DomainHighVerifiedSignal 67/100
ipmoyu.com
Location
ChinaFirst Seen
Mar 20, 2025
Last Seen
Apr 14, 2026
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports67% confidence
6
Source reports
67%
Confidence score
Category tags
account discoveryaccount profilingaccount takeoverad fraudad fraud campaignsasiaasyncratbotnetbotnet activitybotnet operationsbrute forcebrute force attackc2 communicationcertchinacommand & controlcommand and controlcompromised iot devicescredential accesscredential harvestingcredential stuffingcredential stuffing attackscredential theftdata exfiltrationdata store exposuredistributed attacksexploitation activityfinancefraudidentity & access exploitationindicatorinfostealerinjection activityiot securitykimsukylemon groupmalicious softwaremalwaremalware activitymobile device hijackingmobile devicesnetworknjratpassword attacksphishingphishing attackprocess injectionproxyremote accessresearchedresidential ipsresidential proxy usagescams & fraudsdk spoofingsocial engineeringsocksstealert1055t1059t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1199t1204t1486t1496t1497t1499.002t1499.003t1555t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1571t1586t1588threat actortor nodeturkeyxworm
Activity Timeline
Apr 14Apr 14
Threat Activity Heatmap
· Peak: 2026-04-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **ipmoyu.com**, originating from China, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on March
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
6
Reports
First seenMar 20, 2025
Last seenApr 14, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- Stichting Registrar of Last Resort Foundation
- description
- Learn more about HUMAN, the artificial intelligence company designed to prevent bot attacks and fraud on ad tech platforms and digital publishers, from exploiting customers' valuable online accounts and other online services, and from partners.
- domain rank
- -1
- raw
- Creation Date: 2022-10-09T14:22:20Z DNSSEC: unsigned Domain Name: IPMOYU.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: SINKHOLE-00.SHADOWSERVER.ORG Name Server: SINKHOLE-01.SHADOWSERVER.ORG Name Server: SINKHOLE-02.SHADOWSERVER.ORG Name Server: SINKHOLE-03.SHADOWSERVER.ORG Name Server: SINKHOLE-04.SHADOWSERVER.ORG Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +31.206717452 Registrar IANA ID: 2482 Registrar URL: http://www.rolr.eu Registrar WHOIS Server: whois.rolr.uk Registrar: Stichting Registrar of Last Resort Foundation Registry Domain ID: 2730843241_DOMAIN_COM-VRSN Registry Expiry Date: 2026-10-09T14:22:20Z Updated Date: 2025-09-09T13:00:51Z
- references
- https://x.com/skocherhan/status/1945639569090576712, https://x.com/skocherhan/status/1945824954433331327, https://x.com/skocherhan/status/1945841925346443300, https://x.com/skocherhan/status/1945848999585464687, https://x.com/skocherhan/status/1945854288556609717, https://x.com/skocherhan/status/1945907718499320110, https://x.com/skocherhan/status/1945937234592452747, https://x.com/skocherhan/status/1945937280775888993, https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
- subdomains count
- 6
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 year ago · Last seen 1 month ago
Appeared in 6 threat reports