DomainHighVerifiedSignal 37/100
ducvu-it.cf
First Seen
Feb 18, 2023
Last Seen
Jun 5, 2026
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
37%
Signal Score
37 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports37% confidence
6
Source reports
37%
Confidence score
Category tags
account takeover attemptactive scanactive scanningattachment phishingauthentication attackbecbotnetbotnet activitybrand impersonationbrute forcecommand and controlcompromised accountcredential accesscredential harvestingcredential phishingcredential stuffingcredential theftdata exfiltrationdata store exposuredata theftddosdenial of servicedgadistributed attacksexploitation activityftp brute forcehttp brute forcehydra attackidentity & access exploitationimpersonation phishingindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activitylink injectionlink redirectionlogin attacklogin attemptsmalicious attachmentmalicious attachmentsmalicious linkmalicious linksmalicious softwaremalwaremalware deliverymalware distributionmalware phishingmedusa attacknetworknetwork attacksnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnmap scanphishingphishing activityphishing attackphishing campaignphishing-databaseprocess injectionprotocol exploitationransomwarerdp scanningreconnaissancereconnaissance activityremote accessremote servicesresearchedsecurity awarenessservice enumerationservice scansmb scanningsmtp brute forcesocial engineeringssh attacksyn scant1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.001t1059.004t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1189t1190t1192t1204t1204.001t1486t1496t1499.002t1499.003t1534t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tcp scantcp scanningtelnet threatthreat actortor nodeudp scanuser interactionvulnerability scanweb securitywebsite phishing
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **ducvu-it.cf** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, malware distribution, phishing campaigns, and ransomware attacks. First observed on February
Threat ScoreLow Risk
37
SIGNAL
Signal Score
37%
Confidence
6
Reports
First seenFeb 18, 2023
Last seenJun 5, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
- domain rank
- -1
- raw
- ANDY.NS.CLOUDFLARE.COM E-mail: [email protected], copyright infringement: [email protected] KIKI.NS.CLOUDFLARE.COM
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 3 years ago · Last seen 12 days ago
Appeared in 6 threat reports