DomainMediumSignal 67/100

`ftp.ywxww.net`

First Seen

Nov 2, 2024

Last Seen

May 6, 2026

Nov 2

First Seen

587d ago

May 6

Last Seen

37d ago

Reports

source reports

67%

Confidence

medium

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

67%

Signal Score

67 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

59 techniques

Feed Intelligence Summary

9 reports67% confidence

Source reports

67%

Confidence score

Category tags

active scanactive scanningadwareapplication layer protocolaptattackattack_vectorattack_vector:deliverybackdoorbad reputationbotnetbotnet activitybrute forcebrute force attackbrute_force_attackc2c2 communicationcampaign:unknowncode executioncommand & controlcommand and controlcommand executioncommand_and_controlcommunication protocolcompromised websitescredential accesscredential harvestingcredential stuffingcredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threat intelligencecyber_attackcyber_threat_activitydata encryptiondata exfiltrationdata store exposuredata theftdata_type:indicators_of_compromiseddosdelivery_mechanismdenial of servicedistributed attacksdownloaderdrive-by downloadsdropperencryptionevent_type:malware_deliveryexploitexploit kitexploit kitsexploitation activityextortionfilefileless malwarefinanceftpftp brute forcegh0strat malware activityhashhttp scannerhttp_traffichttpsidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseinfected documentsinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial access attemptsinitial_accessinjection activityintrusion detectioniocjavascript injectionkeyloggerlateral movementliveloadermacro malwaremalicious activitymalicious advertisingmalicious attachmentsmalicious documentmalicious domainmalicious downloadmalicious filemalicious linkmalicious linksmalicious powershell activitymalicious softwaremalicious_attachmentmalicious_codemalicious_filemalicious_payloadmalicious_urlmalvertisingmalwaremalware analysismalware distributionmalware distribution campaignmalware hostingmalware iocsmalware_campaignmalware_distributionmd5networknetwork attacksnetwork enumerationnetwork indicatorsnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork_scanningopendiroperating systempassword attackspayloadpayload deliveryphishingphishing attackphishing attackspowershell abuseprocess injectionprotocol exploitationransomwareratreconnaissanceremote accessremote access toolsremote access trojanremote servicesreport_source:ltna_cyberresearchedresource hijackingrootkitscannerscripting attackssecurity operationssecurity_indicatorsservice discoveryservice scansmtpsocial engineeringsoftware exploitationsoftware_vulnerability_exploitationspamspam emailsssh attackstealersupply chainsupply chain attacksystem disruptiont1021t1021.001t1021.002t1027t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1086t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1587.001t1588t1589t1590.001t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelnet threatthreat actorthreat intelligencethreat_actor:unknownthreat_feedthreat_intelligencethreat_type:malwaretor nodetrojan malwareudp scanvirusvulnerability scanwatering holeweb securityweb trafficwormworms

Activity Timeline

1 total obs

May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain ftp.ywxww.net has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreMedium Risk

SIGNAL

Signal Score

67%

Confidence

Reports

First seenNov 2, 2024

Last seenMay 6, 2026

VirusTotal

Not checked

WHOIS

registrar: Alibaba Cloud Computing (Beijing) Co., Ltd.
description: LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
raw: Creation Date: 2017-09-09T15:54:06Z DNSSEC: unsigned Domain Name: YWXWW.NET Domain Name: ywxww.net Domain Status: ok https://icann.org/epp#ok Name Server: DNS23.HICHINA.COM Name Server: DNS24.HICHINA.COM Registrant City: 3432650ec337c945 Registrant Country: CN Registrant Email: 6aacf85c31f44448s@ Registrant State/Province: c6eb7ad7db527ad4 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +86.95187 Registrar IANA ID: 420 Registrar Registration Expiration Date: 2026-09-09T15:54:06Z Registrar URL: http://www.net.cn Registrar WHOIS Server: grs-whois.hichina.com Registrar: Alibaba Cloud Computing (Beijing) Co., Ltd. Registry Domain ID: 2161182566_DOMAIN_NET-VRSN Registry Expiry Date: 2026-09-09T15:54:06Z Registry Registrant ID: Not Available From Registry Updated Date: 2025-02-28T07:04:45Z Updated Date: 2025-09-04T23:04:06Z

`ftp.ywxww.net`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy