DomainHighVerifiedSignal 55/100

`www.speakup.it`

Location

United States

First Seen

Mar 26, 2025

Last Seen

Jun 9, 2025

Mar 26

First Seen

446d ago

Jun 9

Last Seen

370d ago

Reports

source reports

55%

Confidence

high

Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

55%

Signal Score

55 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

71 techniques

Feed Intelligence Summary

4 reports55% confidence

Source reports

55%

Confidence score

Category tags

aaaaaccept texthtmlaccess ta0006account discoveryaccount profilingaccount securityaccount takeoveractive relatedactive scanningadded activeaddress rangeadobe readerafricaalertsallocation typeam sizeameranalysis dateandarielandariel highapnicapnic whoisarin whoisascii textasiaauthentihashauurtonany dataav detectionsavast avgb0047 modifybackdoorbad actorbinary filebodybotnetbrute forcebusiness impersonationc2 communicationcbe oglobalsigncheckincheckschinacidrcivil servicesck idck idsck techniquesclick-based attackcnamazon rsacode executioncommandcommand and controlcommand executioncommunication protocolcommunication technologiesconnected devicescontent lengthcontrol ta0011copy md5copy sha1copy sha256countrycreation datecredential accesscredential theftcyprus showingd-link exploitdatadata accessdata collectiondata copyingdata datadata exfiltrationdata transferdata udata uploadddosddos attacksdefense evasiondelete cdelphidevice managementdevices homedgadistributed attacksdlldnsdnssecdom domdos executabledropdwordelectronic health recordselfelf:mirai botnet activityencryptenigmaenter senter scentriesentries peentries tlserroreuropeeurope/asiaexcludeexclude reviewexclude suggesexecution flowextr dataextraextrac pleaseextre dataextrif0012 filefailedfakejuko.site40filehash-md5filesfiles locationfiles showfinancefind sfirstflag unitedfoundfoundryfraudgeckogenericgeneric windosgoogle safegovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshidden fileshighhiloti stylehome networkshong konghospital managementhosthostname enumerationhours agohtml documenthttp attackhttp headershttp scannerhybridianaiana idicmp trafficid deadhostids detectionsii llcimpact ob0008impact ta0040include datainclude reviewindiaindia asnindia ip blockindia unknownindicatorindustrial iotinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure probingingress tool transferinno setupinput validation bypassintelinternet of thingsiocsiosiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4ipv4 addit infrastructurejapan unknownkey algorithmkey identifierkey infokeyskhtmllearnlinklinuxlocallowfimalicious linksmalicious softwaremalwaremalware deliverymalware distributionmalware trafficmarkusmatch infomatch unknownmedical facility targetmedical facility targetingmedical servicesmediummirai botnetmitre attmobile carriersmobile networksmodify systemmonitored targetmore filemovedmsiemslename tacticsnetworknetwork enumerationnetwork namenetwork probingnetwork scanningnextnext associatednidsnone filenorth americansisnumberoamazonob0009 installob0012 installodigicert inconioopenoperating systemoperating system securitypassive dnspath traversalpatient carepattern matchpdfpe32 installerpegasusphishingpleasepornportable document formatpost httppotential data breachpresent julpresent marpresent novprocess analysisprocess injectionprocess t1543propprotected modepublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulsespulses nonepulses urlr6 alphasslransomreaderreconnaissancerecord valueregistry e1112registry modificationregistry runregsvr32regulatory agenciesrelated nidsrelated pulsesrelated tagsremote accessremote servicesreport spamrequestresearchedresolved ipsresolverrorrich perole titlerussiasc cat959sc datase extractionse typesearchsensitive data exposureserver responseserversshellshowshowingshowinil tvnessite reconnaissancesizesmart devicessmokeloadersmtp abusesocial engineeringsoftware developmentsoftware exploitationspawnsssdeepstartup folderstatusstatus domainstatus httpstop datastringssu datasubject publicsubmit urlsuspsystem information discoverysystem oc0008t1005t1010t1021t1021.001t1027t1030t1036t1055t1056t1057t1059t1059.001t1059.003t1060t1069.001t1070t1071t1071.001t1078t1082t1083t1105t1112t1113t1124t1125t1129t1133t1134t1189t1190t1192t1202t1203t1204.001t1204.002t1480t1485t1486t1496t1497t1499.002t1499.003t1539t1543t1547t1553t1560t1562t1564t1565t1566t1566.001t1566.003t1567t1567.001t1574t1574 dllt1583t1587.001t1588t1589t1589.001t1590t1590.001t1592t1593t1595t1595.001t1595.002t1595.003t1598tagstargetstcp includetelecom servicestelecommunicationsthemidathemida andarietitle addedtop destinationtop sourcetriestrojan malwaretrojandroppertsaratwittertyp datatypetype indicatorudp a83f8110ukl extractunitedunited kingdomunited statesunknown cnameunknown nsurlsurls showuseruser executionuss cusvwusvwuv3 serialvhashvirustotal apivmwarevmware httpweb application exploitationweb securityweb trafficwebsite defacementwebsite infrastructure analysiswebsite investigationwget commandwhois lookupwhois registrarwhois serverwin3 datawin32 exewin32 malwarewindo alertswindowwindows malwarewindows ntwmiwormwriteyarayara detections

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The domain **www.speakup.it** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on March

Threat ScoreMedium Risk

SIGNAL

Signal Score

55%

Confidence

Reports

First seenMar 26, 2025

Last seenJun 9, 2025

Verified IOC

VirusTotal

Not checked

WHOIS

description: Strange Medical Facility with Overt Bad Actors already Spying on Disabled. Everything including bathroom is monitored. founderintech.com www.galbutfamilyfoundation.com wpengine.com https://foundry2sdbl.dvr.dn2.n-helix.com http://foundry2sdbl.dvr.dn2.n-helix.com pegasusthruster.com https://www.pegasusthruster.com/ smtp.pegasustech.net http://pegasusthruster.com/shoppegasus/includes/att

`www.speakup.it`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy