IOC Radar
DomainMediumSignal 95/100

malext.com

Location
United StatesUnited States
First Seen
Feb 18, 2026
Last Seen
Jun 20, 2026
Feb 18
First Seen
125d ago
Jun 20
Last Seen
3d ago
14
Reports
source reports
95%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
95%
Signal Score
95 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Feed Intelligence Summary

14 reports95% confidence
14
Source reports
95%
Confidence score
Category tags
abuseabusech-threatfox-c2cactive scanactive scanningalienvault_ransomwareaptattackautomated analysisbackdoorbad reputationblock-or-filter-listbrute forcebrute force attackbrute force attemptc2c2 communicationcommand & controlcredential accesscredential stuffingcredential theftcyber campaigndata encryptiondata exfiltrationdata store exposureencryptionexploitation activityextortionftpglasswormglobal campaigngoogle adsidentity & access exploitationindicatorinformation stealerinfostealerinfostealer malwareinitial accessinjection activityioclummamacosmalicious activitymalicious softwaremalvertisingmalwaremalware activitymalware deliverymulti-vector threat campaignnetworknetwork scanningnetwork securitynorth americanovel iocnovel-iocobserved macosoperation camelclonepassword attackspatched samplephantompulsephishingport-scanningprecogprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedservice scanshub stealerssh attackstealersystem disruptiont1003t1005t1016t1021t1021.001t1027t1036t1040t1041t1046t1055t1056.002t1057t1059t1059.002t1059.004t1059.007t1070.004t1071t1071.001t1076t1078t1082t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1204t1486t1490t1539t1543.001t1543.004t1552.001t1555t1555.001t1555.003t1560t1563t1565t1566t1573t1574t1595t1595.001t1595.002t1595.003t1614telnet threattengu ransomwaretext-sharing platformthreat actorthreat grouptor nodeunited statesvm detectionvoid#geistyarayara rule

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **malext.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on February

Threat ScoreHigh Risk
95
SIGNAL
Signal Score
95%
Confidence
14
Reports
First seenFeb 18, 2026
Last seenJun 20, 2026

VirusTotal

Not checked

WHOIS

description
Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Create date: 2023-11-16 00:00:00 Domain name: malext.com Domain registrar id: 3817 Domain registrar url: whois.wix.com Expiry date: 2026-11-16 00:00:00 Name server 1: DNS1.PARASTORAGE.COM Name server 2: DNS2.PARASTORAGE.COM Query time: 2025-11-21 21:39:12 Registrant address: ca2f81c149c59896 Registrant city: 14d3c751b0882713 Registrant company: 4497441ea292179c Registrant country: Mexico Registrant email: [email protected] Registrant name: 2ed2ee10378b507b Registrant phone: 5e9d20aaac65cf44 Registrant state: c022cb04fd1c6c81 Registrant zip: d7edd46e4c3078a9 Update date: 2025-11-20 00:00:00
references
IOCs.2026.3.csv, https://gi7w0rm.medium.com/amos-stealer-malext-variant-spread-in-a-global-malvertising-campaign-using-free-text-sharing-4d240e11d7e2, https://x.com/skocherhan/status/2023915391018324014, https://x.com/skocherhan/status/2023920300073578842, https://x.com/skocherhan/status/2023922847903596660, https://x.com/skocherhan/status/2023924345060429930, https://x.com/skocherhan/status/2023925214074098122, https://x.com/skocherhan/status/2023965737371541721, https://x.com/skocherhan/status/2023982058402439229, https://x.com/skocherhan/status/2023997916843483152, https://x.com/skocherhan/status/2023998984688201928, https://x.com/skocherhan/status/2023999049234329663, https://x.com/skocherhan/status/2024006614487904316, https://x.com/skocherhan/status/2024010129918566812, https://x.com/skocherhan/status/2024055541593448574, https://x.com/skocherhan/status/2024059082810761244, https://x.com/skocherhan/status/2024152593950285979, https://x.com/skocherhan/status/2024169735596683529, https://x.com/skocherhan/status/2024182714924982367, https://x.com/skocherhan/status/2024191511714316430, https://x.com/skocherhan/status/2024193104941605229, https://x.com/skocherhan/status/2024193791951880211, https://x.com/skocherhan/status/2024194564605579358, https://x.com/skocherhan/status/2024199192634077344, https://x.com/skocherhan/status/2024248493037015409, https://x.com/skocherhan/status/2024256757002866905, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
subdomains count
6

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 3 days ago
Appeared in 14 threat reports