IOC Radar
DomainMediumSignal 78/100

uncertainyelemz.bet

Location
United StatesUnited States
First Seen
Feb 22, 2025
Last Seen
Jun 2, 2026
Feb 22
First Seen
479d ago
Jun 2
Last Seen
14d ago
10
Reports
source reports
78%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Feed Intelligence Summary

10 reports78% confidence
10
Source reports
78%
Confidence score
Category tags
abuseactive scanactive scanningaptbad reputationbitsight tracebotnetbotnet activitybrute forcec2c2 communicationcommand & controlcommand and controlcommunication protocolcredential accesscredential harvestingcredential stealingcredential stuffingcredential theftcryptocurrencycryptocurrency theftdata exfiltrationdata store exposuredata theftddosdenial of servicedistributed attacksenumerationexploitation activityftpftp brute forcehttp brute forcehttp scannerhttpsidentity & access exploitationindicatorinformation stealerinfostealerinfrastructure acquisitionreconnaissanceinfrastructure takedowningress tool transferinjection activityioclummalumma stealerlummaclummac2lummac2 iocsmaasmalicious softwaremalvertisingmalwaremalware distributionmalware-as-a-servicemetadata analysismfa token theftmulti-tiered c2networknetwork attacksnetwork discoverynetwork protocolnetwork scanningnetwork securitynetwork service scanningnorth americaoperating systempassword theftphishingphishing attackphishing campaignsprocess injectionprotocol exploitationransomwarereconnaissanceredlineremote accessremote servicesresearchedrussian threat actorserviceservice scanshamelsocial engineeringsocial media securityssh attacksteamsteam profilesystem discoveryt1005t1016t1018t1021t1021.001t1027t1036t1040t1041t1046t1047t1055t1059t1059.005t1069.001t1071t1071.001t1076t1078t1083t1102t1105t1110t1110.002t1189t1190t1204t1204.002t1486t1496t1499.002t1499.003t1539t1555t1555.003t1555.004t1563t1565t1566t1566.001t1566.002t1566.003t1571t1573t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltcp scantelnet threatthreat actortor nodetrojan malwaretrojanized softwareudp scanunited statesweb trafficwin32 malwarewindows malware

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) signifies a critical threat, pointing to potential malicious activity including data exfiltration, system compromise, and the deployment of sophisticated malware such as Lumma Stealer. Its high score of 78.05 underscores the urgent need for investigation and robust defensive measures. The presence of this domain in numerous reputable threat intelligence feeds, including Abuse.ch-ThreatFox-C&Cs and AlienVault Ransomware-Firehol, corroborates its malicious nature…

Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
10
Reports
First seenFeb 22, 2025
Last seenJun 2, 2026

VirusTotal

Not checked

WHOIS

description
A coordinated international operation led by Microsoft’s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma’s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311. Lumma, developed by Russian threat actor "Shamel," operated under a subscription model ($250–$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics—such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads—made it a preferred tool for ransomware affiliates and credential harvesters.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-02-21 00:00:00 Domain name: uncertainyelemz.bet Domain registrar id: 303 Domain registrar url: http://www.PublicDomainRegistry.com Expiry date: 2026-02-21 00:00:00 Name server 1: kaiser.ns.cloudflare.com Name server 2: mariah.ns.cloudflare.com Query time: 2025-02-22 11:26:30 Registrant city: 1f8f4166599d23ee Registrant company: 7251358e5db2ebb6 Registrant country: Russia Registrant email: 29e2c061f3c9524es@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: 90d4724e86bc58af Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-02-21 00:00:00
references
https://www.bitsight.com/blog/lumma-stealer-is-out-of-business, https://threatfox.abuse.ch/export/csv/recent/, https://www.virustotal.com/graph/gbaa289fdf61c406992796875711de9e9a8cbd5ec729c4152928a590329fd12af, https://raw.githubusercontent.com/bitsight-research/threat_research/refs/heads/main/lumma/lumma_iocs.csv, https://www.virustotal.com/graph/g6d9ebe2b6bfa44fd8948ad6cd3c4bb5ae5d1ebedb060448d8804a38196a6e43b
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 10 threat reports