DomainHighVerifiedSignal 66/100

`transadvice.org`

Location

United States

First Seen

Aug 8, 2025

Last Seen

May 16, 2026

Aug 8

First Seen

310d ago

May 16

Last Seen

30d ago

Reports

source reports

66%

Confidence

high

2/91

VirusTotal

detections

Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

66%

Signal Score

66 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

62 techniques

Feed Intelligence Summary

6 reports66% confidence

Source reports

66%

Confidence score

Category tags

abuse.ch threatfoxabuse.ch threatfox apiactive scanactive scanningaisuruapplication layer protocolasyncratauto-generatedautomated analysisautomated attackautomated detectionautomated huntautomated osintautomated scanautomated threatautomated threat detectionautomated-analysisautomated-huntautomated-osintautomated_attackautomated_detectionbad reputationblock-or-filter-listbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 communicationc2 infrastructurec2-infrastructurec2_activityc2_communicationc2_detectioncnccobalt strikecobaltstrikecode executioncommand & controlcommand and controlcommand executioncommand-and-controlcommand-executioncommodity ratcommodity-ratcommunication protocolcompromised hostcredential accesscredential stuffingcredential-accessdata encryptiondata exfiltrationdata store exposuredata-theftddosddos attackddos attemptdenial of servicedistributed attacksdnsdns attackdugganusa researchencryptionexploit kitexploitationexploitation activityftpftp brute forceftp bruteforceftp_brute_forcehigh bde scorehttp brute forcehttp bruteforcehttp c2http enumerationhttp probinghttp request anomalyhttp scannerhttp scanninghttp_c2httpsidentity & access exploitationimapindicatorinformation theftinjection activityiocip-addressip-scanningknown malicious iplateral movementmalicious network activitymalicious softwaremalicious sslmalwaremalware activitymalware activity detectedmalware campaignmalware campaign detectionmalware communicationmalware detectedmalware detectionmalware distributionmalware distribution campaignmalware indicatorsmalware infectionmalware infection campaignmalware_detectedmalware_indicatorsmeterpreternetsupportmanagernetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_intrusionnetwork_probenetwork_reconnaissancenewly identified iocnorth americanovel indicatornovel indicatorsnovel iocnovel ioc detectednovel iocsnovel malwarenovel-iocnovel-threatnovel_iocnovel_threatopen-source-intelligenceosintosint-volleypassword attackspattern 49pattern-49polcertport-scanpossible c2 activitypossible malicious activitypossible malwarepossible malware activitypossible_malware_infectionpotential compromisepotential malwarepotential malware activitypotential vulnerability exploitationpre-attack activityprecogprecog detectionprecog engineprecog_detectionprocess injectionprotocol abuseprotocol exploitationquasar ratquasar-ratransomwareratrdp_brute_forcereconnaissanceremcosremcos trojanremote accessremote access toolremote access trojanremote servicesremote-access-trojanresearchedscams & fraudscanning activityscripting attackssecurity operationsself-signed certificateself-signed certificatesservice scansmtpsmtp brute forcesmtp scanningsoftware exploitationssh attackssh bruteforcessh_brute_forcesslssl analysisssl certificatesstixsuspected_intrusionsystem-discoveryt1003t1016t1016.001t1018t1021t1021.001t1021.002t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.005t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.002t1210t1219t1486t1496t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1568t1569.002t1573t1573.001t1589t1595t1595.001t1595.002t1595.003tcp protocoltelnet threattelnet_brute_forcethreat actorthreat intelligencethreat intelligence feedthreatfox apithreatfox feedtor nodeunited statesunknown malwareunknown threat actorunknown-malwarevnc protocolvulnerability scanweb attackweb exploitationweb traffic

Activity Timeline

1 total obs

May 16May 16

Threat Activity Heatmap

· Peak: 2026-05-16

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **transadvice.org** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats, including botnet activities, command and control (C

Threat ScoreMedium Risk

SIGNAL

Signal Score

66%

Confidence

Reports

First seenAug 8, 2025

Last seenMay 16, 2026

Verified IOC

VirusTotal

2/ 91vendors flagged

2% detection rateJun 7, 2026

WHOIS

registrar: Gandi SAS
domain rank: -1
raw: Creation Date: 2010-09-23T16:36:12Z DNSSEC: unsigned Domain Name: transadvice.org Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: ns-163-a.gandi.net Name Server: ns-218-c.gandi.net Name Server: ns-26-b.gandi.net Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.170377661 Registrar IANA ID: 81 Registrar URL: http://www.gandi.net Registrar WHOIS Server: http://whois.gandi.net Registrar: Gandi SAS Registry Domain ID: REDACTED Registry Expiry Date: 2026-09-23T16:36:12Z Updated Date: 2026-01-16T17:25:27Z
references: https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
subdomains count: 23

`transadvice.org`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy