DomainMediumSignal 36/100

`will-dev.lf-throwaway.com`

Location

United States

First Seen

Jul 8, 2025

Last Seen

Jul 9, 2025

Jul 8

First Seen

340d ago

Jul 9

Last Seen

339d ago

Reports

source reports

36%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

36%

Signal Score

36 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

157 techniques

Feed Intelligence Summary

3 reports36% confidence

Source reports

36%

Confidence score

Category tags

abuseadvanced persistent threatamazonappleaptapt groupberbewbingbotnetcaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcrimedata exfiltrationdata theftddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexploitfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingindicatorinformation technologyingress tool transferintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywarenetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonystatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat intelligencetraffic maskingtrojan downloadertrojan malwareunited statesweb exploitationwindows malwarewixzero click exploitzero-day exploit

Activity Timeline

1 total obs

Jul 9Jul 9

Threat Activity Heatmap

· Peak: 2025-07-09

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The domain **will-dev.lf-throwaway.com** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, exploits, malware, and phishing campaigns. First observed on July

Threat ScoreLow Risk

SIGNAL

Signal Score

36%

Confidence

Reports

First seenJul 8, 2025

Last seenJul 9, 2025

VirusTotal

Not checked

WHOIS

registrar: Amazon Registrar, Inc.
description: Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
raw: Creation Date: 2021-06-24T13:53:46Z DNSSEC: unsigned Domain Name: LF-THROWAWAY.COM Domain Name: lf-throwaway.com Domain Status: ok https://icann.org/epp#ok Name Server: NS-116.AWSDNS-14.COM Name Server: NS-1181.AWSDNS-19.ORG Name Server: NS-1978.AWSDNS-55.CO.UK Name Server: NS-726.AWSDNS-26.NET Registrant City: e8faa050f23df84b Registrant Country: GB Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: a4c349958db8f29d Registrant Name: ed848bc8276fc2aa Registrant Organization: 038a292988566233 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 33d4221f20a0d199 Registrant Postal Code: 0c47207fb5546dc6 Registrant State/Province: 0449eb7840e3a030 Registrant Street: 1614d10740614cc5 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2024422253 Registrar IANA ID: 468 Registrar Registration Expiration Date: 2026-06-24T13:53:46Z Registrar URL: http://registrar.amazon.com Registrar URL: https://registrar.amazon.com Registrar WHOIS Server: whois.registrar.amazon Registrar: Amazon Registrar, Inc. Registry Domain ID: 2621916154_DOMAIN_COM-VRSN Registry Expiry Date: 2026-06-24T13:53:46Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Hayes Tech Country: GB Tech Email: [email protected] Tech Organization: Identity Protection Service Tech Postal Code: UB3 9TR Tech State/Province: Middlesex Updated Date: 2025-05-20T13:57:23Z

`will-dev.lf-throwaway.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy