IOC Radar
DomainHighVerifiedSignal 81/100

wire2spell.com

Location
Saint Helena, Ascension and Tristan da CunhaSaint Helena, Ascension and Tristan da Cunha
First Seen
Mar 12, 2026
Last Seen
Jun 6, 2026
Mar 12
First Seen
90d ago
Jun 6
Last Seen
4d ago
6
Reports
source reports
81%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Feed Intelligence Summary

6 reports81% confidence
6
Source reports
81%
Confidence score
Category tags
acrstealeractive scanaptarmasciiasyncratattack_vectorattack_vector:deliverybackdoorbase64 encodingbashbotnetbotnet activitybrute forcebrute_force_attackc2c2 communicationcampaign:unknowncode executioncommand & controlcommand and controlcommand executioncommand_and_controlcommunication protocolcredential accesscredential harvestingcredential stuffingcredential_stuffingcyber threat intelligencecyber_attackcyber_threat_activitydata encryptiondata exfiltrationdata store exposuredata_type:indicators_of_compromiseddosddos attacksdistributed attacksdownloaderdropped-by-amadeydropperelfencodedencryptionevent_type:malware_deliveryexeexecutable fileexploitexploit kitexploitation activityextortionftpgeofenced-usahashhttp scannerhttpsidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial access attemptsinitial_accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkeyloggerlateral movementlinuxloadermacosmacro malwaremalicious documentmalicious domainmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalicious_attachmentmalicious_filemalicious_urlmalvertisingmalwaremalware analysismalware distributionmalware_distributionmipsmirai botnetmozinetworknetwork indicatorsnetwork protocolnetwork securitynetwork_scanningnorth americaopendiroperating systempayload deliveryphantomstealerphishingphishing attackprocess injectionps1ransomwareratremote accessremote servicesreport_source:ltna_cyberresearchedrev-base64-loadersaint helena, ascension and tristan da cunhascams & fraudscannerscripting attackssecurity operationssecurity_indicatorsshell scriptsmtpsocial engineeringsoftware exploitationsoftware_vulnerability_exploitationssh attacksystem disruptiont1005t1021.001t1021.002t1027t1040t1053t1055t1059t1059.001t1069.001t1071t1071.001t1076t1077t1078t1086t1102t1105t1110.002t1133t1189t1190t1203t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1590.001t1595targeting databasethreat actorthreat intelligencethreat_actor:unknownthreat_intelligencethreat_type:malwaretor nodetrojan malwareua-wgetunited statesvalleyratvidarvipkeyloggervulnerability scanweb securityweb trafficx86-64xmlxworm

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
6
Reports
First seenMar 12, 2026
Last seenJun 6, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
domain rank
-1
raw
Administrative city: Redacted for privacy Administrative country: Redacted for privacy Administrative state: Redacted for privacy Create date: 2025-04-29 00:00:00 Domain name: wire2spell.com Domain registrar id: 3948 Domain registrar url: www.gname.com Expiry date: 2026-04-29 00:00:00 Query time: 2025-04-30 11:40:50 Registrant city: ddb75a553547a419 Registrant company: ddb75a553547a419 Registrant email: a27c0d961607bb59s@ Registrant fax: 224ebce19c8a675a Registrant name: ddb75a553547a419 Registrant phone: 224ebce19c8a675a Registrant state: ddb75a553547a419 Registrant zip: ddb75a553547a419 Technical city: Redacted for privacy Technical country: Redacted for privacy Technical state: Redacted for privacy Update date: 2025-04-29 00:00:00
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 3 months ago · Last seen 4 days ago
Appeared in 6 threat reports