IOC Radar
DomainHighVerifiedSignal 64/100

shazow.net

Location
Korea, Republic ofKorea, Republic of
First Seen
Mar 22, 2021
Last Seen
Feb 26, 2026
Mar 22
First Seen
1910d ago
Feb 26
Last Seen
109d ago
5
Reports
source reports
64%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Feed Intelligence Summary

5 reports64% confidence
5
Source reports
64%
Confidence score
Category tags
aaaaacceptactive scanningaddressaddress bldgaddress firstalf featuresall scoreblueamerica asnapache cacheapple computerapple iosapplication developmentasiaasnone unitedattackauthenticationavast avgave suitebodybody lengthbotnetbotnet propagationbrazil unknownca issuerschina unknowncivil servicescivilian societyck idck idsck matrixclick-based attackcode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiescomspeccontactcontinent nacountry unitedcountry unknowncountry uscreation datecus oapplecus oletdatadata accessdata copyingdata exfiltrationdata transferddosddos attackddos attacksdevelopment methodologiesdevopsdistributed attacksdnssecdomains showdomains topemailsencryptencrypt cnr11enomenterprise openentries relatederroreuropeevasion ta0005factoryfalcon sandboxfilefilesfiles ipfiles matchingfinal urlfull nameg1 validitygoogle safegovernment technologyhackershashesheaders nelhichinahighhighly targetedhistorical sslhong konghostname enumerationhttp responsehttp scannerhybridicmp trafficindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinitialinput validation bypassintelinternet of thingsinvalid urliocsiot botnetiot device targetingiot exploitationiot/ics attackipv4ipv4 addireland unknownit infrastructurejapan as17676japan unknownkey identifierletterman drlevellinuxlinux malwarelinux ubuntumainmalicious activitymalicious downloadmalicious linksmalicious softwaremalwaremalware distributionmalware infectionmedia centermirai botnetmirai botnet activitymitre attmobile carriersmobile networksmodelmodulesmonitoringmovedmsiename jimname securityname serversname verdictnetworknetwork infectionnetwork scanningnetwork_icmpnextnexus categorynolookup_communicationnorth americanumberosquery_detectionpackingpassive dnspastepatchpath traversalpattern matchphishingpostal codepragmapresent julpresent junpresent showingprocess injectionproduct developmentprovince copublic administrationpublic evpublic infrastructurepublic keypublic policypulse pulsespulse submitpurpose p5quality assurancequasarquery typereconnaissancerecord valueregulatory agenciesrelated pulsesrelicremote servicesrequestresearchedresults julreverse dnsrun keysrussia unknownscan endpointsscanning activitysearchseen asnseen lastserver eccserver responseserversserviceserving ipshowshow techniqueshowingslcc2socialsocial engineeringsoftware architecturesoftware developmentsoftware engineeringsoftware testingsong culturesouth koreassl certificatestartupstatusstatus codestatus hostnamestringssubject publict1005t1021t1030t1045t1055t1059t1059.004t1059.005t1059.007t1060t1071t1071.001t1071.004t1071.005t1078t1078.001t1078.002t1078.003t1082t1083t1105t1129t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1190t1203t1204.001t1204.002t1486t1496t1497t1497.001t1498t1498.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1589.001t1590.001t1595.001t1595.002t1595.003taiwan as3462teams apitelecom servicestelecommunicationsthreatthreat actorthreat analyzertitletls webtofseetrojan featurestrojan malwaretrojanproxytsara brashearstulachturkey unknownubuntuunique tldsunitedunited kingdomunited statesurlsurls httpsuser executionv3 serialvirtoolweb application exploitationweb serverweb trafficwhois recordwhois whoiswin32 malwarewindowwindows malwarewindows ntx509v3 subjectzemlin name

Activity Timeline

1 total obs
Feb 26Feb 26

Threat Activity Heatmap

· Peak: 2026-02-26
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **shazow.net** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the Republic of Korea. First observed on March

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
5
Reports
First seenMar 22, 2021
Last seenFeb 26, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
Cloudflare, Inc.
domain rank
-1
raw
Admin City: DATA REDACTED Admin Country: DATA REDACTED Admin Organization: DATA REDACTED Admin Postal Code: DATA REDACTED Admin State/Province: DATA REDACTED Billing City: DATA REDACTED Billing Country: DATA REDACTED Billing Organization: DATA REDACTED Billing Postal Code: DATA REDACTED Billing State/Province: DATA REDACTED Creation Date: 2003-09-13T04:43:11Z DNSSEC: signedDelegation DNSSEC: unsigned Domain Name: SHAZOW.NET Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited Name Server: RUTH.NS.CLOUDFLARE.COM Name Server: SETH.NS.CLOUDFLARE.COM Name Server: ruth.ns.cloudflare.com Name Server: seth.ns.cloudflare.com Registrant City: acfd0ee3752cd95d Registrant Country: CA Registrant Email: b3b52e3629ce7ed4s@ Registrant Fax Ext: acfd0ee3752cd95d Registrant Fax: acfd0ee3752cd95d Registrant Name: acfd0ee3752cd95d Registrant Organization: acfd0ee3752cd95d Registrant Phone Ext: acfd0ee3752cd95d Registrant Phone: acfd0ee3752cd95d Registrant Postal Code: acfd0ee3752cd95d Registrant State/Province: 6700d6bf6b0d2ae7 Registrant Street: acfd0ee3752cd95d Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4153197517 Registrar Abuse Contact Phone: +1.6503198930 Registrar IANA ID: 1910 Registrar Registration Expiration Date: 2025-09-13T04:43:11Z Registrar URL: http://www.cloudflare.com Registrar URL: https://www.cloudflare.com Registrar WHOIS Server: whois.cloudflare.com Registrar: Cloudflare, Inc. Registry Domain ID: 103493152_DOMAIN_NET-VRSN Registry Expiry Date: 2025-09-13T04:43:11Z Tech City: DATA REDACTED Tech Country: DATA REDACTED Tech Organization: DATA REDACTED Tech Postal Code: DATA REDACTED Tech State/Province: DATA REDACTED Updated Date: 2024-03-29T00:24:48Z Updated Date: 2024-05-22T20:15:34Z
references
IP Private: 192.70.174.110 | Unix.Trojan.Mirai-6976991-0, Unix.Trojan.Mirai-6976991-0 FileHash-SHA256 760a17dea7794ebbfb5c54e7e74d0b53fd9e079e43be0b9b6e3df7eb14a47be9 ELF:Mirai-AHC\ [Trj], 192.70.175.110 | Mirai | Reverse DNS | State.CO.US | United States of America ASN AS36081 State of Colorado General Government Computer | ns1.ns2.www.madunixxx.ru, Yara: Mirai_Botnet_Malware, ELF:Mirai-AHC\ [Trj] FileHash-SHA256 a282f250e59f8754335993293bfbfcc154cdb67ff0e234162f40a6cce5c4290c, ELF:Mirai-AHC\ [Trj] 1.101.117.25 Location: Korea, Republic Korea, Republic of ASN AS4766 Korea Telecom, Admin Email: [email protected] Admin Id: FRANMUC15 Admin of Security Operations Admin: Nexus Category: C21, FRANMUC15 Phone Number: +1.3037646860 601 E 18th Ave Suite 250 80203 ,CO, Not Resolving | www._courts.state.co.us | https://otx.alienvault.com/indicator/hostname/www._courts.state.co.us, 54.239.28.85 | Exploited CVE-2002-0013 Antivirus Detections: Trojan:Win32/FlyStudio Win.Malware.Snojan Win.Trojan.Tofsee [fld8.com unk/0auth], PSW.Generic12.WIO | [ns1.ns2.www.madunixxx.ru] FileHash-SHA256 84989bfe79becdea44a2290df3f52bfc2363b6c603aa2b7742dcdde5c7cba12a, PSW.Generic12.WIO » FileHash-SHA256 84989bfe79becdea44a2290df3f52bfc2363b6c603aa2b7742dcdde5c7cba12a | ns1.ns2.www.madunixxx.ru, 192.70.175.110 [2016-07-10 10] 197.45.77.34 MADUNIXXX.RU 197.45.85.125 Registrar:REGRU-RU Status»REGISTERED, DELEGATED, VERIFIED Passive, madunixxx.ru | 192.70.175.110 | AS36081 State of Colorado General Government Computer Name Servers: ns1.madunixxx.ru Created: Jun 19, 2016, privaterelay.appleid.com | http://certs.apple.com/apevsecc1g1.der | certs.apple.com | http://crl.apple.com/apevsecc1g1.crl | ocsp.apple.com, images.apple.com | crl.apple.com | https://assets.ubuntu.com/v1/17b68252 | ads-apple.com.cn | networking.apple | ads-apple.apple.com.cn |, ip-geolocation.apple.com | http://ocsp.apple.com/ocsp03-apevsecc1g101 | docs-staging.swift.org | [email protected] | [email protected], Yara Detections Mirai_Botnet_Malware, Detections Executable and linking format (ELF) file download Over HTTP, Yara Detections: UPXProtectorv10x2 , UPX , ELFHighEntropy , elf_empty_sections Alerts: dead_host | ELF:Mirai-AII\ [Trj], Frank Muccio - Serco Conroe, Texas, United States · Serco 28+ Years of Information Technology (IT) experience. 20+ Years of leadership and… · Experience: Serco · Education: University of Maryland University College, rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru [phishing] SongCulture.comm& YouTube redirected by hacker, https://hybrid-analysis.com/sample/3f1b1621818b3cfef7c58d8c3e382932a5a817579dffe8fbefc4cf6fdb8fc21d, https://www.virustotal.com/gui/url/4657cd9117ad26288f2af98767de164d9af64e9c22e3eda9580766688ec38652/community, https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/,, https://twitter.com/sheriffspurlock?lang=en, https://hybrid-analysis.com/sample/a728fc352e13fa39c7490ddcfff86b0919b3de6ea5786cf48b22095e0607bde9/6593b386f70b45c7c70419c8, http://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru, nr-data.net [Apple Private Data Collection], init.ess.apple.com [backdoor, malicious script, access via media], https://stackabuse.com/assets/images/apple, https://apple.find-tracking.us/?id=jit./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./error./err, location-icloud.com, https://www.sweetheartvideo.com/tsara-brashears/ [Tracking| Botnet Campaign], mailtrack.io [tracking VirusTotal graphs, link trace back], http://rawlucky.com/submit/prizepicker/iq?devicemodel=iPhone&carrier=®ion=Baghdad&brand=Apple&browser=AlohaBrowserMobile&prize=300k&u=track.bawiwia.com&isp=EarthlinkTelecommunicationsEquipmentTradingServicesDmcc&ts=29900ce7-726c-4c9f-b0c3-21ff2f859648&country=IQ&click_id=woot0oed65crk85u2oe4vubu&partner=2423996&skip=yes, https://aheadofthegame.uk/about?utm_campaign=You%E2%80%99re%20nearly%20there!&utm_medium=email&utm_source=Eloqua&elqTrackId=e6385dd142e445f48aa17b4544780841&elq=0db2557254194121b23f3bec84f42097&elqaid=4059&elqat=1&elqCampaignId=, https://pin.it/ [faux Pinterest for TB], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [iOS Password Cracker [, 114.114.114.114 [ Tulach Malware IP], 13.107.136.8 [ Tulach Malware IP redirect], http://114.114.114.114:9421/proxycontrolwarn/ [Tulach cnc | probe], http://114.114.114.114/d?dn=sinastorage.com [ storage of targeted individuals on and offline Behavior], http://114.114.114.114:7777/c/msdownload/update/others/2022/01/29136388_, http://114.114.114.114/ipw.ps1, 194.245.148.189 [CnC], https://stackabuse.com/generating-command-line-interfaces-cli-with-fire-in-python/, http://109.206.241.129/666bins/666.mpsl, http://designspaceblog.com/?mystique=jquery_init&ver=2.4.2, 143.244.50.213 |169.150.249.162 [malware_hosting], http://watchhers.net/index.php [malware spreader], https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian No Expiration 0 Domain twitter.com No Expiration 0 Hostname www.pornhub.com No Expiration 0 URL https://www.milehighmedia.com/en/Charlie-Dean/pornstar/49512 No Expiration 0 URL, https://www.milehighmedia.com/en/pornstar/milehighmedia/Justin-Hunt/51017, xred.mooo.com [pornhub trojan], https://twitter.com/PORNO_SEXYBABES [ malvertizing, contextualizing, malicious], http://45.159.189.105/bot/online?key=7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e&guid=DESKTOP-B0T93D6\george, https://otx.alienvault.com/indicator/url/https://www.hostinger.com/?REFERRALCODE=1ROCKY77 [ DGA parking]
subdomains count
6

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 5 years ago · Last seen 3 months ago
Appeared in 5 threat reports