DomainMediumSignal 74/100
ddns-ip.net
Location
BelizeFirst Seen
Jan 11, 2025
Last Seen
May 11, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports74% confidence
8
Source reports
74%
Confidence score
Category tags
aaaaabuseacademic institutionsacceptaccept encodingaccess attaccount discoveryaccount hijackingaccount profilingaccount securityaccount takeoveracrongl integactivatoractiveactive relatedactive scanactive scanningad-mavenadded activeaddressaddress domainaddress googleaddress rangeadministratoradult contentadversary-in-the-middleagentagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingahsakamaialertsalibabaalienvault_ransomwareall ipv4allocation typealmanamazonameramerica asnamerica flagamerica unitedanaloganalysis dateanalytics naandroidantiguaapi abuseapi keyapis nothingappleapple centerapple dnsapple serverapplication developmentarialartemisas autonomousasciiascii textasepasiaasnoneasnone countryasnone dnsaspen insuredsassociated urlsat startnatomaustria asnaustria unknownauthentication bypassauthentication flawauthentihashauthorized lineautorun keysav detectionsavast avgavg clamavb imageb scriptbackbackdoorbad actorbad loginbad reputationbad trafficbankingbarbuda unknownbazaarbelizebgpbgp ipbigintbinary filebittorrentbloat-abodybody doctypebody headbody htmlbootingborland delphibotnetbotnet activitybotnetsbouncebrazil as16625browse happybrute forcebrute force attackbugzillabuilding constructionbus supportbut notbuzz ahmannc2ca g3cachecalgrc4calls processcanadacanada asncanada unknowncanvacape sandboxcapturecdlecgb osectigoch uacheckinchi2chinachina asnchina flagchina hostnamechina unknownchristopher ahmannchromecidrciscocisco devicecisco umbrellacitycivil servicescivil societycjp ocybertrustck idck idsck matrixck techniquesclassclickclick-based attackclockclosecloud infrastructurecloudflare abusecloudfront xcmdlinecnamecnccnc beaconcodecode executioncode injectioncodeccolombia asncolorado statecom laudecommandcommand & controlcommand and controlcommand decodecommand executioncommand linecommunication protocolcommunication technologiescommunity joincommunity scorecompanycompromise assessmentcompromised accountscompromised hostscompromised_site_redirector_fromcharcodecompute modulecomputer systemcomspecconnected dateconnected devicesconstruction materialsconstruction safetyconstruction technologycontainercontainer securitycontent lengthcontent typecookiecop supplycopycopy md5copy sha1copy sha256core supportcountrycouriercrawlcrc32creation datecredential accesscredential harvestingcredential stuffingcredential theftcredentials accesscredit card servicescredits textcrlf linecrop productioncryptocurrencycryptographycus oletcyber riskcybotacycbotdamagedarkdarkgatedatadata accessdata breachdata collectiondata copyingdata encryptiondata exfiltrationdata store exposuredata transferdata uploaddatasetddosddos attacksdefense evasiondeletedelete cdelphidenial of servicedesktopdetail domaindetail infodetections notdevelopment attdevelopment methodologiesdevice managementdevopsdigidigitaldigital certificatedigital signaturedigital volumedisplaynamedistributed attacksdiv divdll compilationdll readdnsdns attackdnssecdockdocomodocomo businessdocument moveddomaindomainsdomains topdomeny serwerydos borlanddos executabledowcdownloaderdriversdropdropped infodrops pedrwebdubai realdublindump filedv r36dynamic cfraydynamicloadere-signature securityechoboteducationeducational resourceseducational serviceseducational technologyelectronic health recordselon muskelseemailemailsembedemotetenable drmencryptencrypt cne7encryptionenigmaenomenterenter scenter sourceenterprise networkingenterprise securityentityentity lpl141entity typeentriesentries peerroretet infoet trojaneuropeeurope/asiaev caevasionevasion attexecutable fileexfiltrationexpirationexpiration dateexpiresexpiroexploitation activityexploitsourceextortionextrextra dataextract indicextracted filesfailedfailurefake tweetsfalsefarahvpn vlessfarmingfastlyfastly errorfetch collectfffffffilefilesfiles cfiles domainfiles ipfiles locationfiles nothingfiles relatedfinancefinance and insurancefinancial servicesfinancial technologyfindflagflag unitedflashfleet managementflorian rothfolk in browserfood productionfor privacyformformatfoundfound mitrefoundryframeframe a344fraudfree softwarefreeman mathisfreight servicesfromfrontfull pathfunction readg3 validitygaig insuredsgeckogeneral publicgeneric windosgermanyget httpget httpgetget zonagithubglobal llcglobal propertygnu generalgoagooglegoogle mapsgoogle safegovernment technologygpiogpio pingpiosgreyware mitreguardguest systemh2 ph4 phandlehashhasheshdmihdmi modehead bodyhead metahealth care and social assistancehealth information technologyhealthcare information systemshelixhelix foundryhello sslhelper objectshighhigher educationhikonehio52 p3historyhong konghospital managementhostilehostnamehostname addhostname enumerationhours agohrefhtml documenthtml internethttphttp attackhttp redirecthttp requesthttp scannerhttpshuawei remotehybridiana registraricmp trafficidentity & access exploitationids detectionsiframeimapincludeincluded iocsindicatorindicators showindustrial iotinfoinfo idsinformation gatheringinformation stealinginformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection activityinput validation bypassinsideinstallinsurance carriers and related activitiesintelinterinternet of thingsintrusive monitoringinvalid pointerinvalid urliociocsiosiotiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipasns ipipnnoysrdi tripv4ipv4 addipv4 internetirelandireland asnireland unknownirsis providedit infrastructureitunesjapanjapan asnjapan japanjapan showingjapan unknownjavascript apijkvpnjoinjp summaryjprs databasejsonk-12 educationk2xe7xcbxxeaxa2kalikansas citykernelkey identifierkey infokeygenkhtmlkill listkong flagku onttla postalcodelabellaborlandy insuredslayer protocollearnlegacyleonless seelevellevel 3licenselightlimited tolinearlinkslinks domainlinux mirailinuxgafgyt feblittle endianlivestock managementloadlocallock statuslolbinslooklooplowfilpl141ltd allltd dbaltd domainlte alllumenlumen adminlumen controllumen ipmachine summarymagic htmlmagic pdfmalicious linksmalicious powershell activitymalicious softwaremalwaremalware droppermalware signingmaritime transportmarkermarkmonitormarkusmarkus neismatches rulemavenmaxage0mcafeemedellnmediamedia centermedia typemedical servicesmediummemory patternmetametadata analysismh alfmiraimirai botnetmisomitre attmitre attackmjl functionml14325mnhqrsc7mobilemobile carriersmobile networksmobile secmobile securitymobile threatmodelmodel secmodification idmodule loadmonitored targetmonitoringmoon linksysmovedmoved titlemozillamr valuems windowsmsdosmsiemtb trojanmtb win32muid valuemultiplug junmutexes nothingmwdbnamename servername serversname stringsname tacticsnamed pipenation-state activitynetworknetwork capturenetwork infonetwork infrastructurenetwork namenetwork probingnetwork scanningnetwork trafficnetwork traffic analysisnextnext associatednext generationnextronnip groupno meaningfulnone externalnone filenone googlenorth americanothingnttnumberobjectocn openodigicert incoffsetoledonlineopenopenurl coperating systemoperating system securityoptoutor textoracleorg domainsource urloutages noticeoutsideoverview coreoverview zenboxpacked executablepage urlpandapaq stringparamsparent pidpassenger transportationpassive dnspassword attackspastepatch managementpathpath traversalpatient carepattern matchpayment processingpcappdb pathpdf documentpe filepe packerpe32 compilerpe32 executablepegasusperforms dnsphishingphishing attackphishmepi zeroplatform makepleasepng imagepoland unknownporn siteportpostpost httppostal codepotential ippowershellpragmaprecision agriculturepresentpresent aprpresent augpresent decpresent febpresent janpresent julpresent junpresent marpresent novpresent octpresent sepprivacy adminprivacy techprocess detailsprocess injectionprocess32nextwprocesses extraproduct developmentprogramprometheuspromiseprotocol-deviproxies dataproxyprtmax shrmodpublic administrationpublic bgppublic infrastructurepublic licensepublic policypublic serverpulsepulse indicatorpulse pulsespulse submitpulsespulses ipv4pulses nonepulses otxpulses urlpurm insuredspushquality assurancequasirail transportrankransomransomwareraspberry piratrdaprdap databasereadread cread filesread registryreadme textreadsreconnaissancerecord typerecord valueredacted forredistributionsredlineredline stealerredline stealer infectionrefreshregexpregion detailnregion typeregis universityregistry keysregszregulatory agenciesrelated nidsrelated pulsesrelated tagsremote accessremote commandremote servicesreport spamrequest chainresearchedresolverrestartresults decresults janresults novreverse dnsreview excludereview iocsrevilrgbarich permndrprndcharrndhexrobotorole titlerolesrootrothrouterrule setrules notrussiasafe browsingscams & fraudscan endpointsscreenscribdscript domainsscript scriptscript urlsscripting attackssea psearchsearch otxsecuresecurity operationsselectserverserver responseserversserviceservices llcsessionidshellshowshow processshow techniqueshowingsigmasignsite_redirectorsizesize firstslcc2smallsmart devicessmtpsneaker botssnowjansocial engineeringsocial media securitysocial media spamsocketsodinokibisoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware integritysoftware testingsoftware vulnerabilitiessogousouth