DomainHighVerifiedSignal 26/100
lv.queniujq.cn
Location
United StatesFirst Seen
Jul 6, 2025
Last Seen
Mar 29, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports26% confidence
4
Source reports
26%
Confidence score
Category tags
aaaaabuseaccount compromiseactive scanadobe stockadobe systemsantiguaappleapple webkitapple_webkitascii textaustria austriaavast avgbad reputationbad trafficbarbuda asnbodybrowserbrowser hijackingbrute forcecexpxg .xyzchromeck idck matrixcloud infrastructurecloud servicescloud storagecnccode executioncode injectioncomkxjs .xyzcommandcommand and controlcommand executioncommunication technologiesconnections droppedcontacted hostscreation datecredential stuffingcredential theftcrlf linedata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferdefense evasiondesktopdiv divdns attackdropbox 4xxdropbox plusdropbox spywaredynamicloaderencryptionentrieserreurerroret malwareexfiltrationexploitexploitation activityextortionfailurefilesfiles showflagfoundgoogle safehighhookwowlow junidentity & access exploitationindicatorinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassiot securityit infrastructurelearnlinklocallowfilummamalicious linksmalicious softwaremalwaremediummetadata analysismitre attmobile carriersmobile networksmobile threatmovedmsilmultiple attacksname tacticsnetworknetwork trafficnextnext associatednitrogennorth americaoperating systemorg domainspacwpw .xyzpassive dnspath traversalpattern matchpetyaphishingphotos cs3present aprpresent julpresent junprocess detailsprocess injectionproxyransomransomwarerelated cncremote servicesresearchedresults aprrozenascriptsearchserver responseserversshowshow processshow techniqueshowingsnakesocial media securitysoftware developmentspanspan spanspawnssqgzl .xyzstatusstealerstealer relatedsteamsteam communitystock photossynapsesystem disruptiont1005t1011t1021t1021.001t1027t1030t1036.003t1041t1045t1053t1055t1057t1059t1068t1069.001t1070t1071t1071.001t1078t1081t1083t1105t1189t1190t1204t1204.001t1210t1218t1480t1480 executiont1486t1490t1499.001t1547t1553t1555t1560t1565t1566t1566.001t1566.003t1568t1587.001t1590.001t1590.002telecom servicestelecommunicationsthemida junthreat actortls handshaketls snitor nodetrojan malwaretrojandroppertrsuv .xyzunitedunited statesunurew .xyzurarfx .xyzurlsvirgin islandswaveweb application attackweb application exploitationweb securitywin32 malwarewindowwindows malwarewriteyara detections
Activity Timeline
Mar 29Mar 29
Threat Activity Heatmap
· Peak: 2026-03-29LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain lv.queniujq.cn has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including exploit kits, malware distribution, phishing campaigns, proxy services, and ransomware attacks. First observed on July
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
4
Reports
First seenJul 6, 2025
Last seenMar 29, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- Lumma Stealer, CNC, critical multiple malware IoC’s attack. Telegram, remote Dropbox stealing among multiple targeted attacks. Dropbox spyware. Nitrogen ransomware present. #apple_webkit #chrome #steam #lumma #ransom #stealer
- raw
- DNSSEC: unsigned Domain Name: queniujq.cn Domain Status: clientTransferProhibited Expiration Time: 2025-12-23 03:20:09 Name Server: ns1.alibabadns.com Name Server: ns2.alibabadns.com Registrant Contact Email: [email protected] Registrant: 99afaa186f24003b Registration Time: 2021-12-23 03:20:09 Sponsoring Registrar: 阿里云计算有限公司(万网)
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 2 months ago
Appeared in 4 threat reports