IOC Radar
DomainMediumSignal 45/100

wap.runlinga.cn

First Seen
Apr 9, 2025
Last Seen
Jun 5, 2026
Apr 9
First Seen
431d ago
Jun 5
Last Seen
9d ago
8
Reports
source reports
45%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Feed Intelligence Summary

8 reports45% confidence
8
Source reports
45%
Confidence score
Category tags
abusealienvault_ransomwareattachment based phishingattachment exploitationattachment phishingbad reputationbecbotnetbotnet activitybrand impersonationbrute forcebusiness email compromisecommand and controlcredential harvestingcredential phishingcredential stuffingcredential theftdata exfiltrationdata store exposuredeceptive websitesdistributed attacksexploitation activityfinancial phishingidentity & access exploitationindicatorinjection activitylink injectionlink manipulationlink phishinglink redirectionmalicious attachmentmalicious domainmalicious linksmalicious softwaremalwaremalware deliverymalware distributionmalware phishingnetworkphishingphishing attackphishing campaign detectedphishing campaign detectionphishing domainsphishing iocphishing-databaseprocess injectionransomwareresearchedsecurity operationssocial engineeringt1055t1071t1071.001t1078t1078.001t1189t1192t1204t1204.001t1204.002t1486t1496t1499.002t1499.003t1534t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1598t1598.003threat intelligenceurgent requestweb securitywebsite forgerywebsite phishing

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **wap.runlinga.cn** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, malware, phishing, and ransomware. First observed on April

Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
8
Reports
First seenApr 9, 2025
Last seenJun 5, 2026

VirusTotal

Not checked

WHOIS

description
LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
raw
DNSSEC: unsigned Domain Name: runlinga.cn Domain Status: clientTransferProhibited Expiration Time: 2025-11-12 11:19:45 Name Server: ns1.judns.com Name Server: ns2.judns.com Registrant Contact Email: [email protected] Registrant: 43277b53277feb56 Registration Time: 2023-11-12 11:19:45 Sponsoring Registrar: 山东开创集团股份有限公司

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 8 threat reports