DomainMediumSignal 100/100

`host14.rterybrstutnrsbberve.com`

Location

Netherlands

First Seen

Jan 29, 2024

Last Seen

Mar 7, 2026

Jan 29

First Seen

867d ago

Mar 7

Last Seen

99d ago

Reports

source reports

99%

Confidence

medium

Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

6 reports99% confidence

Source reports

99%

Confidence score

Category tags

a indicatoraaaaaccount compromiseaccount discoveryaccount profilingaccount takeoveractive relatedactive scanningad tevdagadaptivebeeaddressaddress domainaddress googleagent teslaail tvnasakamai rankall pagesamazon rsaamerica flagapi abuseappleapplication developmentascii textasiaaustralia asnauthentication bypassauthentication flawb functionbackdoorbasebauer namebloat-abodybotnetc&cc2canadacanada unknownchecked urlchinachromecity redmondck idck idsclick-based attackcloud computingcloud migrationcloud securitycloud servicescloud storagecnamecode executioncode injectioncommandcommand and controlcommand executioncommunication protocolcommunication securitycommunity managementconfigcontent sharingcopy md5copy sha1copy sha256corporate espionagecountry uscreation datecredential accesscredential harvestingcredential stealingcredential theftcrlf linecryptographycsc corporatecyber harassmentcyber threatscycbotdatadata accessdata breachdata copyingdata exfiltrationdata miningdata misusedata transferdata uploaddebugdefense evasiondeletedelphidevelopment attdevelopment methodologiesdevopsdgadigital certificatedigital platformsdigital signaturediscovery attdistributed attacksdiv iddk summarydlldnsdnssecdom namedonedraiedviddynamic function loadingdynamic loadingdynamic_function_loadingdynamicloadere-signature securityeanioaeemailsencryptenter soudcetdienterprise securityentrieserrores formetpro tretpro trojanetpro trojan win32/tofsee.axeuropeeurope/asiaexcludeexclude suggesexeexe uploadexecutable uploadexfiltrationexpiration dateextr dataextraction dataextri dataextri includefailedfailurefalse informationfilesfiles domainfiles ipfiles relatedfinancefinancial crimesfinancial servicesfindfind sflagfolderfooterformfoundryfrancegeneral fullgeneric httpgermanygeturlgoogle safegothamguardheurhosthostname addhostname enumerationhostname serverhtmlhttp attackhttp scannerhttpshybridided iocsimageninboundinclude reviewincludec reviewindicatorinformation gatheringinformation stealerinfostealerinfrastructure acquisitionreconnaissanceingress tool transferiniciar sesininjection rwxinjection_rwxinputinput validation bypassinvalid pointeriocsiosipv4ipv4 addjapankrunchymalpackerlearnless whoisloaderlocallookmainmalicious linksmalicious softwaremalwaremalware packermalware signingmarkusmaudio firewiremaudio fwmedia centermediummetadata analysismicrosoft waymitre attmitre att&ckmobile devicemonitored targetmonitored tsaramovedmsiemulti-cloud managementname andrewname domainname serversname tacticsname valuenetherlandsnetworknetwork communicationnetwork probingnetwork scanningnetwork trafficnetwork_cnc_httpnetwork_cnc_https_genericnextnext associatedninite aprninite febninite marnorth americaonloadopen portsorg microsoftostname addoutbound trafficoverview ippackerpackingpalantir foundrypassive dnspatch managementpath traversalpattern matchpayload deliverypersonal dataphishingphishing attackphishing campaignplatform interferenceportpost httpspresent augpresent decpresent janpresent julpresent junpresent sepprocess injectionproduct developmentproofprotocol h2protocol-devipulse pulsespulse submitpulsespulses otxquality assuranceransomread creads selfreads_selfreconnaissancerecord valueredacted forreferenrefreshrelated tagsremoteremote accessremote servicesreputation damagereputation manipulationresearchedresource hashresponse iprestartresults julreverse dnsreviewrun keysrussiasafe browsingscriptscript domainsscript scriptscript urlsse extrase extrisearc typesearchsecure serversecurity tlsselect acrossserver responseserversserviceshawshowshow processshow techniqueshowingsigning defensesizeslcc2smear campaignsocial analyticssocial engineeringsocial mediasocial media abusesocial media marketingsocial media securitysocial networkingsoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware integritysoftware testingsoftware vulnerabilitiessourcespainspanspawnsssl certificatestalking tacticsstarfieldstartupstatic pe anomalystatic_pe_anomalystatusstatus actionsstealerstopstop xstreamstringssuggessuggest datasuricata alertsurveillance campaignt1003t1003.008t1005t1012t1016t1020t1021t1027t1030t1041t1045t1047t1053t1055t1057t1059t1059.001t1059.003t1060t1068t1071t1071.001t1071.004t1078t1080t1082t1083t1087t1088t1105t1110t1110.002t1113t1120t1129t1133t1143t1147t1189t1190t1195t1202t1203t1204t1204.001t1204.002t1210t1218t1480t1480 executiont1486t1496t1499.001t1499.002t1499.003t1528t1534t1535t1539t1547t1553t1554.001t1554.003t1555t1562t1564t1565t1566t1566.001t1566.002t1566.003t1567t1568t1573t1573.001t1583t1584t1587.001t1589t1589.001t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1598targeted attacktaskjobtcp includetechnology onetelperthreat actor grouptimestamp inputtitletitle addedtitle errortlstls handshaketofseetoolstop destinationtop sourcetrojan droppertrojan malwaretrojandroppertwittertypetypesu0019unicode textunitedunited statesunknown nsuny inuuueurlsurls showuser engagementuser executionvaluevalue emailsverdictverifyvirtoolvirusvtapiw32.bloat-aweb application exploitationweb securityweb trafficwhois showwin32 malwarewin32berbew julwin32spigot aprwindows malwarewindows ntwormwritewrite cxportyara detectionyara detections

Activity Timeline

1 total obs

Mar 7Mar 7

Threat Activity Heatmap

· Peak: 2026-03-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenJan 29, 2024

Last seenMar 7, 2026

VirusTotal

Not checked

WHOIS

registrar: Gandi SAS
description: Found in Bot joining Pulse.
raw: Creation Date: 2024-05-17T14:47:35Z DNSSEC: unsigned Domain Name: RTERYBRSTUTNRSBBERVE.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.CSOF.NET Name Server: NS2.CSOF.NET Name Server: NS3.CSOF.NET Name Server: NS4.CSOF.NET Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.170377661 Registrar IANA ID: 81 Registrar URL: http://www.gandi.net Registrar WHOIS Server: whois.gandi.net Registrar: Gandi SAS Registry Domain ID: 2882127715_DOMAIN_COM-VRSN Registry Expiry Date: 2026-05-17T14:47:35Z Updated Date: 2025-04-22T17:14:22Z

`host14.rterybrstutnrsbberve.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy