IOC Radar
DomainHighVerifiedSignal 64/100

cpcontacts.desarrollo.damiasolar.com

First Seen
Jul 8, 2025
Last Seen
Feb 1, 2026
Jul 8
First Seen
339d ago
Feb 1
Last Seen
132d ago
4
Reports
source reports
64%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

138 techniques

Feed Intelligence Summary

4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatappleaptapt groupbingbotnetcivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingdata exfiltrationddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsenterprise securityexploitfirmware infectionfirmware modificationgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementindicatorinternet of thingsiosios malwareiot botnetiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitynetworkoperating systempatch managementpatient carepdfpegasuspegasus projectphishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1110t1113t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationswindows malwarezero click exploitzero-day exploit

Activity Timeline

1 total obs
Feb 1Feb 1

Threat Activity Heatmap

· Peak: 2026-02-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **cpcontacts.desarrollo.damiasolar.com** has been identified as a critical indicator of compromise (IOC) associated with advanced persistent threat (APT) activities targeting Apple users. First observed on July

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 8, 2025
Last seenFeb 1, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
DonDominio (SCIP)
description
Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
raw
Admin City: Manacor Admin Country: ES Admin Email: [email protected] Admin Organization: Soluciones Corporativas IP, c/o Whois Proxy Admin Postal Code: 07500 Admin State/Province: Illes Balears Creation Date: 2012-02-14T09:14:25Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: DAMIASOLAR.COM Domain Status: ok http://www.icann.org/epp#ok Domain Status: ok https://icann.org/epp#ok Name Server: ELEANOR.NS.CLOUDFLARE.COM Name Server: JAVON.NS.CLOUDFLARE.COM Registrant City: 6e955fd8cffe63cd Registrant Country: ES Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: fcd15fc320bf6109 Registrant Name: 3db237e7d59ee16c Registrant Organization: 73d7dce604b2f52e Registrant Phone Ext: 3432650ec337c945 Registrant Phone: b6a7d4c6b5eab464 Registrant Postal Code: c0781e7649b6dc9f Registrant State/Province: 79e55fd2b260f08c Registrant Street: 08186050d19dd085 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +34.871-98-63-87 Registrar Abuse Contact Phone: 34871986387 Registrar IANA ID: 1383 Registrar Registration Expiration Date: 2029-02-14T09:14:25Z Registrar URL: http://www.dondominio.com Registrar URL: https://www.dondominio.com Registrar WHOIS Server: whois.scip.es Registrar: DonDominio (SCIP) Registrar: Soluciones Corporativas IP, SL Registry Domain ID: 1702132252_DOMAIN_COM-VRSN Registry Expiry Date: 2029-02-14T09:14:25Z Tech City: Manacor Tech Country: ES Tech Email: [email protected] Tech Organization: Soluciones Corporativas IP, c/o Whois Proxy Tech Postal Code: 07500 Tech State/Province: Illes Balears Updated Date: 2025-04-06T21:17:48Z Updated Date: 2025-04-06T23:17:48Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 4 months ago
Appeared in 4 threat reports