DomainHighVerifiedSignal 64/100
tqx.etherealoffers.com
First Seen
Jul 8, 2025
Last Seen
Feb 4, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
abuseacceptaddressadvanced persistent threatakamai externalalfperalfper:pua:win32/installcoreamerica asnamerica flagappleaptapt groupassociated urlsbingbodybotnetcdhccity berlincivilcivil servicescivilian targetingcnamecode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiescompromised routercookiecountry decreation datecredential harvestingcredential theftcrlf linedata accessdata breachdata copyingdata exfiltrationdata transferddos attacksdefense evasiondefense-evasiondeletedistributed attacksdnsdnssec unsigneddockdomains domainelectronic health recordsemailsenterprise securityentrieserrorexploitfacts domainfastly errorfilesfiles ipfiles locationfiles showfirmware infectionfirmware modificationgoogle safegovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostname addhttp scannerindicatorinfrastructure acquisitionreconnaissanceingress tool transferinternet of thingsiosios malwareiot botnetiot/ics attackipv4 addlazarus grouplessless whoislinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmediummirai botnetmobilemobile carriersmobile malwaremobile networksmobile securityname ericname serversnetworknextnext associatednext relatedno expirationnone indicatoroperating systemorg soundcloudoxq xr8w1passive dnspatch managementpatient carepdfpdf exploitpegasuspegasus projectphishingphishing attackpleasepng imagepolicepresentpresent febpresent julpresent junpresent seppresent showingprocess injectionpublic administrationpublic infrastructurepublic policypulse pulsespulses noneread cregulatory agenciesrelatedrelated nidsrelated tagsremote servicesresearchedresources whoisresults janresults julresults novrgbas showingscript urlssea psearchserver responseserversshowshowingsmssms exploitsocial engineeringsoftware exploitationsoftware vulnerabilitiesstatestate-promovedstate-sponsoredstatussupply chain attackt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021t1021.001t1021.006t1027t1030t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1105t1110t1113t1119t1129t1130t1133t1143t1156t1185t1187t1189t1190t1192t1193t1195t1199t1203t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.001t1587.003t1588t1589t1590t1590.001t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationstitle errortls handshaketrojan malwaretrojandroppertrojandropper:win32/vb.ilunicodeuniqueunitedurlsurls showurlvoidvalue emailsverdictwahlforss nameweb trafficwin.trojan.agentwin32 malwarewindows malwarewritezero click exploitzero-day exploit
Activity Timeline
Feb 4Feb 4
Threat Activity Heatmap
· Peak: 2026-02-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 8, 2025
Last seenFeb 4, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- GoDaddy.com, LLC
- description
- Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Creation Date: 2023-08-29T15:22:21Z DNSSEC: unsigned Domain Name: ETHEREALOFFERS.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.DNS234234.ORG Name Server: NS2.DNS234234.ORG Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 480-624-2505 Registrar IANA ID: 146 Registrar URL: http://www.godaddy.com Registrar WHOIS Server: whois.godaddy.com Registrar: GoDaddy.com, LLC Registry Domain ID: 2809705096_DOMAIN_COM-VRSN Registry Expiry Date: 2025-08-29T15:22:21Z Updated Date: 2024-08-30T15:30:34Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 4 months ago
Appeared in 4 threat reports