DomainHighVerifiedSignal 64/100
yeti.rhk.com
Location
United StatesFirst Seen
Jul 5, 2025
Last Seen
Feb 25, 2026
Jul 5
First Seen
342d ago
Feb 25
Last Seen
108d ago
4
Reports
source reports
64%
Confidence
high
1/91
VirusTotal
detections
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
aaaaabuseacademic institutionsaccount enumerationaccount securityactive relatedactive scanningadd tagadded activeaddressadversary tagsaerospace & defenseahmannahmann specialakamai poczonaakamai related activityamazon02 spamamericaamerica asnamerica flaganti-sandboxanti-vmanycast network activityanycast voipapacheascii textasnoneators showattawsbackdoorbackdoor familybc.win.packer.troll-11bodybotnetbrandbrianbrian sabeybrute forcebrute force attackc2canadacapture t1140chmura chmurachmura dhtchristopher ahmanncivil servicesck idck idsck matrixck t1027click-based attackcnamecname redirectioncnc trafficcode executioncode injectioncolorado statecommandcommand and controlcommand decodecommand executioncommand historycommunication technologiescommunity managementcomspeccontactcontent sharingcontent typecontrols t1562cookiecorporate lawcounselcountries addcountry malwarecreation datecredential accesscredential harvestingcredential stuffingcredential theftcrypt3.bojecryptocurrency miningdanabotdatadata accessdata breachdata collectiondata copyingdata encryptiondata exfiltrationdata leakdata transferdata uploadday agoddos attacksdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydevelopment attdht kopalniadht network activitydht penomocnikdigital platformsdiscovery t1069distributed attacksdll injectiondll sideloadingdnparking dhtdnsdoxingdropperdrwebdynamic code loadingdynamicloadereducational resourceseducational serviceseducational technologyelectronic health recordsemotetencryptentrieserroret openet trojanethics violationeuropeexecution flowexpiration dateexploitextortionextrifastly errorfeebs worm infectionfileless malwarefilesfiles domainfiles relatedfind encryptedfinding notesflagfor privacyfoundfound contentfunctiong3nasomgamarueganelpgeneral fullget myagrentgh0stgirls doporngoogle safegovernment technologygravity ratgroups addhall renderhealth care and social assistancehealth information technologyhealthcare information systemsheurhighhigher educationhistoryhospital managementhostinghostname addhostname enumerationhtml applicationhttp attackhybridhybrid analysisids detectionsiframeinclude reviewindia asnindia showingindicatorindicators showinformation gatheringinformation technologyinformation theftinfrastructure acquisitionreconnaissanceinfrastructure attackinfrastructure probingingress tool transferinjectioninput validation bypassintelintellectual property lawinternet of thingsiociocsionosionosasiot botnetiot/ics attackipv4ipv4 addipv4 httpsirc botirc pingirc pongit infrastructurejohn marshallk-12 educationkrypticlateral movementlaw practicelaw schoollearnlegal consultinglegal professionlegal researchlegal sector targetinglegal serviceslegal technologylengthlocallogging t1568mainmalicious downloadmalicious linksmalicious softwaremalwaremalware attacksmalware distributionmalware droppermalware familymediamedia contentmedical facility targetmedical facility targetingmedical servicesmediummetadata analysismicrosoft edgemicrosoft wormmilitary operationsmirai botnetmitre attmobile carriersmobile networksmodelmodify toolsmovedmtb win32name serversname tacticsnational securityneshtanetherlandsnetworknetwork intrusionnetwork probingnetwork scanningnetwork trafficnextnext associatednone googlenorth americaonline harassmentopen source intelligenceoperating system securityosintother services (except public administration)otx alienvaultotx telemetryp2p distributionpackingpassive dnspassword attackpassword attackspath traversalpatient carepattern matchpcratpcratgh0st cncpe packerphishingphishing attackpornhubportporwanypotential data breachpresent augpresent julpresent junpresent octpresent sepprocess injectionproratprotocol t1105providepublic administrationpublic infrastructurepublic policypublic tlppulse providepulse pulsespulse submitpulses nonepulses urlqshellquad9 blockedransomwarereadread creconnaissancerecord valuerecruitment scamrecruitment scam attemptredacted forreferences addregulatory agenciesregulatory compliancerelated pulsesrelated tagsremoteremote accessremote servicesreport spamreputation damageresearchedresolver ipreverse dnsreverse engineeringrole titlesabeysabey createdsafe browsingscriptscript urlssearchsecuresecurity operationssegoe uisensitive data exposureserver responseshowshow processshow techniqueshowingsimdasite reconnaissancesmear campaignsmtp abusesocial analyticssocial engineeringsocial engineering attemptsocial mediasocial media marketingsocial media securitysocial networkingsoftware developmentsoftware exploitationspamvertisingspawnsspecial counselssl certificatestarfieldstatusstreamstringssubmit urlsubvert trustswedensystem disruptiont1005t1021t1027t1030t1040t1041t1045t1053t1055t1057t1059t1060t1069t1070t1071t1071.001t1078t1095t1096t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1114t1119t1129t1132t1133t1140t1189t1190t1192t1197t1203t1204t1204.001t1204.002t1210t1480t1486t1490t1496t1497t1499.002t1499.003t1518t1534t1539t1553t1562t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1574t1583t1583.001t1583.006t1586t1586.002t1587.001t1589t1589.001t1589.002t1590t1590.001t1591.002t1592t1593t1595t1595.001t1595.002t1595.003t1598t1608tagstam legaltbmvidtelecom servicestelecommunicationsthreat actorthreat huntersthreat intelligencetitle addedtofseetrackertreece alfreytrojan malwaretrojandroppertrojanspytwittertype indicatortypesunitedunited statesunknown nsunknown wwwurlsurls showuruguay unknownuser engagementuser executionvirtoolvoip activityvulnerabilityweb application exploitationweb scrapingweb securitywebsite defacementwebsite infrastructure analysiswebsite investigationwhitewhite indicatorwhois lookupwhois registrarwin32 malwarewin32sality febwindowwindows malwarewindows ntwormwritewrite czune
Activity Timeline
Feb 25Feb 25
Threat Activity Heatmap
· Peak: 2026-02-25LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **yeti.rhk.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on July
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 5, 2025
Last seenFeb 25, 2026
Verified IOC
WHOIS
- registrar
- GoDaddy.com, LLC
- description
- Company tried to recruiter me the same way st consulting did at Montefiore,
- raw
- Creation Date: 1994-09-21T04:00:00Z DNSSEC: unsigned Domain Name: RHK.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.DOMAINEASY.COM Name Server: NS2.DOMAINEASY.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 480-624-2505 Registrar IANA ID: 146 Registrar URL: http://www.godaddy.com Registrar WHOIS Server: whois.godaddy.com Registrar: GoDaddy.com, LLC Registry Domain ID: 5353171_DOMAIN_COM-VRSN Registry Expiry Date: 2025-09-20T04:00:00Z Updated Date: 2024-11-14T17:01:23Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 3 months ago
Appeared in 4 threat reports