IOC Radar
DomainMediumSignal 71/100

govetin.help

Location
Taiwan, Province of ChinaTaiwan, Province of China
First Seen
Apr 17, 2026
Last Seen
Apr 23, 2026
Apr 17
First Seen
58d ago
Apr 23
Last Seen
52d ago
4
Reports
source reports
71%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

4 reports71% confidence
4
Source reports
71%
Confidence score
Category tags
account-takeoveractive scanad-fraudadult-contentadvance-fee-scamaged-domainamp-cacheanti-analysisasiaasset-theftautomated-scanbackdoorbonus-scambooking-com-impersonationbot-promotedbrand-impersonationbrazilbrowser-extensionbrute forcecelebrity-impersonationclick-to-unlockcloakingcloudflare-workerscpf-harvestingcredential stuffingcredential-harvestingcryptocurrencycryptocurrency-scamdaily-threat-inteldata-harvestingdeceptive-advertisingdeceptive-crypto-gamblingdeceptive-incentivesdeceptive-luredeceptive-platformdeceptive-pricingdeceptive-registrationdeceptive-schemedeceptive-tacticsdomain-classificationdomain-rotationdpdelon-muskemail-harvestingemployment-scamevasionevasion-techniqueexploitation activityextortionfacebook-impersonationfake-financial-aidfake-giveawayfake-job-offerfake-messagefake-testimonialsfake-trust-badgefile-sharing-abusefinancial servicesfinancial-exploitationfinancial-fraudfinancial-impersonationfinancial-lurefinancial-scamfinancial-sectorfinancial-service-impersonationfinancial-services-impersonationfiverr-impersonationfraudfraudulent-platformgambling-scamgame-luregeneric-loginget-paid-to-scamget-rich-quickgovernment-impersonationhigh-risk-domainhigh-risk-tldidentity & access exploitationidentity-theftindicatorinformation-harvestinginvestment-scaminvitation-code-scamiot securityjava-malwarelogin-harvestingmalicious-activitymalicious-archivemalicious-domainmalicious-file-distributionmalicious-redirectmalicious-redirectsmalwaremalware-distributionmedia / entertainmentmercadolivremfa-interceptionmicrosoft-impersonationmonetization-schememoney-making-schememoney-scammusic-streaming-impersonationnebula-xnetworknew-domainnewly-registered-domainnorth americaonline-gambling-scamontario-governmentpayment-information-harvestingphishingphishing-campaignplaceholder-contentponzi-schemepotentially-maliciousprize-scamransomwarerecent-domainrecruitment-fraudrecruitment-scamrecruitment-schemeredirect-chainredirect-facadereferral-schemeresearchedretail / e-commerceretail-e-commerceretail-scamretail-sectorrocket-league-impersonationru-domainscamscam-sitesscams & fraudsearch-engine-blockingshufersalshufersal-impersonationsoftware-piracysouth americaspamspam-promotionstreaming-service-impersonationsupply chain attacksurvey-scamsuspicious-domainsuspicious-redirectsuspicious-registrysuspicious-tldtaiwantargeting databasetask-based-scamtask-scamthreat actortiktok-impersonationtor nodetraffic-redirectiontyposquattingunited statesunsecured-filesunsolicited-messagesurl-cloakingurl-redirectionurl-shortenerurlertusdt-targetingwibo-baltic-uabwithdrawal-scamx-formerly-twitter

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain `govetin.help` has been identified as a significant Indicator of Compromise (IOC), scoring a high 70.64 and not whitelisted, which strongly suggests its involvement in malicious activities. This IOC points towards potential engagement in sophisticated threat operations, possibly including command and control (C2) communications, phishing campaigns, or malware distribution infrastructure. The presence of this domain within an organization's network environment could indicate an active …

Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
4
Reports
First seenApr 17, 2026
Last seenApr 23, 2026

VirusTotal

Not checked

WHOIS

registrar
NameSilo, LLC
description
AI-DETECTED: DANGEROUS | Confidence: 85/100 | Type: Phishing
domain rank
-1
raw
Creation Date: 2026-04-15T20:53:38.0Z DNSSEC: unsigned Domain Name: GOVETIN.HELP Domain Status: addPeriod https://icann.org/epp#addPeriod Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Name Server: DAYANA.NS.CLOUDFLARE.COM Name Server: KAI.NS.CLOUDFLARE.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4805240066 Registrar IANA ID: 1479 Registrar URL: https://www.namesilo.com Registrar WHOIS Server: whois.namesilo.com Registrar: NameSilo, LLC Registry Domain ID: D629248241-CNIC Registry Expiry Date: 2027-04-15T23:59:59.0Z Updated Date: 2026-04-15T20:53:44.0Z
references
https://urlert.com/domain/acccat.com, https://urlert.com/domain/accountresourcecenter.xyz, https://urlert.com/domain/aceimg.com, https://urlert.com/domain/ampproject.org, https://urlert.com/domain/ankergames.net, https://urlert.com/domain/artinexia.com, https://urlert.com/domain/atlasjet.com.ng, https://urlert.com/domain/bexlorina.cfd, https://urlert.com/domain/blogspot.com, https://urlert.com/domain/blueberginternational.com, https://urlert.com/domain/br9f.bet, https://urlert.com/domain/bringitonmsg.com, https://urlert.com/domain/bunnyband.com, https://urlert.com/domain/calendarikymer.forum, https://urlert.com/domain/cgtsrb.vip, https://urlert.com/domain/clientproject.info, https://urlert.com/domain/create-road.my, https://urlert.com/domain/dandys1.xyz, https://urlert.com/domain/delta-executor.com, https://urlert.com/domain/doutf.cn
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 4 threat reports