IOC Radar
DomainMediumSignal 0/100

reliaquest.com

Location
GermanyGermany
First Seen
Dec 5, 2025
Last Seen
Jun 8, 2026
Dec 5
First Seen
198d ago
Jun 8
Last Seen
13d ago
3
Reports
source reports
0%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

3 reports0% confidence
3
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator of compromise (IOC), reliaquest.com, has been identified as benign and poses no immediate threat to the organization. With a score of 0.0 and explicit whitelisting across multiple threat intelligence feeds, this domain is recognized as legitimate and non-malicious. Its presence in threat intelligence feeds does not signify hostile behavior or compromise. Instead, its inclusion is likely due to its role as a security vendor, where it might be mentioned in various security contexts.…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
3
Reports
First seenDec 5, 2025
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

description
Recent investigations by ReliaQuest have identified a series of suspicious domains related to Zendesk, including over 40 typosquatted variations and impersonating URLs such as http://znedesk.com and http://vpn-zendesk.com. This domain registration pattern is associated with a ransomware group known as Scattered LAPSUS$ Hunters (SLSH), who have previously targeted various sectors, including SaaS platforms like Salesforce, along with retail, insurance, and aviation industries. The attacks executed by SLSH utilize a combination of social engineering techniques and phishing campaigns, which often involve the use of typosquatted domains. To enhance their effectiveness, these threat actors employ tools like Evilginx to circumvent multifactor authentication (MFA), thereby gaining unauthorized access to sensitive accounts and systems.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 13 days ago
Appeared in 3 threat reports