DomainHighVerifiedSignal 47/100
www.goodfont.co.kr
Location
United StatesFirst Seen
Apr 17, 2026
Last Seen
May 14, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports47% confidence
5
Source reports
47%
Confidence score
Category tags
abuseacceptaccessactiveactive scanagentaigalienvault_ransomwareall domainall ipv4america flaganguillaas2497 internetas9714 vocusascii textasiaaslraspackattack networkaustraliaaustralia asnbad reputationbazaarbodybotnet activityc0 a0c4 d8cachecalls clearchristopher ahmannck idclickcodecommandcommand linecommerce industrycontent typecookiecopycre pulcrlf linedarkcometdatadata uploaddbatloaderdefense evasiondeletedelphidenverdenver courtsdes moinesdns attackdomaindomains topdougcodr wifidrops pedynamicloaderee fcemailsenricenterenter scerrorerror resumeexclude suggesexecutable fileexploitexploitation activityextraextra dataextra infoextraction datafailedff d5filefilesfiles ipfindfind sformatfoundrypalantirfraudfull pathgeneratorguardguest systemhackinghighhtmlhybridid logininclude reviewincluded iocsindicatorindustry commerceinfinitylockinfo fileinfo processesinitial accessinjusticeinteliocsiot securityipv4japan asnjapan unknownjavadropperjeffrey reimerkevinkillmbrkorea, republic oflearnlegallevelloaderlocallokibotlookloopmalwaremediamediummetamitm_attacksmitre attmitre attackmonoms windowsmsiemusicmwdbnamename serversname tacticsnetworknetwork infonextnext dimnext urnjratnorth americantgraph xeoceaniaoverview zenboxpageparent pidpassive dnspathpattern matchpayloadpe filepegasuspetyaphilippinesphishingpoleasspornhubportpostpowershellprocesses extraprogramquasiransomwarereadredlinereferenrefreshregistrant namereimer gropesrelated pulsesremcosresearchedrestartrevengeratreview iocssabeysc datascams & fraudscriptscript scriptsearchserviceset cookieshellshhhshibuyasigmaspanspawnsssdeepstatestate coloradostringst1010t1012t1018t1027t1036t1045t1047t1053t1055t1056t1057t1059t1059.001t1060t1064t1069t1069.002t1070t1071t1071.001t1071.004t1082t1083t1091t1095t1105t1112t1120t1219t1480t1486t1490t1497t1518t1529t1542t1547t1553t1553.002t1560t1562t1573t1574telecommunicationsthreat actortitletoolstop destinationtop sourcetor nodetrackertrojantrojanransomtsara brashearstt trtulachtypetype olultimate fileultradns clientunitedunited statesupatreurlsvaluevbcrlfvbs scriptverdictverifywifiwifi datawifi idwindows ntwindows sandboxworkers compensationworld mediawritewrite cxportyarayara detectionsyara rulezenbox verdict
Activity Timeline
May 14May 14
Threat Activity Heatmap
· Peak: 2026-05-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
5
Reports
First seenApr 17, 2026
Last seenMay 14, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- <<Anomalous binary characteristics have been identified in a file that is being used to compile a Windows operating system for the first time in the history of the software, as well as an unauthorised virus>> Darkgate. Links wouldnt attach. User does not have whatsapp.
- raw
- AC E-Mail : [email protected] Host Name : ns3.likeweb.co.kr Host Name : ns4.likeweb.co.kr IP Address : 221.143.47.64 IP Address : 221.143.47.65 Registrant : d4298cbdc6cc4300 Registrant Address : 6d10bab3b140a00b Registrant Zip Code : 5422d825aae55d94 책임자 전자우편 : [email protected] 호스트이름 : ns3.likeweb.co.kr 호스트이름 : ns4.likeweb.co.kr
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 month ago · Last seen 1 month ago
Appeared in 5 threat reports