IOC Radar
DomainHighVerifiedSignal 56/100

silver.inc

Location
United StatesUnited States
First Seen
Jan 29, 2026
Last Seen
May 31, 2026
Jan 29
First Seen
144d ago
May 31
Last Seen
22d ago
5
Reports
source reports
56%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

17 techniques

Feed Intelligence Summary

5 reports56% confidence
5
Source reports
56%
Confidence score
Category tags
active scanactive scanningafricaai applicationsai infrastructureai researchai solutionsartificial intelligenceasiaattack campaignbazaarbazaar llmbazaar primarybizarre bazaarbotnet activitybrute forcecommercial marketplacecomputer visioncredential accesscredential stuffingdeep learningdefense evasionexploitation activityheckerhoneymytehong kongidentity & access exploitationindicatorinitial accessjapankongkong api gatewaylagoslarge language modelllmmachine learningmalwaremultiple apt actorsnatural language processingnetworknetwork probingnigerianorth americaprimary domainpureratreconnaissanceresearchedsakuyasandwormshodanshodan scanningt1046t1059t1068t1078t1110t1133t1140t1190t1204t1496t1566t1583t1588t1595t1595.001t1595.002t1595.003taipeitaiwanthreat actortokyotor nodeunited states

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **silver.inc** has been identified as a critical indicator of compromise (IOC) associated with active scanning activities and malware distribution. Originating from the United States, this domain has been observed conducting malicious IP scans targeting AI applications and infrastructure, particularly in Africa. Security analysts should be aware that **silver.inc** has been flagged in at least one threat intelligence report, indicating its use by a sophisticated threat actor. First de…

Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
5
Reports
First seenJan 29, 2026
Last seenMay 31, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Pillar Security Research captures 35,000 attack sessions, revealing the first organized criminal operation monetizing AI infrastructure vulnerabilities. Between December 2025 and January 2026, Pillar Security Research honeypot mimicking exposed AI infrastructure observed real-world attack patterns. Over 40 days, we identified 35,000 attack sessions from multiple threat actors—including the first public documentation of a named and attributed LLMjacking marketplace operation (Operation Bizarre Bazaar) and a separate MCP reconnaissance campaign.
domain rank
-1
raw
Billing country: United States Create date: 2025-12-29 00:00:00 Domain name: silver.inc Domain registrar id: 1910.0 Domain registrar url: whois.cloudflare.com Expiry date: 2026-12-29 00:00:00 Name server 1: SHUBHI.NS.CLOUDFLARE.COM Name server 2: STEVEN.NS.CLOUDFLARE.COM Query time: 2026-02-17 11:49:21 Registrant country: United States Registrant state: fcb6428795cfdbdc Technical country: United States Update date: 2026-02-10 00:00:00
references
https://www.pillar.security/resources/operation-bizarre-bazaar, IOCs.csv
subdomains count
10

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 4 months ago · Last seen 22 days ago
Appeared in 5 threat reports