IOC Radar
DomainHighVerifiedSignal 26/100

webmail.rpa-best.ru

Location
SpainSpain
First Seen
Dec 3, 2021
Last Seen
May 2, 2026
Dec 3
First Seen
1659d ago
May 2
Last Seen
48d ago
4
Reports
source reports
26%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Feed Intelligence Summary

4 reports26% confidence
4
Source reports
26%
Confidence score
Category tags
.ruaaaaabuseaccess attaccount compromiseaccount securityactiveactive relatedactive scanaddress rangeaidsakamaialbertaalertsalienvault_ransomwareall reportall scoreblueallocation typeam sizeanchor hrefsanomalous_deletefileanti-debugginganti-sandboxanti-vmantivirus evasionantonio apranyone elseapnicappleapple iosappleidaquirearevalo antonioarizonaascii textasiaassigned piattackaustraliaauthorityav detectionsavast avgawfulbackbackdoorbad reputationbannock stbatbazarbehavior tofseebelgium belgiumblpdqebodybody lengthbotnetbotnet activitybotsbrian sabeybrute forcebuilderca issuerscallback phishingcatherine daisy colemanccdkccus asnas749christopher p ahmannchristopher p. ahmanncidrck idck idsck matrixck techniqueclickclick-based attackcloud infrastructurecnccode pagecommandcommand and controlcommand executioncommunication protocolcommunication technologiescommunity managementcompromises devicecontacted hostscontent lengthcontent sharingcontrolcontrol ta0011copycorreocount blacklistcourtscreation datecredential accesscredential harvestingcredential stuffingcriminal attackcrlf linecryptocryptocurrencycvecyberdata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferdays agoddosddos attacksdead connectdead hostdefense evasiondeletedelete cdenial of servicedenmarkdenver countydetection listdevelopment attdiablodiablo attacksdigital platformsdisplaynamedistributed attacksdnsdns attackdocument filedomaindomainrobotdomains topdougcoduration cuckoodynamic function loadingdynamic loaderdynamicloaderdzanemailsemotetencryptencryptionenglertenterprise securityentity ipripeentriesentrusterickaerroreuropeeurope/asiaexe uploadexecutable fileexploitation activityextortionf-hfalsefastly dnsfederation flagfilesfiles domainfiles ipfiles loadingfiles locationfiles relatedfinal urlfirst addressflagflag unitedfoundfound pornstarsgandigandi sasgeckogeneral fullgeneric httpgermanyget httpgh0stratgmtngo daddygooglegrumguardhackinghall renderhandleheader observedheaders xcachehighhistoricalhistorical sslhistoryhosthostilehostile httphostnamehostname addhostname enumerationhrefhtml contenthtml documenthtml infohtml internethttphttp responsehttp scannerhua mucatulhybrididentity & access exploitationids detectionsiframeimphash pehashinboundinccindicatorinfo fileinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection activityinjection write processinput validation bypassintelinternet of thingsinvalid urliociocsiosiot botnetiot securityiot/ics attackipadiphoneipv4ipv4 addit infrastructurejob done infectedjsonjudikeyloggerkhtmllateral movementlawlearnlegal entitiesless relatedless seeless whoislevelliarlinklinux mintlittle endianloaderidlocallog idlogin joinlogmeinlogmein rescuelooklow risklow securitylowercase hostlowfimachine labelmailmainmalicious linksmalicious powershell activitymalicious softwaremalwaremalware foundmanagermanymarkusmatch infomatch mediummedia gmbhmediummedium attemptsmedium installsmeta tagsmetadata analysismetromimicminymirai botnetmisamitre attmobile carriersmobile networksmobile threatmockmonitored targetmore externalmovedms windowsmsi installername serversname tacticsnation-state activitynetworknetwork communicationnetwork droppednetwork namenetwork scanningnetwork trafficnextnext associatednight gotnjratno datano entriesnone googlenorth americanoticenow ooopsnsont findnumberobjectobjectionoceaniaogoogle trustonloadopenurl coperating systemoperating system securityotx logooutbound trafficoverruledoverview whoispackerpackingpagosa springsparedespassive dnspasswordpastepatch managementpath traversalpatriot actpattern matchpe anomalype32 executablepegasusphishingphishing attackpornhubportpresent augpresent julpresent junpresent sepprimary requestprocessprocess injectionprocmem_yaraprograms pornprotectprotocol t1071pulse pulsespulsespulses hostnamepulses nonepushqueryransomwareratreadreads_selfreconnaissancerecord valuerefreshrelated nidsrelated tagsremoteremote accessremote access trojanremote processremote servicesreport spamrequestresearchedresolved ipsresolverrorresource pathresources whoisrestartreview loriskrndcharrndhexrobotorootkitrussiasafe browsingsafebaesample summarysamplesscan endpointsscarscript tagsscripting attackssearchsecurity aprsecurity nosecurityvaleriaserversshow processshow techniquesitesite ca0x1ex17rsizesleep sandboxslider pluginsnake keyloggersocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingsoftware developmentsoftware vulnerabilitiessouth koreaspainspamspanspawnssqlitessl certificatestagingstarfieldstate of coloradostatic_pe_anomalystatusstatus codestealth windowstreamstringssucuri firewallsumosweetsystem disruptiont mobilet regdwordt1003t1003.008t1005t1014t1021t1021.001t1027t1029t1030t1031t1036t1041t1045t1051t1053t1055t1056t1057t1059t1059.001t1059.003t1059.007t1060t1063t1068t1069t1069.001t1071t1071.001t1071.004t1078t1082t1083t1086t1105t1112t1113t1119t1129t1133t1140t1143t1155t1189t1190t1202t1204t1204.001t1204.002t1207t1210t1480t1480 executiont1486t1490t1496t1497t1499.002t1499.003t1518t1547t1548t1553t1553.001t1553.002t1562t1564t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1573 severityt1583t1584.005t1585.001t1587.001t1588.001t1589t1589.001t1590t1590.001t1591t1592t1608.001tag counttagstags nonetaiwan as3462targeted attacktargeting databasetaskjobtelecom servicestelecommunicationsthe pagethey knowthreatthreat actorthreat actorstitletitle safebaetls snitls webtofseetofsee hightoolstor analysistor nodetref neutraltrojantrojan malwaretrojan:win32/zombie.atrojandroppertsara brashearstulachtwittertypetype mimetypeu0012u0018u001awubuntuunicode textunique tldsunitedunited kingdomunited statesunknown nsurlsurls httpsurlvoiduseruser engagementuser executionusersutf8 textv2 documentvaleriavaleria paredesverifyverizonversionversion filevideos moviesvirlockvulnerability scanwe caweb application attackweb application exploitationweb securityweb trafficwebsite malwarewhois recordwhois serverwin32 malwarewindirwindowswindows malwarewindows ntwindows startupwormwp enginewpbakery pagewritewrite cxy ampyahooyara detectionsyara ruleyour witnesszerossl ecc

Activity Timeline

1 total obs
May 2May 2

Threat Activity Heatmap

· Peak: 2026-05-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
4
Reports
First seenDec 3, 2021
Last seenMay 2, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
REGTIME-RU
raw
Last updated on 2025-07-06T11:53:01Z created: 2021-04-23T10:05:03Z domain: RPA-BEST.RU nserver: ns1.mchost.ru. nserver: ns2.mchost.ru. nserver: ns3.mchost.ru. nserver: ns4.mchost.ru. paid-till: 2026-04-23T10:05:04Z registrar: REGTIME-RU source: TCI state: REGISTERED, DELEGATED, UNVERIFIED

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 4 years ago · Last seen 1 month ago
Appeared in 4 threat reports