DomainMediumSignal 87/100
update.centos-yum.com
Location
United StatesFirst Seen
Oct 10, 2023
Last Seen
Jun 2, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
17 reports87% confidence
17
Source reports
87%
Confidence score
Category tags
aaaaacceptaccess tokenactive scanaddressaddress domainadmin cityadmin countryadware.adload/adinstallerage86400 setagent teslaall scoreblueall searchanalysis ob0001analysis ob0002application/octet-streamaptashburn vaaspackb0001 processb0003 delayedbad reputationbobsoftbodybotnetbotnet activitybrian sabeybrute forceca1 odigicertcanada unknowncapacape sandboxcatalog treecivilian societycn admincndigicert sha2codecommand & controlcommand and controlcontains-elfcontains-embedded-jscookiecookie policycopycountrycreation datecredential harvestingcredential stuffingcsc corporatecus cndigicertcyber criminal groupdatadata exfiltrationdata store exposuredatasetdeaddead drop resolverdelphidetections filedetections typedigitaloceanasndistributed attacksdiv divdll sideloadingdns attackdnssecdomaindomainsdouglas codouglas co sheriffdynamicloaderemailencryptionentrieserroreuropeevasion ob0006everywhere dvexploitation activityf0007 discoveryfbi vafilesfiles ipfiles matchingfinland unknownfirstflow t1574formatg1 odigicertgeckogeneratorget httpglobal g2guihackershashes c2aehighhigh levelhighly targetedhistorical sslhosthostnamehr rtdiana ididentity & access exploitationiframesinc subjectindicatorinfostealerinfrastructure acquisitionreconnaissanceiniciar download setupinjection activityinno setupintelinvalidinvalid variantinvestigation cissuerjustin bieberk netsvcskey infokhtmlless seelimitedlookupsloudon countyluna mothmalicious ipmalicious softwaremalwaremanualmediummodify accessmodulesmovesnamename serversnamecheap incnamewebnameweb bvbanetherlandsnetworknextngfw trafficnorad trackingnorth americanumberob0007 analysisodigicert incoffice openotx scorebluepassive dnspath maxpe resourcephishingphishing attackpoliceprocess injectionpulse pulsesransomwareraspberry robinread morereadsregistrarsaferelated pulsesrequestresearchedruntime moduless ngcctnrsvcscan endpointsscript scriptsearchselect familyself deletionserversheriffshowshowingsneaky serversocial engineeringstackstatusstealersubject publicswippersystem propertyt1012t1018t1027t1031t1033t1036t1046t1047t1055t1055 spawnst1059t1060t1070t1071t1071.001t1082t1083t1095t1105t1129t1134t1140t1221t1486t1496t1497t1499.002t1499.003t1518t1529t1539t1564t1565t1566.001t1566.002t1566.003t1573t1574t1587.001t1590.001t1614targetstemptencent habothreat actorthreat rounduptls catls rsatoni braxtontor nodetrojantrojan featurestrojandroppertrojanspytsara brashearsunauthorizedunitedunited kingdomunited statesunknown winurlsuserutc submissionsv3 serialvirtoolwhois lookupwin32 dllwin32 exewindirwindowswindows ntwindows startupwormx sucurixml spreadsheetyara detectionsyara ruleyodazenbox
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
17
Reports
First seenOct 10, 2023
Last seenJun 2, 2026
VirusTotal
Not checked
WHOIS
- registrar
- GMO Internet, Inc.
- creation date
- 2025-10-28T01:26:15
- expiration date
- 2026-10-28T01:26:15
- updated date
- 2025-10-28T01:26:15
- name servers
- NS11.VALUE-DOMAIN.COM, NS12.VALUE-DOMAIN.COM, NS13.VALUE-DOMAIN.COM
- country
- JP
- org
- Whois Privacy Protection Service by VALUE-DOMAIN
- status
- ok https://icann.org/epp#ok
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 23 days ago
Appeared in 17 threat reports