IOC Radar
DomainMediumSignal 79/100

ser.nrovn.xyz

Location
TokelauTokelau
First Seen
Mar 23, 2024
Last Seen
May 10, 2026
Mar 23
First Seen
828d ago
May 10
Last Seen
50d ago
12
Reports
source reports
79%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

18 techniques

Feed Intelligence Summary

12 reports79% confidence
12
Source reports
79%
Confidence score
Category tags
abuseaccessactive scanagriculture & livestockamazonandroidapiapkaptasyncratasyncrat familyattackauto-generated securitybad reputationbotnetbotnet activityc2c2 communicationcalls-wmichecks-bioschecks-network-adapterschecks-user-inputcommand & controlcommand and controlcommentctadata exfiltrationdata store exposuredetect-debug-environmentdistributed attacksdomainse-commerceexcelexecutable fileexploitation activityglobalgroupshttpshunteridleimagesindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinjection activityiociot securitylong-sleepsmalicious activitymalicious softwaremalwaremalware campaignmobilemobile threatnetnetworkorcuspeexepngprocess injectionransomwareratremote accessremote access trojanresearchedscriptserverservice scanservice-scanshipping & logisticsslugsourcessurface webt1005t1027t1041t1055t1059t1071t1071.001t1105t1219t1486t1496t1499.002t1499.003t1547t1565t1566t1587.001t1590.001textthreatthreat actortktoptor nodeuploadv2validatorvulnerability scanwebsitewindowsxlszip

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **ser.nrovn.xyz**, originating from Tokelau, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on March

Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
12
Reports
First seenMar 23, 2024
Last seenMay 10, 2026

VirusTotal

Not checked

WHOIS

description
Imported indicator
raw
Administrative country: Vietnam Billing country: Vietnam Create date: 2023-02-20 00:00:00 Domain name: nrovn.xyz Domain registrar id: 3234 Domain registrar url: whoisserver.iNET.vn Expiry date: 2026-02-20 00:00:00 Name server 1: ALARIC.NS.CLOUDFLARE.COM Name server 2: OLIVIA.NS.CLOUDFLARE.COM Query time: 2025-02-26 04:06:38 Registrant country: Vietnam Technical country: Vietnam Update date: 2025-02-24 00:00:00

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 12 threat reports