IOC Radar
DomainMediumSignal 53/100

xrayz.run

First Seen
Jun 6, 2025
Last Seen
Dec 8, 2025
Jun 6
First Seen
374d ago
Dec 8
Last Seen
189d ago
7
Reports
source reports
53%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Feed Intelligence Summary

7 reports53% confidence
7
Source reports
53%
Confidence score
Category tags
botnetbrowser infectionc2c2 communicationclipboard data theftcobalt strikecommand and controlcookie theftcookies stealercredential accesscredential stealingcrypto wallet stealercrypto wallet theftdata exfiltrationdistributed attacksform grabbinghavochavokiz havocindicatorinformation stealerinfostealerlummalumma infostealer activitylumma stealerlumma stealer activitylummastealermalicious softwaremalwaremalware distributionnetworknone vidarpassword stealerprocess injectionresearchedt1003t1005t1041t1055t1059t1059.001t1071t1071.001t1081t1105t1115t1189t1483t1486t1496t1499.002t1499.003t1539t1552t1555t1555.001t1555.002t1555.003t1560t1565t1566t1569.002t1573t1583.001threat actor activityvidarweb data theft

Activity Timeline

1 total obs
Dec 8Dec 8

Threat Activity Heatmap

· Peak: 2025-12-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **xrayz.run** has emerged as a significant indicator of compromise (IOC) associated with botnet activities and command-and-control (C

Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
7
Reports
First seenJun 6, 2025
Last seenDec 8, 2025

VirusTotal

Not checked

WHOIS

description
Domain that is used for botnet Command&control (C&C)
domain rank
-1
raw
Administrative city: REDACTED Administrative country: REDACTED Administrative state: REDACTED Create date: 2025-05-31 00:00:00 Domain name: xrayz.run Domain registrar id: 303 Domain registrar url: http://www.PublicDomainRegistry.com Expiry date: 2026-05-31 00:00:00 Name server 1: lily.ns.cloudflare.com Name server 2: roan.ns.cloudflare.com Query time: 2025-06-01 11:33:35 Registrant city: 3495bcf1839c6374 Registrant company: cf3f7df7094da9c7 Registrant country: Russia Registrant email: fb6ff66ef97c0518s@ Registrant fax: 3495bcf1839c6374 Registrant name: 3495bcf1839c6374 Registrant phone: 3495bcf1839c6374 Registrant state: 4da8150a9b073d83 Registrant zip: 3495bcf1839c6374 Technical city: REDACTED Technical country: REDACTED Technical state: REDACTED Update date: 2025-05-31 00:00:00
references
https://www.virustotal.com/graph/embed/gc46a4e8056a7450da632babf7573164dae8ee12a0f86421596e775d0067a6c81?theme=light, https://www.virustotal.com/gui/collection/88240b6df014a6ccd3077a3fee4605c3f4884451867f79d2516fb3f409bc0ba2
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 months ago
Appeared in 7 threat reports