DomainMediumSignal 54/100

`mumbaich.com`

Location

Singapore

First Seen

Aug 28, 2023

Last Seen

Jun 2, 2026

Aug 28

First Seen

1017d ago

Jun 2

Last Seen

8d ago

Reports

source reports

54%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

54%

Signal Score

54 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Feed Intelligence Summary

8 reports54% confidence

Source reports

54%

Confidence score

Category tags

9baaaaabuseacceptaccess controlaccount securityacintactive scanaddressaddress googleadloadag daagentalexaalexa topallocates_rwxamazonamazon-02america flaganalysis tipanna paulaantisandbox_restartapplearial helveticaartemisascii textasiaasnone countryattackavast avgave mariaazorultbackbackdoorbad reputationbad trafficbandoobank securitybetabotbitcoinblacklist httpblockchainbodybot communicationbotnetbotnet activitybrian sabey.brontokbrute forcec2c2 communicationcapturecentercheckincheckscicadacisco umbrellacitadelck idck matrixclasscleanerclick-based attackcloud xcitiumcnamecnccobalt strikecode executioncode injectioncode obfuscationcolor valuecommandcommand & controlcommand and controlcommand executioncommodity contracts intermediationcommon upatrecommunication protocolcompany limitedcompromised hostconduitcontacted hostscookiecorecoupcovid19creation datecredential accesscredential harvestingcredential stuffingcritical riskcrypcryptcrypto exchangecrypto miningcrypto walletcryptocurrencycts execurrentpasswordcutwailcyber securitycyber threatdark powerdasherdatadata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferdata uploaddead connectdecentralized financedeletedeployment notdetection listdigital currencydistributed attacksdnsdns attackdnspionagedockdomaiqdownloaderdropperdynamic loadingdynamicloadereb e2ed b8ee fcelectronic health recordselementemailsemotetencryptencrypt httpsencryptionengineeringentityerrorerror maret dnset infoet torexe uploadexecutable fileexpiration dateexploitexploitation activityextortionf0 fffailurefalcon sandboxfareitfe ffff d5ff fffilefileless malwarefilesfiles ipfiles locationfinancefinancial institutionfinancial servicesflagflag unitedfloxiffooterformformbook cncforms webfreemanfrom emailfunctionfusioncoregeneral fullgeneratorgenericgeneric httpget updatesgh0stcringegh0stratgoogle safegrouphacker forcehashhashessee jsonheaderheadershealthhealth care and social assistancehealth information technologyhealthcare information systemsheurhighhistorical sslhistory firsthospital managementhostilehostname addhostname enumerationhotmailhstrhtmlhttp attackhttp scannerhttpshunt operationshybrididentity & access exploitationider dataids detectionsiframeindia unknownindicatorinfiltrateinformation gatheringinfostealerinfostealer_keyloggerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinjection_resumethreadinput validation bypassinteliociocsiot securityipv4ipv4 additem tilejapan unknownjs_evaljson filekeybasekeygenkgs0kiannas lawkls0known torkovterkryptiklayerlearnlocallockbitlog idlog operatorlooklowfimachine learning detectionmainmakemake suremalicious activitymalicious domainsmalicious downloadmalicious linksmalicious sitemalicious softwaremalspam emailmalwaremalware distributionmalware domain feedmalware sitemathismatsnumedia centermedical servicesmediummetadata analysismillionminermitre attmobilemobile securitymonitored targetmonitoringmovedmpressmsi filemsiename serversname tacticsnation-state activitynetworknetwork cncnetwork communicationnetwork scanningnetwork trafficnetwork_httpnetwork_icmpnetwormnextnext associatednext httpnexusnircmdnorth americanymaimobserved dnsoccamyopenopenurl coperating systemoperating system securityover watchp2p zeuspassive dnspasswordpatcherpath traversalpatient carepattern matchpe resourcepegasuspentest peoplephishingphishing attackphishing siteplay buttonponypotential-c2present aprpresent augpresent decpresent junpresent marpresent novpresent sepprimary textprocess injectionproess_martianproject cicadaprotocol h2psexecpulse pulsespushpykspaqualified immunityquasi governmentqueryr61afinransomransomwareread creconnaissancerecord valueredacted forredline stealerrefreshrelated nidsremcos trojanremote accessremote servicesresearchedresponse finalrestartresults marresults novreverse dnsrevilroutesabotagesafarisafe browsingsafe sitesamplesscams & fraudscans recordscriptscript scriptscript urlssearchsearch barsearch criteriasearch otxsecrisksectigo httpssecurity operationssecurity policysecurity tlssegoe uiserver responseserversserviceshowshow processshow techniqueshowingsimdasingaporesiteslcc2social engineeringsocial media securitysodinokibisoftware exploitationsophos sophosspamspanspawnsspecial forcesssl certificatestate of coloradostatusstealersteamstrikestringssummarysummary leafsystem disruptiont1001t1001.001t1001.002t1005t1011t1021t1021.001t1027t1027.002t1030t1041t1045t1053t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.007t1060t1064t1069t1069.001t1069.002t1071t1071.001t1071.004t1078t1082t1105t1112t1113t1115t1119t1129t1133t1140t1143t1158t1190t1203t1204.001t1204.002t1480t1480 executiont1486t1490t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569.002t1573t1583t1583.001t1583.005t1587.001t1589.001t1590.001tailored accesstalostaotao operationstargeted intelligenceteamteam phishingtempetesla hackerstext colorthreat actorthreat intelligencethreat preventionthreat reportthreat rounduptimestamp entrytinbatitletitle errortlstls handshaketmobiletofseetoolstor analysistor nodetrojan malwaretrojan-droppertrojandroppertrojanxtrustasia httpstsara brashearstwitterunitedunited statesunknown nsunruyunsafeupatreuploading exeupx packerurlsus noteuser executionutc httpvaluevalue domainvawtrakvercelverdictverdict cloudverifyvietnamvietnam unknownvirtoolvirutwacatacweb application attackweb application exploitationweb exploitationweb securityweb trafficwebkitwhois recordwhois whoiswin32 malwarewin32upatre decwin32upatre novwin32upatre octwin32upatre sepwindirwindows malwarewindows ntwritewrite cx vercelxcitium verdictxtratyara rulezbotzeuszip archivezpevdo

