DomainMediumSignal 76/100
phantomshuttle.space
First Seen
Dec 23, 2025
Last Seen
Jun 5, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports76% confidence
10
Source reports
76%
Confidence score
Category tags
access controlactiveactive scanactive scanningaddressaerospace & defenseai-poweredalipayalipay targetingapi abuseapi urlattackauthentication bypassbad reputationbeyondbitcoinblockchainblocklistbrand-impersonationbrowser malwarebrute forcebulk ipdomainc2c2 communicationc2 domainc2 ipc2 ip addressc2 serverchinese threat actorchromechrome extensionchrome extensionscode injectioncommand & controlcommodity contracts intermediationcommunication technologiescompanycontactcontentcookie theftcredential accesscredential harvestingcredential stuffingcredential theftcredential-harvestingcryptocrypto exchangecrypto miningcrypto scamcrypto walletcryptocurrencycryptocurrency threatscryptocurrency-scamscryptojackingdamagedastdata exfiltrationdata store exposuredecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydemodestroylist_phishingdigital currencydirectdrainerencodedencoded communicationexploitation activityextensionextension idfake-online-storesfinanceforeign trade workersformform grabbingfraudfraudulent activityfuturegrubhubhorseidentity & access exploitationindicatoringress tool transferinjectinjection activityinvestment-fraudiot securitylinklive threat datalogin brute forcemalicious activitymalicious domainmalicious downloadmalicious softwaremalicious-url-feedmalwaremalware distributionman-in-the-browserman-in-the-middlemilitary operationsmitbmobile carriersmobile networksmonitoringnational securitynetworknetwork intrusionnetwork scanningpacpaid subscription scampassword attackphantom shuttlephishingphishing attackphishing-websitespremiumprocess injectionproductproxyproxy authentication hijackingransomwarereconnaissanceresearchedresource hijackingscamscams & fraudsecurity operationssecurity policyservice discoverysocial engineeringsocket c2storysupply chain attackt1003t1021t1027t1036t1040t1041t1055t1056t1059t1059.001t1059.007t1071t1071.001t1078t1090t1090.002t1105t1110t1176t1189t1190t1199t1204.001t1204.002t1486t1496t1530t1539t1552t1555.003t1556.003t1557t1565t1566t1566.001t1566.002t1566.003t1567.001t1573t1583t1595t1595.001t1595.002t1595.003t1598teamtech-support-scamstelecom servicestelecommunicationsthreat actorthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetoken thefttor nodetraffic manipulationtrust wallettwittertypeunauthorized accessurlsvip statusvpnvpn masqueradevpn serviceweb application attackweb exploitation
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **phantomshuttle.space** has emerged as a significant indicator of compromise (IOC) in the cybersecurity landscape, first observed on December
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
10
Reports
First seenDec 23, 2025
Last seenJun 5, 2026
VirusTotal
Not checked
WHOIS
- description
- Live feed of phishing and crypto scam domains with ACTIVE malicious content from PhishDestroy. These domains are verified to have live phishing/scam pages. Updated hourly. Source: github.com/phishdestroy/destroylist/dns/content_active.json
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 months ago · Last seen 5 days ago
Appeared in 10 threat reports