IOC Radar
DomainHighVerifiedSignal 71/100

immediate-avage.co

Location
United KingdomUnited Kingdom
First Seen
Jan 11, 2025
Last Seen
Dec 1, 2025
Jan 11
First Seen
526d ago
Dec 1
Last Seen
202d ago
5
Reports
source reports
71%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

23 techniques

Feed Intelligence Summary

5 reports71% confidence
5
Source reports
71%
Confidence score
Category tags
academic institutionsallowamfatlasazureadmyorgbank fraudbank securitybankingbinary options fraudblacklisted entitiesblacklisted websitebotnetc2civil servicescommand and controlcommunication technologiesconnectorcredential harvestingcredit card servicescryptocurrency frauddata exfiltrationdesktopdistributed attackseducationeducational resourceseducational serviceseducational technologyelectronic health recordseuropefakefake companiesfake investment platformsfalsefinancefinance and insurancefinancial fraud blacklistfinancial institutionfinancial regulatorfinancial regulator alertfinancial scamfinancial scam blacklistfinancial servicesfinancial technologyforex fraudfrancefraudfraudulent schemefraudulent websitesfrontgamegame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologygovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshiddenhigher educationhospital managementindicatorinformation technologyinvestinvestment fraudinvestment scamsit infrastructurek-12 educationlivemagnusmalicious softwaremalwaremedical servicesmeistermicrosoft azuremicrosoft crmmicrosoft powermicrosoft teamsmobilemobile carriersmobile gamingmobile networksmobile securitynetworkofficeonline scamspatient carepayment processingphishing attackphishing campaignsponzi schemespremiumprocess injectionpublic administrationpublic infrastructurepublic policyrecovery scamrecovery scamsregulatory agenciesregulatory warningresearchedscamscamsservicesocial engineeringsoftware developmentsparkt1055t1064t1071t1071.001t1071.004t1078t1190t1192t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1573t1588.002t1598t1598.003telecom servicestelecommunicationstoolstrueunauthorized financial servicesunauthorized firmunauthorized websitesunited kingdomunlicensed companiesverifyvideo gamesvisiblewealth managementwriteyouth

Activity Timeline

1 total obs
Dec 1Dec 1

Threat Activity Heatmap

· Peak: 2025-12-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
5
Reports
First seenJan 11, 2025
Last seenDec 1, 2025
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
NETIM SAS
description
https://www.amf-france.org/en/warnings/blacklists | https://protectepargne.amf-france.org
domain rank
-1
raw
Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2023-12-04T18:24:55Z DNSSEC: unsigned Domain Name: immediate-avage.co Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: beth.ns.cloudflare.com Name Server: rory.ns.cloudflare.com Registrant City: 1f8f4166599d23ee Registrant Country: IT Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 3432650ec337c945 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 3432650ec337c945 Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.972307476 Registrar IANA ID: 1519 Registrar URL: www.netim.com Registrar: NETIM SAS Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: REDACTED FOR PRIVACY Registry Expiry Date: 2025-12-04T18:24:55Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2025-04-14T07:58:53Z
references
All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 6 months ago
Appeared in 5 threat reports