DomainHighVerifiedSignal 36/100

`libradomx.com`

Location

United States

First Seen

Jul 8, 2025

Last Seen

Apr 7, 2026

Jul 8

First Seen

339d ago

Apr 7

Last Seen

66d ago

Reports

source reports

36%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

36%

Signal Score

36 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

138 techniques

Feed Intelligence Summary

5 reports36% confidence

Source reports

36%

Confidence score

Category tags

abuseadvanced persistent threatappleaptapt groupbad reputationbingbotnetbotnet activitybrute forcecivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsenterprise securityexecutable fileexploitexploitation activityfirmware infectionfirmware modificationgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementidentity & access exploitationindicatorinjection activityinternet of thingsiosios malwareiot botnetiot securityiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatnation-state activitynetworknorth americaoperating systempatch managementpatient carepdfpegasuspegasus projectphishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1110t1113t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat actortor nodeunited statesvulnerability scanwindows malwarezero click exploitzero-day exploit

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **libradomx.com** has been identified as a critical indicator of compromise (IOC) associated with advanced persistent threat (APT) activities originating from the United States. First observed on July

Threat ScoreLow Risk

SIGNAL

Signal Score

36%

Confidence

Reports

First seenJul 8, 2025

Last seenApr 7, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank: -1
raw: Administrative city: Santa Monica Administrative country: Mexico Administrative email: [email protected] Administrative state: Mexico Create date: 2024-12-27 00:00:00 Domain name: libradomx.com Domain registrar id: 1483 Domain registrar url: http://neubox.com/ Expiry date: 2025-12-27 00:00:00 Name server 1: ns8968.banahosting.com Name server 2: ns8969.banahosting.com Query time: 2024-12-28 13:46:10 Registrant city: 12b768f07ed313c2 Registrant company: e2909199fad8bfd3 Registrant country: Mexico Registrant email: [email protected] Registrant name: f529054f9b34c838 Registrant phone: 8624d4ef9e468c95 Registrant state: eb1924a1136746d1 Registrant zip: 35c98ac953a65c81 Technical city: Santa Monica Technical country: Mexico Technical email: [email protected] Technical state: Mexico Update date: 2024-12-27 00:00:00
subdomains count: 0

`libradomx.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy