DomainMediumSignal 51/100
filedownloads.store
Location
GermanyFirst Seen
Dec 16, 2025
Last Seen
Jun 7, 2026
Dec 16
First Seen
176d ago
Jun 7
Last Seen
3d ago
8
Reports
source reports
51%
Confidence
medium
16/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
8 reports51% confidence
8
Source reports
51%
Confidence score
Category tags
acr stealeractive scanactive scanningapi abusebad reputationbrute forcecephalus ransomwarecommand and controlcommunication protocolcredential accesscredential stealingcredential stuffingcvedata exfiltrationdata extractiondata obfuscationdata store exposuredetected malicious activitydll injectiondomaineuropeexploit deliveryexploitation activityf httpsfin scanftp brute forcegermanyhashmd5hijackloaderhttphttp attackhttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinfostealerinfostealer activity detectedinfrastructure acquisitionreconnaissanceinjection activitykeenaduloaderlummalumma stealermalicious linksmalicious softwaremalwaremalware distributionnetworknetwork scanningnull scanphishingpirated gamespossible reconnaissanceprocess injectionransomwarereconnaissanceremote accessremote servicesren'pyresearchedservice scanssh attackstealersyn scant1003t1005t1020t1021t1021.001t1027t1036t1041t1046t1055t1055.012t1059t1059.003t1071t1071.001t1076t1078t1087t1105t1106t1110t1110.002t1129t1190t1204.001t1204.002t1486t1499.002t1539t1547t1555t1563t1564.003t1565t1566t1574.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003threat actortransparent tribeudp port scanuxxxxxxvidarvidar stealervulnerability scanweb application attackweb securityweb trafficxmas scan
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **filedownloads.store**, originating from Germany, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on December
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
8
Reports
First seenDec 16, 2025
Last seenJun 7, 2026
WHOIS
- description
- These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.
- domain rank
- -1
- raw
- Create date: 2024-01-21 00:00:00 Domain name: filedownloads.store Domain registrar id: 1068.0 Domain registrar url: whois.namecheap.com Expiry date: 2027-01-21 00:00:00 Name server 1: DNS101.REGISTRAR-SERVERS.COM Name server 2: DNS102.REGISTRAR-SERVERS.COM Query time: 2026-01-22 01:06:45 Update date: 2026-01-22 00:00:00
- references
- https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/, IOCs2.csv
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 months ago · Last seen 3 days ago
Appeared in 8 threat reports