IOC Radar
DomainMediumSignal 36/100

m.gandring.my.id

Location
CanadaCanada
First Seen
Oct 26, 2023
Last Seen
May 12, 2026
Oct 26
First Seen
967d ago
May 12
Last Seen
38d ago
6
Reports
source reports
36%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

81 techniques

Feed Intelligence Summary

6 reports36% confidence
6
Source reports
36%
Confidence score
Category tags
aaaaabuseaccept expiryaccessactive scanadministrative accessadresadresy urladvanced educationall scoreblueamazonamerykias35994 akamaiattorney brian sabeyavast avgb serverbad reputationbardzo dugabelgiumberbewbodybotnetbotnet activitybrain sabeybrazilbrian sabeybrute forceca datacanadacivilcloud infrastructurecms: expresscnamecommand and controlcommunication protocolcompromised websitecredential harvestingcredential stuffingcrimecsc corporateczech republicdata exfiltrationdata store exposuredata utworzeniadata wyganiciaddosddos attacksdigicert incdigitaldigital certificate analysisdistributed attacksdnsdns attackdnssecdocument exploitatione5.spikeaex.dynhasheducationencrypted connectionsendgameenterprise securityet toreu cyber policieseuropeexitexploitation activityexpressfiles matchingfirst stage payloadflagformbook stealerfound httpsframinggooglehackershall renderhtml smugglinghtml_smugglinghttp responsehttp scanneridentity & access exploitationidentity theftindicatorinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelligence agency surveillanceinternet of thingsinvalid urlionos seiosiot botnetiot securityiot/ics attackirelandireland unknownknown torlateral movementlaw enforcement surveillancelinuxmacmalicious redirectmalicious softwaremalwaremalware campaignmalware deliverymicrosoft officemirai botnetmisc attackmobilemobile securitymobile threatmuiname serversnetworknetwork intrusionnextnode trafficnsonso groupoffice exploitationoperating systemparagonpassive dnspatch managementpath traversalpegasuspeoplephishingphishing attackpotential data exposureprivilege abuseprivilege escalationprocess injectionransomwareregional securityrelated pulsesreputation attacksresearchedsamsungsan josescan endpointssearchsecuresecurity operationssecurity riskselfserver tsaserver tsa bserwer nazwshowshowingskynetsocial engineeringsocial media abusesoftware vulnerabilitiessonyssdeepstatusstealersystem compromiset1001t1011t1016t1018t1019t1021t1021.001t1021.006t1027t1036t1036.005t1041t1046t1055t1055.001t1059t1059.001t1059.004t1059.007t1064t1068t1069.001t1071t1071.001t1071.004t1078t1078.004t1082t1088t1094t1095t1105t1110.004t1114.002t1189t1190t1192t1199t1202t1204t1204.001t1204.002t1210t1212t1218.001t1486t1496t1499.002t1499.003t1547t1547.001t1550t1553t1553.002t1553.004t1553.006t1555t1560t1563.002t1565t1566t1566.001t1566.002t1566.003t1568.002t1573t1583t1583.001t1587.001t1588t1588.004t1590.001t1595t1596.001t1596.004t1598t1598.003t1598.004t1602t1608t1608.001telecommunicationstelusthreat actorthreat intelligencetor nodetraffic maskingtrojan downloadertrojan featurestrojan malwaretsa btwittertworzytworzy katalogtworzy plikityp plikuu of aunauthorized accessunitedurlsvirtoolvulnerability scanweb applicationweb application attackweb application exploitationweb trafficwin32/obfuscator.adbwin32/upatrewin32/vflooderwix

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **m.gandring.my.id** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, malware, phishing, and ransomware activities. First observed on October

Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
6
Reports
First seenOct 26, 2023
Last seenMay 12, 2026

VirusTotal

Not checked

WHOIS

description
A look back at some of the key words and phrases used to describe the situation in Italy, as "probacja" (or "democrata), as they were translated into English.
raw
DNSSEC: Unsigned Domain ID: PANDI-DO6358150 Domain Name: gandring.my.id Expiration Date: 2023-03-14 00:09:03 Last Updated On: 2023-04-17 18:09:04 Name Server: byron.ns.cloudflare.com Name Server: sloan.ns.cloudflare.com Sponsoring Registrar City: Jakarta Selatan Sponsoring Registrar Country: ID Sponsoring Registrar Email: [email protected] Sponsoring Registrar Organization: PT Registrasi Nama Domain Sponsoring Registrar Postal Code: 12950 Sponsoring Registrar State/Province: Jakarta Sponsoring Registrar URL: https://daftarnama.id Status: pendingDelete Status: redemptionPeriod

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 6 threat reports