DomainMediumSignal 100/100
mailerdaemon.info
Location
Iran, Islamic Republic ofFirst Seen
Oct 2, 2024
Last Seen
Feb 15, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
active scanningaptasiaauthaccj8rr4cb1a httpbelleza equiposbotnetbrute forceciudadcivil servicescommand and controlcommunication protocolcredential accesscredential harvestingcredential stuffingcredential theftdata encryptiondata exfiltrationdatabase securitydenial of servicedistributed attacksfinftpftp brute forcegeuanrtsuy httpgovernment technologyhemmjcbviy httphttp brute forcehttp scannerilengb httpsindicatorinitial accessinjection attacksintrusion detectioniranirgckgcsjdfhty httplateral movementleer msmalicious softwaremalwaremedianetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securityngophishing attackpolticaprocess injectionpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote servicesresearchedsalascannersocial engineeringssh attacksynt1021t1021.001t1021.002t1040t1055t1059t1059.003t1059.004t1059.005t1071.001t1076t1077t1110t1110.001t1110.002t1110.003t1189t1190t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1595.003tcp protocolthreat intelligencetwo-factor authenticationunauthorized access attemptutensiliosvaporalvistawcsaejyhqy httpweb loginweb trafficwishlist vistaxktfqqpmda httpxmas
Activity Timeline
Feb 15Feb 15
Threat Activity Heatmap
· Peak: 2026-02-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **mailerdaemon.info**, originating from Iran, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on October
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenOct 2, 2024
Last seenFeb 15, 2026
VirusTotal
Not checked
WHOIS
- description
- This is a pulse created to house CND internal IOCs that we want to monitor, please add title to explain what the IOC and a further description of if this is needed.
- domain rank
- -1
- raw
- Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2022-11-13 00:00:00 Domain name: mailerdaemon.info Domain registrar id: 146 Domain registrar url: http://www.godaddy.com/domains/search.aspx?ci=8990 Expiry date: 2023-11-13 00:00:00 Name server 1: ns36.domaincontrol.com Name server 2: ns35.domaincontrol.com Query time: 2022-11-14 23:20:14 Registrant city: 1f8f4166599d23ee Registrant company: 7f270b624abce87e Registrant country: United States Registrant email: c3e4472e8f320a6ds@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 30bdd2917a604c83 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2022-11-13 00:00:00
- references
- https://www.ic3.gov/Media/News/2024/240927.pdf
- subdomains count
- 1
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 10 threat reports