IOC Radar
DomainMediumSignal 100/100

pepperiop.digital

Location
United StatesUnited States
First Seen
Apr 4, 2025
Last Seen
Jun 7, 2026
Apr 4
First Seen
436d ago
Jun 7
Last Seen
7d ago
16
Reports
source reports
99%
Confidence
medium
16/91
VirusTotal
detections
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Feed Intelligence Summary

16 reports99% confidence
16
Source reports
99%
Confidence score
Category tags
aa25-141babuseactive scanactive scanningattackauthentication abusebad reputationbotnetbotnet activitybrowser credential theftbrowser data theftbrowser hijackingbrute forcec2certcisacisa advisorycommand & controlcommand and controlcommunication protocolcommunications networkscookie theftcredential accesscredential harvestingcredential stuffingcredential theftcritical infrastructurecrypto wallet theftcryptocurrencycryptocurrency wallet theftcyberdatadata breachdata encryptiondata exfiltrationdata store exposuredata theftddosdefense systemsdenial of servicedistributed attacksemergency servicesencryptionenergy systemsenumerationexploitation activityextortionfbifbi alertfinancial systemsform grabbingftpgenericghostgovernment facilitieshttp scannerhttpsidentity & access exploitationindicatorinfostealeringress tool transferinjection activityinput validation bypasslocallummalumma stealerlumma stealer activitylummac2lummac2 malwarelummastealerlummastealer activitymalicious activitymalicious downloadmalicious softwaremalwaremalware campaignmalware distributionmatrixmitre attmozillamozilla firefoxnetworknetwork attacksnetwork protocolnetwork scanningnorth americaopcodeoperating systempassword attackpassword stealingpassword theftpath traversalphishingphishing attackphishing campaignprocess injectionprotectransomwarereconnaissanceremote accessremote servicesresearchedsocial engineeringssh attackstrongsystem disruptionsystem information discoveryt1003t1005t1012t1021t1021.001t1027t1027.003t1027.004t1033t1036t1040t1041t1046t1053.005t1055t1059t1059.005t1069.001t1071t1071.001t1076t1078t1078.001t1081t1082t1083t1105t1106t1110t1110.001t1110.002t1113t1115t1119t1140t1189t1190t1217t1486t1490t1496t1499.002t1499.003t1531t1539t1547t1553t1553.002t1555t1555.003t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1595t1595.001t1595.002t1595.003tabletcp protocolthreatthreat actortoolstor nodetransportation networksunited statesvulnerability scanwater systemsweb application attackweb application exploitationweb traffic

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **pepperiop.digital** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on April

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
16
Reports
First seenApr 4, 2025
Last seenJun 7, 2026

VirusTotal

16/ 91vendors flagged
18% detection rateJun 8, 2026

WHOIS

domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-04-02 00:00:00 Domain name: pepperiop.digital Domain registrar id: 303 Domain registrar url: http://www.PublicDomainRegistry.com Expiry date: 2026-04-02 00:00:00 Name server 1: kallie.ns.cloudflare.com Name server 2: leland.ns.cloudflare.com Query time: 2025-04-03 12:12:55 Registrant city: 1f8f4166599d23ee Registrant company: 2f527dd88d7bd10b Registrant country: Russia Registrant email: 29e2c061f3c9524es@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: 59fd82a7ba8f4edc Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-04-02 00:00:00
references
https://labs.inquest.net/iocdb, https://threatfox.abuse.ch/export/csv/recent/, https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b, https://www.cisa.gov/sites/default/files/2025-05/AA25-141B-Threat-Actors-Deploy-LummaC2-Malware-to-Exfiltrate-Sensitive-Data-from-Organizations.stix_.json, https://x.com/K_N1kolenko/status/1909194467166282185
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 16 threat reports