IOC Radar
DomainMediumSignal 15/100

softnyx.co

Location
SlovakiaSlovakia
First Seen
Mar 4, 2025
Last Seen
Apr 20, 2026
Mar 4
First Seen
474d ago
Apr 20
Last Seen
63d ago
3
Reports
source reports
15%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
15%
Signal Score
15 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

69 techniques

Feed Intelligence Summary

3 reports15% confidence
3
Source reports
15%
Confidence score
Category tags
.plaaaaacceptaccessaccess ta0001access ta0006account securityactive relatedactive scanactive scanningactivity miraiadded activeaddressaddress domainadware malwareafricaag albertoag ingoair forcealertsall quietall scoreblueall searchamadeyanalyzer pasteandarielandroidanomalous fileappleas35994 akamaiasiaasnone dnsasnone germanyasnone relatedasnone unitedaustraliaaustriaav detectionsavg clamavb3viles0 febbackdoorbad reputationbelgiumbiosbitsbodybotnetbotnet activitybrazilbrian sabeybrute forcebrute force attackc2 channelcanada unknowncapecapturecatalog treecharter communicationscheckinchilechina domainchina flagchina unknownchromeck idck matrixclick-based attackclickable urlscloud infrastructurecnamecnapple publiccnc beaconco sheriffcobalt strikecodecode executioncode injectioncommandcommand & controlcommand and controlcommand executioncommunication protocolcompanyname gmcomspeccontent typecontrol ta0011cookiecopycp buscreation datecredential accesscredential stuffingcrypcur conocve typecyber folkscyber warfareczechia unknowndata accessdata copyingdata exfiltrationdata redacteddata store exposuredata transferddosddos attacksdefense evasiondeletedelete cdelete shadowsdelphidemonbotdenverdenver coloradodetected m1discovery e1082distributed attacksdiv divdns attackdockdomaindouglas countydynamicloadere1203 datae1564 hiddenecho requestee edcje4jekyxeemailsemails infoencryptencryptionentrieseofaeerroretpro malwareeuropeeurope/asiaevaderevasion ob0006expirationexpiration dateexpires thuexploitexploit noneexploitationexploitation activityfakedout threatfederation asnfilesfiles domainfiles hostnamefiles ipfiles locationfiles matchingfiles relatedfin ivdoflag unitedfor privacyformatformatpng febfoundgafgytgermanygoogle safegrumguardhashes capehelloworldhichinahide artifactshighhistorical sslhitmenholidaycheck aghome networkhondurashostinghostnamehostname enumerationhttphttp attackhttp headershttp hosthttp requesthttp scannerhttpshuawei hg532huawei remotehungaryhybridicmp trafficidentity & access exploitationids detectionsimmobilien agimpact ob0008impact ta0040inboundindicatorindonesiainformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassinstallintelinternet of thingsiocsiosiot botnetiot securityiot/ics attackipv4irelandireland unknownisrael unknownissuing cait infrastructurejapanjapan unknownjeffrey scottkenyakraupakurt waltherlabs pulseslicesslnmplnmp alocuologin0lookm1magic pdfmail spammermainmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware trafficmalware wormmedia centermediummemory patternmessagemetametadata analysismethod statusmexicominiigd upnpmiraimirai botnetmirai variantmitmmitre attmobilemobile securitymobile threatmodule loadmonths agomoroccomovedms windowsmsdefender aprmsiemyappname serversnation-state activityneshtaneshta virusnetherlandsnetworknetwork reconnaissancenetwork scanningnextnidsno expirationnondnsnorth americanovno janob0005 defenseoceaniaodigicert incofficeopenoperating systemoperating system securityotx scoreblueoverview ippacking t1045passive dnspassword attackspath traversalpattern domainspattern matchpayload hellopdb pathpdf documentpdf executionpe resourcepe sectionpedrazpegasuspegasus attacksperuphishingphy samopleasepolandpoland unknownpornportpossible vulnerability exploitationpostpowershellprocess injectionprocess32nextwproject pipulse pulsespulse submitpulsespulses nonepulses otxpulses urlpuma sepushqbotqbot qakbotqbot typeqmountquackbotquantum fiberquasar ratransomransomexxransomwarereadread crealtek sdkreconnaissancerecord typerecord valuerecycle binredacted forreimer dptrelated nidsrelated pulsesrelated tagsremote accessremote servicesreport spamresearchedresolverrorreverse dnsrims httpsrole titleromania unknownrpcsrsa tlsrussiasa victimsabeysahilsamplessandboxscams & fraudscan endpointsscript domainsscript urlsscripting attackssearchserce internetuserverserver caserver errorserversserviceshellshowshow techniqueshowingsingaporesinkhole cookieslcc2slovakiasoap commandsocial engineeringsocial media securitysoftware developmentsoftware exploitationsouth americaspainspamspammerspanspoofedssdeepssl certificatestatusstreamstringsstyle1suspsweepswippert1003t1005t1012t1021t1021.001t1023t1027t1030t1036t1040t1041t1045t1046t1047t1055t1056t1057t1059t1059.001t1059.007t1060t1064t1069.001t1071t1071.001t1078t1082t1086t1089t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1119t1129t1133t1140t1143t1189t1189 foundt1190t1203t1204t1204.001t1204.002t1210t1485t1486t1496t1499.002t1499.003t1564t1565t1566t1569.002t1573t1587.001t1589t1589.001t1590t1590.001t1592t1595t1595.001t1595.002t1595.003taiwanthailandthreat actortimo salzsiedertitletitle addedtofseetoolstor nodetotaltptjswtrid adobetrojantrojan featurestrojan malwaretrojandroppertrojanspytsara brashearsttl valuetulachtwittertype gettype indicatortypeid1unitedunited kingdomunited statesupdated dateurlsurls httpurls httpsuser executionusersvalue snkzverdict vpnvhashvietnamvirtoolvirusvpnvulnerability scanweb application attackweb application exploitationweb exploitationweb securityweb trafficwhitewhoiswin32 malwarewindowswindows malwarewindows ntworldwormwritewrite cwsasendx cachexe exportyara detectionsyara ruleyomi hunterzenbox

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
15
SIGNAL
Signal Score
15%
Confidence
3
Reports
First seenMar 4, 2025
Last seenApr 20, 2026

VirusTotal

Not checked

WHOIS

registrar
CommuniGal Communication Ltd.
domain rank
-1
raw
Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2022-07-23T08:59:51Z DNSSEC: unsigned Domain Name: softnyx.co Domain Status: ok https://icann.org/epp#ok Name Server: ns15.abovedomains.com Name Server: ns16.abovedomains.com Registrant City: 1f8f4166599d23ee Registrant Country: ro Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 3432650ec337c945 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 3432650ec337c945 Registrant Street: 1f8f4166599d23ee Registrar IANA ID: 418 Registrar URL: www.galcomm.com Registrar WHOIS Server: whois.communigal.net Registrar: CommuniGal Communication Ltd. Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: D7461E15DABF64D0BB06E841A9A7A68E3-GDREG Registry Expiry Date: 2023-07-23T08:59:51Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2023-05-06T06:39:32Z
references
DISTINCTIO8.pdf, FileHash - SHA256 001f0ebe975b5f5a7e5272f53455635cc938a5a0129417f7e79c39df6cf65657 | Yara Detections: stack_string, IDS Detections: Win32/Tofsee.AX google.com connectivity check Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set, Tofsee: 'google.com' | https://www.gov50.icu |, ET TROJAN Win32/DarkWatchman Checkin Activity (POST) ( This is true. They sit around watching, following...), Alerts: procmem_yara injection_inter_process creates_largekey network_bind persistence_autorun antivm_generic_disk, Alerts: persistence_autorun_tasks spawns_dev_util cape_detected_threat injection_process_hollowing, hubt.pornhub.com | www.pornhub.com | pornative.com, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian || pin.it || https://pin.it/, www.sweetheartvideo.com || https://www.sweetheartvideo.com/tsara-brashears/, Unix.Trojan.Mirai-6981169-0: FileHash - SHA256 fe00b364b6b8342e3ce0dd146902ac3330ab976e87aca6be666efde39ea485da, IDS Detections: WGET Command Specifying Output in HTTP Headers, IDS Detections: D-Link Devices Home Network Administration Protocol Command Execution, Yara Detections: is__elf , DemonBot, Alerts: dead_host network_icmp tcp_syn_scan nolookup_communication writes_to_stdout, FileHash - SHA256 f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c, IDS Detections: Andariel Backdoor Activity (Checkin), Alerts: dead_host nids_malware_alert network_icmp nolookup_communication, DDoS:Linux/Gafgyt : FileHash - SHA256 358c2bd5b9e925dc23894dec18ce486c03d743cde766ce298ac1e2f00d86f0b2, IDS Detection: Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound, IDS Detection: Mirai Variant User-Agent (Inbound) WebShell Generic - wget http - POST, IDS Detection: Observed Suspicious UA (Hello-World) Suspicious Activity potential UPnProxy, http://vortex-nlb-http2-fed-us-taut-purple.nr-data.net/, https://tulach.cc/ || tulach.cc || www-temp.metrobyt-mobile.com, apple-reactivate.com | appleweb-aem.apple.com | apple.com | revoked-aprtr1-tr1g1.apple.com | network-framework.apple.com, autodiscover.webcompanion.com || avc-gft-dashboard.apple.com || cac1-wwfde-wave.apple.com || demo27.apple.com, * https://github.com/MSUDenverSystemsEngineering/Salt-Instructional-18/tree/master/AppDeployToolkit, https://tulach.cc/ | tulach.cc |, http://hallrender.com/attorney/brian-sabey | www-temp.metrobyt-mobile.com, google.pl | aplikacja.ceidg.gov.pl | imaginecup.pl | microsoft.pl, 18teen.net | teensnow.com | grannies-porn.net | pornmd.com, www.pornhubselect.com | pornhub.software
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 3 threat reports