IOC Radar
DomainMediumSignal 0/100

html-load.com

Location
United StatesUnited States
First Seen
Jul 9, 2025
Last Seen
Sep 9, 2025
Jul 9
First Seen
347d ago
Sep 9
Last Seen
285d ago
3
Reports
source reports
0%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

3 reports0% confidence
3
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Sep 9Sep 9

Threat Activity Heatmap

· Peak: 2025-09-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain `html-load.com` has been identified as an Indicator of Compromise (IOC). However, with a score of 0.0 and a whitelist status of 'Yes,' this IOC is considered low risk and does not currently suggest malicious activity. Its presence in threat intelligence feeds, including AlienVault OTX Feeds, AlienVault Ransomware-Firehol, and iocradar0-netizen/IOCs - Kimsuky, is noted, but this inclusion alone does not indicate hostile behavior, but may point toward historical or theoretical associati…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
3
Reports
First seenJul 9, 2025
Last seenSep 9, 2025

VirusTotal

Not checked

WHOIS

description
The recent leak attributed to a North Korean threat actor known as "Kim" has revealed significant insights into the Kimsuky (APT43) group’s operational tactics, primarily focused on credential theft against South Korean and Taiwanese networks. This breach underscores the actor's use of a hybrid model that incorporates tools and infrastructure typically associated with Chinese cyber operations. The leaked data includes command-line histories demonstrating an active malware development environment that employs NASM (Netwide Assembler), highlighting a hands-on approach to malware creation specifically targeting Windows systems. Noteworthy files such as 136001_env.key suggest the theft of sensitive South Korean Government PKI materials, implicating direct compromise of state cryptographic keys that would facilitate identity spoofing in governmental systems.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 9 months ago
Appeared in 3 threat reports