DomainHighVerifiedSignal 26/100
echo1.vietnix.tech
Location
NetherlandsFirst Seen
Jul 8, 2025
Last Seen
Mar 31, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports26% confidence
4
Source reports
26%
Confidence score
Category tags
aaaaabuseacceptaccount securityactive scanaddressaddress domainaddress googleadvanced persistent threatakamaialertsamazonanalysis dateapache xappleaptapt groupascii textassociated urlsatomaustraliaautorunav detectionsavast avgbad reputationberbewbingbodybody doctypebotnetbotnet activitybrute forcecaretoch uacivilcivil servicescivilian targetingck idck matrixclick-based attackcnletcode executioncode injectioncommandcommand and controlcommand executioncommunication protocolcommunication technologiescompromised routercontent typecopy md5copy sha1copy sha256creation datecredential harvestingcredential stuffingcrimecrlf linedata accessdata copyingdata exfiltrationdata store exposuredata theftdata transferdata uploadddosddos attacksdefense evasiondefense-evasiondeletedelphidetailed errordetections namedevelopment attdistributed attacksdnsdns attackdnssecdocument filedomains showdropperdynamicdynamicloadere safeelectronic health recordselton avundanoencryptencrypted connectionsencryptionendgameenterprise securityentrieserrorerror juleu alexeyeu cyber policieseuropeexecutable fileexploitexploitation activityfileless malwarefilesfiles domainfiles ipfiles locationfiles relatedfiles showfirmware infectionfirmware modificationflagflag unitedformbook stealerfoundfrance asngeckogenericgooglegoogle safegovernment technologyhackersheader http2health care and social assistancehealth information technologyhealthcare information systemshighhospital managementhostilehostinghostname addhostname enumerationhostname queryhtml smugglinghtml_smugglinghttp scannerhybridicmp trafficidentity & access exploitationids detectionsii llcindicatorinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot securityiot/ics attackit infrastructureitre attjavakeyskhtmllaw enforcement surveillancelazarus grouplearnless whoislinklinuxlinux malwarelocallookmacmalicious linksmalicious softwaremalwaremalware campaignmass surveillancemediamedical servicesmediummetadata analysismirai botnetmitre attmobilemobile carriersmobile malwaremobile networksmobile secmobile securitymobile spywaremobile threatmodel secmovednamename servername serversname tacticsnation-state activitynetherlandsnetworknetwork scanningnetwork trafficnextnext associatednext passivenext relatednext yaranorth americanreumnsonso groupobjectoceaniaogoogle trustok transferoletopenurl coperating systemoperating system securityoutbound m3overview ippacking t1045paragonpassive dnspatch managementpath traversalpatient carepattern matchpdfpe filepegasuspegasus projectpeopleperfect privacyphishingphishing attackpoliceportprecreate readpresentpresent aprpresent augpresent decpresent febpresent janpresent julpresent marpresent novpresent octpresent sepprocess injectionpublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulses nonepushransomransom:win32/cvereadread creconnaissancerecord valuerefreshregional securityregistry modificationregistry runregulatory agenciesrelated nidsrelated tagsremote accessremote access trojanremote servicesresearchedresponse iprestartresults janresults julreverse dnsreviewsafe browsingsamsungscript urlssearchsecurity operationsserver responseserviceshowshow processshow techniqueshowingsizeskynetsmssms exploitsocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware vulnerabilitiessonyspanspawnsssl castatestate-promovedstate-sponsoredstatusstealerstringssuspt1001t1003t1003.001t1003.004t1004t1005t1011t1012t1016t1018t1019t1020t1021t1021.001t1021.006t1023t1027t1030t1031t1036t1037t1037.003t1040t1041t1045t1053t1055t1055.001t1056t1057t1059t1059.001t1059.004t1059.007t1060t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1083t1084t1087t1088t1091t1094t1105t1110t1112t1113t1114.002t1119t1129t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1202t1203t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1480t1480 executiont1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.001t1587.003t1588t1589t1589.001t1590t1590.001t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationstexasthreat actorthreat intelligencetitle objecttlsv1toolstor analysistor nodetraffic maskingtrojan downloadertrojan malwaretrojandroppertrojanspytype datatypeofua archua bitnessua fullua platformunitedunited statesunknown nsunknown soaurlsurls showuser executionusersutf8 textverdictverifyversion secvirtoolvulnerability scanweb application attackweb application exploitationweb exploitationweb trafficwin32 malwarewindirwindows malwarewindows ntwine emulatorwixwritex poweredxhr loadxhr startyara detectionszero click exploitzero-day exploit
Activity Timeline
Mar 31Mar 31
Threat Activity Heatmap
· Peak: 2026-03-31LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
4
Reports
First seenJul 8, 2025
Last seenMar 31, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- Go Daddy, LLC
- description
- Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Creation Date: 2021-06-09T11:08:15.0Z DNSSEC: unsigned Domain Name: VIETNIX.TECH Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.VIETNIX.NET Name Server: NS2.VIETNIX.NET Name Server: NSBAK.VIETNIX.NET Registrant Country: US Registrant Email: f651612a2f356ad3s@ Registrant Organization: b46a98a26fe2fd9f Registrant State/Province: 30bdd2917a604c83 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4805058800 Registrar IANA ID: 146 Registrar URL: https://www.godaddy.com/ Registrar WHOIS Server: whois.godaddy.com Registrar: Go Daddy, LLC Registry Domain ID: D238480298-CNIC Registry Expiry Date: 2027-06-09T23:59:59.0Z Updated Date: 2025-07-29T12:13:08.0Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 2 months ago
Appeared in 4 threat reports