Reconnecting to live updates…

Using SSL Certificates and Graph Theory to Uncover Threat Actors

Severity: mediumType: campaign

Researchers at Infoblox have developed a novel technique that uses graph theory and SSL certificate data from Certificate Transparency logs to identify and map threat actor infrastructures. By analyzing the Subject Alternative Name fields in SSL certificates, domains under common control can be clustered as nodes connected by edges, revealing operational relationships among malicious domains. This approach enables the discovery of previously unknown malicious domains, consolidation of threat actor identities, and early detection of emerging cyber threats. The system processes millions of certificates daily, providing actionable intelligence across various cybercriminal activities. While this technique enhances threat intelligence capabilities, it is not itself a vulnerability or exploit but rather an advanced detection methodology. There are no known exploits or direct attacks associated with this technique. The severity is assessed as medium due to its impact on improving defensive posture rather than representing an active threat. Organizations worldwide can benefit from adopting similar analytical methods to strengthen their threat detection and response strategies.

AI Analysis

Technical Summary

The threat intelligence technique developed by Infoblox leverages graph theory applied to SSL certificate data, specifically utilizing Certificate Transparency (CT) logs to uncover relationships between domains controlled by threat actors. SSL certificates include the Subject Alternative Name (SAN) field, which lists multiple domain names associated with a certificate. By extracting these SAN fields from millions of certificates daily, researchers model domains as nodes and shared certificate attributes as edges in a graph structure. This graph-based approach enables clustering of domains that are likely operated by the same threat actor or group. The method facilitates the identification of malicious infrastructure components that might otherwise remain hidden when analyzed individually. It also aids in consolidating disparate threat actor identities by revealing operational overlaps. This technique supports early detection of emerging threats by highlighting new domains linked to known malicious infrastructure. The approach is passive and relies on publicly available CT logs, making it a powerful tool for proactive threat intelligence without requiring direct interaction with threat actors or compromised systems. The technique aligns with MITRE ATT&CK tactics such as infrastructure discovery and domain clustering (e.g., T1588.004, T1608.004). While not a vulnerability or exploit, this method significantly enhances defenders' ability to map and understand adversary infrastructure at scale.

Potential Impact

The primary impact of this technique is on improving the detection and attribution capabilities of cybersecurity teams and threat intelligence providers. By uncovering hidden relationships between malicious domains, organizations can more effectively block or monitor threat actor infrastructure, reducing the risk of successful attacks. Early identification of emerging malicious domains allows for proactive defense measures, such as updating firewall rules, intrusion detection signatures, and threat intelligence feeds. This can limit the operational scope and effectiveness of cybercriminal campaigns including phishing, malware distribution, and command-and-control operations. The technique also aids in threat actor attribution, which supports law enforcement and strategic response efforts. However, since this is a detection methodology rather than an exploit, it does not directly compromise confidentiality, integrity, or availability of systems. Its value lies in enhancing situational awareness and enabling faster, more informed defensive actions.

Mitigation Recommendations

Organizations should integrate Certificate Transparency log analysis and graph-based domain clustering into their threat intelligence and security monitoring workflows. Deploying or subscribing to services that perform this type of analysis can provide early warnings about malicious infrastructure linked to threat actors targeting their sector. Security teams should correlate these findings with internal telemetry such as DNS logs, network traffic, and endpoint alerts to validate and prioritize threats. Automated blocking or alerting on newly discovered malicious domains identified through this method can reduce exposure. Additionally, organizations should share relevant intelligence with industry Information Sharing and Analysis Centers (ISACs) and law enforcement to enhance collective defense. Investing in skilled analysts and tools capable of handling large-scale graph data and certificate analysis is critical. Finally, maintaining up-to-date SSL/TLS configurations and monitoring certificate issuance for their own domains can help prevent abuse by adversaries.

Affected Countries

United States, United Kingdom, Germany, France, Canada, Australia, Netherlands, Japan, South Korea, Singapore, Israel

Indicators of Compromise

domain: 365day-jp.com
domain: 365shop-pl.com
domain: 365shopping-pl.com
domain: 618712.xyz
domain: 618713.xyz
domain: 618714.xyz
domain: 618715.xyz
domain: 618721.xyz
domain: 618722.xyz
domain: 618723.xyz
domain: 618724.xyz
domain: 618726.xyz
domain: 618727.xyz
domain: 618731.xyz
domain: 618733.xyz
domain: 618734.xyz
domain: 618735.xyz
domain: 618736.xyz
domain: 618737.xyz
domain: 618738.xyz
domain: 618739.xyz
domain: 618740.xyz
domain: 618741.xyz
domain: 618742.xyz
domain: 618743.xyz
domain: 618744.xyz
domain: 618745.xyz
domain: 618747.xyz
domain: 618748.xyz
domain: 618749.xyz
domain: 618750.xyz
domain: 618751.xyz
domain: 618753.xyz
domain: 7iqead.com
domain: 8jadfaw.com
domain: 90sale-pl.com
domain: aaa-pl.com
domain: account-apple-login.com
domain: ahwae2.com
domain: aiagaw4.com
domain: aieutw3.com
domain: alerta-soporte.us
domain: apple-find.xyz
domain: apple-findmiy.com
domain: apple-findmys.com
domain: apple-lcloud.com.tr
domain: apple-lnfo-lost-us.com
domain: apple-lost-lnfo.com
domain: apple-lost-lphone.com
domain: apple-lsupports-us.com
domain: apple-mi.support
domain: apple-supportid.com
domain: apple-ubicado.com.tr
domain: apple-us-lost.com
domain: apple-verifid.com
domain: applecare-find.xyz
domain: applefind.net
domain: appleld-find.com
domain: applemy-locate.com
domain: applesupportesen.org
domain: ashopou.com
domain: auyshop.com
domain: bestselling-pl.com
domain: bigsale-hu.com
domain: bigsale-pl.com
domain: bigsale-ro.com
domain: buy-pl.com
domain: buy-ro.com
domain: buyadp.com
domain: buyakx.com
domain: buyjdn.com
domain: buyjsn.com
domain: buykjm.com
domain: buymxj.com
domain: buyosd.com
domain: bynsd.com
domain: coinbase-invoice.com
domain: com-locate.space
domain: com-login.my
domain: com-sms.us
domain: dappradar.biz
domain: dcikj.com
domain: device-find-apple.com
domain: dfesxe.com
domain: discount-kr.com
domain: dsebea.com
domain: ethereum-gpt.com
domain: evnrsn.com
domain: fanjda.com
domain: fanskw.com
domain: find-87653.com.tr
domain: find-appleld.my
domain: find-my-icloud.org
domain: find-my-phone-support.com
domain: find-my-phone-usa.com
domain: find-my-sopport-phone.us
domain: find-my-supportd.com
domain: find-myclouds.com
domain: findid-clouds.com
domain: findmy-getmaps.com
domain: findmy-lsupported.com
domain: findmy-support-id.com
domain: findmyiappie.com
domain: findmyiapple.com
domain: findmyld.com
domain: findmyu-supports.com
domain: findmyy-apple.com
domain: findsmy-id.com
domain: findsmy-mapss.com
domain: firnvse.com
domain: flnd-phone-us.com
domain: flndcloud.com
domain: flndmy-l.com
domain: fwerwe.com
domain: fwerwetp.com
domain: goodshop-jp.com
domain: gr-hotsale.com
domain: gr-todaysale.com
domain: happybuy-kr.com
domain: hotmall-hu.com
domain: hotmall-pl.com
domain: hotmall-ro.com
domain: hotsale-hu.com
domain: hotsale-pl.com
domain: hotsale-ro.com
domain: hotshopping-ro.com
domain: hotstore-jp.com
domain: hrtyrge.com
domain: hu-hot.com
domain: hu-hotmall.com
domain: hu-hotsale.com
domain: hu-shopvip.com
domain: hu-store.com
domain: hu-todaysale.com
domain: hu-vipmall.com
domain: hu-vipshop.com
domain: hu-vipstore.com
domain: hyviips.com
domain: icioud-ae.com.tr
domain: icioud-aw.com.tr
domain: icioud-aw.xyz
domain: icioud-ds.com.tr
domain: icioud-he.site
domain: icioud-lh.com.tr
domain: icioud-rt.com.tr
domain: icioud-rt.xyz
domain: icioud-ut.us
domain: icloud-id-lost.com
domain: icloud-isuport.com
domain: icloud-lost-mode.org
domain: icloudfind.my
domain: icloudfind.org
domain: icloudfix.me
domain: icloudgenerarsoporte.com
domain: icloudkey.us
domain: icloudservi.me
domain: icloudservi.us
domain: icloudservice.me
domain: icloudservice.tr
domain: icloudsolution.us
domain: icloudsolutions.us
domain: id-findmy-apple.com
domain: id-lcloud.online
domain: id-my-us.com
domain: idevice-supportd.com
domain: iflnd-phone-us.com
domain: isuporte-cloud.com
domain: japanmall-jp.com
domain: japanstore-jp.com
domain: jp-shop-jp.com
domain: jp-shopbuy.com
domain: jpdomall-jp.com
domain: jponline-jp.com
domain: jpshopmall-jp.com
domain: jpvip-jp.com
domain: kaid-th.com
domain: kr-365vipmall.com
domain: kr-discountline.com
domain: kr-happybuy.com
domain: kr-linebuy.com
domain: kr-linemall.com
domain: kr-luckybuy.com
domain: kr-onlinevipmall.com
domain: kr-vipbigmall.com
domain: kr-vipbuybuybuy.com
domain: kr-vipbuymall.com
domain: kr-vipbuyone.com
domain: kr-vipbuyonline.com
domain: kr-vipbuysale.com
domain: kr-vipbuyshop.com
domain: kr-vipbuytop.com
domain: kr-vipbuyvip.com
domain: kr-vipdiscount.com
domain: kr-vipgimall.com
domain: kr-vipgoodbuy.com
domain: kr-viphappybuy.com
domain: kr-viphotsale.com
domain: kr-viphotstore.com
domain: kr-vipinhotsale.com
domain: kr-vipjinrisale.com
domain: kr-vipkrmall.com
domain: kr-vipkrshopping.com
domain: kr-vipkrstore.com
domain: kr-vipluckybuy.com
domain: kr-vipmallmall.com
domain: kr-vipmymall.com
domain: kr-vipmystore.com
domain: kr-viponlineshop.com
domain: kr-viponlinestore.com
domain: kr-vipsalesale.com
domain: kr-vipsaleshop.com
domain: kr-vipsalestore.com
domain: kr-vipsaletop.com
domain: kr-vipshoping.com
domain: kr-vipshopline.com
domain: kr-vipshopmall.com
domain: kr-vipshopshop.com
domain: kr-vipshoptop.com
domain: kr-vipsuperhot.com
domain: kr-vipsupermall.com
domain: kr-vipsupermarket.com
domain: kr-vipsupershop.com
domain: kr-vipsuperstore.com
domain: kr-viptejiashop.com
domain: kr-vipthmallshop.com
domain: kr-viptodaysale.com
domain: lcloud-find-my.org
domain: lcloud-fmi.com
domain: lcloud-lost.com
domain: lcloud-lost.online
domain: lcloud-mi.online
domain: lcloud-soporte.online
domain: ldfindmy.com
domain: ldsupports.com
domain: linebuy-jp.com
domain: linebuy-kr.com
domain: linemall-kr.com
domain: located-find.xyz
domain: lost-iphone.us
domain: lostlcloud.com
domain: lphoneflnd.com
domain: lubuys.com
domain: luckybuy-jp.com
domain: luckybuy-kr.com
domain: lulbuy.com
domain: mall-hu.com
domain: mall-pl.com
domain: mall-ro.com
domain: mallknc.com
domain: mallnxj.com
domain: maps-iphone.cloud
domain: maps-iphone.online
domain: maps-support-findmy.com
domain: mchmall.com
domain: meyou-jp.com
domain: mgdert.com
domain: mlumall.com
domain: myid-maps.com
domain: mymall-jp.com
domain: myphone-lost.com
domain: onlineuw.com
domain: onlinevipmall-kr.com
domain: phone-located.support
domain: phone-lost.support
domain: pi-shopvip.com
domain: pl-hot.com
domain: pl-hotsale.com
domain: pl-todaysale.com
domain: qougle.com
domain: remix-ethereum-ide-bot.com
domain: ro-todaysale-ro.com
domain: shoping-jp.com
domain: shopvip-jp.com
domain: shopvip-th.com
domain: shopvip-tw.com
domain: shopyvip-tw.com
domain: soport-apple.com
domain: soporte-apple.com
domain: soported-appleid.com
domain: soportt-apple-lost.com
domain: sopport-phone-mx.org
domain: supermarket-tw.com
domain: suport-apple-store.com
domain: support-imaps.com
domain: support-lost-phone.com
domain: support-lost-us.com
domain: support-maps-id.com
domain: support-myid.com
domain: supporte-mylost.com
domain: supportid-findmy.com
domain: telegaenzm.top
domain: telegracvm.cc
domain: telegramflp.cc
domain: telegramoimn.cc
domain: telegrasnm.cc
domain: telegraxcim.top
domain: telegrxcnm.cc
domain: thmallshop-jp.com
domain: tlegraincm.cc
domain: todaysale-jp.com
domain: top-kr.com
domain: uaeioa2.com
domain: uyeqa2.com
domain: vip-hotbuy-kr.com
domain: vip-hotmall-kr.com
domain: vip-linebuy-kr.com
domain: vip-linemall-kr.com
domain: vip-lineshop-kr.com
domain: vip-sale-kr.com
domain: vipbuyonline-kr.com
domain: vipdiscount-kr.com
domain: vipgoodbuy-jp.com
domain: vipgoodbuy-kr.com
domain: viphappybuy-jp.com
domain: viphappybuy-kr.com
domain: vipluckybuy-jp.com
domain: vipmall-th.com
domain: vipmallmall-kr.com
domain: vipngf-tw.com
domain: vipshop-jp.com
domain: vipshopline-jp.com
domain: vipshopline-kr.com
domain: vipstore-jp.com
domain: zbgde.com

Using SSL Certificates and Graph Theory to Uncover Threat Actors

Severity: medium

Type: campaign

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

United States, United Kingdom, Germany, France, Canada, Australia, Netherlands, Japan, South Korea, Singapore, Israel

Indicators of Compromise

domain: 365day-jp.com
domain: 365shop-pl.com
domain: 365shopping-pl.com
domain: 618712.xyz
domain: 618713.xyz
domain: 618714.xyz
domain: 618715.xyz
domain: 618721.xyz
domain: 618722.xyz
domain: 618723.xyz
domain: 618724.xyz
domain: 618726.xyz
domain: 618727.xyz
domain: 618731.xyz
domain: 618733.xyz
domain: 618734.xyz
domain: 618735.xyz
domain: 618736.xyz
domain: 618737.xyz
domain: 618738.xyz
domain: 618739.xyz
domain: 618740.xyz
domain: 618741.xyz
domain: 618742.xyz
domain: 618743.xyz
domain: 618744.xyz
domain: 618745.xyz
domain: 618747.xyz
domain: 618748.xyz
domain: 618749.xyz
domain: 618750.xyz
domain: 618751.xyz
domain: 618753.xyz
domain: 7iqead.com
domain: 8jadfaw.com
domain: 90sale-pl.com
domain: aaa-pl.com
domain: account-apple-login.com
domain: ahwae2.com
domain: aiagaw4.com
domain: aieutw3.com
domain: alerta-soporte.us
domain: apple-find.xyz
domain: apple-findmiy.com
domain: apple-findmys.com
domain: apple-lcloud.com.tr
domain: apple-lnfo-lost-us.com
domain: apple-lost-lnfo.com
domain: apple-lost-lphone.com
domain: apple-lsupports-us.com
domain: apple-mi.support
domain: apple-supportid.com
domain: apple-ubicado.com.tr
domain: apple-us-lost.com
domain: apple-verifid.com
domain: applecare-find.xyz
domain: applefind.net
domain: appleld-find.com
domain: applemy-locate.com
domain: applesupportesen.org
domain: ashopou.com
domain: auyshop.com
domain: bestselling-pl.com
domain: bigsale-hu.com
domain: bigsale-pl.com
domain: bigsale-ro.com
domain: buy-pl.com
domain: buy-ro.com
domain: buyadp.com
domain: buyakx.com
domain: buyjdn.com
domain: buyjsn.com
domain: buykjm.com
domain: buymxj.com
domain: buyosd.com
domain: bynsd.com
domain: coinbase-invoice.com
domain: com-locate.space
domain: com-login.my
domain: com-sms.us
domain: dappradar.biz
domain: dcikj.com
domain: device-find-apple.com
domain: dfesxe.com
domain: discount-kr.com
domain: dsebea.com
domain: ethereum-gpt.com
domain: evnrsn.com
domain: fanjda.com
domain: fanskw.com
domain: find-87653.com.tr
domain: find-appleld.my
domain: find-my-icloud.org
domain: find-my-phone-support.com
domain: find-my-phone-usa.com
domain: find-my-sopport-phone.us
domain: find-my-supportd.com
domain: find-myclouds.com
domain: findid-clouds.com
domain: findmy-getmaps.com
domain: findmy-lsupported.com
domain: findmy-support-id.com
domain: findmyiappie.com
domain: findmyiapple.com
domain: findmyld.com
domain: findmyu-supports.com
domain: findmyy-apple.com
domain: findsmy-id.com
domain: findsmy-mapss.com
domain: firnvse.com
domain: flnd-phone-us.com
domain: flndcloud.com
domain: flndmy-l.com
domain: fwerwe.com
domain: fwerwetp.com
domain: goodshop-jp.com
domain: gr-hotsale.com
domain: gr-todaysale.com
domain: happybuy-kr.com
domain: hotmall-hu.com
domain: hotmall-pl.com
domain: hotmall-ro.com
domain: hotsale-hu.com
domain: hotsale-pl.com
domain: hotsale-ro.com
domain: hotshopping-ro.com
domain: hotstore-jp.com
domain: hrtyrge.com
domain: hu-hot.com
domain: hu-hotmall.com
domain: hu-hotsale.com
domain: hu-shopvip.com
domain: hu-store.com
domain: hu-todaysale.com
domain: hu-vipmall.com
domain: hu-vipshop.com
domain: hu-vipstore.com
domain: hyviips.com
domain: icioud-ae.com.tr
domain: icioud-aw.com.tr
domain: icioud-aw.xyz
domain: icioud-ds.com.tr
domain: icioud-he.site
domain: icioud-lh.com.tr
domain: icioud-rt.com.tr
domain: icioud-rt.xyz
domain: icioud-ut.us
domain: icloud-id-lost.com
domain: icloud-isuport.com
domain: icloud-lost-mode.org
domain: icloudfind.my
domain: icloudfind.org
domain: icloudfix.me
domain: icloudgenerarsoporte.com
domain: icloudkey.us
domain: icloudservi.me
domain: icloudservi.us
domain: icloudservice.me
domain: icloudservice.tr
domain: icloudsolution.us
domain: icloudsolutions.us
domain: id-findmy-apple.com
domain: id-lcloud.online
domain: id-my-us.com
domain: idevice-supportd.com
domain: iflnd-phone-us.com
domain: isuporte-cloud.com
domain: japanmall-jp.com
domain: japanstore-jp.com
domain: jp-shop-jp.com
domain: jp-shopbuy.com
domain: jpdomall-jp.com
domain: jponline-jp.com
domain: jpshopmall-jp.com
domain: jpvip-jp.com
domain: kaid-th.com
domain: kr-365vipmall.com
domain: kr-discountline.com
domain: kr-happybuy.com
domain: kr-linebuy.com
domain: kr-linemall.com
domain: kr-luckybuy.com
domain: kr-onlinevipmall.com
domain: kr-vipbigmall.com
domain: kr-vipbuybuybuy.com
domain: kr-vipbuymall.com
domain: kr-vipbuyone.com
domain: kr-vipbuyonline.com
domain: kr-vipbuysale.com
domain: kr-vipbuyshop.com
domain: kr-vipbuytop.com
domain: kr-vipbuyvip.com
domain: kr-vipdiscount.com
domain: kr-vipgimall.com
domain: kr-vipgoodbuy.com
domain: kr-viphappybuy.com
domain: kr-viphotsale.com
domain: kr-viphotstore.com
domain: kr-vipinhotsale.com
domain: kr-vipjinrisale.com
domain: kr-vipkrmall.com
domain: kr-vipkrshopping.com
domain: kr-vipkrstore.com
domain: kr-vipluckybuy.com
domain: kr-vipmallmall.com
domain: kr-vipmymall.com
domain: kr-vipmystore.com
domain: kr-viponlineshop.com
domain: kr-viponlinestore.com
domain: kr-vipsalesale.com
domain: kr-vipsaleshop.com
domain: kr-vipsalestore.com
domain: kr-vipsaletop.com
domain: kr-vipshoping.com
domain: kr-vipshopline.com
domain: kr-vipshopmall.com
domain: kr-vipshopshop.com
domain: kr-vipshoptop.com
domain: kr-vipsuperhot.com
domain: kr-vipsupermall.com
domain: kr-vipsupermarket.com
domain: kr-vipsupershop.com
domain: kr-vipsuperstore.com
domain: kr-viptejiashop.com
domain: kr-vipthmallshop.com
domain: kr-viptodaysale.com
domain: lcloud-find-my.org
domain: lcloud-fmi.com
domain: lcloud-lost.com
domain: lcloud-lost.online
domain: lcloud-mi.online
domain: lcloud-soporte.online
domain: ldfindmy.com
domain: ldsupports.com
domain: linebuy-jp.com
domain: linebuy-kr.com
domain: linemall-kr.com
domain: located-find.xyz
domain: lost-iphone.us
domain: lostlcloud.com
domain: lphoneflnd.com
domain: lubuys.com
domain: luckybuy-jp.com
domain: luckybuy-kr.com
domain: lulbuy.com
domain: mall-hu.com
domain: mall-pl.com
domain: mall-ro.com
domain: mallknc.com
domain: mallnxj.com
domain: maps-iphone.cloud
domain: maps-iphone.online
domain: maps-support-findmy.com
domain: mchmall.com
domain: meyou-jp.com
domain: mgdert.com
domain: mlumall.com
domain: myid-maps.com
domain: mymall-jp.com
domain: myphone-lost.com
domain: onlineuw.com
domain: onlinevipmall-kr.com
domain: phone-located.support
domain: phone-lost.support
domain: pi-shopvip.com
domain: pl-hot.com
domain: pl-hotsale.com
domain: pl-todaysale.com
domain: qougle.com
domain: remix-ethereum-ide-bot.com
domain: ro-todaysale-ro.com
domain: shoping-jp.com
domain: shopvip-jp.com
domain: shopvip-th.com
domain: shopvip-tw.com
domain: shopyvip-tw.com
domain: soport-apple.com
domain: soporte-apple.com
domain: soported-appleid.com
domain: soportt-apple-lost.com
domain: sopport-phone-mx.org
domain: supermarket-tw.com
domain: suport-apple-store.com
domain: support-imaps.com
domain: support-lost-phone.com
domain: support-lost-us.com
domain: support-maps-id.com
domain: support-myid.com
domain: supporte-mylost.com
domain: supportid-findmy.com
domain: telegaenzm.top
domain: telegracvm.cc
domain: telegramflp.cc
domain: telegramoimn.cc
domain: telegrasnm.cc
domain: telegraxcim.top
domain: telegrxcnm.cc
domain: thmallshop-jp.com
domain: tlegraincm.cc
domain: todaysale-jp.com
domain: top-kr.com
domain: uaeioa2.com
domain: uyeqa2.com
domain: vip-hotbuy-kr.com
domain: vip-hotmall-kr.com
domain: vip-linebuy-kr.com
domain: vip-linemall-kr.com
domain: vip-lineshop-kr.com
domain: vip-sale-kr.com
domain: vipbuyonline-kr.com
domain: vipdiscount-kr.com
domain: vipgoodbuy-jp.com
domain: vipgoodbuy-kr.com
domain: viphappybuy-jp.com
domain: viphappybuy-kr.com
domain: vipluckybuy-jp.com
domain: vipmall-th.com
domain: vipmallmall-kr.com
domain: vipngf-tw.com
domain: vipshop-jp.com
domain: vipshopline-jp.com
domain: vipshopline-kr.com
domain: vipstore-jp.com
domain: zbgde.com

Source: AlienVault OTX General

Published: Wed Mar 04 2026

Using SSL Certificates and Graph Theory to Uncover Threat Actors

Medium

Campaigngraph theory certificate transparency infrastructure discovery threat intelligence ssl certificates domain clustering t1588.004 t1608.004 t1608.001 t1583.001 t1589.002 t1592.002 t1608.003 t1590.001

Published: Wed Mar 04 2026 (03/04/2026, 19:42:41 UTC)

Source: AlienVault OTX General

Description

AI-Powered Analysis

AILast updated: 03/05/2026, 10:08:26 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Author: AlienVault
Tlp: white
References: ["https://www.infoblox.com/blog/security/connecting-dots-with-ssl-certificates-finding-threat-actors-with-graph-theory/"]
Adversary: null
Pulse Id: 69a88b31dad43f4df1caab65
Threat Score: null

Indicators of Compromise

Domain

Value	Description	Copy
domain365day-jp.com	—
domain365shop-pl.com	—
domain365shopping-pl.com	—
domain618712.xyz	—
domain618713.xyz	—
domain618714.xyz	—
domain618715.xyz	—
domain618721.xyz	—
domain618722.xyz	—
domain618723.xyz	—
domain618724.xyz	—
domain618726.xyz	—
domain618727.xyz	—
domain618731.xyz	—
domain618733.xyz	—
domain618734.xyz	—
domain618735.xyz	—
domain618736.xyz	—
domain618737.xyz	—
domain618738.xyz	—
domain618739.xyz	—
domain618740.xyz	—
domain618741.xyz	—
domain618742.xyz	—
domain618743.xyz	—
domain618744.xyz	—
domain618745.xyz	—
domain618747.xyz	—
domain618748.xyz	—
domain618749.xyz	—
domain618750.xyz	—
domain618751.xyz	—
domain618753.xyz	—
domain7iqead.com	—
domain8jadfaw.com	—
domain90sale-pl.com	—
domainaaa-pl.com	—
domainaccount-apple-login.com	—
domainahwae2.com	—
domainaiagaw4.com	—
domainaieutw3.com	—
domainalerta-soporte.us	—
domainapple-find.xyz	—
domainapple-findmiy.com	—
domainapple-findmys.com	—
domainapple-lcloud.com.tr	—
domainapple-lnfo-lost-us.com	—
domainapple-lost-lnfo.com	—
domainapple-lost-lphone.com	—
domainapple-lsupports-us.com	—
domainapple-mi.support	—
domainapple-supportid.com	—
domainapple-ubicado.com.tr	—
domainapple-us-lost.com	—
domainapple-verifid.com	—
domainapplecare-find.xyz	—
domainapplefind.net	—
domainappleld-find.com	—
domainapplemy-locate.com	—
domainapplesupportesen.org	—
domainashopou.com	—
domainauyshop.com	—
domainbestselling-pl.com	—
domainbigsale-hu.com	—
domainbigsale-pl.com	—
domainbigsale-ro.com	—
domainbuy-pl.com	—
domainbuy-ro.com	—
domainbuyadp.com	—
domainbuyakx.com	—
domainbuyjdn.com	—
domainbuyjsn.com	—
domainbuykjm.com	—
domainbuymxj.com	—
domainbuyosd.com	—
domainbynsd.com	—
domaincoinbase-invoice.com	—
domaincom-locate.space	—
domaincom-login.my	—
domaincom-sms.us	—
domaindappradar.biz	—
domaindcikj.com	—
domaindevice-find-apple.com	—
domaindfesxe.com	—
domaindiscount-kr.com	—
domaindsebea.com	—
domainethereum-gpt.com	—
domainevnrsn.com	—
domainfanjda.com	—
domainfanskw.com	—
domainfind-87653.com.tr	—
domainfind-appleld.my	—
domainfind-my-icloud.org	—
domainfind-my-phone-support.com	—
domainfind-my-phone-usa.com	—
domainfind-my-sopport-phone.us	—
