IOC Radar
DomainMediumSignal 49/100

cdn.lgaircon.xyz

Location
UkraineUkraine
First Seen
Feb 10, 2025
Last Seen
Jun 8, 2026
Feb 10
First Seen
490d ago
Jun 8
Last Seen
7d ago
8
Reports
source reports
49%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

8 reports49% confidence
8
Source reports
49%
Confidence score
Category tags
abuseacceptactive scanactive scanningaffected system: cityworksaffected system: iisagent teslaai themed malwareai toolai tool installerai toolsakamaialibabaandroidapi contactaptasiaauthentication abuseb2b salesbad reputationbatch scriptbeaconbeaconing activitybig game huntingbig-game huntingbotnetbotnet activitybrute forcec2c2 communicationcactuschaoschinachina chopperchinese threat actorchinese threat actorscisco securecivil servicescobaltcobalt strikecobaltstrikecommand & controlcommand and controlcommand executioncommunication protocolcompromised systemconfigcookiecredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata extortiondata leakdata leak sitedata store exposureddosdenial of servicedistributed attacksdll sideloadingdouble extortione-commerceencryptionenumerationeuropeexecutable fileexploitationexploitation activityextortionfake installerfake installersfeedfindfraudftpglobalgovernment technologyhttp scannerhttpshuaweiidentity & access exploitationindicatorindicators of compromiseinformation stealerinformation technologyinfostealeringress tool transferinitial accessinjection activityinterlockiociocsiotiot securityit infrastructurejquerylanguage: chineselateral movementlinkedin pageloader: rustmalicious advertisingmalicious downloadmalicious installermalicious powershell activitymalicious softwaremaloadermalvertisingmalwaremalware deliverymalware distributionmalware: cobalt strikemalware: tetraloadermalware: vshellmarketing sectormedia & entertainmentmetasploitmobile threatnanocore ratnation-state activitynetworknetwork attacksnetwork iocsnetwork protocolnetwork scanningnetwork traffic analysisnorth americanumeronumero malwareoutfilepalestine, state ofpassword attackpayload deliverypersistence: web shellphishingphishing attackphppost-exploitation activityprocess injectionprotectprotocol: httppublic administrationpublic infrastructurepublic policyransomwareransomware feedreconnaissanceregulatory agenciesremote accessremote access trojanremote code executionremote servicesresearchedscams & fraudscripting attackssecurity operationssentinel mispservershellcodeslugsocial engineeringsocial media distributionsocial media platformssoftware developmentssh attackstrongsupply chain attacksurface websystem disruptiont1003.001t1005t1016t1021t1021.001t1027t1033t1036t1040t1041t1046t1047t1049t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1070t1071t1071.001t1074t1076t1078t1078.001t1078.002t1082t1083t1086t1095t1105t1110t1110.002t1113t1125t1129t1132t1134t1140t1189t1190t1192t1195t1195.001t1202t1204t1204.002t1210t1218t1486t1490t1496t1499.002t1499.003t1505t1505.003t1543t1547.001t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1574t1583t1583.001t1584t1588t1588.002t1588.006t1595t1595.001t1595.002t1595.003t1598t1608t1608.001talostcp protocoltechnology sectortelecommunicationtetraloaderthreat actorthreat actor: uat-6382threat advisorythreat feedthreat intelligencetop storytor nodeuat-6382ukraineunited statesunixvietnamvshellvulnerabilityvulnerability scanweb application attackweb shellweb shellsweb trafficwebshellwebshells: antswordwebshells: behinderworldwide secrets blogxorredyashmazero-day vulnerability

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
8
Reports
First seenFeb 10, 2025
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

registrar
Go Daddy, LLC
description
The full text of the full report on Facebook, Twitter, Instagram and Google's live-streaming service has now been uploaded to more than 100,000 sites around the world, including Facebook and Twitter.
raw
Creation Date: 2024-06-11T02:46:19.0Z DNSSEC: unsigned Domain Name: LGAIRCON.XYZ Domain Status: inactive https://icann.org/epp#inactive Domain Status: pendingDelete https://icann.org/epp#pendingDelete Domain Status: redemptionPeriod https://icann.org/epp#redemptionPeriod Domain Status: serverHold https://icann.org/epp#serverHold Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Registrant Country: US Registrant Email: f651612a2f356ad3s@ Registrant Organization: b46a98a26fe2fd9f Registrant State/Province: 30bdd2917a604c83 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4805058800 Registrar IANA ID: 146 Registrar URL: https://www.godaddy.com/ Registrar WHOIS Server: whois.godaddy.com Registrar: Go Daddy, LLC Registry Domain ID: D462487836-CNIC Registry Expiry Date: 2025-06-11T23:59:59.0Z Updated Date: 2025-07-23T08:09:57.0Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 8 threat reports