IOC Radar
DomainMediumSignal 82/100

swiftcode.work

Location
Russian FederationRussian Federation
First Seen
Dec 21, 2024
Last Seen
Mar 28, 2026
Dec 21
First Seen
540d ago
Mar 28
Last Seen
79d ago
10
Reports
source reports
82%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Feed Intelligence Summary

10 reports82% confidence
10
Source reports
82%
Confidence score
Category tags
abuseaccount discoveryaccount profilingaccount takeoveractive scanad fraudad fraud campaignsamazonandroid tvaospaptasiabackdoorbad reputationbadboxbadbox 2.0badbox malwarebelarusbotnetbotnet activitybotnet operationsbrazilbritish indian ocean territorybrute forcebrute force attackc2censyschinaclick-based attackcommand & controlcommand and controlcommunication technologiescompromised iot devicesconnected devicesconsumer devicesconsumer electronicscredential accesscredential harvestingcredential stuffingcredential stuffing attackscredential theftctactvczechiadata exfiltrationdata store exposureddosdevice managementdistributed attackseuropeeurope/asiaexploitation activityfinancefirmware exploitfirstfrancefraudgermanyidentity & access exploitationindiaindicatorindustrial iotinformation technologyinternet of thingsiot analyticsiot applicationsiot botnetiot platformsiot securityit infrastructurekazakhstanlemon grouplongtvmalicious linksmalicious softwaremalwaremediamobilemobile carriersmobile device hijackingmobile devicesmobile networksmobile securitymobile threatmoyu groupnetherlandsnetworkpassword attacksphishingphishing attackprocess injectionproxyremote accessremote code executionresearchedresidential ipsresidential proxyresidential proxy usagerussiarussian federationsalestracker groupsatorisaudi arabiascams & fraudsdk spoofingsingaporesmart devicessocial engineeringsockssoftware developmentssh host keyssl/tls certificatesupply chainsupply chain attackt1001t1021t1021.001t1021.002t1027t1047t1053t1053.005t1055t1059t1059.001t1059.004t1064t1068t1071t1071.001t1071.004t1078t1078.004t1090t1090.001t1095t1102t1104t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1114t1114.001t1133t1189t1190t1199t1204t1204.001t1204.002t1486t1490t1496t1497t1497.003t1499t1499.002t1499.003t1499.004t1542.003t1547t1547.001t1547.003t1555t1558t1558.003t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1571t1573t1586t1588t1588.006t1592.002t1601t1608t1608.001t1608.004t1608.005telecom servicestelecommunicationsthreat actortriadaukraineuser executionyndx smart

Activity Timeline

1 total obs
Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **swiftcode.work** has emerged as a significant indicator of compromise (IOC) linked to a variety of malicious activities originating from the Russian Federation. First observed on December

Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
10
Reports
First seenDec 21, 2024
Last seenMar 28, 2026

VirusTotal

Not checked

WHOIS

description
Learn more about HUMAN, the artificial intelligence company designed to prevent bot attacks and fraud on ad tech platforms and digital publishers, from exploiting customers' valuable online accounts and other online services, and from partners.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2024-04-09 00:00:00 Domain name: swiftcode.work Domain registrar id: 146 Domain registrar url: whois.godaddy.com Expiry date: 2026-04-09 00:00:00 Name server 1: ns67.domaincontrol.com Name server 2: ns68.domaincontrol.com Query time: 2024-04-10 11:50:42 Registrant city: 1f8f4166599d23ee Registrant company: b46a98a26fe2fd9f Registrant country: United States Registrant email: f651612a2f356ad3s@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 30bdd2917a604c83 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2024-04-09 00:00:00
references
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0, https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv, https://censys.com/unpacking-the-badbox-botnet/, https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/, https://www.bitsight.com/blog/badbox-botnet-back, https://threatfox.abuse.ch/export/csv/recent/, https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 10 threat reports