IOC Radar
DomainMediumSignal 0/100

dns-tunnel-check.googlezip.net

First Seen
May 25, 2026
Last Seen
May 25, 2026
May 25
First Seen
28d ago
May 25
Last Seen
28d ago
2
Reports
source reports
0%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
May 25May 25

Threat Activity Heatmap

· Peak: 2026-05-25
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator, dns-tunnel-check.googlezip.net, has been identified with a very low score of 0.0 and is explicitly whitelisted by trusted threat intelligence services. This means it is considered benign and not associated with any malicious activity. Its inclusion in threat intelligence feeds does not, by itself, indicate hostile behavior or an active threat to the organization. This domain is likely part of legitimate network operations, potentially used for connectivity checks or similar benig…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenMay 25, 2026
Last seenMay 25, 2026

VirusTotal

Not checked

WHOIS

description
IP- 199.232.210.172 199.232.214.172 DNS- bg.microsoft.map.fastly.net No cert data. Drops: Zenbox -bg.microsoft.map.fastly.net active reputation: high 199.232.210.172 IP Info (1) IP Country 192.168.122.1 unknown Dropped Info Non malicious dropped files (156) Processes Extra Info Other Drops- VT: 57 29 mitre-25 OTHER 1 PE_EXE 1 TEXT 1 SWF 1 MSI 1 JAVASCRIPT Network comms 1 DNS 2 JA3. rec: review version for safety, recall certs expired. Unsubscribe from tracking [if able] as it has shown to be a watering hole of cryptographic non integrity [not suggestive here, but the potential exists]

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 28 days ago · Last seen 28 days ago
Appeared in 2 threat reports