DomainHighVerifiedSignal 26/100

`certauri.com`

Location

Australia

First Seen

Jul 8, 2025

Last Seen

Mar 24, 2026

Jul 8

First Seen

340d ago

Mar 24

Last Seen

81d ago

Reports

source reports

26%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

26%

Signal Score

26 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

176 techniques

Feed Intelligence Summary

5 reports26% confidence

Source reports

26%

Confidence score

Category tags

aaaaabuseacademic institutionsacceptaccount securityaddressaddress domainaddress googleadvanced persistent threatakamaialertsallowamazonanalysis dateapache xappleaptapt groupascii textassociated urlsatlasatomaustraliaautorunav detectionsavast avgazureadmyorgberbewbingbodybody doctypebotnetcaretoch uacivilcivil servicescivilian targetingck idck matrixclick-based attackcnletcode executioncode injectioncommandcommand and controlcommand executioncommunication protocolcommunication technologiescompromised routerconnectorcontent typecopy md5copy sha1copy sha256creation datecredential harvestingcrimecrlf linedata accessdata copyingdata exfiltrationdata theftdata transferdata uploadddos attacksdefense evasiondefense-evasiondeletedelphidesktopdetailed errordetections namedevelopment attdistributed attacksdnsdnssecdocument filedomains showdropperdynamicdynamicloadere safeeducational resourceseducational serviceseducational technologyelectronic health recordselton avundanoencryptencrypted connectionsendgameenterprise securityentrieserrorerror juleu alexeyeu cyber policieseuropeexploitfalsefileless malwarefilesfiles domainfiles ipfiles locationfiles relatedfiles showfirmware infectionfirmware modificationflagflag unitedformbook stealerfoundfrance asnfrontgame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologygeckogenericgooglegoogle safegovernment technologyhackersheader http2health care and social assistancehealth information technologyhealthcare information systemshiddenhighhigher educationhospital managementhostilehostinghostname addhostname enumerationhostname queryhtml smugglinghtml_smugglinghttp scannerhybridicmp trafficids detectionsii llcindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassintelintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot/ics attackit infrastructureitre attjavak-12 educationkeyskhtmllaw enforcement surveillancelazarus grouplearnless whoislinklinuxlinux malwarelivelocallookmacmagnusmalicious linksmalicious softwaremalwaremalware campaignmass surveillancemediamedical servicesmediummeistermetadata analysismicrosoft azuremicrosoft crmmicrosoft powermicrosoft teamsmirai botnetmitre attmobilemobile carriersmobile gamingmobile malwaremobile networksmobile secmobile securitymobile spywaremodel secmovednamename servername serversname tacticsnetherlandsnetworknetwork scanningnetwork trafficnextnext associatednext passivenext relatednext yaranorth americanreumnsonso groupobjectoceaniaofficeogoogle trustok transferoletopenurl coperating systemoperating system securityoutbound m3overview ippacking t1045paragonpassive dnspatch managementpath traversalpatient carepattern matchpdfpdf exploitpe filepegasuspegasus projectpeopleperfect privacyphishingphishing attackpoliceportprecreate readpremiumpresentpresent aprpresent augpresent decpresent febpresent janpresent julpresent marpresent novpresent octpresent sepprocess injectionpublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulses nonepushransomransom:win32/cvereadread creconnaissancerecord valuerefreshregional securityregistry modificationregistry runregulatory agenciesrelated nidsrelated tagsremote accessremote access trojanremote servicesresearchedresponse iprestartresults janresults julreverse dnsreviewsafe browsingsamsungscript urlssearchsecurity operationsserver responseserviceshowshow processshow techniqueshowingsizeskynetsmssms exploitsocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware vulnerabilitiessonyspansparkspawnsssl castatestate-promovedstate-sponsoredstatusstealerstringssupply chain attacksuspt1001t1003t1003.001t1003.004t1004t1005t1011t1012t1016t1018t1019t1020t1021t1021.001t1021.006t1023t1027t1030t1031t1036t1037t1037.003t1040t1041t1045t1053t1055t1055.001t1056t1057t1059t1059.001t1059.004t1059.007t1060t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1083t1084t1087t1088t1091t1094t1105t1110t1112t1113t1114.002t1119t1129t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1203t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1480t1480 executiont1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.001t1587.003t1588t1589t1589.001t1590t1590.001t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationstexasthreat intelligencetitle objecttlsv1toolstor analysistraffic maskingtrojan downloadertrojan malwaretrojandroppertrojanspytruetype datatypeofua archua bitnessua fullua platformunitedunited statesunknown nsunknown soaurlsurls showuser executionusersutf8 textverdictverifyversion secvideo gamesvirtoolvisibleweb application exploitationweb exploitationweb trafficwin32 malwarewindirwindows malwarewindows ntwine emulatorwixwritex poweredxhr loadxhr startyara detectionsyouthzero click exploitzero-day exploit

Activity Timeline

1 total obs

Mar 24Mar 24

Threat Activity Heatmap

· Peak: 2026-03-24

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

26%

Confidence

Reports

First seenJul 8, 2025

Last seenMar 24, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: NameCheap, Inc.
description: Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank: -1
raw: Creation Date: 2023-08-04T16:06:43Z DNSSEC: unsigned Domain Name: CERTAURI.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: A.DNSION.NET Name Server: B.DNSION.NET Name Server: C.DNSION.NET Name Server: D.DNSION.NET Name Server: E.DNSION.NET Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6613102107 Registrar IANA ID: 1068 Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NameCheap, Inc. Registry Domain ID: 2803330619_DOMAIN_COM-VRSN Registry Expiry Date: 2026-08-04T16:06:43Z Updated Date: 2025-06-23T17:15:23Z
references: All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List
subdomains count: 1

`certauri.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy