestrongsupply chain attacksupply chain managementsyn scansystem disruptionsystem information discoveryt1003t1005t1012t1021t1021.001t1027t1033t1036t1040t1041t1046t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.005t1069.001t1071t1071.001t1076t1078t1082t1083t1086t1102t1105t1106t1110t1110.002t1113t1115t1119t1140t1189t1190t1204t1204.001t1204.002t1217t1486t1490t1496t1499.001t1499.002t1499.003t1531t1539t1547t1547.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573.001t1587.001t1590.001t1595t1595.001t1595.002t1595.003tabletcp protocoltelecom servicestelecommunicationsthreatthreat actortoolstor nodetransportation networkstrojan malwaretyposquattingudp port scanunited statesvulnerability scanwater systemsweb application attackweb application exploitationweb securityweb trafficwholesale and retailxmas scan
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **jrxsafer.top**, originating from the United States, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on April
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenApr 2, 2025
Last seenJun 5, 2026
VirusTotal
Not checked
WHOIS
- description
- Domain that is used for botnet Command&control (C&C)
- domain rank
- -1
- raw
- Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-03-27 00:00:00 Domain name: jrxsafer.top Domain registrar id: 303 Domain registrar url: http://publicdomainregistry.com Expiry date: 2026-03-27 00:00:00 Name server 1: maya.ns.cloudflare.com Name server 2: phil.ns.cloudflare.com Query time: 2025-03-28 12:29:33 Registrant city: 1f8f4166599d23ee Registrant company: 1f8f4166599d23ee Registrant country: Russia Registrant email: 29e2c061f3c9524es@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: 4607f0e8eab1e21a Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-03-27 00:00:00
- references
- https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector, https://www.bitsight.com/blog/lumma-stealer-is-out-of-business, https://labs.inquest.net/iocdb, https://threatfox.abuse.ch/export/csv/recent/, https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b, https://www.cisa.gov/sites/default/files/2025-05/AA25-141B-Threat-Actors-Deploy-LummaC2-Malware-to-Exfiltrate-Sensitive-Data-from-Organizations.stix_.json, https://x.com/K_N1kolenko/status/1909194467166282185, https://x.com/K_N1kolenko/status/1908158349394268390
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 9 days ago
Appeared in 17 threat reports