Following the VexTrio DNS Trail | WhoisXML API

Threat Reports

Following the VexTrio DNS Trail

A huge part of the cybersecurity community has heard much about the ClearFake and SocGholish operators and their work. But not much has been revealed about their traffic distribution system (TDS) provider, VexTrio.

An in-depth study of VexTrio identified 16 domains and seven subdomains as indicators of compromise (IoCs). It also mentioned the threat actors targeting TikTok and URL shortening services TinyURL, t.co, and is.gd.1

WhoisXML API expanded the IoC list and found:

  • 37 email-connected domains
  • 13 IP addresses, 10 of which turned out to be malicious
  • 207 IP-connected domains, 18 of which turned out to be malicious
  • 247 string-connected domains

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://blogs.infoblox.com/cyber-threat-intelligence/cybercrime-central-vextrio-operates-massive-criminal-affiliate-program/
Try our WhoisXML API for free
Get started