IOC Radar
DomainMediumSignal 99/100

twizt.net

Location
ParaguayParaguay
First Seen
Mar 12, 2023
Last Seen
Jun 8, 2026
Mar 12
First Seen
1188d ago
Jun 8
Last Seen
5d ago
20
Reports
source reports
99%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

96 techniques

Feed Intelligence Summary

20 reports99% confidence
20
Source reports
99%
Confidence score
Category tags
.exeabuseactive scanactive scanningaddress rangeadres urladresy urlafricaallocation typeamadeyamosstealeranalysis dateapkapnicapnic whoisapplication layer protocolaptarin whoisarmas numberasciiasyncratattackauto-generated securityavastavv.apkawasta elfbackbackdoorbashbeaconbotnetbotnet activitybotnetdomainbrute forcebrute force attackc startc2c2 domaincacblock44ccro asnas39668cidrclaycobaltstrikecodecode executioncode injectioncoinminercommand and controlcommand executioncommand linecommunication channelcommunication protocolcompromised infrastructurecountry acredential accesscredential harvestingcredential stuffingcryptbotcryptonectadarktortilladatadata encryptiondata exfiltrationdata sizedcratddosddos attacksdefense evasiondenial of servicedesktopdevicerasacd cdgc4ph bazadiscorddistributed attacksdjvudlldmgdocdosya klasrdownloaderdrive-by downloadsdrops peearthwormelfencodedencryptencryptionerror resumeexeexecutorexploitation activityexploitsextortionfalsefarflifiles cfirstfoundframe idftpftp brute forcefull pathfuturegafgytgh0stratgovernment websiteguloaderhajimehandlehashhealerhexhomehostedhtahttp attackhttp brute forcehttp requesthttp scanneri aplicaiiianaiana webidatdropperil845ilo o2oindicatorinfectinformation stealerinformation warfareinfrastructure acquisitionreconnaissanceingress tool transferinitial accessintelinternet of thingsintersat srlintrusion detectioniociot botnetiot/ics attackipv4ipxo llcjarjava-bytecodejeli plikjpg-base64-loaderkeyloggerkeys nothinglayton m0355lcryptorxlcryxliczba prbeklockbit ransomwarelog4jlog4shelllogin attacklogin attemptlooplualummalummastealermalicious activitymalicious domainmalicious downloadmalicious linksmalicious powershell activitymalicious redirectsmalicious softwaremalwaremalware distributionmassloggermetasploitmethod getmime typeminermipsmirai botnetmobile appmobile app reconnaissancemobile application attackmodified filesmofksysmoobotmozims windowsmtb zakaeniemusicname zakladnazwanazwa httpsnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork namenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnews manipulationnextnorth americanvcontainero poniejodcisk palcaojsresookiruopenopendirpaginpani obroczyniparaguayparent pidpassword attackpassword attackspassword stealerpassword-protectedpe filephishingphishing attackphorpiex botnetpleaseplikplik sha256plikipolandpolandpoland aspolish governmentpotential intrusionpotential vulnerability exploitationprivateloaderprocess injectionprotocol exploitationps1purelogstealerransomwareratratsread filesrealizare sitereconnaissancereferendum relatedregistry keysregszremcosratremote accessremote access trojanremote servicesresearchedrev-base64-loaderreverseshellrobloxrolaromaniaromanian targetsaint helena, ascension and tristan da cunhasanselosanselo targetscannerscanning toolscripting attacksserverservice enumerationservicii websettings readseychellesshellcoderunnersizeskopiujskrtsliversmartloadersmbscansmoke loadersmokeloadersocial engineeringsoftware exploitationspamspawnsspynotessdeepssh attackstealcstealersystem accesssystem disruptiont1005t1010t1012t1016t1018t1021t1021.001t1027t1036t1040t1041t1046t1047t1055t1056t1057t1059t1059.001t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1078t1082t1083t1086t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1115t1129t1133t1140t1189t1190t1195.002t1199t1203t1204t1204.001t1204.002t1222t1486t1490t1496t1497t1499.001t1499.002t1499.003t1518t1543t1547t1553t1555t1562t1563t1564t1565t1566t1566.001t1566.002t1566.003t1567t1568t1569t1573t1574t1583t1584t1586t1587.001t1588t1588.006t1589t1589.002t1590.001t1590.002t1590.003t1590.004t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1598t1614tcp protocoltcp scantelnet threatthreat actorthreat intelligencetoolstrojan malwaretrueua-wgetudostpnijudp port scanudp scanukryj prbkiunitedunsuccessful login attemptsurlhausvalid accountsvbcrlfvbsverusvhashvipkeyloggerweb attackweb exploitationweb securityweb trafficwebsite defacementwebsite reconnaissancewhois serverwin32 exewindowx86-32xwormyakuzazipzoliwymzrzuty ekranuzwizane z

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **twizt.net**, originating from Paraguay, has emerged as a significant indicator of compromise (IOC) in the cybersecurity landscape. First observed on March

Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
20
Reports
First seenMar 12, 2023
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

registrar
WEBCC
description
[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.
domain rank
-1
raw
Admin City: Kuala Lumpur Admin Country: Malaysia Admin Email: [email protected] Admin Organization: Whoisprotection.cc Admin Postal Code: 57000 Admin State/Province: Wilayah Persekutuan Creation Date: 2023-03-02T20:22:23Z DNSSEC: unsigned Domain Name: TWIZT.NET Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: inactive https://icann.org/epp#inactive Expiration Date: 2026-03-02T20:22:23Z Name Server: CORA.NS.CLOUDFLARE.COM Name Server: JAY.NS.CLOUDFLARE.COM Name Server: NS100.WEBNIC.CC Name Server: NS101.WEBNIC.CC Registrant City: d622b1166b297bee Registrant Country: Malaysia Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 4b08dd3c2e64342b Registrant Name: edeae57e15fec50a Registrant Organization: 20c6e82190de8bc4 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: ded73c94c864041d Registrant Postal Code: eff8e039538ef902 Registrant State/Province: f4e528a4fdf624a9 Registrant Street: dc6a539b531eccfb Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +60.189836788 Registrar Abuse Contact Phone: +60.389966799 Registrar IANA ID: 460 Registrar URL: http://www.webnic.cc Registrar WHOIS Server: whois.webnic.cc Registrar: WEBCC Registrar: Web Commerce Communications Limited dba WebNic.cc Registry Admin ID: Not Available From Registry Registry Domain ID: 2762321971_DOMAIN_NET-VRSN Registry Expiry Date: 2027-03-02T20:22:23Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Kuala Lumpur Tech Country: Malaysia Tech Email: [email protected] Tech Organization: Whoisprotection.cc Tech Postal Code: 57000 Tech State/Province: Wilayah Persekutuan Updated Date: 2023-03-02T20:22:21Z Updated Date: 2026-03-03T16:15:52Z
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 5 days ago
Appeared in 20 threat reports