DomainMediumSignal 88/100

`captioz.shop`

Location

Canada

First Seen

Feb 12, 2026

Last Seen

Jun 7, 2026

Feb 12

First Seen

121d ago

Jun 7

Last Seen

6d ago

Reports

source reports

88%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

88%

Signal Score

88 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

14 reports88% confidence

Source reports

88%

Confidence score

Category tags

abuseabusech-threatfox-c2caccount securityactive scanactive scanningalienvault_ransomwareamadeyamadey botamadey stealeraptasiaasyncratasyncrat malwareauto-generatedautomated analysisautomated attackautomated threatautomated threat detectionautomated threat huntingautomated-attackautomated-huntautomated_attackbackdoorbad reputationbashlite botnetbelarusbitcoinblacklisted ipblockchainbodybotnetbotnet activitybotnet_c2brute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 communicationc2 frameworkc2 infrastructurec2 serverc2-infrastructurec2_activityc2_communicationc2_infrastructurecanadacaptchacensysclickfix malware campaigncnccobaltcobalt groupcobalt strikecode executioncode injectioncommand & controlcommand and controlcommand executioncommodity contracts intermediationcommon exploit kitscommunication protocolcompromised hostcompromised host potentialcompromised infrastructure detectioncompromised systemcredential accesscredential compromisecredential harvestingcredential stuffingcredential-accesscredential_accesscrypto exchangecrypto miningcrypto walletcryptocurrencycyber campaigncybersecurity companyczechczech republicdata encryptiondata exfiltrationdata store exposureddosddos attemptddos preparationdecentralized financedenial of servicedenmarkdigital currencydistributed attacksdugganusa analyticsencryptioneuropeeurope/asiaexecutable fileexodusexploitexploit activityexploitationexploitation activityexposure assessment platformexposure managementextortionfake captchaftpftp brute forceftp_bruteforcegermanyglasswormhavochtmlhtmlcsshttp brute forcehttp c2http probinghttp requestshttp scanhttp scannerhttp scanninghttp_scanhttpshttps probinghttps scanhttps scanninghungaryidentity & access exploitationimpure stealerinbound communicationindicatorinfected hostinformation stealerinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityiociocsiot securityip-addressjavascript injectionkimsukylateral movementloaderloader c2sloader malwarelogin-attemptsmalicious downloadmalicious linksmalicious network activitymalicious powershell activitymalicious softwaremalicious trafficmalwaremalware activitymalware campaign activitymalware campaign analysismalware campaign detectionmalware communicationmalware detectionmalware distributionmalware distribution campaignmalware familiesmalware indicatorsmalware infectionmalware installationmalware payload deliverymalware_detectedmalware_detectionmanaged security solutionsmanual-collectionmedium-riskmeterpretermeterpreter frameworkmeterpreter payloadmulti-vector threat campaignmustnetworknetwork attacksnetwork communicationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork-trafficnetwork_reconnaissancenewly observed domainnewly observed ipnorth americanovel iocnovel iocsnovel-iocnovel_iocopen source intelligenceoperating systemoperating system securityoperation camelcloneosintosint-volleyoutbound trafficpassword attackpassword attackspattern-49pattern-49 intelligencepayloadpayload deliveryphishingphishing attackpolandpolishport-scanningpossible aptpossible apt activitypossible botnetpossible compromised hostpossible exploitationpossible malware downloadpossible malware infectionpost-exploitationpotential c2 activitypotential compromisepotential data exfiltrationpotential malware activitypotential malware infectionprecogprecog sweepprocess injectionprotocol exploitationpythonquasar ratquasar-ratquasar_ratquasarratransomwareransomware activity indicatorsrapid7ratrat activityrdp_bruteforcereconnaissancereconnaissance activityremcos trojanremote accessremote access toolsremote access trojanremote servicesresearchedromaniascams & fraudscripting attackssecurity operationsself-signed certificateself-signed certificatesself_signed_certificateservice scansingaporesliversliver c2slovakiasmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationspear-phishingssh attackssh_bruteforcesslssl certificatesssl communicationstealcstealersuspected botnetswedenswedishsystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1027t1027.002t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1086t1095t1102.001t1104t1105t1110t1110.001t1110.002t1110.003t1110.004t1132.002t1133t1140t1189t1190t1203t1204t1204.001t1204.002t1219t1486t1490t1496t1497.001t1497.003t1499.002t1499.003t1539t1547.001t1552t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1569t1569.002t1571t1573t1573.001t1583.001t1584.006t1587t1587.001t1588.001t1589t1590.001t1595t1595.001t1595.002t1595.003t1608.001t1608.004tacticstcp protocoltelnet threattengu ransomwarethreat actorthreat actor groupthreat groupthreat intelligencethreatfox apithreatfox feedthreatfox_apitor nodetrojan malwareturkeyturkishtwittertype osintunidentified threat actorunited statesunknown malwareunknown malware indicatorsunknown-malwareurlsvidarvidar stealervirusvodkastealervoid#geistvulnerability scanweb brute forceweb downloadweb exploitationweb securityweb trafficweb-based malwarewordpress compromisewormyarayara rule

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **captioz.shop** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Canada. First observed on February

Threat ScoreHigh Risk

SIGNAL

Signal Score

88%

Confidence

Reports

First seenFeb 12, 2026

Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

description: Domain name that delivers a malware payload
domain rank: -1
subdomains count: 0

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 4 months ago · Last seen 6 days ago

Appeared in 14 threat reports