IOC Radar
DomainHighVerifiedSignal 64/100

afexacademia.com

Location
United StatesUnited States
First Seen
Jul 8, 2025
Last Seen
Apr 7, 2026
Jul 8
First Seen
352d ago
Apr 7
Last Seen
79d ago
5
Reports
source reports
64%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

138 techniques

Feed Intelligence Summary

5 reports64% confidence
5
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatappleaptapt groupbad reputationbingbotnetbotnet activitybrute forcecivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsenterprise securityexecutable fileexploitexploitation activityfirmware infectionfirmware modificationgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationindicatorinjection activityinternet of thingsiosios malwareiot botnetiot securityiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatnation-state activitynetworknorth americaoperating systempatch managementpatient carepdfpegasuspegasus projectphishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1110t1113t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat actortor nodeunited statesvulnerability scanwindows malwarezero click exploitzero-day exploit

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **afexacademia.com**, originating from the United States, has been identified as a significant indicator of compromise (IOC) associated with advanced persistent threat (APT) activities. First observed on July

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
5
Reports
First seenJul 8, 2025
Last seenApr 7, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank
-1
raw
Administrative city: Reykjavik Administrative country: Iceland Administrative email: [email protected] Administrative state: Capital Region Create date: 2025-07-01 00:00:00 Domain name: afexacademia.com Domain registrar id: 1068 Domain registrar url: http://www.namecheap.com Expiry date: 2026-07-01 00:00:00 Name server 1: ns5932.banahosting.com Name server 2: ns5933.banahosting.com Query time: 2025-07-02 13:24:14 Registrant city: ddbf76e4e8cee320 Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: [email protected] Registrant name: 37bfbc24cafea5d2 Registrant phone: ef7c9ebdb324979a Registrant state: 3e0204199d8ebf9c Registrant zip: f206c9d9737ad45d Technical city: Reykjavik Technical country: Iceland Technical email: [email protected] Technical state: Capital Region Update date: 2025-07-02 00:00:00
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 2 months ago
Appeared in 5 threat reports