IOC Radar
DomainHighVerifiedSignal 64/100

tanatorioa.com

Location
United StatesUnited States
First Seen
Jul 8, 2025
Last Seen
Feb 23, 2026
Jul 8
First Seen
337d ago
Feb 23
Last Seen
107d ago
5
Reports
source reports
64%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

157 techniques

Feed Intelligence Summary

5 reports64% confidence
5
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatamazonappleaptapt groupberbewbingbotnetcaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcrimedata exfiltrationdata theftddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexploitfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingindicatorinformation technologyingress tool transferintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywarenetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonyspainstatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat intelligencetraffic maskingtrojan downloadertrojan malwareunited statesweb exploitationwindows malwarewixzero click exploitzero-day exploit

Activity Timeline

1 total obs
Feb 23Feb 23

Threat Activity Heatmap

· Peak: 2026-02-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **tanatorioa.com** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on July

Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
5
Reports
First seenJul 8, 2025
Last seenFeb 23, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
DonDominio (SCIP)
description
Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank
-1
raw
Admin City: Redacted for privacy Admin Country: Redacted for privacy Admin Organization: Redacted for privacy Admin Postal Code: Redacted for privacy Admin State/Province: Redacted for privacy Creation Date: 2024-03-25T13:10:02Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: TANATORIOA.COM Domain Status: ok http://www.icann.org/epp#ok Domain Status: ok https://icann.org/epp#ok Name Server: NS1.DONDOMINIO.COM Name Server: NS2.DONDOMINIO.COM Registrant City: ddb75a553547a419 Registrant Country: ES Registrant Email: e2e54cce4deb8eees@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax: ddb75a553547a419 Registrant Name: ddb75a553547a419 Registrant Organization: 3432650ec337c945 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: ddb75a553547a419 Registrant Postal Code: ddb75a553547a419 Registrant State/Province: aba4825ec8435a27 Registrant Street: ddb75a553547a419 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +34.871-98-63-87 Registrar Abuse Contact Phone: 34871986387 Registrar IANA ID: 1383 Registrar Registration Expiration Date: 2026-03-25T13:10:02Z Registrar URL: http://www.dondominio.com Registrar URL: https://www.dondominio.com Registrar WHOIS Server: whois.scip.es Registrar: DonDominio (SCIP) Registrar: Soluciones Corporativas IP, SL Registry Domain ID: 2866599835_DOMAIN_COM-VRSN Registry Expiry Date: 2026-03-25T13:10:02Z Tech City: Redacted for privacy Tech Country: Redacted for privacy Tech Organization: Redacted for privacy Tech Postal Code: Redacted for privacy Tech State/Province: Redacted for privacy Updated Date: 2025-03-18T08:25:13Z Updated Date: 2025-03-18T09:25:13Z
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 3 months ago
Appeared in 5 threat reports