DomainMediumSignal 48/100
bill.microsoftbuys.com
First Seen
Jun 14, 2021
Last Seen
Feb 19, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports48% confidence
4
Source reports
48%
Confidence score
Category tags
botnetcommand and controlcredential harvestingdata exfiltrationdistributed attacksindicatorinfrastructure acquisitionreconnaissancemalicious softwaremalwaremanualnetworkphishing attackprocess injectionresearchedsocial engineeringt1055t1071.001t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001
Activity Timeline
Feb 19Feb 19
Threat Activity Heatmap
· Peak: 2026-02-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), the domain `bill.microsoftbuys.com`, represents a significant and active threat to organizational security. Its structure, deliberately mimicking a legitimate brand, is a hallmark of sophisticated phishing and social engineering campaigns designed to trick users into revealing sensitive information or executing malicious code. Interaction with this domain could lead to severe consequences, including credential theft, malware infection (such as ransomware or in…
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
4
Reports
First seenJun 14, 2021
Last seenFeb 19, 2026
VirusTotal
Not checked
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 4 months ago
Appeared in 4 threat reports