IOC Radar
DomainHighVerifiedSignal 54/100

proestimating.us

Location
Saint Helena, Ascension and Tristan da CunhaSaint Helena, Ascension and Tristan da Cunha
First Seen
Jan 15, 2026
Last Seen
May 8, 2026
Jan 15
First Seen
163d ago
May 8
Last Seen
50d ago
6
Reports
source reports
54%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Feed Intelligence Summary

6 reports54% confidence
6
Source reports
54%
Confidence score
Category tags
abuseack scanactive scanactive scanningalienvault_ransomwareanomalous activityanomalous network trafficanomalous trafficapplication layer protocolarmasciiasyncratattacker infrastructureauthentication abuseautomated analysisautomated attackautomated detectionautomated scanautomated threatautomated threat detectionautomated-attackautomated_analysisautomated_attackautomated_scanbackdoorbad reputationbase64-loaderbeaconing activityblacklisted ipblacklisted ipsbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcebrute_force_attackc2c2 activityc2 channelc2 channel detectedc2 channel establishedc2 communicationc2-activityc2-communicationc2_activityc2_communicationc2_detectionc2_trafficcensyscobaltstrikecode injectioncoinminercommand & controlcommand and controlcommand executioncommand-and-controlcommunication protocolcompromise assessmentcompromise attemptcompromise_attemptcompromised hostcompromised host indicatorscredential accesscredential stuffingcredential-accesscredential_accesscryptocurrencycve exploitation attemptsdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata_extractiondcratddosddos attackddos attacksddos potentialdenial of servicedga domaindga domain detecteddistributed attacksdnsdns attackdropped-by-amadeydugganusa researchdugganusa-researchelfencodedencryptionenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit_attemptexploitationexploitation activityexploitation attemptsftpftp brute forceftp brute-forceftp bruteforceftp-brute-forceftp-bruteforceftp_brute_forceftp_bruteforcegafgytgithubguloaderhajimehttp activityhttp brute forcehttp bruteforcehttp c2http communicationhttp exploithttp intrusionhttp probehttp probinghttp reconnaissancehttp request anomalieshttp request anomalyhttp scanhttp scannerhttp scanninghttp-scanhttp_activityhttp_brute_forcehttp_scanninghttpshttps probehttps probinghttps scanninghttps-scanhttps_scanninghuntioidentity & access exploitationimapindicatorindicators of compromiseinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinternet of thingsintrusion detectioniociocsiot botnetiot securityiot/ics attackip-addressip-address-based-iocip-address-scanip-scanningircjskaijiknown malicious iplateral movementlateral movement detectedlateral_movementloaderlogin attacklummastealerm68kmalicious domainmalicious linksmalicious network activitymalicious powershell activitymalicious softwaremalwaremalware activitymalware beaconmalware beaconingmalware communicationmalware detectedmalware detectionmalware distributionmalware indicatormalware indicatorsmalware propagationmalware relatedmalware-activitymalware-distributionmalware-relatedmalware_detectedmalware_detectionmalware_indicatorsmalware_infectionmalware_related_activitymassloggermipsmiraimirai botnetmozinetsupportmanager ratnetworknetwork activitynetwork anomaliesnetwork attacksnetwork behavior analysisnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork-intrusionnetwork-intrusion-attemptnetwork-reconnaissancenetwork-scanningnetwork_discoverynetwork_intrusionnetwork_reconnaissancenetwork_trafficnew_iocnewly observed domainnewly observed ipnovel c2 domainnovel c2 ipnovel indicatornovel indicatorsnovel iocnovel ioc detectednovel ioc detectionnovel iocsnovel malwarenovel threat indicatorsnovel-iocnovel-threatnovel_iocnovel_threatoffloaderopendirpassword attackpassword attackspassword crackingpassword-attackpassword-guessingphantomstealerphishingpolandport-scanport-scanningpossible apt activitypossible backdoor implantpossible botnetpossible botnet activitypossible c2 activitypossible compromisepossible exploit activitypossible initial accesspossible intrusionpossible lateral movementpossible malwarepossible malware activitypossible malware infectionpossible reconnaissance activitypossible vulnerability exploitationpossible_malwarepotential botnetpotential botnet activitypotential compromisepotential data exfiltrationpotential exploitpotential intrusionpotential intrusion attemptpotential malwarepotential malware activitypotential malware c2potential threat actorpotential vulnerability exploitationpotential-malware-distributionpotential_botnetpotential_c2_activitypotential_compromisepotential_intrusionpotential_lateral_movementpotential_malwarepotential_malware_beaconingpowerpcpowershellprecogprecog detectedprecog detectionprecog engineprecog sweepprecog_detectedprecog_engineprocess injectionprotocol exploitationprotocol: dnsprotocol: ftpprotocol: httpprotocol: httpsprotocol: smbprotocol: sshprotocol_ftpprotocol_httpprotocol_sshps1purelogsstealerransomwareratrdp bruteforcerdp-brute-forcerdp-bruteforcerdp_brute_forcerdp_bruteforcereconnaissancereconnaissance activityremcosratremote accessremote loginremote service scanningremote servicesremote_accessresearchedrev-base64-loaderrustystealersaint helena, ascension and tristan da cunhascams & fraudscannerscanning activityscanning probescripting attackssecurity operationsservice discoveryservice scanshsmb brute forcesmb scanningsmtpsmtp brute forcesmtp communicationsmtp probingsmtp scansmtp scanningsmtp trafficsmtp_scanningsmtp_trafficsparcssh attackssh bruteforcessh-brute-forcessh-bruteforcessh_brute_forcessh_bruteforcesshdkitstixsuperhsuspected intrusionsuspected malwaresuspicious-ipsuspicious-network-activitysyn scansystem discoverysystem_discoveryt1003t1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.002t1083t1086t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1550t1555t1555.003t1563t1565t1566t1566.001t1566.003t1567t1568t1568.002t1569t1569.002t1571t1572t1573t1573.001t1587.001t1588t1589t1590.001t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantcp scanningtelnet bruteforcetelnet threatthreat actorthreat actor unknownthreat intelligencethreat intelligence feedtor nodeua-wgetudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized_accessunidentified actorunidentified malwareunidentified protocolunidentified threat actorunited statesunknown actorunknown groupunknown threat actoruser agent: suspicioususer-enumerationvipkeyloggervulnerability scanweb exploitationweb securityweb trafficwindows management instrumentationx86xorxworm

Activity Timeline

1 total obs
May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
6
Reports
First seenJan 15, 2026
Last seenMay 8, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
OwnRegistrar, Inc.
domain rank
-1
raw
Admin City: ZAFARWAL Admin Country: PK Admin Country: Pakistan Admin Email: [email protected] Admin Organization: NA Admin Postal Code: 51670 Admin State/Province: Punjab Creation Date: 2023-06-02T02:33:44Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: proestimating.us Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: ok https://icann.org/epp#ok Name Server: ns1.symbolhost.com Name Server: ns2.symbolhost.com Name Server: null Registrant Application Purpose: 25084576f4ca865a Registrant City: b7c58833740c0960 Registrant Country: PK Registrant Country: Pakistan Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax Ext: 758e5474eab77422 Registrant Fax: 3432650ec337c945 Registrant Fax: 758e5474eab77422 Registrant Name: ad4b634ba122e363 Registrant Nexus Category: ac4652a508990357 Registrant Organization: a4d2ad5d9d67109a Registrant Phone Ext: 1346e5bee00d3f4b Registrant Phone Ext: 3432650ec337c945 Registrant Phone: c9f3fc724f7cae20 Registrant Postal Code: 3432650ec337c945 Registrant Postal Code: 8438c9cdc6f0a379 Registrant State/Province: 81774aa7836375b5 Registrant Street: 3432650ec337c945 Registrant Street: a3b5f29d9921a544 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +91.2261426042 Registrar IANA ID: 1250 Registrar Registration Expiration Date: 2026-06-02T02:33:44Z Registrar URL: http://www.ownregistrar.com Registrar URL: www.ownregistrar.com Registrar WHOIS Server: whois.ownregistrar.com Registrar: OwnRegistrar, Inc. Registry Admin ID: CF1B4BDB403664E8E886C183DCA42DA93-GDREG Registry Admin ID: OR_203233 Registry Domain ID: DC31981F329284688A92841395366644C-GDREG Registry Expiry Date: 2026-06-02T02:33:44Z Registry Registrant ID: CF1B4BDB403664E8E886C183DCA42DA93-GDREG Registry Registrant ID: OR_203233 Registry Tech ID: CF1B4BDB403664E8E886C183DCA42DA93-GDREG Registry Tech ID: OR_203233 Tech City: ZAFARWAL Tech Country: PK Tech Country: Pakistan Tech Email: [email protected] Tech Organization: NA Tech Postal Code: 51670 Tech State/Province: Punjab Updated Date: 2025-06-05T02:00:04Z Updated Date: 2025-06-10T02:00:04Z
references
https://urlhaus.abuse.ch/browse/, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
subdomains count
12

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 5 months ago · Last seen 1 month ago
Appeared in 6 threat reports