DomainMediumSignal 47/100
karanpc.info
Location
United StatesFirst Seen
Jul 8, 2025
Last Seen
May 11, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports47% confidence
7
Source reports
47%
Confidence score
Category tags
abuseadvanced persistent threatamazonandroidappleaptapt groupbad reputationberbewbingbotnetbotnet activitybrute forcecaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingcrimedata exfiltrationdata store exposuredata theftddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexecutable fileexploitexploitation activityfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingidentity & access exploitationindicatorinformation technologyinfostealeringress tool transferinjection activityintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot securityiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmiraimirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywaremobile threatnation-state activitynetherlandsnetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonyspywarestatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat actorthreat intelligencetor nodetraffic maskingtrojantrojan downloadertrojan malwareunited statesvulnerability scanweb exploitationwindowswindows malwarewixzero click exploitzero-day exploit
Activity Timeline
May 11May 11
Threat Activity Heatmap
· Peak: 2026-05-11LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **karanpc.info** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, exploits, malware, and phishing campaigns. First observed on July
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
7
Reports
First seenJul 8, 2025
Last seenMay 11, 2026
VirusTotal
Not checked
WHOIS
- description
- Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- domain rank
- -1
- raw
- Administrative city: REDACTED Administrative country: REDACTED Administrative state: REDACTED Create date: 2025-04-27 00:00:00 Domain name: karanpc.info Domain registrar id: 472 Domain registrar url: http://dynadot.com Expiry date: 2026-04-27 00:00:00 Name server 1: ns6.mukhost.uk Name server 2: ns5.mukhost.uk Query time: 2025-04-28 13:09:27 Registrant city: 3495bcf1839c6374 Registrant company: 473daf17453d83cd Registrant country: United States Registrant email: fb6ff66ef97c0518s@ Registrant fax: 3495bcf1839c6374 Registrant name: 3495bcf1839c6374 Registrant phone: 3495bcf1839c6374 Registrant state: 77ab92f1911d7c5f Registrant zip: 3495bcf1839c6374 Technical city: REDACTED Technical country: REDACTED Technical state: REDACTED Update date: 2025-04-28 00:00:00
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 11 months ago · Last seen 1 month ago
Appeared in 7 threat reports