DomainHighVerifiedSignal 40/100

`owa.outlookssl.com`

Location

Korea, Republic of

First Seen

Aug 16, 2021

Last Seen

Jun 2, 2026

Aug 16

First Seen

1772d ago

Jun 2

Last Seen

22d ago

Reports

source reports

40%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

40%

Signal Score

40 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

103 techniques

Feed Intelligence Summary

5 reports40% confidence

Source reports

40%

Confidence score

Category tags

aaaaabuseacceptaccount discoveryaccount profilingaccount securityaccount takeoveractive relatedactive scanactive scanningad tevdagaddressadjfprem ordadm devadversary-in-the-middleadwindafraidagentakamai rankalertsalienvault_ransomwareall hostnameall ipv4all scoreblueallmul vbaget4alphacrypt cncamazonamerica asnamerica flaganalysis dateandroidanti-forensicsapeaksoft iosapi abuseappleapple iosapple privateapplication developmentarialarkeistealerascii textasiaasnoneasnone denmarkasnone dnsassembly commonassembly nameassociated urlsasyncratatx dcitaustria asnaustria unknownauthentication bypassauthentication flawauthority keyautofill pulseav detectionsavast avgavg win32b documentbackdoorbad reputationbanking trojanbanloadbeaconbloat-abodybody htmlbody lengthbonusbitcoinborland delphibotnetbotnet activitybrute forcebuilderc&cc2c2 infrastructurecallback phishingcanadacanada asncanada showingcanada unknowncheckercheckincheckschecks amountchinachromecity redmondck idck idsck techniquesclickclick-based attackcloud infrastructureclr versioncnamecodecode executioncode injectioncommandcommand and controlcommand executioncommunication protocolcompromised hostcompromised websiteconfigconnected devicescontactcontentcontent typecookiecopycopy md5copy sha1copy sha256corecountrycountry uscp noicreation datecredential accesscredential harvestingcredential theftcredentials accesscrlf linecrypcryptbotcryptocurrencycryptographycryptomining malwarecus cnletcvecyber defensecyber threatscycbotdanabotdatadata accessdata breachdata collectiondata copyingdata encryptiondata exfiltrationdata miningdata misusedata rtversiondata store exposuredata transferdata uploadddosddos attacksdeathdefense evasiondeletedelphidelphi genericdenver coloradodetailsdevelopment attdevelopment methodologiesdevice managementdevopsdigital certificatedigital signaturediscovery attdistributed attacksdiv divdiv sectiondnsdns attackdnssecdomaindomainsdomains showdonedos borlanddouble clickdownloaderdraiedropped cdrwebdubai realdublindviddynamic dnsdynamic function loadingdynamic loadingdynamic_function_loadingdynamicloadere weowe64ee-signature securityeanioaeecc ca2ecc ca3ecdsaelementelf malwareemailsemails metaemotetencryptencryptionenomenoughenter senter scenter soudcetdienter soudseentriesentries relatedentropy chi2entry pointerrorerror octet toret trojanet useragentsetpro tretpro trojanetpro trojan win32/tofsee.axeuropeeurope/asiaevent rocketexcludeexclude dataexclude suggesexeexe sizeexe uploadexecutable uploadexfiltrationexpirationexpiration dateexploitextendexternal-resourcesextortionextrextr dataextraextra dataextrac pleaseextraction dataextre amanuavextri dataextri includeextri includedfailedfailurefalse informationfastfffffffilelfilel datafilesfiles cfiles deletedfiles domainfiles ipfiles locationfiles relatedfiles showfinal urlfinancefinancial servicesfindfind peoplefind sfind suxxesteuflagflag unitedfolderfor privacyformformbook cncfoundfoundryfrancefraudgandi sasgeckogecko httpgeneral fullgeneratorgenericgeneric httpgermanyget nagetdc copyimagego httpgooglegoogle safegothamgpt analyzergraphgraph summaryguardguloaderhackerhandlehauthdi adhead bodyhead metahead titleheader intelheadersheart internethelixhelix foundryheurhighhistorical otxhistorical sslhome pagehosthostnamehostname addhostname analysishostname enumerationhostshtmlhtml infohttp attackhttp responsehttp scannerhttp versionhttpshungaryhybridiana registrarico rtgroupiconidentifier ididentity & access exploitationids detectionsiframeiframesinboundincludeinclude reviewincludec reviewindexindicatorindicators of compromiseindiicatun dataindustrial iotinfo headerinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection rwxinjection_rwxinput validation bypassintelinternet of thingsintrusion detectionintrusive monitoringinvalid urliociocsiosiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4ipv4 addirelandireland asnireland unknownissuerit infrastructureitunesjapankey identifierkey infokeyskhtmlknown torkrunchymalpackerlearnleonless seeli ullinklink librarylinux threatlinux x8664locallooklowfilsan franciscomalicious domainmalicious linksmalicious softwaremalwaremalware campaign analysismalware distributionmalware httpmalware packermalware signingmanuany browsemarkusmaudio firewiremaudio fwmcafeemediamedia centermediummetameta httpmetadata analysismetadata headermicrosoft waymirai botnetmitre attmobile threatmodule loadmonitored