IOC Radar
DomainMediumSignal 43/100

9lick.me

Location
JapanJapan
First Seen
Jun 30, 2025
Last Seen
Jun 6, 2026
Jun 30
First Seen
349d ago
Jun 6
Last Seen
7d ago
10
Reports
source reports
43%
Confidence
medium
13/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Feed Intelligence Summary

10 reports43% confidence
10
Source reports
43%
Confidence score
Category tags
account discoveryaccount profilingaccount takeoveractive scanactive scanningasiaattachment deliveryattachment phishingattachment-based-attackattackbecbrand impersonationbrand-impersonationbrute forcebusiness email compromisebusiness_email_compromisecommunication protocolcredential accesscredential harvestingcredential phishingcredential stuffingcredential theftcredential-theftcredential_harvestingdata aggregationdata exfiltrationdata store exposuredeceptive practicesdeceptive tacticsemail-based attackemail-based attacksemail-based-attackexploitation activityfinancefraudfraudulent activityhttp scannerhttpsidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociocsiot securityjapanlateral movementlink injectionlink phishinglink redirectionlink-based-attackmalicious activitymalicious attachmentmalicious attachmentsmalicious campaignsmalicious linkmalicious linksmalicious softwaremalicious websitemalicious-attachmentmalicious-domainmalicious-email-addressmalicious-ipmalicious-urlmalwaremalware campaignmalware deliverymalware distributionmalware hostingmalware phishingnetworknetwork probingnetwork service scanningosint frameworkphishingphishing attackphishing campaignphishing domain detectedphishing linksphishing-databaseprocess injectionprofile informationransomwarereconnaissanceresearchedscams & fraudsecurity operationsservice scansmtpsocial engineeringsocial media reconnaissancespearphishingt1021t1053t1055t1059t1071.001t1078t1078.001t1078.004t1110t1189t1190t1192t1204t1204.001t1204.002t1486t1499.002t1537t1539t1552t1552.001t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1587.001t1589t1590.001t1591t1593t1595t1595.001t1595.002t1595.003t1598t1598.003threat actorthreat group: unknownthreat indicatorsthreat intelligencetor nodetwitteruser datavalid accountsweb securityweb traffic

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
10
Reports
First seenJun 30, 2025
Last seenJun 6, 2026

