IOC Radar
DomainMediumSignal 54/100

saglamindir.vip

Location
United StatesUnited States
First Seen
Mar 9, 2025
Last Seen
Jun 8, 2026
Mar 9
First Seen
458d ago
Jun 8
Last Seen
2d ago
8
Reports
source reports
54%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

40 techniques

Feed Intelligence Summary

8 reports54% confidence
8
Source reports
54%
Confidence score
Category tags
acr stealeractive scanactive scanningapi abusebad reputationbrute forcecephalus ransomwarecommand and controlcommunication protocolcredential accesscredential stealingcredential stuffingcretsizcvedeep freezedetected malicious activitydll injectiondomainexploit deliveryexploitation activityf httpsfin scanfree softwareftp brute forcefull indirhashmd5hijackloaderhttphttp attackhttp brute forcehttp scannerhttpsidentity & access exploitationindicatorindirindir fullinfostealerinfrastructure acquisitionreconnaissanceinjection activitykeenaduloaderlummalumma stealermalicious linksmalwaremalware bundlingmalware distributionnetworknetwork scanningnorth americanull scanoperating systemphishingpirated gamespossible reconnaissanceprocess injectionpup distributionransomwarereconnaissanceremote accessremote servicesren'pyrepackaged softwareresearchedservice scansoftware download sitesoftware piracyssh attackstealersyn scant1003t1021t1021.001t1027t1036t1046t1055t1055.012t1059t1059.003t1069.001t1071t1071.001t1076t1078t1087t1105t1106t1110t1110.002t1129t1189t1190t1204.001t1204.002t1499.002t1547t1563t1564.003t1566t1574.002t1583t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1598threat actortopaz phototransparent tribeudp port scanunited statesuxxxxxxvidarvidar stealervulnerability scanweb application attackweb securityweb trafficwindowswindows softwarexmas scan

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **saglamindir.vip**, originating from the United States, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on March

Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
8
Reports
First seenMar 9, 2025
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

registrar
NAMECHEAP INC
description
Saglamindir.vip, Microsoft Windows i?letim sistemine sahip bilgisayar?n?z için, ücretsiz oyun ve program indirebilece?iniz sade bir indirme sitesidir.
domain rank
-1
raw
Admin City: Reykjavik Admin Country: IS Admin Email: [email protected] Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Postal Code: 101 Admin State/Province: Capital Region Creation Date: 2024-12-02T11:31:53.68Z Creation Date: 2024-12-02T11:31:53Z DNSSEC: unsigned Domain Name: saglamindir.vip Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain name: saglamindir.vip Name Server: donald.ns.cloudflare.com Name Server: sima.ns.cloudflare.com Registrant City: 1f8f4166599d23ee Registrant City: ddbf76e4e8cee320 Registrant Country: IS Registrant Email: [email protected] Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 1f8f4166599d23ee Registrant Fax: 3432650ec337c945 Registrant Name: 1f8f4166599d23ee Registrant Name: 37bfbc24cafea5d2 Registrant Organization: 4b7a0912c26a13e2 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1c9a7bcdeaf95e9f Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant Postal Code: f206c9d9737ad45d Registrant State/Province: 3e0204199d8ebf9c Registrant Street: 1f8f4166599d23ee Registrant Street: c6523241936df1ba Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6613102107 Registrar Abuse Contact Phone: +1.9854014545 Registrar IANA ID: 1068 Registrar Registration Expiration Date: 2026-12-02T11:31:53.68Z Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NAMECHEAP INC Registrar: NameCheap, Inc. Registry Domain ID: D5C28B873BCF040CB83501CD2D389FCED-GDREG Registry Domain ID: REDACTED FOR PRIVACY Registry Expiry Date: 2026-12-02T11:31:53Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech City: Reykjavik Tech Country: IS Tech Country: REDACTED FOR PRIVACY Tech Email: [email protected] Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: 101 Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: Capital Region Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2025-12-03T15:35:40.64Z Updated Date: 2025-12-08T15:35:36Z
references
https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/, IOCs2.csv
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 days ago
Appeared in 8 threat reports