IOC Radar
DomainMediumSignal 12/100

ducts.com

Location
MexicoMexico
First Seen
Mar 31, 2025
Last Seen
Aug 27, 2025
Mar 31
First Seen
441d ago
Aug 27
Last Seen
292d ago
3
Reports
source reports
12%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
12%
Signal Score
12 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

64 techniques

Feed Intelligence Summary

3 reports12% confidence
3
Source reports
12%
Confidence score
Category tags
aaaaacademic institutionsacceptaccess ta0006account securityacintactive scanningaddress domainadloadagentakamaiasn1alexaalexa topall scoreblueanalyzer threatandroid windowsapacheappleapplication layer protocolartemisascii textasiaasnone unitedaustraliaav detectionsavast avgazorultbackdoorbad requestbank securitybayrobbehavbigrockbinary fileblacknet ratbodybody h1body htmlbody lengthbotnetbrazilbrazil unknownbrute forcebrute force attackbrute force attemptsca validcheckinchromecisco umbrellacitadelcivil servicesck idclasscleanerclick-based attackcnamecobalt strikecode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiescompromised hostconduitcontactcontrol ta0011corporationcountrycreation datecredential accesscredential harvestingcredential stuffingcrowdstrikecrowticubacus oletcycbotdatadata accessdata copyingdata encryptiondata exfiltrationdata transferdefense evasiondeletedelete cdelphidetection listdigital signaturedistributed attacksdiv divdnssecdocument filedomains domaindownldrdownloaderdridexdynadotdynadot incdynadot llceducationeducational resourceseducational serviceseducational technologyelectronic health recordsemailwormemotetencryptencrypt cnr10encrypt cnr3enterprise securityentrieserroret toreuropeexitexpiration dateexpiry dateexploitextortionfakedout threatfilesfiles ipfiles matchingfilescanfinal urlfinancefinancial institutionfinancial servicesfirstfooterformformatformbook cncfromftpfusioncoregandi sasgeneratorgeoipget naget updatesghostgithub pagesgoog malgooglegovernment technologyhead titleheader clickheaders serverhealth care and social assistancehealth information technologyhealthcare information systemsheurhigher educationhistorical sslhospital managementhttp posthttp requesthttp responsehttp scannerhybridhybrid-analysisids detectionsiframeimpact ta0034impact ta0040indicatorindonesiainfoinfo headerinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassintelintrusion detectioninvalid urlipv4ireland unknownit infrastructurek-12 educationkeitarokey algorithmkey identifierkey infokeystroke loggingknown torlateral movementless seelevel3linklocallookmalicious domainmalicious downloadmalicious linksmalicious sitemalicious softwaremalwaremalware distributionmalware signingmalware sitemazemediamedical servicesmemory patternmetadata analysismexicomillionminimisc attackmitre attmobilemobile carriersmobile networksmobile securitymovedmr windowsmsiename md5name serversnet technologynetherlandsnetworknetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnextninitenircmdnivdortno datanode trafficnorth americanumberok serveropen portsoperating system securityoverlaypartrupassive dnspassword attackspatch managementpatcherpath traversalpatient carepattern domainspattern matchpattern urlspe32 executablephishphishingphishing attackphishing sitephishingmspossible credential accesspossible malware downloadpragmapreconditionprocess injectionprotonpublic administrationpublic infrastructurepublic keypublic policypublic urlpulse pulsespulse submitramnitransomransomwarerealteck audioreconnaissancerecord typerecord valueredacted forrefreshregulatory agenciesrelated pulsesremote accessremote servicesrequestresearchedrestartrevenge-ratrevengeratrufussafe sitesamplesscan endpointsscannersearchserversserviceseznamshowshow techniqueshowingsimdasimda cncsitesizeskynetsocial engineeringsocial media securitysoftware developmentsoftware integritysoftware vulnerabilitiessouth americaspanssh attackstatusstatus codestealerstringssubject keysubject publicsummaryswrortsystem disruptiont1005t1016t1018t1021t1021.001t1021.002t1027t1030t1036t1040t1041t1047t1053t1055t1057t1059t1059.001t1064t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547t1553t1554.001t1554.003t1563t1565t1566t1566.001t1566.002t1566.003t1568t1569.002t1573t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003ta0009 commandtag countteamtelecomtelecom servicestelecommunicationstheme directorythreat intelligencetiggretitletitle headtoolstrmptrojan evadertrojan malwaretrojan.shiz/razytrojandroppertrojanspytsvtttl valuetwittertypetype nametypo squattingukraineunitedunited kingdomunited statesunruyunsafeupdate dateurlsurlscaniouser executionv2 documentv3 serialvalidvalid usageverifyverisign timeversionvirtoolvirutwacatacwarbotweb application exploitationweb trafficwhois lookupwin32 malwarewindows malwarewindows ntwithout refererwormwritex509v3 keyxratxtratyara detectionsyara rulezbotzeus

Activity Timeline

1 total obs
Aug 27Aug 27

Threat Activity Heatmap

· Peak: 2025-08-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
12
SIGNAL
Signal Score
12%
Confidence
3
Reports
First seenMar 31, 2025
Last seenAug 27, 2025

VirusTotal

Not checked

WHOIS

registrar
GoDaddy.com, LLC
domain rank
-1
raw
Creation Date: 1996-02-24T05:00:00Z DNSSEC: unsigned Domain Name: DUCTS.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS45.DOMAINCONTROL.COM Name Server: NS46.DOMAINCONTROL.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 480-624-2505 Registrar IANA ID: 146 Registrar URL: http://www.godaddy.com Registrar WHOIS Server: whois.godaddy.com Registrar: GoDaddy.com, LLC Registry Domain ID: 11481_DOMAIN_COM-VRSN Registry Expiry Date: 2029-02-25T05:00:00Z Updated Date: 2024-01-04T06:15:33Z
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 months ago
Appeared in 3 threat reports