IOC Radar
DomainHighVerifiedSignal 86/100

dmca-notification.info

Location
United StatesUnited States
First Seen
Apr 15, 2026
Last Seen
May 19, 2026
Apr 15
First Seen
60d ago
May 19
Last Seen
27d ago
6
Reports
source reports
86%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

6 reports86% confidence
6
Source reports
86%
Confidence score
Category tags
browser-in-the-browserbrute forcec2 endpointscommand & controlcredential stuffingcredential theftcryptocurrencycryptocurrency scamsgoogle account takeoveridentity & access exploitationindicatormedianetworknorth americaphishingphishing campaignresearchedscams & fraudunited states

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
6
Reports
First seenApr 15, 2026
Last seenMay 19, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
A convincing phishing campaign is going after YouTube creators, and if it works, attackers don’t just steal your Google login. They can take over your entire Google account, including Gmail, your files, and payments, then hijack your YouTube channel and use your audience to run scams. The lure is a fake copyright strike notification that’s so convincing even security-aware users could fall for it. The attack site pulls in your real channel data, such as your profile picture, subscriber count, and latest video, to build a personalized scare page. It funnels you toward a sign-in page designed to steal your Google account.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: United States Administrative state: LA Billing city: REDACTED FOR PRIVACY Billing country: United States Billing state: LA Create date: 2026-04-12 00:00:00 Domain name: dmca-notification.info Domain registrar id: 3765.0 Expiry date: 2027-04-12 00:00:00 Name server 1: molly.ns.cloudflare.com Name server 2: quinton.ns.cloudflare.com Query time: 2026-04-13 12:00:43 Registrant city: 1f8f4166599d23ee Registrant country: United States Registrant email: 6eb609d996e182a6s@ Registrant name: 1f8f4166599d23ee Registrant state: 16cc9f1e5da916f7 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: United States Technical state: LA Update date: 2026-04-12 00:00:00
references
https://securityboulevard.com/2026/04/fake-youtube-copyright-notices-can-steal-your-google-login/, IOCs.April.pdf, https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2#Indicators-of-Compromise-(IOCs), https://www.malwarebytes.com/blog/threat-intel/2026/04/fake-youtube-copyright-notices-can-steal-your-google-login
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 months ago · Last seen 27 days ago
Appeared in 6 threat reports