IOC Radar
DomainMediumSignal 84/100

review-apple.id-us.ca

First Seen
Apr 17, 2026
Last Seen
Apr 28, 2026
Apr 17
First Seen
73d ago
Apr 28
Last Seen
62d ago
7
Reports
source reports
84%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

7 reports84% confidence
7
Source reports
84%
Confidence score
Category tags
indicatormalwaremanual-collectionmedium-risknetworkresearchedtype osint

Activity Timeline

1 total obs
Apr 28Apr 28

Threat Activity Heatmap

· Peak: 2026-04-28
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), `review-apple.id-us.ca`, represents a highly significant threat given its elevated risk score of 83.83 and explicit association with a sophisticated cross-border hack-for-hire campaign. The domain's structure, mimicking legitimate services (e.g., 'apple.id'), strongly suggests its use in phishing attacks aimed at credential harvesting or the delivery of malicious payloads. If left unaddressed, the presence of this IOC in an organizational environment could lea…

Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
7
Reports
First seenApr 17, 2026
Last seenApr 28, 2026

VirusTotal

Not checked

WHOIS

registrar
Tucows.com Co.
description
The following is the full list of names given to Vye32GsS2g38eKhmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA
raw
Admin City: AMESTERDAM Admin Country: NL Admin Email: [email protected] Admin Organization: amesterdam Admin Postal Code: 112343 Admin State/Province: Drenthe Creation Date: 2024-04-30T08:45:57Z DNSSEC: unsigned Domain Name: id-us.ca Domain Status: addPeriod https://icann.org/epp#addPeriod Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Name Server: dns1.dnshost.to Name Server: dns2.dnshost.to Registrant City: d3011dda9d9c301b Registrant Country: NL Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 2cb88bfc7b1704c9 Registrant Organization: e6bddb333a03e770 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 0bac684bfe36a169 Registrant Postal Code: 713e805eebc8a81e Registrant State/Province: 9ec27b7c342fe2ab Registrant Street: d029c74a17bfc70a Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4165350123 Registrar IANA ID: not applicable Registrar URL: https://help.opensrs.com/hc/en-us Registrar WHOIS Server: whois.ca.fury.ca Registrar: Tucows.com Co. Registry Admin ID: 112596864-CIRA Registry Domain ID: 112596701-CIRA Registry Expiry Date: 2025-04-30T08:45:57Z Registry Registrant ID: 112596863-CIRA Registry Tech ID: 112596700-CIRA Tech City: AMESTERDAM Tech Country: NL Tech Email: [email protected] Tech Organization: amesterdam Tech Postal Code: 112343 Tech State/Province: Drenthe Updated Date: 2024-04-30T08:45:58Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 7 threat reports