DomainMediumSignal 37/100

`1cooldns.com`

Location

Estonia

First Seen

May 28, 2025

Last Seen

Jun 6, 2026

May 28

First Seen

383d ago

Jun 6

Last Seen

9d ago

Reports

source reports

37%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

37%

Signal Score

37 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

108 techniques

Feed Intelligence Summary

7 reports37% confidence

Source reports

37%

Confidence score

Category tags

abuseacceptaccess attactive scanactive scanningaddress rangeaerospace & defenseafricaagencyalienvault_ransomwareall ipv4allocation typeamazonandroidapi keyapnicapnic whoisaptapt28argvarin whoisascii textasiaasyncratauthentication abusebad reputationberbewblue deltabodybotnetbotnet activitybrute forcecachyoscasecbe oglobalsigncidrcivilcivil servicesck idck matrixclickclick-based attackcloud infrastructurecode executioncommandcommand and controlcommand executioncommunication protocolconnected devicescontactcpus32creation datecredential accesscredential harvestingcredential stuffingcrimecybercygwinczechdata exfiltrationdata store exposuredcratddosddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydeletedeltadenial of servicedesktop malwaredevice managementdgadirtydistributed attacksdistribution managementdnsdns attackdockdomains topdynamicloaderdynuelfelf:mirai botnet activityemailencrypted connectionsencrypted trafficencryptionendgameenterprise securityenumerationerrorestoniaeu cyber policieseuropeeurope/asiaexecutable fileexploitationexploitation activityf lockfdfancy bearfilesflagfleet managementforest blizzardformbook stealerfoundfraudfreight forwardingfreight servicesftpfuturegetconfghostgnu binutilsgnu ldgooglegovernment technologygrugru targetinggru unitguardhackersheadhighhtml smugglinghtml_smugglinghttp scannerhttpshybrid analysisianaidentity & access exploitationindexindiaindia asnindia ip blockindia unknownindicatorindustrial iotinformant targetinginformation gatheringinformation technologyinfostealeringress tool transferinitial accessinjectioninjection activityinput validation bypassintelintelligence agenciesintelligence agency surveillanceinternet of thingsinventory managementinvestigative journalist targetingiosiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4 addit infrastructurekarinakarmacuekey algorithmkey identifierkey infokilllateral movementlaw enforcement activitylaw enforcement surveillancelazarus grouplearnlevellicenselinklinuxlocallogistics technologylookm x8664macmalicious domainsmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware campaignmalware distributionmaritime transportmasepiemaskingmediamilitary operationsmiraimirai botnetmitre attmobilemobile malwaremobile securitymobile threatmsiename tacticsnation-state activitynational securitynetworknetwork attacksnetwork namenetwork probingnetwork protocolnetwork scanningnetwork trafficnorth americansonso groupnumbero cloexecoceanmaponlineopenurl coperating systemosintparagonpassenger transportationpassive dnspassword attackpatch managementpathpath traversalpattern matchpegasuspeoplephishingphishing attackplaypleaseplease notepowershellprocessprocess injectionpsexecpublic administrationpublic infrastructurepublic policypulse submitr procversionr6 alphasslrail transportransomwareratread creconnaissancerecord valueredirectorredirector usagerefreshregional securityregulatory agenciesremote accessremote servicesresearchedrestartreverse shellrussiarussian apts linuxsamsungsandboxscamscams & fraudscripting attackssearchsecurity operationssegoe uiserviceservice scanshiftshipping servicesshowingskynetslovakiasmart devicessocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiessonyspamspawnsspearphishingspywaressh attackssl certstatusstealerstringsstrongsubject publicsubmitsupply chain attacksupply chain attackssupply chain managementt1001t1003.001t1005t1011t1016t1018t1019t1021t1021.001t1021.002t1021.006t1023t1027t1027.005t1031t1036t1040t1041t1046t1047t1053t1053.005t1055t1055.001t1057t1059t1059.001t1059.003t1059.004t1059.007t1060t1064t1068t1069t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.002t1078.004t1082t1083t1086t1088t1094t1105t1110t1110.002t1113t1114.002t1119t1129t1132t1140t1143t1147t1189t1190t1192t1197t1202t1203t1204t1204.001t1204.002t1210t1218.001t1480t1486t1496t1497t1499.002t1499.003t1539t1547t1547.001t1547.009t1553.004t1555t1555.003t1562t1563t1563.002t1565t1566t1566 phishingt1566.001t1566.002t1566.003t1566.004t1568t1573t1583t1588t1588.002t1589t1591t1592t1595t1595.001t1595.002t1595.003t1596.001t1596.004t1608t1608.001tard5b7.tmptargeted surveillance campaigntcp protocolthreat actorthreat actor activitythreat intelligencetimingtitletoolstor analysistor nodetraffic maskingtransportation and warehousingtransportation infrastructuretransportation managementtransportation technologytrojantrojan downloadertrojan malwareturnu respfdukraineukraine asnukraine ukraineunameunitedunited statesurlsuser executionv3 serialvarious ratverifyvetting processvictim targetingvulnerability scanwarehouse operationsweb application attackweb application exploitationweb trafficwebshellwhois serverwin32 malwarewindirwindowswindows malwarewindows ntwixwritewrite cx86-64x8664x8664 oyara rulez linuxz x8664zero-day exploitzfrm

