DomainMediumSignal 81/100
ren7oaks.co.uk
Location
United KingdomFirst Seen
Mar 22, 2021
Last Seen
Jun 3, 2026
Mar 22
First Seen
1909d ago
Jun 3
Last Seen
10d ago
12
Reports
source reports
81%
Confidence
medium
10/91
VirusTotal
detections
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
12 reports81% confidence
12
Source reports
81%
Confidence score
Category tags
aaaaabuseaccessaccount securityactive scanaerospace & defensealertsall octoseekanalyzeandroid overlayapbappleapple as714apple as8075apple gatewayapple iosapr poisoningascii textattackbackdoorbad reputationbankerbatbodybotnetbotnet activitybrute forcecastle pineschaoscivil rightsck idclickclick-based attackcloud hostcnamecocobalt strikecode executioncollect contactscommand & controlcommand and controlcommand executioncompany limitedcontactcontacted urlscontent typecookiecopycorecorporate lawcountrycreation datecredential harvestingcredential stuffingcritical riskctacyber threatdark powerdata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferdch vdefensedefense contractingdefense logisticsdefense systemsdefense technologydelete cdescription siddetection listdetections filedetections typedistributed attacksdnsdns attackdnssecdocument filedomaindomainsdouglas countydropperdynadot llcdynamicdynamicloaderelf collectionemailsemotetencryptencryptionentrieserroret toreuropeevent categoryexecutable fileexitexpirationexpiration dateexploitexploitation activityextortionfactoryfalconfalcon sandboxfh nofilefilesfirstframinggandi sasgeneric malwaregooglegraph communityharstelhighhistorical sslhostnamehostname enumerationhttp attackhuman rightshybrididentity & access exploitationiframeindicatorinformation gatheringinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelintellectual property lawiocsiosiot securityipv4issuesit's backjeffrey reimer dptjs userjson datakeyloggerkgs0kls0known torlaw practicelegallegal consultinglegal researchlegal serviceslegal technologylimitedlocallockbitloginlolkeklowfilumma stealerm892175makopmalicious activitymalicious linksmalicious prosecutionmalicious softwaremalwaremalware infectionmatches rulemedical malpractice fraudmetametadata analysismilitary operationsmisc attackmitre attmobile threatmovedms windowsmultimultirumydoomn1822namename serversname verdictnational securitynetworknetwork scanningnextno expirationnode trafficobserved emailoperating system securityp2404passive dnspasswordpastepathpath traversalpattern matchpcappdf reportpegasusphishingphishing attackpornhubpotential-c2preemptive policingprivilege abuseprocess injectionprotectpulsepulse pulsespulse submitpulse usepulsesqakbotqqpassquasarracismransomransomexxransomwareratread creconnaissancerecord valueregulatory complianceremcosremcos trojanremote accessremote servicesresearchedreverse dnsruenrussia unknownryuk ransomwaresamplesscams & fraudscan endpointsschemescript urlssearchserverssexismsharedsheridashowshowingsocial engineeringsocial media securitysoftware exploitationsouth americaspeedspyeyespywaressl certificatestate actorsstatusstealerstringssummarysummary iocssuricata alertssystem disruptiont matrixt1003t1005t1021t1021.001t1027t1030t1041t1053t1055t1059t1059.001t1059.003t1063t1068t1071t1071.001t1078t1105t1133t1189t1190t1203t1204t1204.001t1204.002t1486t1490t1496t1499.002t1499.003t1547t1562t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1589.001t1590.001targettargets sateam internettempthreatthreat actorthreat analyzerthreat reportthreat rounduptitletlsv1toolstor nodetrang chtrojantrojan malwaretrojandroppertsara brashearsunicode textunitedunited kingdomunlock phoneuntitled statesurlurlsurls httpsursnifuser agentuser executionutc submissionsv2 documentvirus networkvista eventvt graphwalkerweb application attackweb application exploitationweb securitywebico companywhois recordwhois whoiswin32 exewin32 malwarewin32qqpass aprwindirwindows malwarewormwritewrite cxport