VirusTotal

13/ 91vendors flagged
14% detection rateJun 8, 2026

WHOIS

registrar
GMO Internet Group, Inc. d/b/a Onamae.com
description
LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
domain rank
-1
raw
Admin City: REDACTED Admin City: Shibuya-ku Admin Country: JP Admin Country: REDACTED Admin Email: [email protected] Admin Organization: REDACTED Admin Organization: Whois Privacy Protection Service by onamae.com Admin Postal Code: 150-8512 Admin Postal Code: REDACTED Admin State/Province: REDACTED Admin State/Province: Tokyo Creation Date: 2024-01-06T16:52:46Z DNSSEC: unsigned Domain Name: 9lick.me Domain Status: ACTIVE Domain Status: ok https://icann.org/epp#ok Name Server: ns1.xserver.jp Name Server: ns2.xserver.jp Name Server: ns3.xserver.jp Name Server: ns4.xserver.jp Name Server: ns5.xserver.jp Registrant City: 3495bcf1839c6374 Registrant City: e47fc8ff184926e5 Registrant Country: JP Registrant Email: [email protected] Registrant Email: fb6ff66ef97c0518s@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax Ext: 3495bcf1839c6374 Registrant Fax: 3432650ec337c945 Registrant Fax: 3495bcf1839c6374 Registrant Name: 3495bcf1839c6374 Registrant Name: 5dfae26313ad55b7 Registrant Organization: 5dfae26313ad55b7 Registrant Phone Ext: 3432650ec337c945 Registrant Phone Ext: 3495bcf1839c6374 Registrant Phone: 3495bcf1839c6374 Registrant Phone: bc251b0217234631 Registrant Postal Code: 3495bcf1839c6374 Registrant Postal Code: 849ab04f1899cf7c Registrant State/Province: 163cbf82a12ec850 Registrant Street: 3495bcf1839c6374 Registrant Street: 905a6ab4a4262061 Registrant Street: 990c1b9ba22918a8 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +81.337709199 Registrar IANA ID: 49 Registrar Registration Expiration Date: 2026-01-06T16:52:46Z Registrar URL: http://www.onamae.com Registrar WHOIS Server: whois.discount-domain.com Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Registrar: GMO Internet, Inc. Registry Admin ID: REDACTED Registry Domain ID: REDACTED Registry Expiry Date: 2026-01-06T16:52:46Z Registry Registrant ID: REDACTED Registry Tech ID: REDACTED Tech City: REDACTED Tech City: Shibuya-ku Tech Country: JP Tech Country: REDACTED Tech Email: [email protected] Tech Organization: REDACTED Tech Organization: Whois Privacy Protection Service by onamae.com Tech Postal Code: 150-8512 Tech Postal Code: REDACTED Tech State/Province: REDACTED Tech State/Province: Tokyo Updated Date: 2024-12-22T01:26:22Z Updated Date: 2024-12-26T16:27:10Z
references
https://x.com/romonlyht/status/1939487686215217573, https://x.com/romonlyht/status/1939487689767846200, https://x.com/romonlyht/status/1939487688115229166, https://x.com/romonlyht/status/1939487900158378356, https://x.com/romonlyht/status/1939488441131250006, https://x.com/romonlyht/status/1939488443043910030, https://x.com/romonlyht/status/1939488444620964000, https://x.com/romonlyht/status/1939488656148123742, https://x.com/romonlyht/status/1939493263209300089, https://x.com/romonlyht/status/1939493265226789246, https://x.com/romonlyht/status/1939493767784038544, https://x.com/romonlyht/status/1939493769583489276, https://x.com/romonlyht/status/1939493771131109442, https://x.com/romonlyht/status/1939497517454164447, https://x.com/romonlyht/status/1939497519358316657, https://x.com/romonlyht/status/1939497521438748713, https://x.com/romonlyht/status/1939497523225427981, https://x.com/romonlyht/status/1939497525263905199, https://x.com/romonlyht/status/1939501275479171119, https://x.com/romonlyht/status/1939501277530239091, https://x.com/romonlyht/status/1939503492378636392, https://x.com/romonlyht/status/1939506052141347323, https://x.com/romonlyht/status/1939506056113373408, https://x.com/romonlyht/status/1939510321623994688, https://x.com/romonlyht/status/1939510323343749201, https://x.com/romonlyht/status/1939510657633943955, https://x.com/romonlyht/status/1939510655511670809, https://x.com/romonlyht/status/1939510880129241457, https://x.com/romonlyht/status/1939512836834943235, https://x.com/romonlyht/status/1939512842304274853, https://x.com/romonlyht/status/1939515896839766099, https://x.com/romonlyht/status/1939515898731368563, https://x.com/romonlyht/status/1939515900274921931, https://x.com/romonlyht/status/1939516566850408807, https://x.com/romonlyht/status/1939516565134921929, https://x.com/romonlyht/status/1939516570440720609, https://x.com/romonlyht/status/1939516568423276660, https://x.com/romonlyht/status/1939523508473856309, https://x.com/romonlyht/status/1939523510445216004, https://x.com/romonlyht/status/1939523890709147867, https://x.com/romonlyht/status/1939523898271506612, https://x.com/romonlyht/status/1939524185967243557, https://x.com/romonlyht/status/1939526575994908966, https://x.com/romonlyht/status/1939527017550303666, https://x.com/romonlyht/status/1939527019794252158, https://x.com/romonlyht/status/1939529846750855397, https://x.com/romonlyht/status/1939529848688676896, https://x.com/romonlyht/status/1939529850739650887, https://x.com/harugasumi/status/1943673401018564975, https://x.com/harugasumi/status/1943678502076625394
subdomains count
4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 7 days ago
Appeared in 10 threat reports