DomainHighVerifiedSignal 24/100

`airsupportapp.com`

Location

Spain

First Seen

Feb 9, 2024

Last Seen

May 22, 2026

Feb 9

First Seen

854d ago

May 22

Last Seen

20d ago

Reports

source reports

24%

Confidence

high

Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

24%

Signal Score

24 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

75 techniques

Feed Intelligence Summary

6 reports24% confidence

Source reports

24%

Confidence score

Category tags

#potentialus-origin_falseflag_obfuscation.cc.chaaaaabuseacceptaccess controlaccount discoveryaccount profilingaccount securityaccount takeoveracintactiveactive relatedactive scanactive threatad tevdagaddressadloadafricaafrinicagentaigairpods tvakamaialexaalexa topalienvault_ransomwareall ipv4all octoseekall scoreblueall searchamericaamerica asnamerica flagand chinaandroidapi abuseapnicaposterappleapple attackapple cardapple engineeringapple iosapple phoneapple scriptapple storeapple supportapple tradeapple watcharinartemisas1680 cellcomascii textasiaasia pacificasnone unitedassembly commonassembly nameasyncratattackauthentication bypassauthentication flawauthentihashauthoritybackdoorbad reputationbahamutbankbank securitybehavbell southbitrepblacklist httpblacklist httpsbloat-ablogblooredbodybody lengthbotbotnetbotnet activitybrianbrian sabeybrontokbrowse scanbrute forcebrute force passwordsbundledbuttonsc2:prioritywirreles.comca idcabcamscanadacanada unknowncanvascapturecc nochi2chinachromecidrcins activecisco umbrellacityck idck matrixclasscleanerclickclick-based attackclr versioncmdcms brute forcecnamecnapple istcnapple publiccobalt strikecode executioncode signingcom laudecommandcommand & controlcommand and controlcommand executioncommunication protocolcommunity managementconduitconfigcontactcontacted urlscontent sharingcontrol panelcorecorporate espionagecount blacklistcountrycreation datecredential accesscredential brutingcredential harvestingcredential stuffingcredential theftcrlf linecryptocurrencycryptocurrency threatscryptographycryptojackingcybercyber harassmentcyber stalkingcyber threatcyber threatsdapatodarknet servicedata accessdata breachdata collectiondata copyingdata encryptiondata exfiltrationdata misusedata store exposuredata transferdata uploadddosddos attacksdecodedecryptdefense evasiondeletedetails moduledetection listdgadga domainsdigital certificatedigital platformsdigital signaturedistributed attacksdnsdns attackdomaindonedot netdotnet_encrypteddownldrdownloaderdraiedropdropperdynamic dnsdynamic expiresdynamicloadere-signature securityec oidee fcelectronic health recordself collectionelf executableelf malwareelf wgetboatelf32emailemotetencpkencryptencryptionendpoints allengineeringenter soudcetdientriesentropy chi2erroret cinset infoet toreuropeeurope/asiaevasionevasiveexcludeexclude suggesexecutable fileexitexpirationexpiration dateexploitexploitation activityextortionextr dataextraction dataextri dataextri includefactoryfailedfakedout threatfalcon sandboxfalsefalse informationfareitfe fffearff d5ff e1filefilesfiles domainfiles relatedfinal urlfinancefinancial crimesfinancial institutionfinancial servicesfindfind sfirstfloxiffooterfor privacyformatfoundryframingfrancefraud urlsfri novfromfusioncoreg1 validitygeneratorgenericgeneric malwaregermanygobrutgoogle safegp practicegraphgroupguardguidhappywifehappylifehashes fileshawkeyeheader targetheaders nelhealth care and social assistancehealth information technologyhealthcare information systemshellheodoheurhighhistoricalhistorical sslhospital managementhosthostnamehostname addhostname enumerationhrefhtmlhtml infohttp attackhttp attackerhttp responsehttp scannerhttp spammerhttpshybridianaicedidicefogicloudid loggedidentity & access exploitationidentity searchiframeilike searchimphashinclude reviewindextab ogindicatorinfoinfo compilerinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassinstallintelinternal nameinternet of thingsiobitiocsiocs kbiosiot botnetiot securityiot/ics attackipv4ipv4 addressipv6israel unknownissuer criteriaist cait infrastructurejapanjeffrey reimerjekylljs userjson datajul jankey algorithmkey identifierkeybasekeygenkgs0kls0known torkrakenlacniclaunchlearnlenovo tabletlimitedlinuxllwnloaderidlocalloki botmachine intelmacosmagic pe32mail spammermalicious activitymalicious downloadmalicious hostmalicious linksmalicious sitemalicious softwaremalicious urlmalicious url repositorymalvertizingmalwaremalware distributionmalware genericmalware hostingmalware signingmalware sitemalware_win_zgratmediamedia centermedical servicesmediummetameta tagsmetadata analysismetrometro t-mobilemetrobymillionmiraimirai botnetmisc attackmitmmitremitre attmitre attkmobilemobile devicemobile securitymobile threatmon sepmonitoringmovedmozillams windowsmsiemultiple_versionsmusicmydoommysql brute forcenamename serversname tacticsname verdictnanjingnation-state activitynetherlandsnetworknetwork scanningnetwormnextnext associatednircmdno datano expirationnode tcpnode trafficnoname057north americanuancenumbernymaimoccamyocomodo caopen portsoperating systemoperating system securityoracleoriginal nameotx logootx scorebluepalantir foundrypassive dnspasswordpastepatcherpath traversalpatient carepattern matchpcappdf reportpe resourcepegasuspersonal dataphishingphishing attackphishing intelligencephishing sitepixelrzplatform interferencepluginspointponypoor reputationpredatorpresent augpresent junpresent novpresent octpresent sepprivacy adminprivacy incprivacy techprivilege escalationprobeprocess injectionproductprotocol-devipsexecpublic keypulse pulsespulse submitpulse usepulsespulses otxpushqbotquasarqwestransomransomwareratelreconnaissancerecord typerecord valuered teamredacted forredline stealerrefreshregszrelated tagsrelayremoteremote accessremote servicesreputation damagereputation ipreputation manipulationresearchedresource hijackingresults decreverse dnsreviewrich peripe nccrndhexrole titlerootroot carsdsrticon englishrticon neutralruntime processrussiarva entrysabeysafe sitesamplessandboxscalaxyscams & fraudscan endpointsscriptscript domainsscript urlssearcsearchsearchbox0secrisksecure serversecurity policyselfserverserver appleserver responseserver rsaserversserviceserving ipshow techniqueshowingsigning casimplesingaporesitesizeslcc2smallsmear campaignsmlensocial analyticssocial engineeringsocial mediasocial media abusesocial media marketingsocial media securitysocial networkingsoftware developmentsoftware exploitationsoftware integritysourcespainspamspammerspanspawnsspeakez securusspyrixkeyloggerspywaressdeepssh attackssh on serverssl certificatessl hostnamestaged datastalking tacticsstatestatusstatus codestatus codesstealerstixstop xstrangestreamstreams sizestringssubidsubmitsubmit quasarsuggessummarysurveillance campaignsvg scalableswrortsymantec sha256symantec timesystem disruptionsystem information discoverysysvt1001t1003t1005t1016t1021t1021.001t1027t1030t1055t1057t1059t1059.001t1059.007t1060t1063t1064t1069t1069.001t1071t1071.001t1071.003t1071.004t1078t1083t1105t1110t1110.001t1110.002t1113t1133t1147t1155t1189t1190t1203t1204.001t1204.002t1210t1480t1480 executiont1486t1490t1496t1497t1499.001t1499.002t1499.003t1534t1539t1554.001t1554.003t1555t1557t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569.002t1573t1573.001t1583t1583.005t1584t1587.001t1589t1589.001t1590.001t1592t1595t1595.003t1598t1598.003tag counttaggingteamteam alexateams apitelefonica detemptextthreatthreat actorthreat actor groupthreat analyzerthreat intelligencethreat networkthreat preventionthreat reportthreat roundupthreats ettiggretinbatitletitle addedtitle appletld counttofseetompctoolstor knowntor nodetor relayroutertrackertraffictrid windowstrojantrojan malwaretsara brashearsttl valuetulachtwittertypetype nametypelib idunicode textunionunisunitedunited statesunknown nsunknown soaunknown urlsunruyunsafeuny inuuueurlsurls httpurls httpsurls showuser engagementuser executionutc entryv3 serialvalidverdictversion idvhashviewvirtoolvirutw32.bloat-awacatacwannacrywatch visionweb application attackweb application exploitationweb crawlerweb crawlingweb securityweb trafficwhois lookupwhois recordwhois sslcertwhois whoiswin32 dllwin32 exewin32 malwarewin32mydoom febwindirwindows malwarewindows ntworkaposterwormwritewrite cxoboxor obfuscationxportxtratyandexyara rulezbotzeuszpevdo

