DomainMediumSignal 36/100

`web.staging.vercel-support.xyz`

Location

Anguilla

First Seen

Jul 8, 2025

Last Seen

Apr 15, 2026

Jul 8

First Seen

354d ago

Apr 15

Last Seen

73d ago

Reports

source reports

36%

Confidence

medium

3/91

VirusTotal

detections

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

36%

Signal Score

36 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

174 techniques

Feed Intelligence Summary

3 reports36% confidence

Source reports

36%

Confidence score

Category tags

abuseacceptactiveactive scanadvanced persistent threatai chatai modelsalertsall domainall ipv4all urlamazonanguillaanonymous aiapacheappleaptapt groupbad reputationberbewbingbotnetbotnet activitybrute forcechatchatbotcivilcivil servicescivilian targetingck idck matrixclickcommandcommand & controlcommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingcrimedarkdata exfiltrationdata store exposuredata uploadddosddos attacksdefense evasiondefense-evasiondelete cdesktopdevelopment attdistributed attacksdnsdns attackdockduckduckgo aielectronic health recordsencryptencryptionendgameenterprise securityeu cyber policieseuropeexecutable fileexploitexploitation activityfailure alertsfirmware infectionfirmware modificationformfree aigm cachegooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshighhospital managementhtmlhtml smugglinghtml_smugglinghttphttps domainhybridicmp trafficidentity & access exploitationids detectionsinclude dataindicatorinfostealeringress tool transferinjection activityinternet of thingsiosios malwareiot botnetiot securityiot/ics attacklazarus grouplearnless iplinklinuxlinux malwarellamalocallocalemacmalicious softwaremalwaremass surveillancemedia centermedical servicesmediummetamirai botnetmistralmitre attmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatmovedmsiename tacticsnation-state activitynetherlandsnetworknetwork_icmpno sign upnsonso groupopen sourceopenaioperating systemoverparagonpassive dnspatch managementpathpatient carepdfpegasuspegasus projectpeoplephishingphishing attackpoliceportprivacy focusedprivate aiprocess injectionpublic administrationpublic infrastructurepublic policypulse submitransomwareread crecording screenregional securityregulatory agenciesremote access trojanreport spamresearchedreview excluderobotosamsungscriptsearchsecurity operationsselfshowsizeskynetslcc2smallsmssms exploitsocial engineeringsoftware vulnerabilitiessonyspamspawnsssl certificatest kittsstatestate-promovedstate-sponsoredstealerstringssuggestadiacst1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1036.004t1037t1037.003t1041t1045t1048t1048.003t1053t1055t1055.001t1056t1057t1059t1059.001t1059.004t1059.007t1060t1062t1064t1068t1069t1069.001t1069.002t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1089t1094t1105t1110t1112t1113t1114.002t1129t1130t1133t1143t1147t1155t1156t1185t1187t1189t1190t1192t1193t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1480t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.002t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1583.001t1584t1585t1586t1587t1587.001t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1608.001t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthey madthreat actorthreat intelligencetls handshaketls snitoolstor nodetrojan downloadertrojan malwaretwitterunitedunknown nsurlsuser agentvirtoolvulnerability scanweb application attackwindowswindows malwarewindows ntwixwritewrite cx contentx framex xssyara detectionszero click exploitzero-day exploit

Activity Timeline

1 total obs

Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **web.staging.vercel-support.xyz**, originating from Anguilla, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on July

Threat ScoreLow Risk

SIGNAL

Signal Score

36%

Confidence

Reports

First seenJul 8, 2025

Last seenApr 15, 2026

VirusTotal

3/ 91vendors flagged

3% detection rateJun 14, 2026

WHOIS

description: I decided to test most malicious devices I’m researching. I tested 2 browsers on device, an anonymous version of chat GPT 5 popped up (drive by compromise). Labeled: duck.ai in browser bar. I chose to interact with something that came seemingly from nowhere. During each interaction a red recording button appeared. Screen recording in progress on device. I asked anonymous actor about the recording button. Response: ‘That red square is the browser or site's visual indicator that the page is capturing input or has an active interactive state - it isn't me recording audio. Try these checks: • Look for a site-level microphone/camera permission prompt in your browser address bar.’ The attackers must be associated with Tulach / NextCloud , likely angry that I researched the adversarial nature of the presence in malicious, deeply compromised media. Consequences: threat actors retaliating because their own behavior and existence in malicious media is being researched. #tulach #nextcloud #anonymous_ai_chat
raw: Create date: 2022-05-10 Domain name: vercel-support.xyz Domain registrar id: 69 Domain registrar url: http://domainhelp.opensrs.net Expiry date: 2023-05-10 Name server 1: ns1.vercel-dns.com Name server 2: ns2.vercel-dns.com Query time: 2022-05-12 14:54:28 Registrant address: 3267309318f7846c Registrant city: 3267309318f7846c Registrant company: 72f02dcaf51a9604 Registrant country: United States Registrant email: 3267309318f7846cs@ Registrant fax: 3267309318f7846c Registrant name: 72f02dcaf51a9604 Registrant phone: 3267309318f7846c Registrant state: 64a84a483452b7ac Registrant zip: 3267309318f7846c

`web.staging.vercel-support.xyz`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey