DomainHighVerifiedSignal 64/100
crm.drasanvi.com
First Seen
Jul 8, 2025
Last Seen
Feb 8, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatappleaptapt groupbingbotnetcivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingdata exfiltrationddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsenterprise securityexploitfirmware infectionfirmware modificationgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementindicatorinternet of thingsiosios malwareiot botnetiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitynetworkoperating systempatch managementpatient carepdfpegasuspegasus projectphishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1110t1113t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationswindows malwarezero click exploitzero-day exploit
Activity Timeline
Feb 8Feb 8
Threat Activity Heatmap
· Peak: 2026-02-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **crm.drasanvi.com** has been identified as a critical indicator of compromise (IOC) associated with advanced persistent threat (APT) activities. First observed on July
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 8, 2025
Last seenFeb 8, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- Arsys Internet, S.L. dba NICLINE.COM
- description
- Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2002-05-07T11:38:28.000Z Creation Date: 2002-05-07T11:38:28Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: DRASANVI.COM Domain Name: drasanvi.com Domain Status: ok https://icann.org/epp#ok Domain Status: ok https://www.icann.org/epp#ok Name Server: DNS1.PMCONSULTORES.COM Name Server: DNS2.PMCONSULTORES.COM Nameserver: dns1.pmconsultores.com Nameserver: dns2.pmconsultores.com Registrant City: 1f8f4166599d23ee Registrant Country: ES Registrant Email: bb9ff8f5dde2b8c0s@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 1f8f4166599d23ee Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 2490f22a6e1d846c Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +34.941620100 Registrar IANA ID: 379 Registrar Registration Expiration Date: 2026-05-07T11:38:28.000Z Registrar URL: http://www.arsys.es Registrar URL: http://www.nicline.com Registrar WHOIS Server: whois.nicline.com Registrar: Arsys Internet, S.L. dba NICLINE.COM Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: 86330566_DOMAIN_COM-VRSN Registry Expiry Date: 2026-05-07T11:38:28Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2023-03-31T11:28:54.000Z Updated Date: 2025-04-29T00:15:11Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 4 months ago
Appeared in 4 threat reports