DomainMediumSignal 12/100
xnpoen.b17da333ec194ec4b767.d.requestbin.net
First Seen
Apr 13, 2025
Last Seen
May 10, 2025
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
12%
Signal Score
12 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
2 reports12% confidence
2
Source reports
12%
Confidence score
Category tags
aptapt groupbotnetc2c2 infrastructurecommand and controldata exfiltrationdgadistributed attacksgravityrathexindicatorindicators of compromiseinfrastructure acquisitionreconnaissancemalicious softwaremalwarenetworknetwork communicationnetwork trafficprocess injectionratremote access trojanresearchedt1005t1016t1016.001t1016.002t1041t1055t1071t1071.001t1071.002t1071.004t1105t1486t1496t1499.002t1499.003t1565t1573t1573.001t1573.002t1587.001t1590.001
Activity Timeline
May 10May 10
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
12
SIGNAL
Signal Score
12%
Confidence
2
Reports
First seenApr 13, 2025
Last seenMay 10, 2025
VirusTotal
Not checked
WHOIS
- registrar
- NameCheap, Inc.
- description
- Command and Control domains for GravityRAT. These domains are extracted from a number of sources, and are suspicious.
- raw
- Creation Date: 2018-03-26T16:43:31Z DNSSEC: unsigned Domain Name: REQUESTBIN.NET Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: AMOS.NS.CLOUDFLARE.COM Name Server: NORAH.NS.CLOUDFLARE.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6613102107 Registrar IANA ID: 1068 Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NameCheap, Inc. Registry Domain ID: 2243811660_DOMAIN_NET-VRSN Registry Expiry Date: 2026-03-26T16:43:31Z Updated Date: 2025-03-25T16:01:17Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 year ago
Appeared in 2 threat reports