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
12
Reports
First seenMar 22, 2021
Last seenJun 3, 2026
WHOIS
- domain rank
- -1
- raw
- Expiry date: 22-Dec-2025 Last updated: 10-Dec-2024 Registered on: 22-Dec-2008 ns1.wpworld.host ns2.wpworld.host ns3.wpworld.host ns4.wpworld.host
- references
- workers.dev [extraction • GET request attack], ddos.dnsnb8.net [command_and_control], www.supernetforme.com [command_and_control], https://www.trendmicro.com/en_us/what-is/ransomware/ryuk-ransomware.html, http://www.supernetforme.com/search.php?q=2075.2075.300.4096.0.756ae987de3398fb3871e5916bf6fa3ea748bb384f297c252a6a6c52397bb6be.1.399198437 [phishing • python], https://www.milehighmedia.com/legal/2257 [Brazzers Porn Virus Network • Data collection • phishing], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [ phishing • virus network • Apple data collection ], CVE: CVE-2023-23397, 0-129-112027imap-intranet-pv-175-166.matomo.cloud, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [iOS password decryption • unlocker], https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512, https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017, https://twitter.com/PORNO_SEXYBABES, sex-ukraine.net, http://ww38.hardsexxxtube.com/scj/thumbs/295/196_teen_Megan.jpg • humani-teens.com, feedercontroller.webcrawlingeap-prod-co4.binginternal.com, accessoire-telephones.fr • bks-tv.ru [telecom] • coltel.ru [telecom] • ceptelefondata.com.tr [data collection • USA] ts-astra.ru [telecom] wifi.ru, nexus.b2btest.ertelecom.ru, Virus Network: 192.229.211.108 | Tracking: http://d1ql3z8u1oo390.cloudfront.net/offer.php?affId=7512&trackingId=433313787&instId=7584&ho_trackingid=HO433313787&cc=DE&sb=x64&wv=7sp1&db=InternetExplorer&uac=1&cid=bcbaa53dffa0965e557319f4f2155088&v=3&net=4.8.03761&ie=8.0.7601.17514&res=800x600&osd=151&kid=hqmrb21boa4c9c32d7k, Tracking: trackyouremails.com • https://adservice.google.com.uy/clk, http://micrologin.ogspy.net/track/dhl-information-contact.html, https://lawlink.com/documents/10935/blackbag-technologies-announces-new-release-of-blacklight-forensic-software, cbi.com, deviceinbox.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [iOS unlocker password cracker], https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing, apple data collecting, malvertizing], http://api.steampowered.com/http:/api.steampowered.com/ISteamUser/GetPlayerSummaries/v2/?key=C48A57D233D635FB8F3F10A436ECC1C6&steamids=76561198381531427 [Apple ' Get Player Summary], support.apple.com [nefarious], caselaw.lawlink.com, http://mail.thyrsus.com/ [phishing], ppa.launchpad.net [Apple open use], http://www.apple.com/certificateauthority/AppleApplicationIntegrationCA5G1.cer [Apple Ubuntu access], 1click-uninstaller.informer.com [Apple - access PE], http://findbetterresults.com/Merino_Wool_Sweater.cfm?domain=forever-maroc.info&fp=8hY5xppsJcgtsARaT7WA9YWFkv73AgUQdyA1jnNh+yA3h9O8vZwUKqaru+BK8mHlpfLdKQ3uyLeEMmr67cTpI5enUnehh8e08wXWZNWzuUuirPDdezatbM1egtU/y9NvL+vDq1mMMFh/mM2oY2OTk3Q55I/HPDvMg9G5tDB7B2NI1ORnlbH9It49w5nNtE8GPJO62ZrvE7op4RE1uejyAg==&yep=tn+cv4IO28h1WrEcdzQlEs/jm101ce3N5Yd+dISS3zi1qqYLL/bRey5jbLHFBau3HlE+l5mG3OfHGMjIhgUcSjmzkFmO8xF5WIF5bJ3TAo5F28EHKI1Zq/4skZteAEAU5z84hISeRSzcOq5BOh6KqXkJ975lpWA3dnOl6D4sRQWtda/GdACNYKHuxXk56T3vAIxgvjIsOYAJmKp5S, djcodychase.com, https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/mumblehard-botnet-that-targeted-linux-systems-has-been-shut-down Source Trend
- subdomains count
- 8
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 10 days ago
Appeared in 12 threat reports