IOC Radar
DomainMediumSignal 82/100

testdomain123123.shop

Location
BelarusBelarus
First Seen
Jun 3, 2024
Last Seen
Jun 13, 2026
Jun 3
First Seen
754d ago
Jun 13
Last Seen
14d ago
16
Reports
source reports
82%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Feed Intelligence Summary

16 reports82% confidence
16
Source reports
82%
Confidence score
Category tags
abuseacademic institutionsacceptaccommodation and food servicesaccommodation servicesactive scanactive scanningangry likhoanydeskaptarmasciiasyncratattackau3 scriptauthentication attackautoitawaken likhobad reputationbelarusbelowblanggrabberbotnetbotnet activitybrute forcecaretocastlebotcastleloadercastleratcertcivil servicesclustercode executioncoinminercommand and controlcommand executioncommunication protocolcopycredential accesscredential harvestingcredential stuffingcryptocurrencydata accessdata copyingdata exfiltrationdata store exposuredata transferddosddos attacksdenial of servicediscorddistributed attacksdistribution managementdocdownloaderdropped-by-privateloaderdropped-by-smokeloadereducationeducational resourceseducational serviceseducational technologyelfencodedenumerationeuropeeurope/asiaexeexecutable fileexploitation activityfleet managementfood servicesfoundfreight forwardingfreight servicesftpftp brute forcefuturegafgytgeo-fencedgooglegovernment technologygraybravoguest servicesguloaderhajimehigher educationhomenethospitality technologyhotelshttp brute forcehttp scanneridentity & access exploitationimapindicatorinformation technologyinfostealerinjection activityinternet of thingsinventory managementiot botnetiot securityiot/ics attackit infrastructurek-12 educationlikhologistics technologylummalumma stealerlumma trojanlummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremalware descriptionsmalware technologiesmalware-as-a-servicemaritime transportmatanbuchusmgutmipsmiraimirai botnetmotorolamozinetsupport ratnetworknetwork attacksnetwork intrusionnetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americansispassenger transportationphishingphishing attackpowershellprocess injectionprotocol exploitationps1public administrationpublic infrastructurepublic policyrail transportransomwareratreconnaissanceredlinestealerregulatory agenciesremcosremcos trojanremcosratremote accessremote servicesresearchedrestaurant operationsrev-base64-loaderrussiascripting attackssectopratservice scanshellcodeshellscriptshipping servicessmb scanningsmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsparcspear phishingspingssh attackstealcstealersupply chain attacksupply chain managementsysinfo exfiltrationsystembct1003t1005t1018t1021t1021.001t1027t1030t1040t1046t1055t1059t1059.001t1059.003t1071t1071.001t1076t1078t1086t1110t1110.002t1190t1203t1204t1204.002t1486t1496t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1589t1595t1595.001t1595.002t1595.003targeted attackstcp scantcp scanningtelnet threatthreat actortor nodetourismtransportation and warehousingtransportation infrastructuretransportation managementtransportation technologytrojan-stealerturkeyua-wgetudp scanunited statesvenomratwarehouse operationsweb trafficwhitesnakestealerxwormyarazip

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
16
Reports
First seenJun 3, 2024
Last seenJun 13, 2026

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Create date: 2024-05-25 00:00:00 Domain name: testdomain123123.shop Domain registrar id: 303 Domain registrar url: http://publicdomainregistry.com/ Expiry date: 2025-05-25 00:00:00 Name server 1: DAVID.NS.CLOUDFLARE.COM Name server 2: IVY.NS.CLOUDFLARE.COM Query time: 2024-05-26 11:45:01 Registrant country: United States Registrant state: 8e0d7a082068859e Update date: 2024-05-25 00:00:00
references
https://www.recordedfuture.com/research/graybravos-castleloader-activity-clusters-target-multiple-industries, https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663, Book2.csv, https://labs.inquest.net/iocdb, https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/, https://urlhaus.abuse.ch/browse/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 14 days ago
Appeared in 16 threat reports