IOC Radar
DomainMediumSignal 91/100

directdownload.icu

First Seen
Apr 15, 2026
Last Seen
Jun 9, 2026
Apr 15
First Seen
58d ago
Jun 9
Last Seen
4d ago
8
Reports
source reports
91%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

11 techniques

Feed Intelligence Summary

8 reports91% confidence
8
Source reports
91%
Confidence score
Category tags
.netcrypto minercryptocurrencydll wssdomainhashmd5indicatoripv62a03ipv62a12microsoft security blognetworkosintresearchedt1053.005t1055.012t1082t1219t1496t1497.001t1547.001t1562.001t1573.002t1574.002t1608.006windows

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
8
Reports
First seenApr 15, 2026
Last seenJun 9, 2026

VirusTotal

Not checked

WHOIS

description
SEO poisoning campaign has discovered impersonating legitimate open source data recovery tool named TestDisk. It silently installs ScreenConnect remote monitoring and management client to gain command execution, file transfer and lateral movement in the network.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: Kuwait Administrative state: FW Billing city: REDACTED FOR PRIVACY Billing country: Kuwait Billing state: FW Create date: 2026-03-01 00:00:00 Domain name: directdownload.icu Domain registrar id: 3765.0 Expiry date: 2027-03-01 00:00:00 Name server 1: ns4.my-ndns.com Name server 2: ns3.my-ndns.com Query time: 2026-03-02 09:40:59 Registrant city: 1f8f4166599d23ee Registrant country: Kuwait Registrant email: 6eb609d996e182a6s@ Registrant name: 1f8f4166599d23ee Registrant state: 65d17e065ab4f386 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: Kuwait Technical state: FW Update date: 2026-02-28 00:00:00
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 4 days ago
Appeared in 8 threat reports