DomainMediumSignal 82/100
ttbbaits.com
Location
First Seen
Oct 22, 2025
Last Seen
Jun 20, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports82% confidence
10
Source reports
82%
Confidence score
Category tags
aptapt activityapt groupapt24attack vector: emailautumn dragonbloody wolfbloody wolf groupbrand impersonationcentral asiacredential harvestingcredential theftcustomer experiencedata exfiltrationdata theftdigital commercedigital marketplacee-commercee-commerce platformeurope/asiafake websitefilehash:md5filehash:sha1filehash:sha256financefraudgovernment impersonationhashesindicatorindicators of compromiseinitial accessjar exploitationjar filejarsjava archive malwaremacos malwaremalicious softwaremalwaremalware deliverymalware type: ratnetsupport ratnetworknorth americaonline paymentonline retailonline shoppingoperation dreamjobpayload: jar filephishingphishing attackphishing attack campaignprocess injectionratrat: netsupport ratregion: central asiaremote access toolremote access trojanresearchedrussiashai-hulud campaignsocial engineeringsocial media attackspear phishing campaignt1027t1053t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1105t1134.001t1134.002t1189t1190t1192t1195.002t1204t1204.002t1210t1219t1486t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1583.001t1583.004t1588t1588.002t1598united stateswater gamayun
Activity Timeline
Jun 20Jun 20
Threat Activity Heatmap
· Peak: 2026-06-20LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
10
Reports
First seenOct 22, 2025
Last seenJun 20, 2026
VirusTotal
Not checked
WHOIS
- registrar
- TUCOWS.COM, CO.
- creation date
- 2025-09-09T11:06:38
- expiration date
- 2026-09-09T11:06:38
- updated date
- 2025-09-09T11:06:39
- name servers
- 1-YOU.NJALLA.NO, 2-CAN.NJALLA.IN, 3-GET.NJALLA.FO
- country
- KN
- emails
- [email protected]
- org
- REDACTED FOR PRIVACY
- status
- clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 8 months ago · Last seen 7 days ago
Appeared in 10 threat reports