koreasp6 buildspainspamspanspan tdspawnsspeakupspeedssdeepssl certificatestartstatestatusstatus httpsstealerstreamstringstringsstubstylesubject publicsubnetsupply chain attacksureserver evsuricata ipv4suspsustainable agriculturesyscallsystem disruptionsystem processsystemdsyswow64t1003t1005t1012t1021t1021.001t1027t1030t1031t1036t1041t1045t1053t1055t1055 processt1057t1059t1059.001t1059.004t1059.007t1060t1063t1064t1068t1069t1069.001t1071t1071.001t1071.004t1078t1081t1082t1083t1086t1089t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1113t1119t1129t1133t1140t1143t1155t1185t1189t1190t1195.001t1203t1204.001t1204.002t1480t1480 executiont1486t1490t1496t1499.001t1499.002t1499.003t1518t1518.001t1534t1539t1553t1553.001t1553.002t1554.001t1554.003t1555t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1568t1568.002t1583t1583.005t1587.001t1589t1589.001t1590.001t1593.001t1595.001t1595.002t1595.003tags nonetaiwan as3462targeting databasetcp connectionstcp includetelecomtelecom servicestelecommunicationstelnet logintelnet roottempletesla hackerstextthe programthisthis softwarethreat actorthreat intelligencetickcounttim sheltontinytitantitletitle addedtitle errortls handshaketls versiontlsv1tofseetokyotoolstop destinationtop sourcetor analysistor nodetotaltransportation and warehousingtransportation infrastructuretransportation technologytreaty 6treaty 7treaty 8trid adobetrid filetridenttrojantrojan malwaretrojandroppertrojanspytrojanxttl valuetwittertypetype indicatortypestypewsu of aua archua bitnessua fullua platformudp connectionudp connectionsumbrella rankuncommentunicodeunicode textuniqueunique tldsunitedunited kingdomunited statesunknown cnameunknown nsunknown soaunreadunruyunused spaceupatreupdaterupnpurlsurls showusb massuseruser executionuss cusvwusvwuutc googleutc gzy6fm95cs5utf8 textv3 serialvaluevariant cncvashti hostnameverdana tahomaverdictverifyversion listversion secvhashvicevictina nulcacvictor sergeevvideoviprevirgin islandsvirtoolvirustotal apivoidvpnvsizevulnerability scanvuze btw32.bloat-awealth managementweb application attackweb application exploitationweb exploitationweb securityweb trafficwebglwebkit bugzillawhoiswhois serverwin32 exewin32 malwarewin32autoit marwindirwindowwindowswindows malwarewindows ntwindows sandboxwinsxswireshark pcapworkerswormworryworry wordpresswritewrite cwscriptshellx xssx00x00nx509v3 subjectx5drhx81e x81ex81i x81ix82xec x82xecx83xc4 x83xc4x8be x8bex99x19xc1 xxc4 xc4xcaxdb xcaxdbxf3x86 xf3x86xffu xffuxpiratxserveryahoojpyarayara detectionsyara rulezenboxzerozusy
Activity Timeline
May 11May 11
Threat Activity Heatmap
· Peak: 2026-05-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **ddns-ip.net**, originating from Belize, has emerged as a significant indicator of compromise (IOC) in the cybersecurity landscape. First observed on January
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
8
Reports
First seenJan 11, 2025
Last seenMay 11, 2026
VirusTotal
Not checked
WHOIS
- description
- <<a>></a>
- domain rank
- -1
- raw
- Administrative city: GDPR Masked Administrative country: GDPR Masked Administrative email: [email protected] Administrative state: GDPR Masked Create date: 2024-10-24 00:00:00 Domain name: ddns-ip.net Domain registrar id: 303 Domain registrar url: www.publicdomainregistry.com Expiry date: 2027-10-24 00:00:00 Name server 1: ns61.cloudns.net Name server 2: ns63.cloudns.net Name server 3: ns64.cloudns.uk Name server 4: ns62.cloudns.com Query time: 2024-10-26 13:02:40 Registrant city: 7bc26f5a5e70d417 Registrant company: 7bc26f5a5e70d417 Registrant country: Bulgaria Registrant email: [email protected] Registrant fax: 7bc26f5a5e70d417 Registrant name: 7bc26f5a5e70d417 Registrant phone: 7bc26f5a5e70d417 Registrant state: da2b7c2fc3244410 Registrant zip: 7bc26f5a5e70d417 Technical city: GDPR Masked Technical country: GDPR Masked Technical email: [email protected] Technical state: GDPR Masked Update date: 2024-10-24 00:00:00
- references
- families.google/intl/pt-PT_ALL/familylink • cameyo.google • googlecampaigns.com •. chrome.com.bh, t-iot.de • dockerregistry.xlab.t-iot.de • netbox.nic.xlab.t-iot.de, www.n-helix.com - Foundry remnant, itunes.apple.com • api.amazon.com, https://webclientshellserver-prod-trafficmanager-net.s-0005.dual-s-msedge.net, https://www.matchsticksandgasoline.com/2018/11/2/18051280/the-morning-after-colorado-if-you-want-to-be-a-goalie-skip-these-highlights-mark-giordano, http://s.vebnox.com • vebnox.com • http://stulancer.vebnox.com • vebnox.com • http://vedonate.vebnox.com • vebnox.com • https://home.vebnox.com vebnox.com • https://vedonate.vebnox.com
- subdomains count
- 21905
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports