IOC Radar
DomainMediumSignal 81/100

raxelpak.com

Location
GermanyGermany
First Seen
Feb 10, 2026
Last Seen
Jun 2, 2026
Feb 10
First Seen
131d ago
Jun 2
Last Seen
19d ago
10
Reports
source reports
81%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

10 reports81% confidence
10
Source reports
81%
Confidence score
Category tags
abuseabuse.ch threatfox apiabusech-threatfox-c2cactive scanactive scanningalienvault_ransomwareappleapplication layer protocolaptapt activityapt group activityasyncratattackauto-generatedautomated analysisautomated attackautomated osintautomated scanautomated threatautomated threat detectionbackdoorbad reputationbotnetbotnet activitybotnet trafficbotnet_c2brute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 candidatesc2 channelc2 communicationc2 frameworkc2 infrastructurec2-infrastructurecephalus ransomwareclaude aiclaude artifactcobaltcobalt strikecobalt-strikecobaltstrikecommand & controlcommand and controlcommand-and-controlcommand_executioncommunication protocolcompromised hostcompromised host detectioncompromised hostscompromised systemcredential accesscredential harvestingcredential stuffingcredential-accesscvecyber campaigndata encryptiondata exfiltrationdata store exposuredata theftdcratddosddos attacksddos attemptdeerstealerdenial of servicedetected malwaredistributed attacksencryptioneuropeexploitexploit attemptexploit claudeexploitation activityexploitation attemptexternal accessextortionfeodo trackerfeodo-trackerftpftp brute forceftp brute-forceftp bruteforcegermanyghost ratglasswormglobal campaigngobratgoogle adshavochavoc frameworkhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshttps scanidentity & access exploitationindicatorinfected systeminfected systemsinformation stealerinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsiociocsiot botnetiot securityiot/ics attackip-addressirckeenadulateral movementmacosmacsyncmalicious activitymalicious network activitymalicious softwaremalvertisingmalwaremalware activitymalware c2malware c2 activitymalware campaignmalware campaign activitymalware communicationmalware deliverymalware detectedmalware detectionmalware distributionmalware indicatorsmeterpretermirai botnetmulti-vector threat campaignnetworknetwork attacksnetwork communicationnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork_reconnaissancenovel iocnovel threat indicatornovel-iocnovel_iocobserved macosonlineoperation camelcloneosintosint-volleypassword attackspatched samplephantompulsephishingphishing attackpossible botnet activitypossible intrusionpossible malware activitypossible malware infectionpost-exploitationpotential c2 activitypotential exploitpotential malwareprecogpreocgprocess injectionprotocol exploitationquasar ratransomwareratrdp bruteforcereconnaissancereconnaissance activityremcosremcos trojanremote accessremote access attemptremote access toolremote access toolsremote access trojanremote servicesresearchedscams & fraudscanning activitysecurity operationsself-signed certificateself-signed certificatesself-signed-certificateservice scanshub stealersliversmb scanningsmtpsmtp brute forcesocial engineeringssh attackssh bruteforcesslstealersystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1027t1036t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1056.002t1057t1059t1059.001t1059.002t1059.003t1059.004t1059.007t1060t1068t1070.004t1071t1071.001t1071.002t1076t1077t1078t1082t1083t1087t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1204t1204.002t1205t1210t1219t1486t1490t1496t1499.002t1499.003t1539t1543.001t1543.004t1552.001t1555.001t1555.003t1560t1563t1565t1566t1566.001t1566.002t1566.003t1567t1568t1569t1569.002t1573t1573.001t1574t1583t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003t1614tcp protocoltelnet threattengu ransomwaretext-sharing platformthreat actorthreat groupthreat intelligencethreat-intelligencethreatfox apithreatfox feedtor nodetransparent tribetrojan malwareunauthorized accessunauthorized access attemptunknown ratunknown stealerunknown threat actorunusual trafficuser agent iocuxxxxxxvalleyratvidarvm detectionvoid#geistvulnerability scanweb protocolsweb trafficxwormyarayara rule

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **raxelpak.com** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Germany. First observed on February

Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
10
Reports
First seenFeb 10, 2026
Last seenJun 2, 2026

VirusTotal

Not checked

WHOIS

registrar
Hello Internet Corp
description
Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Creation Date: 2026-02-09T21:24:10Z DNSSEC: unsigned Domain Name: RAXELPAK.COM Domain Status: ok https://icann.org/epp#ok Name Server: SARAH.NS.CLOUDFLARE.COM Name Server: SKIP.NS.CLOUDFLARE.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.9175129417 Registrar IANA ID: 1924 Registrar URL: http://www.hello.co Registrar WHOIS Server: whois.hello.co Registrar: Hello Internet Corp Registry Domain ID: 3066255499_DOMAIN_COM-VRSN Registry Expiry Date: 2027-02-09T21:24:10Z Updated Date: 2026-02-09T21:24:10Z
references
IOCs.2026.3.csv, https://gi7w0rm.medium.com/amos-stealer-malext-variant-spread-in-a-global-malvertising-campaign-using-free-text-sharing-4d240e11d7e2, IOCs2.csv, https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch, https://ltna.com.au/cyber, https://cybersecuritynews.com/threat-actors-exploit-claude-artifacts-and-google-ads/, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
subdomains count
7

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 19 days ago
Appeared in 10 threat reports