IOC Radar
DomainHighVerifiedSignal 46/100

3-q.cc

Location
NetherlandsNetherlands
First Seen
Mar 17, 2026
Last Seen
May 21, 2026
Mar 17
First Seen
89d ago
May 21
Last Seen
25d ago
5
Reports
source reports
46%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Feed Intelligence Summary

5 reports46% confidence
5
Source reports
46%
Confidence score
Category tags
abuseacademic institutionsactive scanalienvault_ransomwarebad reputationbadgercanadacivil servicescommand and controlcommunication technologiesdata encryptiondata exfiltrationdata privacydata store exposuredgadomains manageeducationeducational resourceseducational serviceseducational technologyelectronic health recordsencryptioneuropeexploitation activityextortiongovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshidehigher educationhospital managementindicatorinformation technologyinfostealeringress tool transferinjection activityiocit infrastructurek-12 educationmalicious domainsmalicious downloadmalicious softwaremalwaremalware activitymalware distributionmedical servicesmobile carriersmobile networksnetherlandsnetworknorth americaonlinepatient carephishingprivacy badgerprocess injectionpublic administrationpublic infrastructurepublic policyransomwareredlineredline stealerregulatory agenciesresearchedsandboxsecurity operationssettings widgetsites generalsoftware developmentstaticstatic analyzerstealersubmitsystem disruptiont1005t1041t1055t1071.001t1105t1486t1490t1565t1566telecom servicestelecommunicationsthreat actorthreat intelligencetor nodetracking domainstrojantrojan malwareunited statesurlscanvectvect ransomwarevirus

Activity Timeline

1 total obs
May 21May 21

Threat Activity Heatmap

· Peak: 2026-05-21
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), `3-q.cc`, represents a significant and urgent threat that demands immediate attention. With a high score of 45.78, this domain is strongly linked to malicious activities, specifically attributed to the "vect" ransomware group. Its presence in an organizational environment could signify various stages of an attack, ranging from initial compromise through phishing to establishing command and control for data exfiltration or ransomware deployment. The potential i…

Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
5
Reports
First seenMar 17, 2026
Last seenMay 21, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Create date: 2025-03-04 00:00:00 Domain name: 3-q.cc Domain registrar id: 1068 Domain registrar url: http://www.namecheap.com Expiry date: 2026-03-04 00:00:00 Name server 1: cody.ns.cloudflare.com Name server 2: mckinley.ns.cloudflare.com Query time: 2025-03-05 20:23:42 Update date: 2025-03-04 00:00:00
references
https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86, https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b, https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86, https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview, https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs, https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary, https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark, https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a, https://app.threat.zone/submission/44b13c18-a4b4-4d36-a892-737cfdbe133d/overview, https://www.filescan.io/uploads/69b8dc36493cb7d62d014e56/reports/dd8cca50-7d25-4f05-a746-948b6b08fa39/ioc, https://viz.greynoise.io/ip/analysis/d5a87467-15e3-4586-bcdb-58390b4eb65b, https://yaraify.abuse.ch/scan/results/a29c05c7-21bd-11f1-b47f-42010aa4000b, URLscan, https://polyswarm.network/scan/results/file/da58f15d2a9a1ae698228fe775f9d6dd8363203e252cbdae850ff7c32ea7cd91
subdomains count
1

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 months ago · Last seen 25 days ago
Appeared in 5 threat reports