IOC Radar
DomainMediumSignal 77/100

pepeairdrop01.com

Location
UkraineUkraine
First Seen
Jan 26, 2026
Last Seen
Jun 15, 2026
Jan 26
First Seen
150d ago
Jun 15
Last Seen
10d ago
10
Reports
source reports
77%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

62 techniques

Feed Intelligence Summary

10 reports77% confidence
10
Source reports
77%
Confidence score
Category tags
abuse reportactive scanactive scanningattack vector: webautomated analysisautomated exploitationautomated reconnaissanceautomated scanautomated scanningautomated sweepautomated-scanningbad reputationbankingbotnet activitybotnet infrastructurebrand abusebrowser vulnerabilitybrute forcebrute force attemptbrute force attemptsbrute_forcebrute_force_attackc2c2 activityc2 communicationc2 infrastructurec2_activityclient-side attackclient-side exploitclient-side exploitation campaignclient-side exploitscommand & controlcommand and controlcommunication protocolcompromised hostcorunacredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescryptocurrencycryptocurrency theftcryptocurrency threatscryptojackingdata encryptiondata exfiltrationdata store exposuredestroylist_phishingdgaencryptioneuropeexploitexploit kitexploitation activityexploitation kitfinancefinancial crimefinancial servicesfinancial technologyfinancial theftftpftp brute forcehttp scannerhttp/https c2httpsidentity & access exploitationindicatorindicators of compromiseinjection activityiosiphonelateral movementmalicious network activitymalicious softwaremalwaremalware deliverymalware detectionmalware distributionmalware hostingmalware trafficmalware_detectedmanual-collectionmedium-riskmobile malwaremobile securitymobile threatnation-state activitynetworknetwork intrusionnetwork intrusion attemptnetwork probingnetwork protocolnetwork scanningnetwork securitynorth americanovel iocnovel ioc detectionnovel iocsnovel-iocnovel_iocpayment processingphishingphishing attackpotential exploitprecogprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingrogue domainsecurity operationssmtpsocial engineeringssh attackt1016t1021t1021.001t1021.002t1040t1046t1048t1053t1055t1055: process injectiont1056t1056.001t1059t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1082t1083t1102.003t1106t1110t1110.002t1129t1133t1189t1189: drive-by compromiset1190t1203t1204t1204.001t1213t1219t1486t1496t1497t1499.002t1518t1555t1559t1560t1563t1565t1566t1566.001t1566.002t1566.003t1569t1571t1583t1583.001t1584t1588t1588.006t1595t1595.001t1595.002t1595.003t1598.003t1608tcp-scanningtelnet threatthreat actorthreat intelligencetor nodetype osintukraineunc6691united statesvulnerability scanwealth managementweb exploitweb malwareweb traffic

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
10
Reports
First seenJan 26, 2026
Last seenJun 15, 2026

VirusTotal

Not checked

WHOIS

registrar
Realtime Register B.V.
creation date
2026-01-25T17:13:20
expiration date
2027-01-25T17:13:20
updated date
2026-02-10T05:52:24
name servers
NS1.VERIFICATION-HOLD.SUSPENDED-DOMAIN.COM, NS2.VERIFICATION-HOLD.SUSPENDED-DOMAIN.COM
emails
[email protected]
status
clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited, clientHold https://icann.org/epp#clientHold, clientRenewProhibited https://icann.org/epp#clientRenewProhibited, clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 10 days ago
Appeared in 10 threat reports