IOC Radar
DomainHighVerifiedSignal 42/100

dam69.com

Location
PeruPeru
First Seen
Aug 13, 2023
Last Seen
May 5, 2026
Aug 13
First Seen
1032d ago
May 5
Last Seen
36d ago
6
Reports
source reports
42%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Feed Intelligence Summary

6 reports42% confidence
6
Source reports
42%
Confidence score
Category tags
.plaaaaacceptaccessaccess ta0001access ta0006account securityactive scanactivity miraiaddressaddress domainadware malwareafricaag albertoag ingoair forcealertsall quietall scoreblueall searchanalyzer pasteandarielandroidanomalous fileanubisappleapple iosas35994 akamaiasiaasnone dnsasnone germanyasnone relatedasnone unitedattackaustraliaaustriaav detectionsavg clamavbackdoorbad reputationbelgiumbiosbitsbodybody lengthbotnet activitybrazilbrian sabeycapecatalog treecharter communicationscheckincheckschilechina unknownchromeclickable urlscloud infrastructurecnamecnapple publiccnc beaconcobatstrikecodecode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication protocolcontactcontent typecontrol ta0011cookiecopycountcp buscreation datecrypcryptbotcur conocyber folkscyber warfareczechia unknowndata accessdata copyingdata exfiltrationdata redacteddata store exposuredata transferddosddos attacksdefense evasiondeletedelete cdelete shadowsdelphidemonbotdenverdenver coloradodetected m1discovery e1082div divdns attackdockdomaindynamicloadere1203 datae1564 hiddenecho requestee edcje4jekyxeemailsemails infoencryptencryptionentrieseofaeerroretpro malwareeuropeeurope/asiaevasion ob0006expiration dateexpires thuexploitexploit noneexploitationexploitation activityexternal systemfakedout threatfalcon sandboxfederation asnfilesfiles domainfiles ipfiles locationfiles matchingfin ivdoflag unitedfor privacyformatfoundgafgytgermanygoogle safegrumguardguatemalahackershashes capeheadershelloworldhichinahide artifactshighhistorical sslhitmenholidaycheck aghome networkhondurashostinghostnamehostname enumerationhttphttp attackhttp headershttp hosthttp requesthttp scannerhuawei hg532huawei remotehungaryhybridhybrid analysisicmp trafficids detectionsimmobilien agimpact ob0008impact ta0040inboundindicatorindonesiainformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinstallinternet of thingsiocsiosiot botnetiot securityiot/ics attackipv4irelandireland unknownissuing cait infrastructurejapankenyakraupakurt waltherlabs pulseslicesslinkslnmplnmp alookm1magic pdfmail spammermainmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware trafficmalware wormmedia centermediummemory patternmetametadata analysismethod statusmexicominiigd upnpmiraimirai botnetmirai variantmitmmitre attmobilemobile securitymobile threatmodule loadmoroccomovedms windowsmsdefender aprmsiemustang pandaname serversname verdictnation-state activitynetherlandsnetworknetwork relatednetwork scanningnextnidsnondnsnorth americaob0005 defenseoceaniaodigicert incopenoperating systemoperating system securityotx scoreblueoverview ippacking t1045passive dnspattern domainspattern matchpayload hellopdb pathpdf documentpdf executionpe resourcepedrazperuphishingphy samopleaseplugxpolandpoland unknownpornportpostpowershellprocess injectionprocess32nextwproject pipulse pulsespulse submitpulsespuma sepushquantum fiberransomransomwareread crealtek sdkreconnaissancerecord typerecord valuerecycle binredacted forrelated nidsrelated pulsesremote accessremote servicesreports noresearchedresolverrorresponse finalreverse dnsrpcsrsa tlsrussiarussian federationsabeysamplessandboxscams & fraudscan endpointsscript domainsscript urlsscripting attackssearchserce internetuserverserver caserver errorserversserving ipshellshowshowingsingaporesinkhole cookieslcc2slovakiasoap commandsocial media securitysoftware developmentsoftware exploitationsouth americaspainspamspammerssdeepssl certificatestatusstatus codestealsstreamstringssuspsweepswippert1003t1005t1012t1021t1021.001t1023t1027t1030t1036t1040t1045t1047t1055t1057t1059t1059.001t1059.007t1060t1064t1069.001t1071t1071.001t1078t1082t1086t1089t1105t1106t1112t1119t1129t1133t1140t1143t1189t1189 foundt1190t1203t1204t1204.001t1204.002t1210t1485t1486t1496t1499.002t1564t1565t1566t1573t1587.001t1589.001t1590.001taiwanthailandthreat actorthreat rounduptimo salzsiedertitletofseetoolstor nodetotaltptjswtrid adobetrojantrojan featurestrojan malwaretrojan-droppertrojandroppertrojanspytsara brashearsttl valuetulachtype getunitedunited kingdomunited statesupdated dateurlsurls httpurls httpsusersutc httpvalue snkzvhashvidarvietnamvirtoolvirusvirustotal apiweb exploitationweb securityweb trafficwhoiswin32 malwarewindowswindows malwarewindows ntworldwritewrite cwsasendx cachexe exportyara detectionsyara ruleyomi hunterzenbox

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
6
Reports
First seenAug 13, 2023
Last seenMay 5, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
DropCatch.com 1049 LLC
domain rank
-1
raw
Admin City: Denver Admin Country: US Admin Email: [email protected] Admin Organization: NameBrightPrivacy.com Admin Postal Code: 80205 Admin State/Province: CO Creation Date: 2024-11-13T19:05:05.000Z Creation Date: 2024-11-13T19:05:05Z DNSSEC: unsigned Domain Name: DAM69.COM Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Domain Status: ok https://icann.org/epp#ok Name Server: NS15.ABOVEDOMAINS.COM Name Server: NS16.ABOVEDOMAINS.COM Registrant City: 7545cbbbc34dcb54 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 37bfbc24cafea5d2 Registrant Organization: 6acf07867035f323 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 9e70ea3af3a29f0e Registrant Postal Code: 6f09be6fa67504f5 Registrant State/Province: 5909b98f8d0e7f8a Registrant Street: 87e13c28e0c7de68 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.7204960020 Registrar Abuse Contact Phone: 17204960020 Registrar IANA ID: 3258 Registrar Registration Expiration Date: 2025-11-13T19:05:05.000Z Registrar URL: http://www.DropCatch1049.com Registrar URL: https://www.NameBright.com Registrar WHOIS Server: whois.NameBright.com Registrar WHOIS Server: whois.namebright.com Registrar: DropCatch.com 1049 LLC Registry Admin ID: Not Available From Registry Registry Domain ID: 2933942174_DOMAIN_COM-VRSN Registry Expiry Date: 2025-11-13T19:05:05Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Denver Tech Country: US Tech Email: [email protected] Tech Organization: NameBrightPrivacy.com Tech Postal Code: 80205 Tech State/Province: CO Updated Date: 2024-11-14T09:00:21Z Updated Date: 2024-11-14T09:00:22.017Z
references
DISTINCTIO8.pdf, FileHash - SHA256 001f0ebe975b5f5a7e5272f53455635cc938a5a0129417f7e79c39df6cf65657 | Yara Detections: stack_string, IDS Detections: Win32/Tofsee.AX google.com connectivity check Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set, Tofsee: 'google.com' | https://www.gov50.icu |, ET TROJAN Win32/DarkWatchman Checkin Activity (POST) ( This is true. They sit around watching, following...), Alerts: procmem_yara injection_inter_process creates_largekey network_bind persistence_autorun antivm_generic_disk, Alerts: persistence_autorun_tasks spawns_dev_util cape_detected_threat injection_process_hollowing, hubt.pornhub.com | www.pornhub.com | pornative.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian || pin.it || https://pin.it/, www.sweetheartvideo.com || https://www.sweetheartvideo.com/tsara-brashears/, Unix.Trojan.Mirai-6981169-0: FileHash - SHA256 fe00b364b6b8342e3ce0dd146902ac3330ab976e87aca6be666efde39ea485da, IDS Detections: WGET Command Specifying Output in HTTP Headers, IDS Detections: D-Link Devices Home Network Administration Protocol Command Execution, Yara Detections: is__elf , DemonBot, Alerts: dead_host network_icmp tcp_syn_scan nolookup_communication writes_to_stdout, FileHash - SHA256 f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c, IDS Detections: Andariel Backdoor Activity (Checkin), Alerts: dead_host nids_malware_alert network_icmp nolookup_communication, DDoS:Linux/Gafgyt : FileHash - SHA256 358c2bd5b9e925dc23894dec18ce486c03d743cde766ce298ac1e2f00d86f0b2, IDS Detection: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound, IDS Detection: Mirai Variant User-Agent (Inbound) WebShell Generic - wget http - POST, IDS Detection: Observed Suspicious UA (Hello-World) Suspicious Activity potential UPnProxy, http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/, https://tulach.cc/ || tulach.cc || www-temp.metrobyt-mobile.com, apple-reactivate.com | appleweb-aem.apple.com | apple.com | revoked-aprtr1-tr1g1.apple.com | network-framework.apple.com, autodiscover.webcompanion.com || avc-gft-dashboard.apple.com || cac1-wwfde-wave.apple.com || demo27.apple.com, * https://github.com/MSUDenverSystemsEngineering/Salt-Instructional-18/tree/master/AppDeployToolkit, https://tulach.cc/ | tulach.cc |, http://hallrender.com/attorney/brian-sabey | www-temp.metrobyt-mobile.com, google.pl | aplikacja.ceidg.gov.pl | imaginecup.pl | microsoft.pl, 18teen.net | teensnow.com | grannies-porn.net | pornmd.com, www.pornhubselect.com | pornhub.software, https://www.google.com/?****client=ms-android-americamovil-us-revc+pccc=?private=false | plugin -hacked android device | Custom mods, message.htm.com | Ransomware | ransomed.vc | message.htm.com | http://www.ransomed.vc | https://www.ransomed.vc, File Score: 10/10 Malicious | Yara Detections: RAR_Archive, Alerts: procmem_yara injection_inter_process injection_create_remote_thread antidebug_windows antisandbox_sleep antivm_generic_bios, Alerts: anomalous_deletefile antidebug_guardpages dead_connect process_creation_suspicious_location infostealer_browser, Alerts: antivm_vbox_keys cape_extracted_content deletes_executed_files infostealer_cookies network_bind, Alerts: ransomware_file_modifications stack_pivot stealth_file cape_detected_threat, nr-data.net _[Apple Private Data Collection], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian, https://otx.alienvault.com/indicator/file/fee5e202497ecf3e0f2d829f11afe55c8c7f525cd08bf1d570a96e226bb0bdca, https://otx.alienvault.com/indicator/file/201d64e8b58a429737f525a975d5da7b1c61e4b858baf4f2d2ec047f3d541338
subdomains count
28

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 years ago · Last seen 1 month ago
Appeared in 6 threat reports