Activity Timeline

1 total obs

Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

54%

Confidence

Reports

First seenAug 28, 2023

Last seenJun 2, 2026

VirusTotal

Not checked

WHOIS

registrar: Bluehost Inc.
description: Command and Control domains for malware known as Upatre. These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains.
domain rank: -1
raw: Admin City: MEXICO CITY Admin Country: MX Admin Email: [email protected] Admin Organization: REDCON GLOBAL S.C. Admin Postal Code: 14000 Admin State/Province: DISTRITO FEDERAL Creation Date: 2024-07-08T19:41:19Z DNSSEC: unsigned Domain Name: MUMBAICH.COM Domain Status: clientHold https://icann.org/epp#clientHold Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.HOSTMONSTER-EXPIRED.DOMAINPARKINGSERVER.NET Name Server: NS2.HOSTMONSTER-EXPIRED.DOMAINPARKINGSERVER.NET Registrant City: e5eba6cd6e5e7cc3 Registrant Country: MX Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 4fbf74133bcdc56d Registrant Organization: 5a8dc511ad3f15a2 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: a51c597471b07bb2 Registrant Postal Code: 64baa0e8c4c11f8e Registrant State/Province: b69cc2402cb5f2df Registrant Street: 9dd6b6869f96c76b Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.8777228662 Registrar Abuse Contact Phone: 888-210-3278 Registrar IANA ID: 1154 Registrar Registration Expiration Date: 2024-07-08T19:41:19Z Registrar URL: http://www.hostmonster.com/ Registrar URL: https://www.bluehost.com Registrar WHOIS Server: whois.fastdomain.com Registrar: Bluehost Inc. Registrar: FastDomain Inc. Registry Domain ID: 2897584729_DOMAIN_COM-VRSN Registry Expiry Date: 2026-07-08T19:41:19Z Tech City: JACKSONVILLE Tech Country: US Tech Email: [email protected] Tech Organization: HOSTMONSTER.COM Tech Postal Code: 32256 Tech State/Province: FLORIDA Updated Date: 2024-08-28T11:01:18Z Updated Date: 2025-07-09T07:34:49Z
references: 2021-09-21-Curriculo-IOCs.txt, https://blog.talosintelligence.com/threat-roundup-1202-1209/
subdomains count: 23

`mumbaich.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy