DomainHighVerifiedSignal 21/100
pxcc.com
Location
Taiwan, Province of ChinaFirst Seen
Mar 12, 2024
Last Seen
May 21, 2026
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
21%
Signal Score
21 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports21% confidence
6
Source reports
21%
Confidence score
Category tags
#potentialus-origin_falseflag_obfuscationa h2aaaaabuseacceptaccept encodingaccount securityactive relatedactive scanadaptivebeeaddressadmin countryadobe portableadult contentadvanced emailadvertising botnetadwareagent teslaalertsalexaalexa topalienvault_ransomwareall octoseekall scoreblueallocates_execute_remote_processallocates_rwxamazonamazon sesamazonawsamerica flaganalysis dateanalyzeanalyzer feedsanalyzer threatantisandbox_sleepantivirus detectionantivm_generic_biosantivm_memory_availableantivm_network_adaptersapi callapolloappdataappleapple iosapple phoneapplication developmentarizonaartemisartroascii textasiaasnone unitedasyncratattattackaustraliaauthorityautoitav detectionsavast avgawfulazorultazure tlsbackdoorbad reputationbank securitybankerbhagam bhagbillbinderbitcoinbitratbitsblackblacklist httpblacklist httpsblisterblockchainbodisbodybody htmlbody lengthbotnetbotnet activitybrian sabeybundledc2 communicationcab chromecache entrycalls-wmicamaro dragoncancel anytimecheckinchecks_debuggerchinachina telecomchina unknownchromecisco devicecisco umbrellacitadelcivil servicescivil societyck idck matrixck techniquesclassclick-based attackcloud infrastructurecnamazon rsacnamecnccobaltcobalt strikecode executioncode injectioncollections wowcom laudecommandcommand and controlcommand decodecommand executioncommodity contracts intermediationcommon upatrecommunication protocolcommunication technologiescompany limitedcomspecconfigcontactcontacted hostscontacted urlscontent scrapingcontrol panelcontrol ta0011cookiecookie botcopycopy md5copy sha1copy sha256corecorporate lawcountrycountry unitedcowboycp cybercreation datecredential harvestingcredential theftcritical cmdcrypcrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingcsc corporatecus cngtscus subjectcyber crimecyber espionagecyber stalkingcyber threatczechdaddydangerdark powerdatadata accessdata copyingdata encryptiondata exfiltrationdata transferdbatloaderdcbgddlr ltdde indicatorsdecentralized financedefense evasiondelawaredeletedelete cdelphidenverdetection listdetections typedeuteronomy 28:7development methodologiesdevice managementdevice trackingdevopsdigital currencydigital signaturedirect search networkdistributed attacksdiv divdnsdns attackdnssecdockdocument formatdomaindomainpath namedomainsdomains domainsdomains filesdomains iidorkbotdos executabledotfuscatordownerdownldrdownloaderdridexdropperdt_vmp_32dumped_bufferdumped_buffer2dynamicloaderecdsaeditionelevated exposureemailsemotetencryptencryptionendpoints allenjoyenterprise networkingenterprise securityentrieserroret intelligenceet toretageuropeexcelexcel microsoftexe32exe_appdataexecutable fileexecution attexif standardexitexpiration dateexpiryexploitexploitationexploitation activityexploreextortionfailefalcon sandboxfigmafilefilesfiles domainfiles filesfiles ipfiles locationfiles relatedfiles showfinal urlfinancefinancial institutionfinancial servicesfindfirefox setupfirstflagflag unitedfont formatfooterfor privacyforbidden smallformformatformbook cncfoundfound aframingfreefuerygeckogeneral fullgenericgeneric malwaregeneric windosget dnsget httpget updatesgift_card_mininggithub pagesglobal rootgmbhgmbh versiongooglegoogle llcgoogle_play_card_mininggovernment technologygrafana labsgroupgzipgzip chromehackershackers for hirehall lawhallrender rebrandedhashhasheshawkeyehead bodyhead metaheader intelheaders ageheurhichinahighhigh levelhigh processhighly targetedhistorical sslhithitmenhivhome screenhoney clienthostname enumerationhtmlhtml infohttp attackhttp hosthttp methodhttp requesthttp requestshttp responsehttp scannerhttpshunkhybridicmp trafficico rtgroupiconids detectionsiframeigmpimmigrationimpacting azureimphash matchingindicatorindonesiainfo compilerinformation gatheringinformation stealinginformation technologyinfotip readinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection activityinjection t1055injection_createremotethreadinjection_modifies_memoryinjection_ntsetcontextthreadinjection_resumethreadinjection_runpeinjection_write_memoryinjection_write_memory_exeinputinput validation bypassinstallintelintellectual property lawiobitiocsiosipv4ipv4 addirelandissuerissuing cait infrastructureitemja3sjapan unknownjpeg imagejs userjsonk dcomlaunchkeewebkey algorithmkey identifierkey infokgs0khtmlkls0known torkotlinkratonalabellarge dnslarimer stlaw practicelearnlegal consultinglegal researchlegal serviceslegal technologylegendlenovolenovo typeless whoislifelinuxlinux x8664loaderlocallolkeklooklowfilummalumma stealerm03 oamazonmacrosmail spammermainmalicious activitymalicious downloadmalicious linksmalicious sitemalicious softwaremalicious url repositorymaltiverse qratmalvertisingmalvertizingmalwaremalware distributionmalware dnsmalware genericmalware signingmalware sitemalware spreading evadermalware trafficmanmarkmonitormarkmonitor incmarkusmazembsmediamediummemory patternmenmetametadata analysismetromillionmindminermineral processingminingmining equipmentmining operationsmining sustainabilitymining technologymisc attackmitre attmobilemobile carriersmobile networksmobile securitymodelmodifies_certificatesmodifies_proxy_wpadmodule loadmodulesmonitoringmost viewedmovedmoved titlemozillamozilla firefoxmsiemsilmutexesn haydennamename domainname md5name servername serversname tacticsname valuename verdictnanocore ratnation-state activitynemtihnetwirenetworknetwork analysisnetwork icmpnetwork infrastructurenetwork scanningnetwork_cnc_httpnetwork_httpnetwork_ircneutralnextnext associatednexus categorynidsnids_alertnids_malware_alertnode tcpnode trafficnolookup_communicationnoranorad trackingnsisnumberoc0006 httpoccamyoceaniaoffice openoffice standardogilvyogoogle trustopenopen packagingopen threatoperating systemoperating system securityorg metaorg twitteros2 executableotx telemetrypacked executablepackerpacking t1045panel platformparent domainpassive dnspasswordpastepatch managementpath traversalpattern ipspattern matchpdfpdf documentpdf phishingpe resourcepe32 compilerpe32 executablepe_featurespegasuspepo campaignspersistence_autorunphishphishingphishing attackphishing intelligencephishing sitephishingb64pixelplayplay ransomwareplugxporn videosprecreate readpresent aprpresent augpresent febpresent janpresent julpresent marprocessprocess injectionprocess32nextwproduct developmentproducts idprofile userprojectprotectprotection_rxprotocol h2proxypublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulsespurpose p1q httpsqiwi hackquality assurancequasarquasar ratqueryransomransomwarerd suiteread creaderrecon_fingerprintreconnaissancerecord typerecord valueredacted forredlineredline stealerrefreshregulatory agenciesregulatory compliancerelated nidsrelated pulsesrelicremcos trojanremoteremote accessremote procedure callremote servicesreportresearchedresolved ipsresource extractionresource hijackingresources cyberrestartreverse dnsrgbaright personrisk assessmentrobotoromeo schemeroot carticon neutralruntime modulessafe sitesalityscan endpointsscanning hostscriptscript domainsscript urlssearchsearch platformsearch threatsecure serversecurity operationssecurity tlsselect xmpservaas kluteserversserviceservice ipservice privacyset cookiesetupshellshell codeshell commandsshinjiru mscshowshow techniqueshowingsiblings domainsiem compliancesitesizeskipsmallsnatchsocial engineeringsocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware integritysoftware testingsoftware vulnerabilitiesspamspanspawnsspeakez securusssl certificatestartstatic ai analysisstatusstatus codestatus pagestealerstringsstrongsub domainsubjectsubject keysubject publicsuitesummarysupply chain attacksuricata ipv4suricata udpv4switchswitch dnsswrortsystem disruptiont1003t1003.001t1003.005t1005t1021t1021.001t1027t1027.002t1030t1041t1045t1047t1055t1057t1059t1059.001t1059.003t1059.007t1064t1068t1069.001t1071t1071.001t1078t1078.004t1083t1105t1113t1129t1133t1189t1190t1203t1204t1204.001t1204.002t1480t1486t1490t1495t1496t1499.001t1499.002t1499.003t1518t1547.001t1553t1554.001t1554.003t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1568t1569.002t1583t1583.005t1587.001t1589.001t1590t1590.001ta0007 commandtabx explorertag counttag managertags viewporttaiwantargetteamtech countrytelecom servicestelecommunicationstexttext chromethreatthreat actorthreat intelligencethreat roundthreat rounduptiff imagetitletitle addedtitle bhagamtlsv1tofseetoolstop ratedtor knowntor nodetor relayroutertrackertraffictreatstreetrojantrojan malwaretrojandroppertrojanspytrojanxtsara brashearsttl valuetulach rebrandedtwittertypetyposquattingumbrella rankunionunitedunited kingdomunruyunsafeununtuupatreurlsurls httpurls httpsursnifus registrantusageuseruser executionusersutc googleutc submissionsv3 serialvaluevaryvbmodvehicle keycodesvehicle trackingverdanaverifyvideosviewsvirtoolvirtual currency miningvisa schemevpn nullifywacatacwatchweb application exploitationweb exploitationweb openweb securityweb trafficwebcamswebshellwhoiswhois domainwhois lookupswhois recordwhois whoiswin16 newin32 dllwin32 exewin32 malwarewin32qqpass aprwin32upatre febwindirwindowwindowswindows activexwindows malwarewindows ntwininet c0005wininitwiperwoff chromewomanwormwritewrite cx00x00x509v3 extendedx509v3 keyxlsx microsoftxml documentxml eburyxml formatxml spreadsheetxratyandex dropper extendyara detectionsyara ruleyoutube account compromiseyoutube videozeuszombiezusy
Activity Timeline
May 21May 21
Threat Activity Heatmap
· Peak: 2026-05-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
21
SIGNAL
Signal Score
21%
Confidence
6
Reports
First seenMar 12, 2024
Last seenMay 21, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- MarkMonitor Inc.
- domain rank
- -1
- raw
- Admin Country: US Admin Organization: Google LLC Admin State/Province: CA Creation Date: 2001-12-27T22:12:33+0000 Creation Date: 2001-12-27T22:12:33Z DNSSEC: unsigned Domain Name: PXCC.COM Domain Name: pxcc.com Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.GOOGLE.COM Name Server: NS2.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM Name Server: ns1.google.com Name Server: ns2.google.com Name Server: ns3.google.com Name Server: ns4.google.com Registrant Country: US Registrant Email: 18d84860427f453ds@ Registrant Organization: 3307059bbb3149c4 Registrant State/Province: b1952dfc047df18a Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2086851750 Registrar IANA ID: 292 Registrar Registration Expiration Date: 2024-12-27T00:00:00+0000 Registrar URL: http://www.markmonitor.com Registrar WHOIS Server: whois.markmonitor.com Registrar: MarkMonitor Inc. Registrar: MarkMonitor, Inc. Registry Domain ID: 81678455_DOMAIN_COM-VRSN Registry Expiry Date: 2024-12-27T22:12:33Z Tech Country: US Tech Organization: Google LLC Tech State/Province: CA Updated Date: 2023-11-25T10:37:31+0000 Updated Date: 2023-11-25T10:37:31Z
- subdomains count
- 2
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 2 years ago · Last seen 25 days ago
Appeared in 6 threat reports