DomainMediumSignal 82/100

`recaptcha-manual.shop`

Location

Saint Helena, Ascension and Tristan da Cunha

First Seen

Feb 13, 2025

Last Seen

Jun 7, 2026

Feb 13

First Seen

487d ago

Jun 7

Last Seen

8d ago

Reports

source reports

82%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

82%

Signal Score

82 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

55 techniques

Feed Intelligence Summary

14 reports82% confidence

Source reports

82%

Confidence score

Category tags

active scanaerospace & defenseaes encryptionamadeyandroidapkarmasyncratatomicattackbackdoorbinance smartbinance smart chainbitbucketbitcoinblockchainbnb smartbnb smart chainbookingbotnetbotnet activitybrowser hijackbrowser injectionbrowser notification hijackbrute forcec2c2 channelc2 checkincensyschainclickfix deliveryclickfix lurecloud infrastructurecloudflare pagescobaltstrikecodecode executioncode injectioncoinbasecoinminercommandcommand & controlcommand and controlcommand executioncommodity contracts intermediationconductcredential harvestingcredential stuffingcredential theftcrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingdarka5data exfiltrationdata store exposureddosddos attacksdead drop resolverdecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydigital currencydistributed attacksdomainsdrive-by compromisedropped-by-amadeydropped-by-gcleanerelfencryptionetherhiding techniqueexeexecutable fileexploitation activityfacecaptchafakeappfakecaptchafinancegtigguloaderhajimehasheshostinghtahtmlhttpsidentity & access exploitationindicatorinfostealerinfostealersinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinternet of thingsiocsiocs sha256iot botnetiot securityiot/ics attackjavascript codejavascript code injectionjpg-base64-loaderlambdalevelleveldblnkloaderlumma stealerlummac.v2lummac2lummastealermainmain operatormalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalvertising campaignmalwaremalware deliverymalware distributionmalware familymalware urlmatrixmatrix pushmetamaskmetastealermilitary operationsmipsmiraimirai botnetmobilemobile securitymobile threatmozination-state activitynational securitynetsupportratnetworknorth americaopen-diropendiroperating systemphishingphishing attackpowershellprocess injectionpush c2pythonquasar-ratquasarratransomwareratrecaptcharedlinestealerremcosratremote accessresearchedresource hijackingrestartrustystealersaint helena, ascension and tristan da cunhascams & fraudscripting attacksserviceservice workershsha valuesshellcodesiemskidsmart contractsmart contractssocial engineeringsshdkitstealcstealerstormkittystrategiessubmit datesupply chain attackt1021.001t1027t1036t1053t1055t1059t1059.001t1059.005t1059.007t1064t1069.001t1071t1071.001t1078t1086t1102t1102.002t1104t1105t1133t1140t1189t1190t1199t1204t1204.001t1204.002t1218t1486t1496t1499.002t1499.003t1539t1546t1547t1547.001t1555t1555.003t1560t1565t1566t1566.001t1566.002t1566.003t1573.001t1583.001t1584.004t1587.001t1588.002t1588.006t1590.001t1598t1608t1608.001t1608.004threat actorthreat defensetor nodeua-wgetunc5142unc5142 c2unc5142 payloadunited statesupdate siemurlsurls httpvidarvidar c2vidar stealerw3c push apiweb exploitationweb injectionweb securitywindowswsgidavxml-opendirxwormzip

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **recaptcha-manual.shop**, originating from Saint Helena, Ascension and Tristan da Cunha, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on February

Threat ScoreHigh Risk

SIGNAL

Signal Score

82%

Confidence

Reports

First seenFeb 13, 2025

Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

domain rank: -1
raw: Create date: 2025-02-11 00:00:00 Domain name: recaptcha-manual.shop Domain registrar id: 460 Domain registrar url: https://www.webnic.cc/ Expiry date: 2026-02-11 00:00:00 Name server 1: apollo.ns.cloudflare.com Name server 2: luciane.ns.cloudflare.com Query time: 2025-02-12 11:22:15 Registrant country: Malaysia Registrant state: f4e528a4fdf624a9 Update date: 2025-02-11 00:00:00
references: https://threatfox.abuse.ch/export/csv/recent/, https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/#h-iocs-amp-technical-details, https://urlhaus.abuse.ch/browse/
subdomains count: 0

`recaptcha-manual.shop`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy