DomainMediumSignal 94/100
api.wiresguard.com
Location
ItalyFirst Seen
Feb 3, 2026
Last Seen
Jun 6, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
11 reports94% confidence
11
Source reports
94%
Confidence score
Category tags
abuse.ch threatfoxabuse.ch threatfox apiabusech-threatfox-c2cactive scanactive scanningadministrationaerospace & defenseamaranth-dragonamatera stealerapi obfuscationapi t1055apisapplication attackaptapt28apt29asiaasyncratattackauthentication attackauto-generatedautomated analysisautomated detectionautomated huntautomated osintautomated threatautomated threat detectionautomated-huntautomated_attackautomated_detectionbackdoorbad reputationbankingbeaconbeacon payloadbeaconsbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 communicationc2 communication detectedc2 domainc2 frameworkc2 infrastructurec2-activityc2-frameworkc2-infrastructurec2_activityc2_communicationc2_frameworkcanadachinachinesechinese aptchinese threat actorchrysalis backdoorcivil servicesck idcloud atlascnc-servercobaltcobalt strikecobalt strike activitycobalt-strikecobaltstrikecode executioncode injectioncode loadingcommand & controlcommand and controlcommand executioncommand-and-controlcommunication protocolcommunication technologiescommunications networkscompromised credentialscompromised hostcompromised host communicationcompromised infrastructurecompromised softwarecompromised updatecompromised_credentialsconfigcontactcrazycredential accesscredential stuffingcredential_accesscredit card servicescritical infrastructurecs beaconcustom hashing algorithmcyber threatscybersecurity companydata encryptiondata exfiltrationdata store exposureddosddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedll injectiondll side-loadingdll sideloadingdnsdns attackdugganusa-researchdynamic apieducationemergency servicesencryptionenergyenergy distributionenergy systemseuropeeurope/asiaevasive pandaexecutable fileexfiltrationexploit attemptexploitation activityexposure assessment platformexposure managementfake captchafilehash md5filehash sha1filehash sha256fin7financefinancial servicesfinancial systemsfinancial technologyftpftp brute forceftp brute-forceftp bruteforceftp_brute_forcegeckogenericgovernment facilitiesgovernment technologyhttp activityhttp brute forcehttp bruteforcehttp scanhttp scannerhttp scanninghttp_scanninghttpshttps scanninghttps_scanningidentity & access exploitationindicatorinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsiociocsiot botnetiot securityiot/ics attackip-addressipv4it infrastructureitalykhtmlknown malicious iplateral movementlateral_movementloaderlogin attemptslolbinlotus blossomlotus blossom aptmalicious activitymalicious linksmalicious network activitymalicious softwaremalwaremalware activitymalware analysismalware campaign activitymalware campaign analysismalware communicationmalware descriptionsmalware detectionmalware distributionmalware distribution campaignmalware indicatorsmalware technologiesmalware-detectionmalware_communicationmalware_detectedmalware_indicatorsmanaged security solutionsmediametasploitmeterpretermgbotmilitary operationsmirai botnetmitre ttpsmobile carriersmobile networksnational securitynetworknetwork activitynetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork traffic redirectionnetwork-trafficnetwork_iocnetwork_service_scanningnextnorth americanotepadnotepad updatenotepad++novel iocnovel ioc detectednovel threatnovel-iocnovel_iocnppnsisnsis installeroil & gasopencti_label notepad++operating systemoperation neusploitosintosint-volleypassword attackspassword_attackpattern 49pattern-49payload deliverypayment processingphishingportpossible apt activitypossible data exfiltrationpossible reconnaissancepossible_botnetpossible_exfiltrationpost-exploitationpotential data exfiltrationpotential malware activitypotential malware infectionpower generationpower systemsprecogprecog engineprecog sweepprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyquasar ratransomwarerapid7rapid7 httpsratrdp_brute_forcereconnaissancereflective dll injectionregulatory agenciesremcos trojanremote accessremote access trojanremote servicesremote_accessrenewable energyresearchedrussiasalatstealerscams & fraudsecurity operationsself-signed certificateself-signed certificatesself-signed-certificateserviceservice scanshellcodeshellcode executionsign upsmb scanningsmtpsmtp brute forcesmtp scansoftware developmentsoftware exploitationsoftware updatesoftware update attackssh attackssh bruteforcessh_brute_forcesslssl communicationssl/tlsstealcstealc stealerstealerstixstrike beaconsupply chain attacksupply chain compromisesupply-chainsupply-chain attacksuspected apt activitysystembct1001t1003t1003.001t1005t1014t1016t1016.001t1018t1021t1021.001t1021.002t1027t1027.007t1036t1040t1041t1046t1047t1049t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1068t1069.001t1070.004t1071t1071.001t1076t1077t1078t1078.001t1082t1083t1090t1095t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1195t1195.001t1195.002t1202t1203t1204t1204.001t1204.002t1205t1219t1480.001t1480.002t1486t1490t1496t1499.001t1499.002t1499.003t1528t1539t1543.003t1547t1547.001t1550.002t1552.001t1553.002t1555.003t1562.001t1563t1565t1566t1566.001t1566.003t1567t1569.002t1573t1573.001t1574.001t1574.002t1583.001t1583.004t1587.001t1588t1588.002t1588.006t1590.001t1595t1595.001t1595.002t1595.003t1620tcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat intelligence feedthreatfox apitor nodetransportation networkstrojanized installertroystealerudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunknown malwareunknown stealerunknown-malwareunknown-stealerurlsurls httpuser executionvalidinvshellvulnerability scanwarbirdwater systemswealth managementweb securityweb trafficwindows ntwizardxwormz-cert
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **api.wiresguard.com** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Italy. First observed on February
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
11
Reports
First seenFeb 3, 2026
Last seenJun 6, 2026
VirusTotal
Not checked
WHOIS
- description
- d3bf06f3c6b8cf115f386f853939819f22bb0b9c412ac3696c143ea3440e5bc3 - 04.29.26 - Bitdefender Renamed Submission Wizard & Lotus Blossum LOTUS PANDA (Malpedia) aka: ATK1, BRONZE ELGIN, Billbug, DRAGONFISH, G0030, Lotus BLossom, Lotus Blossom, Red Salamander, ST Group, Spring Dragon Lotus Blossom is a threat group that has targeted government and military organizations in Southeast Asia.
- raw
- Create date: 2025-03-19 00:00:00 Domain name: wiresguard.com Domain registrar id: 1068 Domain registrar url: http://www.namecheap.com Expiry date: 2026-03-19 00:00:00 Name server 1: dns1.registrar-servers.com Name server 2: dns2.registrar-servers.com Query time: 2025-03-20 10:21:59 Update date: 2025-03-19 00:00:00
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 4 days ago
Appeared in 11 threat reports