Activity Timeline

1 total obs

May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

24%

Confidence

Reports

First seenFeb 9, 2024

Last seenMay 22, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: NOM-IQ Ltd dba Com Laude
domain rank: -1
raw: Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Email: [email protected] Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2010-09-23T20:15:22Z DNSSEC: Unsigned Delegation DNSSEC: unsigned Domain Name: AIRSUPPORTAPP.COM Domain Name: airsupportapp.com Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited Name Server: A.NS.APPLE.COM Name Server: B.NS.APPLE.COM Name Server: C.NS.APPLE.COM Name Server: D.NS.APPLE.COM Name Server: a.ns.apple.com Name Server: b.ns.apple.com Name Server: c.ns.apple.com Name Server: d.ns.apple.com Registrant City: 1f8f4166599d23ee Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 75a585107ec1f318 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: b1952dfc047df18a Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +44.2074218250 Registrar Abuse Contact Phone: +442074218250 Registrar IANA ID: 470 Registrar Registration Expiration Date: 2025-09-23T00:00:00Z Registrar URL: http://www.comlaude.com Registrar URL: https://www.comlaude.com Registrar WHOIS Server: whois.comlaude.com Registrar: NOM-IQ Ltd dba Com Laude Registrar: Nom-iq Ltd. dba COM LAUDE Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: 1617156149_DOMAIN_COM-VRSN Registry Expiry Date: 2025-09-23T20:15:22Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Email: [email protected] Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2024-08-24T23:10:18Z Updated Date: 2024-08-31T23:26:30Z
subdomains count: 2

`airsupportapp.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy