DomainHighVerifiedSignal 64/100
api-taxi.ingenosya.mg
Location
SpainFirst Seen
Jun 12, 2025
Last Seen
Feb 24, 2026
Jun 12
First Seen
364d ago
Feb 24
Last Seen
106d ago
4
Reports
source reports
64%
Confidence
high
4/91
VirusTotal
detections
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
.cc domainacceptaccess attaccount compromiseaccount discoveryaccount manipulationaccount profilingaccount securityaccount takeoveractive scanningaddressaitypesakamaiakamai externalalertsalfperalfper:pua:win32/installcorealive thailandall domainall filehashall ipv4all urlamerica asnamerica flaganalysis dateanalysis ob0001analysis ob0002apacheapache xappleaquireascii textassociated urlsautorunav detectionsblack bastablack rockblack-bastabloatbodybody doctypebody h1body htmlbotnetbotnet activitybrian sabeycapecatalog treecdhccheckincheckschecks adapterchecks systemchina unknownchristopher p. ahmanncity berlincivil servicescjutxgck idck matrixck techniquesclick-based attackcnamecnmicrosoft ecccode executioncode injectioncommandcommand and controlcommand executioncommand_and_controlcommunication protocolcommunication technologiesconnected devicesconsumer goodscontent typecontrolcontrol ta0011cookiecorporate lawcorporation10country decountry namecovacova cryptbotcreation datecredential accesscredential harvestingcredential theftcrlf linecryptbotcus subjectdatadata accessdata breachdata copyingdata deletiondata encryptiondata exfiltrationdata oc0004data theftdata transferdata uploaddefense evasiondeletedelete cdelphidenial of servicedenmarkdenver highmarkdevice managementdistributed attacksdnsdnssec unsigneddockdomains domaindominetdosdrivedynamicdynamic dnsdynamicloadereb e1edgeee fcemailsemotetencryptenoughentrieseregec4errorerror httpseuropeevasion ta0005exchange metaexcludeexclude suggesexe uploadexpirationexploitationextortionf0 fffacts domainfailedfailurefastfastly errorff d5ff fffilesfiles domainfiles ipfiles locationfiles relatedfiles showfind sflagflag unitedfollow bot activitygbdyllogeckogeneric httpget httpget httpsgooglegoogle safegoogle taggovernment technologygtmkvjvztk dlhead titlehidden usershighhigh automatedhighesthookwowlow dechookwowlow novhosthostilehostinghostname addhostname enumerationhostshourly rlhtml documenthtml internethtml publichttp attackhttp scannerhybridiced iced babyicedidicmpids detectionsiframeiframe tagsimpact ta0040inboundinclude reviewindicatorindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjectioninput validation bypassintelintellectual property lawinternet of thingsinvalid urliocsiosiot analyticsiot applicationsiot platformsiot securityipv4ipv4 addit infrastructurejsonkhtmlkl0hsylateral movementlaw practicelearnlegal consultinglegal researchlegal serviceslegal technologylessless whoislink initiallocallowfimalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware hostingmarkusmediummeta namemetadata analysismitmmitre attmobile carriersmobile networksmodemovedmpgph131 hrmpgph131 lgmusicmutexes nothingmydoomname ericname serversname tacticsnetworknetwork communicationnetwork intrustionnetwork probingnetwork scanningnetwork traffic analysisnextnext associatednext relatedno expirationnone googlenone indicatornorth americanothingnumberob0007 impactob0012 fileok serverollydbgomicrosoft conlogon rlopen threatopeniocopenurl coperating systemoperating system securityorg soundcloudotx logooutbound trafficoxq xr8w1passive dnspath traversalpattern matchpcappdf reportpe filepe sectionpegasusphishingphishing attackpleasepng imageportpost httpspoweredpresentpresent aprpresent augpresent decpresent febpresent janpresent julpresent junpresent octpresent seppresent showingprocess injectionprocess monitorprocess oc0003public administrationpublic folderpublic infrastructurepublic policypulse pulsespulse showpulse submitpulses nonepulses urlpushqueue securityransomwareread creadsreconnaissancerecord valuerecycle binredacted forregulatory agenciesregulatory compliancerelatedrelated nidsrelated tagsremote servicesrequestresearchedresidential real estateresolved ipsresources whoisresults janresults julresults novretail tradereverse dnsrgbas showingscript scriptscript tagsscript urlsscripting attackssea psearchsectigo limitedsectigo publicserver caserver responseserversshiftshowshow techniqueshowingsmart devicessnisnowsocial engineeringsocial media attacksocial media manipulationsocial media securitysoftware developmentsoftware exploitationspainspawnsstarfieldstate of coloradostatic dnsstatusstealerstixstop datastringsstrongstwastwa lredmondsuspsystem disruptionsystem oc0001t1001.003t1003.003t1005t1021t1021.001t1027t1030t1041t1045t1046t1048.001t1053t1055t1055.008t1057t1059t1059.001t1060t1068t1069t1069.001t1069.002t1071t1071.001t1071.004t1078t1082t1086t1105t1112t1113t1114t1119t1129t1140t1143t1147t1155t1158t1189t1190t1195t1203t1204t1204.001t1204.002t1211t1480t1480 executiont1485t1486t1490t1496t1499t1499.002t1499.003t1553t1553.002t1555t1557t1562t1562.001t1564t1564.005t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1573t1583t1583.001t1583.005t1587.001t1588t1588.002t1589t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1598t1608.001ta0004 defenseta0009 commandtags twittertelecom servicestelecommunicationsthemidatitletitle errortitle headtlstls handshaketls issuingtls snitlsv1tor analysistotaltrojan malwaretrojandroppertrojandropper:win32/vb.iltrojanspytwittertypetype indicatorunicodeunicode textuniqueunitedunited statesunknown cnameunknown nsupdate secureurlsurls showurlvoiduser executionusersvalue emailsverdictvirtoolwahlforss nameweb application exploitationweb securityweb trafficwebshellwin.trojan.agentwin32 malwarewin32mydoom febwin32upatre sepwindirwindows malwarewindows ntwormwritewrite cx msedgexml titleyara detectionsyara ruleyara signature
Activity Timeline
Feb 24Feb 24
Threat Activity Heatmap
· Peak: 2026-02-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **api-taxi.ingenosya.mg** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, exploits, malware, phishing, and ransomware. Originating from Spain, this malicious domain has been active since June
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJun 12, 2025
Last seenFeb 24, 2026
Verified IOC
WHOIS
- registrar
- INGENOSYA BUSINESS SERVISES
- description
- Surprised: Follow bot account affects threat researcher(s)account(s). % path , attempts DoS. Threatening account name,. (00285c99b52d41679b1aa3b8a80895b037df8a7500f4ad97ce06068eac4a95b7 | = follow) || {2025-05-20_bf3a6ba6e3421a7214ffbfe97642a578_amadey_black-basta_cova_cryptbot_elex_luca-stealer FastCopy5.9.0.exe} ET DNS Query for .cc PROTOCOL-ICMP PATH MTU denial of service attempt PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set
- raw
- Creation Date: 2009-06-18T08:38:20Z DNSSEC: unsigned Domain Name: ingenosya.mg Domain Status: active https://icann.org/epp#active Name Server: ns1.contabo.net Name Server: ns2.contabo.net Name Server: ns3.contabo.net Registrar Email: [email protected] Registrar Registration Expiration Date: 2025-12-30T21:00:00Z Registrar Street Address: Lot III U 134 Anosizato Est I 101 - Antananarivo Registrar: INGENOSYA BUSINESS SERVISES Registry Domain ID: 1949-nicmg Registry Expiry Date: 2025-12-30T21:00:00Z Registry Registrant ID: 402666-nicmg Updated Date: 2024-12-04T05:38:53Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 year ago · Last seen 3 months ago
Appeared in 4 threat reports