DomainMediumSignal 92/100
coco2-hram.com
Location
United StatesFirst Seen
Mar 1, 2026
Last Seen
May 13, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
92%
Signal Score
92 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
12 reports92% confidence
12
Source reports
92%
Confidence score
Category tags
abusech-threatfox-c2cactive scanactive scanningand credential stuffingaptautomated analysisautomated detectionautomated scanautomated threatautomated threat detectionbad reputationbotnetbotnet activitybotnet_c2brute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcebrute_force_attackc2c2 activityc2 communicationc2 infrastructurec2-activityc_and_ccnccommand & controlcommand and controlcommand_and_controlcommunication channelcommunication protocolcompromised credentialscompromised hostcompromised hostscompromised systemscredential accesscredential stuffingcredential-accessdata exfiltrationdata store exposureddosdenial of servicedistributed attacksdnsdns attackdugganusa researchdugganusa threat feedenumerationexfiltrationexploit attemptexploitation activityftpftp brute forceftp_brute_forcehttp brute forcehttp scannerhttp scanninghttpsidentity & access exploitationimapindicatorindicators of compromiseinfected_systeminfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityiociocskimsukykpuspriyonewslateral movementlateral movement detectionmacosmalicious network activitymalicious softwaremalicious_ipmalicious_trafficmalwaremalware activitymalware analysis requiredmalware detectionmalware indicatorsmalware-detectionmanual-collectionmedium-risknetworknetwork activitynetwork attacksnetwork intrusionnetwork intrusion attemptnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-traffic-analysisnetwork_intrusionnetwork_scanningnorth americanovel indicatornovel iocnovel malwarenovel-iocpassword attacksphantompulsepossible botnetpossible botnet activitypossible lateral movementpossible malware infectionpotential data breachpotential malware infectionprecogprecog engineprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesremote_accessresearchedsecurity operationsservice scanshub stealersmtpsmtp scanningssh attackssh_brute_forcestealert1005t1016t1018t1021t1021.001t1027t1036t1040t1041t1046t1047t1055t1059t1059.001t1059.002t1059.004t1059.007t1071t1071.001t1071.004t1076t1078t1082t1083t1087t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1204t1486t1496t1499.002t1499.003t1539t1543.001t1543.004t1552.001t1555.001t1555.003t1560t1563t1565t1573t1573.001t1574t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003t1614tcp protocoltelnet threatthreat actorthreat intelligencethreat_actor_unknowntor nodetype osintunauthorized access attemptunited statesweb trafficydznvjljcz6f7
Activity Timeline
May 13May 13
Threat Activity Heatmap
· Peak: 2026-05-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
92
SIGNAL
Signal Score
92%
Confidence
12
Reports
First seenMar 1, 2026
Last seenMay 13, 2026
VirusTotal
Not checked
WHOIS
- description
- Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 1 month ago
Appeared in 12 threat reports