DomainMediumSignal 53/100
buycheap.cn
Location
ChinaFirst Seen
Jun 23, 2022
Last Seen
Feb 19, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports53% confidence
4
Source reports
53%
Confidence score
Category tags
active scanningbotnetbrute forcechinachina telecomcommand and controlcredential accesscredential harvestingcredential stuffingdata exfiltrationdistributed attacksftp brute forceindicatorinfrastructure acquisitionreconnaissancemalicious softwaremalwaremanualnetworknetwork intrusion attemptsnetwork scanningphishing attackprocess injectionreconnaissanceremote accessremote servicesresearchedsocial engineeringssh attackt1021t1021.001t1055t1059t1071.001t1076t1078t1110t1110.002t1190t1486t1496t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003
Activity Timeline
Feb 19Feb 19
Threat Activity Heatmap
· Peak: 2026-02-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **buycheap.cn** has been identified as an active indicator of compromise (IOC) associated with botnet and malware activities, originating from China. First observed on June
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
4
Reports
First seenJun 23, 2022
Last seenFeb 19, 2026
VirusTotal
Not checked
WHOIS
- registrar
- 广西北部湾在线投资控股有限公司
- creation date
- 2025-08-09T04:02:45
- expiration date
- 2026-08-09T04:02:45
- name servers
- ns1.nowcndns.com, ns2.nowcndns.com
- emails
- [email protected]
- status
- ok
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 4 months ago
Appeared in 4 threat reports