DomainMediumSignal 100/100

`ybcd.tech`

Location

Netherlands

First Seen

Dec 27, 2023

Last Seen

Apr 5, 2026

Dec 27

First Seen

899d ago

Apr 5

Last Seen

69d ago

Reports

source reports

99%

Confidence

medium

8/91

VirusTotal

detections

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

8 reports99% confidence

Source reports

99%

Confidence score

Category tags

aaaaab c5academic institutionsacceptaccess controlaccess deniedaccount hijackingaccount securityactivatoractive relatedactive scanadded activeaddressadloadadobe airadwareagencyagentalertsalexaalexa topallowameranalysis dateantivm_network_adaptersantivm_queries_computernameappleartemisascii textasiaassured idasyncratatlasattackav detectionsavast avgazorultazureadmyorgbackdoorbad actorbank securitybb f6binary filebitrepblacklist httpblacknet ratbodybotnetbotnet activitybrowserbrute forceca statusca validcapecf b8cf f4checks_debuggerchinacisco umbrellacivil servicesck idck idsck techniquesclasscleanerclick-based attackclient authcloud infrastructurecobalt strikecode executioncode injectioncoinminercommandcommand and controlcommand executioncommunication protocolcommunication technologiesconduitconnectorcontactcontent generatingcontent lengthcopy md5copy sha1copy sha256corporate lawcovid19creation datecredential harvestingcredential stuffingcredential theftcryptocurrencycsc corporatedata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferddosdeepscandeletedeleteddeleted virustotal graphsdelphidesktopdetection listdgadigicert sha2digital iddigital mediadigital signaturedisplay driverdistributed attacksdns attackdos executabledownldrdownloaderdropperdumped_bufferdynamicloaderec f2educational resourceseducational serviceseducational technologyelectronic health recordsemotetencdocencryptencryptionenergyenergy distributionenglishenigmaenoschenosch malwareenter rexxfieldentertainment technologyentriesentries peentrusteuropeeurope/asiaexecutable fileexploitexploitation activityextortionfactoryfalsefccfilefilesfiles ipfiles locationfiles showfinancefinancial institutionfinancial servicesfindfireholfirstflag unitedfraudfromfrontfueryg2 validg4 issuerg5 issuerg5 validgame designgame developmentgame publishinggaminggaming industrygaming platformsgaming technologygen.ogenericgeneric malwaregeneric ole2generic windosgooglegovernment technologygraph communitygreek certgvthackinghashhealth care and social assistancehealth information technologyhealthcare information systemsheurhiddenhighhigher educationhistoricalhistorical sslhong konghospital managementhostname enumerationhours agohtml documenthttp attackhttp scannerhybridicedidicons libraryidentity & access exploitationids detectionsiframeillegal practicesindicatorinformation gatheringinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitinjection activityinput validation bypassintellectual property lawiocsiot securityipv4ipv4 addissuer verisignit infrastructurejavajson datajunk datak-12 educationkeyloggerkillavkryptiklawlaw practicelearnlegal consultinglegal researchlegal serviceslegal technologylinuxlivelocalltcgcmagnusmalicious activitymalicious downloadmalicious linksmalicious sitemalicious softwaremalwaremalware distributionmalware droppermalware genericmalware signingmalware sitemarkusmediamedia & entertainmentmedia distributionmedical servicesmediummeistermenumenu industriesmenu issuesmenu servicesmetadata analysismetastealermicrosoft azuremicrosoft codemicrosoft crmmicrosoft powermicrosoft teamsmiddle eastmillionmitre attmobilemobile carriersmobile gamingmobile networksmobile securitymodifies_proxy_wpadmon febmovedmozillamultimedia productionmusicname tacticsname verisignnameweb bvbanetherlandsnetskynetworknetwork onetwork scanningnetwork_httpnetwork_icmpnetwork_smtpnextnext associatedngonircmdnoname057none filenosy pegaobjectofficeoffice openoil & gasopen packagingopen xmlopenssloperating system securityoriginal nameos2 executableoutlookoverview domainpacked executablepassive dnspastepatcherpath traversalpatient carepattern matchpe resourcepe64 compilerpersistence_autorunphiphishingphishing attackphishing siteplugxpost httppower generationpower systemspremiumpresent aprpresent julpresent marpresent novprocess injectionproduct monitorproxypublic administrationpublic infrastructurepublic policypublic primarypulse pulsespulsespulses nonepulses urlpythonqakbotquasar ratraccoonrandom domainsrandom hostsransomwarereconnaissanceredline stealerregszregulatory agenciesregulatory compliancerelated filerelated nidsrelated pulsesrelated tagsremoteremote accessremote access trojanremote servicesrenewable energyreport spamresearchedrobertsrole titlerostpayrounduprussiasafe sitesamplesscams & fraudscan endpointsscript urlssea turtlesearchsecurity operationssecurity policyseraphserversserviceshellshowshowingsibotsignersilencesitesizeskynetsmithsocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware integritysourcespamsparkspawnsssl certificatestatestatusstealerstreaming servicesstringsstrongsummarysummary iocssurveysuspswrortsymantec timesystem disruptiont1005t1021t1027t1030t1046t1055t1057t1059t1059.001t1060t1064t1071t1071.001t1078t1095t1105t1113t1133t1140t1189t1190t1203t1204.001t1204.002t1480t1486t1490t1496t1499.001t1499.002t1499.003t1553t1554.001t1554.003t1565t1566t1566.001t1566.002t1566.003t1567.001t1569.002t1573t1583t1587.001t1589.001t1590.001tag counttargettcp shellteal kurmateamteams apitechtelecom servicestelecommunicationstempthreatthreat actorthreat analyzerthreat intelligencethreat preventionthreat reportthreat rounduptime stampingtitle addedtlstoolstor nodetortoisetrojan malwaretrojandroppertrojanspytruetsara brashearstucowstucows domainstwittertype indicatorunicode textunionunitedunited kingdomunixunruyunsafeupdaterurlsurls httpurls httpsuser executionuss cusvwusvwuutc submissionsvalidvalid fromvalid issuervalid usageverifyverisign classverisign statusverisign trustvidarvideo gamesvisiblevulnerability scanwacatacweb application attackweb application exploitationweb generatorweb securityweb trafficwebshellwhois recordwhois registrarwhois whoiswin32 exewin32 malwarewindirwindows malwarewiperword documentword microsoftwormwritexml formatxratxtratyarayara detectionsyouthzip archive

Activity Timeline

1 total obs

Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **ybcd.tech**, originating from the Netherlands, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on December

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenDec 27, 2023

Last seenApr 5, 2026

VirusTotal

8/ 91vendors flagged

9% detection rateJun 8, 2026

WHOIS

description: Victims business social media accounts deleted. Used to commit malicious activity against businesses, espionage , financial abuse.
domain rank: -1
raw: Administrative country: United States Administrative state: NC Create date: 2022-09-08 00:00:00 Domain name: ybcd.tech Domain registrar id: 1861 Domain registrar url: whois.porkbun.com Expiry date: 2023-09-08 00:00:00 Name server 1: CRIS.NS.CLOUDFLARE.COM Name server 2: KIKI.NS.CLOUDFLARE.COM Query time: 2022-09-08 00:00:00 Registrant company: 0c0ae3ca894d74a0 Registrant country: United States Registrant state: b5ccaeb3c805e2cb Update date: 2022-09-08 00:00:00
references: All - EnterpriseAppsList.csv, AppRegistrationList.csv, https://tria.ge/240517-vc7c1shc62/behavioral1, https://tria.ge/240517-vdwb5shc71/behavioral1, https://tria.ge/240517-vqxezaaa33/behavioral1, https://tria.ge/240517-t9pc2ahb2t, https://www.virustotal.com/graph/embed/g9453a2f58a3340f18120987c2b4d710dbb44ded88c434abf8894458a98c7bd4b?theme=dark, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/iocs, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/graph, https://www.virustotal.com/gui/collection/b84a19d60ec7cd6d546a3f145dff8987128d0f499161118b46de22718d4713cd/summary, https://www.filescan.io/uploads/66479b483313f70f0afe3dbb, https://www.filescan.io/uploads/664799c9d5c40bffee6106d7, Thor Scan: S-I9VvMTB6cZU, https://www.filescan.io/uploads/664ba368d5c40bffee63b1ee/reports/31817751-6b5d-45df-8813-472aa6c756a3/overview, https://www.filescan.io/uploads/664ba8a20663ff3c2ec6428a/reports/09d3d82a-7ec1-4804-93e5-5ae691fbb7f2/overview, https://imp0rtp3.wordpress.com/2021/08/12/tetris/, https://www.filescan.io/uploads/664bb0cd7c9fb1468fc610c5/reports/00c78e4d-2156-4906-a106-ebf7e2723251/overview, https://www.filescan.io/uploads/664bb40fbc04dffa92240ca2/reports/398074f2-c7b6-40e9-9b5c-4225cc990473/overview, https://www.filescan.io/uploads/664bb683bc04dffa92241015/reports/92b70fd6-97d7-4386-8465-f3fd79043843/overview, https://tria.ge/240521-q4s79agb25/static1, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906322f5af13cdfb50be, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/664f906222f5af13cdfb5093, https://www.filescan.io/uploads/666d69ff6b8dba248b414767/reports/dda2c8a1-96fd-4c00-9cbc-c64c4685a804/overview, https://www.filescan.io/uploads/666d69ff6b8dba248b414767, https://viz.greynoise.io/analysis/33e9b33b-b932-4c43-9be1-3e2d6f9cb4b3, https://viz.greynoise.io/analysis/e51d9a15-d802-4d51-9a70-17803dc2693a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b, Above Malcore Strings: All - EnterpriseAppsList, AppRegistration, EnterpriseAppslist, exportGroup, exportUsers, HiddenApps - EnterpriseAppsList****, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00975ea31558d54fceea, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cff1a5ea31558d54fcbf6, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d0107b44401771de9ebf2, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d00356dd8f43b723a915a, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667cffec5ea31558d54fcda2, https://www.hudsonrock.com/search?domain=ualberta.ca, https://www.criminalip.io/domain/report?scan_id=13798622, https://viz.greynoise.io/analysis/9635144c-db8f-47ab-a83a-5785602244cf - 07.03.24, https://urlscan.io/search/#ualberta.ca, https://www.virustotal.com/gui/collection/0ca12fcdd125ec5a5055180ee828b98d47b8b2e920660be559c2b602266b6b1d/iocs, https://sitereport.netcraft.com/?url=http://ualberta.ca, https://www.wordfence.com/blog/2022/10/threat-advisory-monitoring-cve-2022-42889-text4shell-exploit-attempts/, https://tenantresolution.pingcastle.com/Search - Tenant still active (07.19.24) - Good jobs ya'll, https://www.virustotal.com/graph/embed/gf1d5aa209c7f4fd086e4cb17dcd0af52421ea4bae87d49fe9b4076b382612f0e?theme=dark, https://viz.greynoise.io/query/AS36351%20classification:%22malicious%22, https://viz.greynoise.io/query/AS60068%20classification:%22malicious%22, https://viz.greynoise.io/query/AS8075%20classification:%22malicious%22, https://viz.greynoise.io/query/AS15169%20classification:%22malicious%22, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b - https://app.malcore.io/share/652553f6aec33d70a1dbbd25/667d01d2b67682d81c00f37b = Hidden Apps - Enterprise Apps List, https://otx.alienvault.com/indicator/file/c98108ca8f4e0dd8a3f63d4ac490e115, https://www.google.com/?authuser=0, Wiper to Ransomware: The Evolution of Agrius - Sourced: ArcSight Threat Intelligence, AS15133 MCI Communications Services Inc d b a Verizon Business, Loudon County, Va, 207 Iowa.gov domains and hosts acting as cyber security [cyberreason], iowa.gov, accidentreports.iowa.gov, beready.iowa.gov, affordableconnectivity.gov, appanoosecounty.iowa.gov, bigben.iowa.gov [Ben Smith?], lacity.gov, auditortest.iowa.gov, broadband.iowa.gov, admin.auditor.iowa.gov,, https://lacity.gov/san/index.htm, https://personnel.lacity.gov, https://lacity.gov/SAN,, Domains Contacted: smtp.gmail.com www.google.com, DGA Domain [affordableconnectivity.gov & GetInternet.gov] Home ACP Universal Service Administrative Company, www.fcc.gov? DGA Domains : Certificate Subject US 443 Certificate Subject District of Columbia 443 Certificate Subject Washington 443 Certificate Subject Federal Communications Commission 443 Certificate Subject Government Entity 443 Certificate Subject 1934-06-19 443 Certificate Subject affordableconnectivity.gov 443 Certificate Issuer Entrust, Inc. 443 Certificate Issuer See www.entrust.net/legal-terms 443 Certificate Issuer, (c) 2014 Entrust, Inc. - for authorized use only 443 Certificate Issuer Entrust Certification Authority - L1M, https://www.clear.com.br/site/DirectTalk/Filter?botopenned=3Dtrue [???], https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/tortoise-and-malwahare.html, https://cybersecuritynews.com/snappytcp-reverse-shell/, https://www.hybrid-analysis.com/sample/8d62f650d5cb5d68441bd64ad24f088f18e34779f0c2e8178917a1e07dd65996/65642d5cfa9d60126100612e, https://www.hybrid-analysis.com/sample/8d62f650d5cb5d68441bd64ad24f088f18e34779f0c2e8178917a1e07dd65996, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian, http://fireeyei.iowa.gov/, http://[email protected]/, http://uchealth.com/physician/frank-avilucea/, https://my.uchealth.com/myuchealth/Visits/VisitDetails?csn=WP-24%E2%80%A6FJ0JuA-3D-3D-24vasu1ISpMoMuqD8IMEos5jRZZFiBtfPMciW-2FFH52VaQ-3D, http://intranet.uchealth.com/Policies/Corporate%20Policies/Standards%20of%20Performance%20and%20Conduct.pdf, https://my.uchealth.com/myuchealth/inside.asp?mode=visitsummary&submode=notes&csn=WP-24PtuJGFUkCkn9owS5DdIspw-3D-3D-24g6bhGYash%E2%80%A6, https://www.energyvanguard.com/blog/59284/Guest-Post-The-Fatal-Flaw-in-Advanced-Framing-Part-1, https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=, https://www.wlafx4trk.com/cmp/33K48/5ZK2T/?source_id=95_1236_91dabe93-2a51-4b93-bfd3-4a4bd7e00ff3_31&sub1=4df5b890c55d4bdead5ba03dde982afa, https://yugemobile.com/tracking?plcmntid=ym5002&imps=2dda8436-396e-4b37-a917-0cce11ffb623, Found in http://kaplanmorrell.com/meet-kaplan-morrel/meet-ronda-cordova/, vortex-nlb-http2-fed-us-taut-purple.nr-data.net (b.link infringement), nr-data.net (Apple Private Data Collection), uapi-qa.stlouisfed.org (Hospital Metadata), abc7news.com
subdomains count: 1

`ybcd.tech`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy