IOC Radar
DomainMediumSignal 71/100

raxia.top

Location
FranceFrance
First Seen
May 16, 2025
Last Seen
Jun 6, 2026
May 16
First Seen
386d ago
Jun 6
Last Seen
today
8
Reports
source reports
71%
Confidence
medium
15/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Feed Intelligence Summary

8 reports71% confidence
8
Source reports
71%
Confidence score
Category tags
abuseaerospace & defenseapi callaptapt 28apt28australiabitcoinblockchainbotnetc servercivil servicescode executioncode injectioncommand and controlcommand executioncommodity contracts intermediationcommunication technologiescredential accesscredential harvestingcredential theftcross-site scriptingcrypto exchangecrypto miningcrypto walletcryptocurrencycvecyber intelligencedata encryptiondata exfiltrationdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydigital currencydistributed attackseastern europeeseteset researcheuropeeurope/asiaexploitexploitationextortionfancy bearfigurefirstfleet managementfrancefreight servicesgovernment technologyhasheshordeimpactindicatorinfrastructure acquisitionreconnaissanceinhibit systemiocsitalylateral movementlojaxmalicious softwaremalwaremaritime transportmdaemonmilitary operationsmobile carriersmobile networksnational securitynetworkoperating systemoperation roundpresspaexecparispasspassenger transportationphishingphishing attackprocess injectionpsexecpublic administrationpublic infrastructurepublic policyrail transportransom demandransomhubransomwareransomware-as-a-serviceregulatory agenciesresearchedrussiasednitsiemsocial engineeringsofacysoftware exploitationspearphishingspypress cspypress.hordespypress.mdaemonspypress.roundcubespypress.zimbrastrongsystem disruptionsystem locationt1003t1003.001t1005t1018t1020t1021.001t1027t1027.003t1033t1041t1047t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1070t1070.001t1071t1071.001t1078t1078.002t1078.004t1082t1083t1087t1105t1106t1110t1112t1114t1114.001t1119t1120t1132t1133t1134t1134.001t1134.002t1134.004t1135t1140t1187t1189t1190t1192t1199t1203t1204t1204.001t1204.002t1218t1218.011t1486t1490t1496t1497t1499.002t1499.003t1539t1547.001t1556t1562.001t1562.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1574t1574.001t1583t1587t1587.001t1588t1588.002t1590.001t1595t1608.001t1614telecom servicestelecommunicationstipstransportation and warehousingtransportation infrastructuretransportation technologyukrainevanhelsingvanhelsing ransomware emulationvanhelsing ransomware simulationvulnerabilityweb exploitationwebmailwebmail server compromisewindows apixsszero-day exploitzero-day vulnerabilityzimbrazimbra exploit

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **raxia.top** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from France. First observed on May

Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
8
Reports
First seenMay 16, 2025
Last seenJun 6, 2026

VirusTotal

15/ 91vendors flagged
16% detection rateJun 7, 2026

WHOIS

description
The full list of cybersecurity vulnerabilities, identified by researchers at the University of California, New York (UCL), has been released.. and it is expected to be published by the end of the year
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2024-03-25 00:00:00 Domain name: raxia.top Domain registrar id: 303 Domain registrar url: http://publicdomainregistry.com Expiry date: 2025-03-25 00:00:00 Query time: 2024-03-26 10:27:18 Registrant city: 1f8f4166599d23ee Registrant company: 7bc26f5a5e70d417 Registrant country: Poland Registrant email: f651612a2f356ad3s@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: a10fe9b2c804ed6f Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2024-03-25 00:00:00
references
https://www.welivesecurity.com/en/eset-research/operation-roundpress/, https://www.welivesecurity.com/en/eset-research/operation-roundpress, https://www.welivesecurity.com/en/eset-research/operation-roundpress/#h2-6
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen today
Appeared in 8 threat reports