targetmonitored tsaramovedmoved titlems visualms windowsmsiemustang pandaname domainname md5name serversname tacticsnamesneshtanetherlandsnetworknetwork analysisnetwork communicationnetwork probingnetwork scanningnetwork securitynetwork trafficnetwork_cnc_httpnetwork_cnc_https_genericneueneutralnextnext associatednext httpnext relatednivdortnjratnone googlenordvpnsetupnorth americanumbernumbersok serveromainonloadonv incmdeopenopen portsoperating system securityorg microsoftorionorion logoorion wiotxoutbound trafficoverview ippackerpackingpandaparispassive dnspath traversalpattern matchpe resourcepe32 executablepe32 protectorpersonal dataphishingphishing attackplugxpng imageporn relatedportpost httppresent aprpresent augpresent decpresent febpresent janpresent julpresent junpresent marpresent novpresent octpresent sepprimary requestprocessprocess injectionprocess32nextwproduct developmentprometei botnetprotocol h2protocol-devipsai compulsepulse pulsespulse submitpulsespulses nonepulses otxpushpythonquality assuranceransomransomwarerdap databaseread creadsreads selfreads_selfreconnaissancerecord valueredacted forreferenrefloadapihashrefreshregistry keysregistry runrelatedrelated nidsrelated pulsesrelated tagsremcosremoteremote accessremote servicesreputation damageresearchedresource hashresources whoisrestartresults julreverse dnsreviewreview datareview excludereview locsrgbarole titlerticon englishrticon neutralrticon russianrun keysrussiarva entrysabey typesafe browsingsamsungsan josesc datasc typescan endpointsscannerscript domainsscript scriptscript urlsse extrase extrisearchseard typesecure serversecurity operationssecurity tlsseenserver responseserversservicesettings cshared csharedink csharedinkarsa csharedinkbgbg csharedinkcscz csharedinkdadk cshowshow processshow techniqueshowingsigning defensesim unlocksinkhole cookiesitesizeslcc2smart devicessmear campaignsnatchsneaky serversnowjansocial engineeringsocial media abusesocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware integritysoftware testingsong culturesourcesouth koreaspainspanspawnssptoxspytox ogssl certificatestart folderstartupstatic pe anomalystatic_pe_anomalystatusstatus codestcastealerstopstop typstop xstreamstreams sizestringsstrong namesubject publicsuggessugges datasuggest datasuggested ocssummarysuricata alertsuspsystem disruptiont1003t1003.008t1005t1012t1021t1023t1027t1030t1031t1040t1041t1045t1047t1053t1055t1056t1057t1059t1059.001t1059.003t1059.007t1060t1063t1068t1070t1070.001t1070.004t1071t1071.001t1071.004t1078t1082t1083t1088t1090t1096t1105t1110t1110.002t1112t1113t1119t1129t1133t1140t1143t1147t1155t1158t1189t1190t1195t1203t1204t1204.001t1204.002t1210t1480t1480 executiont1486t1490t1496t1499.001t1499.002t1499.003t1518t1518.001t1528t1534t1535t1539t1553t1553.002t1554.001t1554.003t1555t1562t1562.001t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1568t1568.002t1573t1573.001t1574t1583t1583.001t1583.005t1587.001t1589t1589.001t1590t1590.001t1592t1595t1595.001t1595.002t1595.003t1598ta569tags viewporttargettargeted attacktaskjobtcp includeteamstewdactext/htmlthird-party-cookiesthreatthreat actorthreat intelligencethreat rounduptitletitle addedtitle spytoxtlstls handshaketmobile metrotofseetoolstop destinationtop sourcetor nodetouchtridenttrojantrojan malwaretrojandroppertrojanspytsara brashearstwittertwitter runningtyp indicalontypetype indicatortype mimetypetype nametype win32typesu0019ubuntuunauthorizedunicodeunicode textunitedunited statesunknown cnameunknown nsunknown soaunruyuny inuuueupatreurlsurls showurlvoiduseruser executionutc googlev3 serialvalue emailsverdictverifyviprevirtoolvirusvirustotal apivoidvpnvtapiw32.bloat-aweb application exploitationweb securityweb trafficweinedoewse netwelcomewhois registrarwhois showwin16 newin32 dynamicwin32 exewin32 malwarewin32/spyvoltar.awin32berbew julwin32heim febwindirwindows malwarewindows ntwork websitewormwritewrite cwritten cx xssx00x00x3 oletx509v3 subjectxportxslayeryara detectionyara detectionszusy

Activity Timeline

1 total obs

Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreLow Risk

SIGNAL

Signal Score

40%

Confidence

Reports

First seenAug 16, 2021

Last seenJun 2, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: NOM-IQ Ltd dba Com Laude
creation date: 2013-02-28T10:36:21
expiration date: 2027-02-28T10:36:21
updated date: 2026-01-29T23:16:51
name servers: NS1-01.AZURE-DNS.COM, NS2-01.AZURE-DNS.NET, NS3-01.AZURE-DNS.ORG, NS4-01.AZURE-DNS.INFO
country: US
emails: [email protected], [email protected], [email protected]
org: Microsoft Corporation
status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited, clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited, clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited, clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited

`owa.outlookssl.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey