DomainMediumSignal 100/100
download.pdf00.com
First Seen
Jul 10, 2023
Last Seen
Jun 13, 2026
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports99% confidence
8
Source reports
99%
Confidence score
Category tags
active scanactive scanningadwareanomalous network trafficaptattack_vector:deliveryauthentication abuseautomated analysisautomated attackautomated detectionautomated scanautomated threatautomated threat detectionautomated-attackautomated_attackbackdoorbad reputationbeaconing activityblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcebrute_force_attackc2c2 activityc2 channel detectedc2 channel establishedc2 communicationc2-activityc2-communicationc2_activityc2_communicationcampaign:unknowncode executioncommand & controlcommand and controlcommand executioncommand-and-controlcommand_and_controlcommunication protocolcompromised hostcompromised websitescredential accesscredential harvestingcredential stuffingcredential-accesscredential_accesscredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcve exploitation attemptscyber threat intelligencecyber_attackcyber_threat_activitydata encryptiondata exfiltrationdata store exposuredata theftdata_extractiondata_type:indicators_of_compromiseddosddos attackddos potentialdelivery_mechanismdenial of servicedga domain detecteddistributed attacksdnsdns attackdownloaderdrive-by downloadsdropperdugganusa researchencryptionenumerationevent_type:malware_deliveryexeexecutable fileexfiltrationexploitexploit attemptexploit kitexploit kitsexploitationexploitation activityexploitation attemptsextortionfilefileless malwarefinanceftpftp brute forceftp brute-forceftp bruteforceftp-brute-forceftp_brute_forceftp_bruteforcegh0strat activity detectedgh0strat malware activityhashhttp activityhttp brute forcehttp bruteforcehttp c2http communicationhttp exploithttp intrusionhttp probehttp probinghttp request anomalieshttp request anomalyhttp scanhttp scannerhttp scanninghttp_activityhttp_traffichttpshttps scanningidentity & access exploitationimapindicatorindicatorsindicators of compromiseindicators_of_compromiseinfected documentsinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial access attemptsinitial_accessinjection activityintrusion detectioniocip-addressip-address-based-iocip-address-scanircjavascript injectionkeyloggerknown malicious iplateral movementliveloaderlogin attackmacro malwaremalicious advertisingmalicious attachmentsmalicious documentmalicious domainmalicious downloadmalicious filemalicious linkmalicious linksmalicious network activitymalicious powershell activitymalicious softwaremalicious_attachmentmalicious_codemalicious_filemalicious_payloadmalicious_urlmalvertisingmalwaremalware activitymalware analysismalware beaconmalware communicationmalware detectedmalware detectionmalware distributionmalware distribution campaignmalware hostingmalware indicatorsmalware iocsmalware-activitymalware-distributionmalware-relatedmalware_campaignmalware_detectedmalware_detectionmalware_distributionmalware_indicatorsmd5networknetwork activitynetwork attacksnetwork enumerationnetwork indicatorsnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork-intrusionnetwork-intrusion-attemptnetwork-reconnaissancenetwork_discoverynetwork_intrusionnetwork_reconnaissancenetwork_scanningnetwork_trafficnetwork_traffic_analysisnew_iocnewly observed domainnewly observed ipnovel c2 domainnovel c2 ipnovel indicatornovel indicatorsnovel iocnovel ioc detectednovel ioc detectionnovel iocsnovel malwarenovel threat indicatorsnovel-iocnovel-threatnovel_iocnovel_threatoperating systempassword attackspassword crackingpayloadpayload deliverypersistence mechanismphishingphishing attackphishing attacksport-scanport-scanningpossible apt activitypossible backdoor implantpossible botnetpossible botnet activitypossible c2 activitypossible exploit activitypossible lateral movementpossible malwarepossible malware activitypossible malware infectionpossible reconnaissance activitypossible vulnerability exploitationpotential botnetpotential botnet activitypotential compromisepotential data exfiltrationpotential exploitpotential intrusionpotential malwarepotential malware activitypotential malware c2potential threat actorpotential vulnerability exploitationpotential_botnetpotential_compromisepotential_lateral_movementpotential_malwarepowershell abuseprecogprecog detectionprecog sweepprecog_detectedprocess injectionprotocol exploitationprotocol: dnsprotocol: ftpprotocol: httpprotocol: httpsprotocol: smbprotocol: sshransomwareratrdp bruteforcerdp-brute-forcerdp_bruteforcereconnaissancereconnaissance activityremote accessremote access toolsremote access trojanremote service scanningremote servicesremote_accessreport_source:ltna_cyberresearchedresource hijackingreverse shellrootkitscannerscanning activityscripting attackssecurity operationssecurity_indicatorsservice discoveryservice scansmb brute forcesmb scanningsmtpsmtp brute forcesmtp communicationsmtp probingsmtp scansmtp scanningsocial engineeringsoftware exploitationsoftware_vulnerability_exploitationspamspam emailsssh attackssh bruteforcessh-brute-forcessh_brute_forcessh_bruteforcestealerstixsupply chainsupply chain attacksuspected threat actorsuspicious-ipsystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1027t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.004t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1569t1569.002t1571t1573t1573.001t1583t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelnet bruteforcetelnet threatthreat actorthreat actor unknownthreat intelligencethreat_actor:unknownthreat_feedthreat_intelligencethreat_type:malwaretor nodetrojan malwareudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized_accessunidentified actorunidentified malwareunidentified threat actorunknown threat actorvirusvulnerability scanwatering holeweb securityweb trafficwormworms
Activity Timeline
Jun 13Jun 13
Threat Activity Heatmap
· Peak: 2026-06-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **download.pdf.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, command and control (C
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
8
Reports
First seenJul 10, 2023
Last seenJun 13, 2026
VirusTotal
Not checked
WHOIS
- registrar
- 22net, Inc.
- description
- LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
- raw
- Creation Date: 2016-12-27T03:16:30Z DNSSEC: unsigned Domain Name: PDF00.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: VIP1.ALIDNS.COM Name Server: VIP2.ALIDNS.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +86.571.88276020 Registrar IANA ID: 1555 Registrar URL: http://www.22.cn Registrar WHOIS Server: whois.22.cn Registrar: 22net, Inc. Registry Domain ID: 2085177153_DOMAIN_COM-VRSN Registry Expiry Date: 2025-12-27T03:16:30Z Updated Date: 2024-12-26T17:20:09Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 13 days ago
Appeared in 8 threat reports