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

37%

Confidence

Reports

First seenMay 28, 2025

Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

registrar: Dynu Systems Incorporated
domain rank: -1
raw: Admin City: Statutory Masking Enabled Admin Country: Statutory Masking Enabled Admin Organization: Statutory Masking Enabled Admin Postal Code: Statutory Masking Enabled Admin State/Province: Statutory Masking Enabled Creation Date: 2021-01-05T15:10:46Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: 1COOLDNS.COM Domain Name: 1cooldns.com Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited Name Server: NS0.DYNU.COM Name Server: NS1.DYNU.COM Name Server: NS2.DYNU.COM Name Server: NS3.DYNU.COM Name Server: NS5.DYNU.COM Name Server: NS6.DYNU.COM Registrant City: 17eefbf532b278ac Registrant Country: US Registrant Email: e497304cab48bd62s@ Registrant Fax Ext.: 17eefbf532b278ac Registrant Fax: 17eefbf532b278ac Registrant Name: 17eefbf532b278ac Registrant Organization: 17eefbf532b278ac Registrant Phone Ext.: 17eefbf532b278ac Registrant Phone: 17eefbf532b278ac Registrant Postal Code: 17eefbf532b278ac Registrant State/Province: e1c7c1911395a3cf Registrant Street: 17eefbf532b278ac Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1 (602) 904-5357 Registrar Abuse Contact Phone: +1.6029045357 Registrar IANA ID: 3857 Registrar Registration Expiration Date: 2029-01-05T15:10:46Z Registrar URL: http://www.dynu.com Registrar URL: https://www.dynu.com Registrar WHOIS Server: whois.dynu.com Registrar: Dynu Systems Incorporated Registrar: Dynu Systems, Inc. Registry Admin ID: Statutory Masking Enabled Registry Domain ID: 2582804713_DOMAIN_COM-VRSN Registry Expiry Date: 2029-01-05T15:10:46Z Registry Registrant ID: Statutory Masking Enabled Registry Tech ID: Statutory Masking Enabled Tech City: Statutory Masking Enabled Tech Country: Statutory Masking Enabled Tech Organization: Statutory Masking Enabled Tech Postal Code: Statutory Masking Enabled Tech State/Province: Statutory Masking Enabled Updated Date: 2025-01-12T11:52:27Z
references: https://github.com/Abjuri5t/SarlackLab/raw/refs/heads/main/IOCs.csv, https://hybrid-analysis.com/sample/64e591d43f920a5194806bba9da40e0344db5333cd773da4df4f27259222529d/692a7e373e637b291e0a0957, Statutory Masking Enabled - a domain registrar is hiding the public contact information for a domains, registrant in its WHOIS record, often due to regulations like GDPR or ICANN policies., MITRE ATT&CK (T1057) Monitoring Target/s. Can be reviewed in Hybrid-Analysis sample., https://labs.inquest.net/iocdb, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a, .ICE-unix, .org.chromium.Chromium.12ZdF3, .vbox-mrkd-ipc, @tmp, .org.chromium.Chromium.T2jdbS, .X11-unix, albert_yt_ynb2tftv, fish.root, 20230816_202710-scantemp.b14ff4bc3a, plasma-csd-generator.LTvjbT, pytest-of-mrkd, runtime-root, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-ananicy-cpp.service-U5RKxp, .org.chromium.Chromium.coQnti, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-bluetooth.service-7fh2tg, bauh@mrkd, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-iwd.service-jnpcHR, .org.chromium.Chromium.8GBhMA, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-polkit.service-CfCUQZ, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-systemd-logind.service-Q9OYbj, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-power-profiles-daemon.service-hSCDr7, .org.chromium.Chromium.HMzFxo, Temp-0c3dc677-7d66-4234-b14e-f604605b2d0c, tmp.D4NXyZ3U4J, systemd-private-28f1c54986a24a4fa12e1cfe0bb09aa0-uksmd.service-oAjI9s, Temp-0148ee46-b3e0-4c4b-aa55-b60c6b63eb6f, tmp.ziktUZeKXL, v8-compile-cache-0, tmp90lfbdek, tst-bz26353KOtJVp, v8-compile-cache-1000, .X0-lock, gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.xtrace.log, Temp-4d7e99a7-2d45-4347-a3b6-b64e3ae65e2e, gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.xtrace.log, gitstatus.POWERLEVEL9K.1000.8928.1692232861.1.daemon.log, gitstatus.POWERLEVEL9K.1000.6339.1692232717.1.daemon.log, gitstatus.POWERLEVEL9K.1000.6339.1692232717.2.daemon.log, gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.10291.1692217508.1.daemon.log, gitstatus.POWERLEVEL9K.1000.9950.1692233029.1.daemon.log, gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.daemon.log, gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.daemon.log, gitstatus.POWERLEVEL9K.1000.11270.1692217597.1.daemon.log, gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.8928.1692232861.2.daemon.log, gitstatus.POWERLEVEL9K.1000.10858.1692217566.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.11926.1692233325.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.12928.1692233448.1.daemon.log, gitstatus.POWERLEVEL9K.1000.10525.1692233087.1.daemon.log, gitstatus.POWERLEVEL9K.1000.13309.1692233456.1.daemon.log, gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.daemon.log, gitstatus.POWERLEVEL9K.1000.28823.1692223670.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.12470.1692233381.1.daemon.log, gitstatus.POWERLEVEL9K.1000.23930.1692220492.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.13878.1692218150.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.28463.1692223667.1.daemon.log, gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.daemon.log, gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.daemon.log, gitstatus.POWERLEVEL9K.1000.75659.1692225165.1.daemon.log, gitstatus.POWERLEVEL9K.1000.81737.1692225737.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.78332.1692225277.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.daemon.log, gitstatus.POWERLEVEL9K.1000.82565.1692225764.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.82162.1692225750.1.daemon.log, gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.daemon.log, gitstatus.POWERLEVEL9K.1000.83486.1692225808.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.daemon.log, gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.daemon.log, gitstatus.POWERLEVEL9K.1000.83038.1692225779.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.daemon.log, gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.daemon.log, gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.84305.1692225848.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.84754.1692225891.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.122089.1692235219.1.daemon.log, gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.83896.1692225820.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.154521.1692237692.1.daemon.log, gitstatus.POWERLEVEL9K.1000.155609.1692237756.1.daemon.log, gitstatus.POWERLEVEL9K.1000.237594.1692238521.1.daemon.log, gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.240024.1692238828.1.daemon.log, gitstatus.POWERLEVEL9K.1000.241161.1692238939.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.240792.1692238921.1.daemon.log, gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.237952.1692238535.1.daemon.log, gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.247194.1692239163.1.daemon.log, gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.248323.1692239206.1.daemon.log, gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.daemon.log, gitstatus.POWERLEVEL9K.1000.253137.1692239505.1.daemon.log, gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.263981.1692240121.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.267109.1692240136.1.daemon.log, gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.267109.1692240155.1.daemon.log, gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.263981.1692240117.1.daemon.log, gitstatus.POWERLEVEL9K.1000.268412.1692240156.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.317097.1692240795.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.267442.1692240150.1.daemon.log, gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.xtrace.log, gitstatus.POWERLEVEL9K.1000.268412.1692240179.1.daemon.log, gitstatus.POWERLEVEL9K.1000.345673.1692241474.1.daemon.log, gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.daemon.log, qtsingleapp-Notifi-4c42-3e8, gitstatus.POWERLEVEL9K.1000.2588447.1692243345.1.xtrace.log, memmemY_2MMv.c, gitstatus.POWERLEVEL9K.1000.2586196.1692243336.1.daemon.log, gitstatus.POWERLEVEL9K.1000.2703415.1692243471.1.xtrace.log, qtsingleapp-Notifi-4c42-3e8-lockfile, stdbool.hcc0B2j.c, strlcatmMvE1V.c, qtsingleapp-Octopi-1d88-3e8-lockfile, strlcpydb8x03.c, stdbool.ht64kj6qw.c, qtsingleapp-Octopi-1d88-3e8, gitstatus.POWERLEVEL9K.1000.267442.1692240143.1.daemon.log, https://hybrid-analysis.com/sample/43b03483bf2b292ebb1b33469ab4b19e2ac84b1c86c0f34f60adab4bc64176b9, https://hybrid-analysis.com/sample/320a60044adeccec22937423e859d2b095e976698133e37a83e019ce08c8bc0c, https://hybrid-analysis.com/file-collection/64dfee6a3329552c91026445, https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca, https://hybrid-analysis.com/sample/8c7c7246468ffeffe01617b597622cd237fa334fb24dc4977fcac398bbe0df80, https://hybrid-analysis.com/sample/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/64dff1fbeab7dc252b0e56a6, https://www.virustotal.com/gui/file/79e3317a07b12a977f7fda3463779055bbfec748e7fae4c2c1d1cb9bb8e408ca/details, https://otx.alienvault.com/indicator/file/5820da0bbae4f091dc0248e566d8f1076fd81485d1893effa14cdc1dc122f1fd, TarD587.tmp - c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd, https://hybrid-analysis.com/sample/c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd, https://hybrid-analysis.com/sample/db695a96adb70d5f6246273f4e6c218b2c44f02b3726c3dee4d56b6428bb0ddf
subdomains count: 2286

`1cooldns.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy