IOC Radar
DomainHighVerifiedSignal 26/100

shikotrans.ru

Location
United StatesUnited States
First Seen
Dec 3, 2021
Last Seen
Apr 25, 2026
Dec 3
First Seen
1653d ago
Apr 25
Last Seen
49d ago
5
Reports
source reports
26%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Feed Intelligence Summary

5 reports26% confidence
5
Source reports
26%
Confidence score
Category tags
aaaaabuseaccess controlaccount securityacintactive scanaddressadmin countryadult contentadwareagentaigalexaalexa topalienvault_ransomwarealiveall octoseekall scoreblueamadeyanchor hrefsanomalous_deletefileantivirus evasionanyone elseappleapple iosarizonaartemisascii textassaultatkafij0 httpsattackauthorityawfulaxeloazorultb.scopebackbackdoorbad reputationbambank securitybankerbankerxbazarbehavblacklist httpblacklist httpsblacknet ratbodybody doctypebody lengthbot netsbotnetbotnet activitybrian sabeybrute forcebuilderc2c2 extractionc2 injectionca issuerscallback phishingcatherine daisy colemanchinesecisco umbrellacivil servicescleanercobalt strikecode executioncode injectioncoinminercommand & controlcommand and controlcommand executioncommand_and_controlcommunication protocolconduitconfedcontactcontacted urlscontinent nacontrolcopycount blacklistcountry uscreation datecredential harvestingcredential stuffingcredential theftcrlf linecryptocryptocurrencycryptocurrency threatscryptojackingcsc corporatecus oucus stnewcyber criminalcyber stalkingcyber threatdatadata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferddosddos attacksdeaddelete cdetection listdetections typedistributed attacksdnsdns attackdomaindownldrdowntown denverdropperdsp1ducktaildynamicloaderemotetencryptionengineeringenterprise securityentriesentrustet policyet torevasionexitexpiration dateexploitexploit-sourceexploitation activityextortionfalsefilesfiles ipfinal urlfinancefinancial institutionfinancial servicesfireholfleet managementformfreight servicesgeneral fullgenericgheggmtngo daddygoldmaxgooglegovernment technologygroupgrumhackingheaders nelheaders xcacheheurhighhistoricalhistorical sslhistoricalandnewhostnamehostname enumerationhr rtdhtml documenthtml infohtml internethttphttp attackhttp responsehttp scanneriana idicann whoisidentity & access exploitationieedge chrome1iframeindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinsurance companyintelinternet of thingsiocsiosiot botnetiot securityiot/ics attackipv4ireland netskyit infrastructurekeyloggerknown torkradnie kryptol1k validitylabel netaiglaw enforcement awarelegal entitieslibellinklinux mintlog idlooquerlow risklow securitymagecartmail spammermalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious sitemalicious softwaremalvertizingmalwaremalware deploymentmalware distributionmalware foundmalware sitemaritime transportmark brian sabeymatrixmeta tagsmetrometro tmobilemillionmirai botnetmisc activitymisc attackmobilemobile exploitationmobile securitymobile threatmonitoringmovednamename serversnetworknetwork scanningnew yorknextnginxnircmdnjratno datano matchnode trafficnoname057norad trackernorth americansonumbernymaimopenoperating systemoperating system securityparking crewpassenger transportationpassive dnspastepatch managementpe anomalype32 executablepegasusphishingphishing attackphishing sitepine streetponypornhubportpostal codeprimary requestprivate investigatorprocess injectionprocmem_yaraprotectproxypublic administrationpublic infrastructurepublic policypulse pulsespulse submitpushrail transportransomwarereconnaissancerecord typerecord valueregistry arinregulatory agenciesremote accessremote access trojanremote address: 8.8.8.8:53remote attackresearchedresource hijackingresource pathrevengeriskroundups1des1ussafe sitesafebaesaint louissample summarysamplesscams & fraudscan endpointsscript tagsscripting attackssearchsecurity nosecurity policyserversservicesevereshowingsibotsidesitesizeskynetslider pluginsmtp servicesocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiesspamspammerssl certificatessl wstagingstatic_pe_anomalystatusstatus codestreamstudiostudiosstudios metastudios ogsucuri firewallsummarysuricata alertsweetheart videosswrortsystem disruptiont servicest1005t1021.001t1027t1029t1030t1045t1055t1057t1059t1059.001t1059.007t1060t1064t1069.001t1071t1071.001t1071.004t1078t1086t1105t1133t1140t1190t1203t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1589.001t1590.001tag counttags ogtargettargeted threat campaigntargets sateamtechtech emailthreatthreat actorthreat preventionthreat roundupthreatstiggretitle denvertitle safebaetls webtofseetor nodetor ssltransportation and warehousingtransportation infrastructuretransportation technologytrojan malwaretrojan:win32/zombie.atrojanspytrojanxtsara brashearsttl valuetulachtype mimetypetype nameunicode textunionunitedunited statesunsafeurlsurls httpsusersusers voiceutf8 textv3 serialvictimvirtoolvulnerability scanwacatacweb application attacksweb securityweb trafficwebsite malwarewhois databasewhois lookupwhois lookupswhois recordwhois whoiswin32 exewin32mydoom febworkers compensationwormwp enginewpbakery pagewriteyahoo titleyara ruleyixun tool

Activity Timeline

1 total obs
Apr 25Apr 25

Threat Activity Heatmap

· Peak: 2026-04-25
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **shikotrans.ru** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on December

Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
5
Reports
First seenDec 3, 2021
Last seenApr 25, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
RU-CENTER-RU
domain rank
-1
raw
Last updated on 2024-02-13T18:21:31Z created: 2013-02-13T13:11:44Z domain: SHIKOTRANS.RU nserver: ns1.mchost.ru. nserver: ns2.mchost.ru. nserver: ns3.mchost.ru. paid-till: 2024-02-13T14:11:44Z registrar: RU-CENTER-RU source: TCI state: REGISTERED, DELEGATED, VERIFIED
references
https://safebae.org/, www.hallrender.com, https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-266x266.png, http://files.geoffreyobrian.com/uploads/1/3/2/8/132814305/3473236.pdf, https://www.anyxxxtube.net/search-porn/tsara-brashears/ [phishing/ links to Brashears browser Google.com.uy/clk malicious, links for collection, https://applemusic-spotlight.myunidays.com/US/en-US? [potential Apple pegasus media entrance], 'https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [iOS password decryption| password unlocker], s3.amazonaws.com [ metro T-Mobile spyware porn], 9.6.zip - SQLi, dns.trackgroup.net, nr-data.net [Apple Private Data Collection], scripting-sandbox-dns.bunny.net, http://www.01tracks.com/happy-customers, https://www.rallypoint.com/command-post/veterans-benefits-banking-program-integrates-with-vetcents-to-improve-veterans-financial-health?utm_source=dept_of_va&utm_medium=email&utm_campaign=vavetcents, http://yabs.yandex.uz/count/DbMMoEMwcAa508C2CI72BLq00000EEu2G0980c2y26W2SBYTbz06W06CXPm9Y06nyBJ1CP01mldXrZ6O0S3OwEyok06sjOF85S01NDW1uiI14E01zEhV3-W1Q9W2bk3S1A02jCW1s082y0AM-kpb2_W2aF62vgN6kDNb0O03iD_Kq0-80-cvf8mEc0EweogW0mIe0mQm0mIm106u1Fy1w0J-jHRu1D660uW5qOO3a0MGuWkW1PPtg0MeOx05g6Eu1VN-0i05bP0Lo0N0hmNW1GNm1G6O1eBGhFCEe0Q-eG6e1jW2oGPlwQdYVheAOD46Rn4LqN-w2c3P1W000C2z0000gGTjZOZwJYhCDx07W82ODD070k07XWhn1wbhSBFKCwp6W0WAq0Y0WeI1nP20Xe01u0YQP80A0S4A00000000y3_O2WBW2e29UlWAWBKOgWiGasxIrMsD000sz7Ltouq50DaBROs8-aug, remote.utorrent.com | pornhub.dev | lp.rallypoint.com, https://rmy1o3xp-d182-v9.klinika-rekonstruktivnoj-kosmetologii-na-ulitse-lenina.ru/ [Twitter porno], https://www.hallrender.com/attorney/brian-sabey/Accept [Weird - defended Jeffrey Scott Reimer Tsara Brashears alleged assaulter[, https://www.hallrender.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.hallrender.com%2Fattorney%2Fbrian-sabey%2F&, https://www.hallrender.com/wp-content/uploads/2017/10/Sabey_Brian_web-406x406.png [offered Brashears settlement that month], deadlyexploits.com | deadlysymbol.com |, amail.linuxmint.com | api1-live.linuxmint.com | Hostname apipackages.linuxmint.com | apollo-extra.linuxmint.com | apps.linuxmint.com | arc.linuxmint.com | archive.linuxmint.com | betaforums1.linuxmint.com Hostname blogs.linuxmint.com, adsl-074-168-130-217.sip.pns.bellsouth.net, http://auditrage.top/Rossmaansywh/tb.php?wmtvjltu, https://www.cibc.ca/en/personal-banking/bank-accounts/savings-accounts/bonus-savings.htm, http://iv-u15.com/category/uncensored-leaked [ BitDefender: Porn • Xcitium: Verdict Cloud illegal software • Forcepoint: ThreatSeeker adult content], Found in: https://side3.com/ • https://side3.com/wp-json/ • https://side3.com/wp-json/wp/v2/pages/9 • https://side3.com/xmlrpc.php • side3.com • https://side3.com/wp-content/uploads/2015/07/favicon.ico.gif • https://www.facebook.com/side3studios, CnC IP's: 20.103.85.33 • 213.91.128.13 • 74.6.143.25 • 74.6.143.26 • 74.6.231.20 • 74.6.231.21, https://otx.alienvault.com/indicator/ip/74.6.231.21, https://www.assurant.com/?utm_source=email&utm_medium=email&utm_campaign=Mobile_Transactional_withad&utm_content=Deductible+Charge+Acknowledgement+PD-MB&utm_term= [Tracking. Transactional agreement], mail.secure2.store.apple.com [vprsecure.com • Worm:Win32/Mydoom], -Hostname: RecoveryStore-3.7.5.1.4.6.2.0-D917-11E7-B67B-080027A49DD/, https://www.hybrid-analysis.com/sample/fa1f15bd4c0cd287fe04f324d3363a8b5a295b57cb22d9ea0f3d6973eb442d17/651c94c00b17fb9324040f7c, https://threatfox.abuse.ch/browse/tag/tofsee/, https://www.virustotal.com/gui/domain/lazystax.ru/details, https://www.virustotal.com/gui/domain/lazystax.ru/community, Sophos: Command and Control Webroot: Bot Nets, Xcitium Verdict Cloud: Media Sharing, Forcepoint ThreatSeeker: Government, alphaMountain.ai: Malicious (alphaMountain.ai), Online Research, Research analysis, Linked to my domains, urls, websites, other media. At some point this link could be found in many legal state, federal, domains, website as well as extremely, overtly malicious websites, domains, urls....., https://tria.ge/210906-p1v21abbc5/behavioral2 Source, https://otx.alienvault.com/indicator/domain/Lazystax.ru, https://otx.alienvault.com/indicator/file/ef181d8efbb126e26fdd753e3287858063ea1cbc2baceb855949c25cfc3c4f40, https://otx.alienvault.com/indicator/file/0f51b0620dbbd782c786613f396b5341a8341a4131b3c9bef47f96bd446a07a7, https://otx.alienvault.com/indicator/file/1ee0ff6d3d73df2052c8b426051d3e69da65e7f27d856de81c72c850127dced2, https://any.run/report/c0e63d3688879e4c415fe9c99649dd6c0cfed77424c979dd65d597a6f524cb03/ceac4db6-f8b0-4379-aa55-b4dd71ef85c3, https://otx.alienvault.com/indicator/file/aca0a107d9f67951a37f3c9e5330c625a48e2fc72b636548c94e66573c509d37, https://twitter.com/RexorVc0/status/1555074253795606529, https://www.malwareurl.com/ns_listing.php?ip=195.123.1.2, https://www.vmray.com/analyses/de4dcdc5a37d/report/report.pdf Source, mail.ru:%22,.pdf
subdomains count
1

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 4 years ago · Last seen 1 month ago
Appeared in 5 threat reports