domainfind-my-supportd.com	—
domainfind-myclouds.com	—
domainfindid-clouds.com	—
domainfindmy-getmaps.com	—
domainfindmy-lsupported.com	—
domainfindmy-support-id.com	—
domainfindmyiappie.com	—
domainfindmyiapple.com	—
domainfindmyld.com	—
domainfindmyu-supports.com	—
domainfindmyy-apple.com	—
domainfindsmy-id.com	—
domainfindsmy-mapss.com	—
domainfirnvse.com	—
domainflnd-phone-us.com	—
domainflndcloud.com	—
domainflndmy-l.com	—
domainfwerwe.com	—
domainfwerwetp.com	—
domaingoodshop-jp.com	—
domaingr-hotsale.com	—
domaingr-todaysale.com	—
domainhappybuy-kr.com	—
domainhotmall-hu.com	—
domainhotmall-pl.com	—
domainhotmall-ro.com	—
domainhotsale-hu.com	—
domainhotsale-pl.com	—
domainhotsale-ro.com	—
domainhotshopping-ro.com	—
domainhotstore-jp.com	—
domainhrtyrge.com	—
domainhu-hot.com	—
domainhu-hotmall.com	—
domainhu-hotsale.com	—
domainhu-shopvip.com	—
domainhu-store.com	—
domainhu-todaysale.com	—
domainhu-vipmall.com	—
domainhu-vipshop.com	—
domainhu-vipstore.com	—
domainhyviips.com	—
domainicioud-ae.com.tr	—
domainicioud-aw.com.tr	—
domainicioud-aw.xyz	—
domainicioud-ds.com.tr	—
domainicioud-he.site	—
domainicioud-lh.com.tr	—
domainicioud-rt.com.tr	—
domainicioud-rt.xyz	—
domainicioud-ut.us	—
domainicloud-id-lost.com	—
domainicloud-isuport.com	—
domainicloud-lost-mode.org	—
domainicloudfind.my	—
domainicloudfind.org	—
domainicloudfix.me	—
domainicloudgenerarsoporte.com	—
domainicloudkey.us	—
domainicloudservi.me	—
domainicloudservi.us	—
domainicloudservice.me	—
domainicloudservice.tr	—
domainicloudsolution.us	—
domainicloudsolutions.us	—
domainid-findmy-apple.com	—
domainid-lcloud.online	—
domainid-my-us.com	—
domainidevice-supportd.com	—
domainiflnd-phone-us.com	—
domainisuporte-cloud.com	—
domainjapanmall-jp.com	—
domainjapanstore-jp.com	—
domainjp-shop-jp.com	—
domainjp-shopbuy.com	—
domainjpdomall-jp.com	—
domainjponline-jp.com	—
domainjpshopmall-jp.com	—
domainjpvip-jp.com	—
domainkaid-th.com	—
domainkr-365vipmall.com	—
domainkr-discountline.com	—
domainkr-happybuy.com	—
domainkr-linebuy.com	—
domainkr-linemall.com	—
domainkr-luckybuy.com	—
domainkr-onlinevipmall.com	—
domainkr-vipbigmall.com	—
domainkr-vipbuybuybuy.com	—
domainkr-vipbuymall.com	—
domainkr-vipbuyone.com	—
domainkr-vipbuyonline.com	—
domainkr-vipbuysale.com	—
domainkr-vipbuyshop.com	—
domainkr-vipbuytop.com	—
domainkr-vipbuyvip.com	—
domainkr-vipdiscount.com	—
domainkr-vipgimall.com	—
domainkr-vipgoodbuy.com	—
domainkr-viphappybuy.com	—
domainkr-viphotsale.com	—
domainkr-viphotstore.com	—
domainkr-vipinhotsale.com	—
domainkr-vipjinrisale.com	—
domainkr-vipkrmall.com	—
domainkr-vipkrshopping.com	—
domainkr-vipkrstore.com	—
domainkr-vipluckybuy.com	—
domainkr-vipmallmall.com	—
domainkr-vipmymall.com	—
domainkr-vipmystore.com	—
domainkr-viponlineshop.com	—
domainkr-viponlinestore.com	—
domainkr-vipsalesale.com	—
domainkr-vipsaleshop.com	—
domainkr-vipsalestore.com	—
domainkr-vipsaletop.com	—
domainkr-vipshoping.com	—
domainkr-vipshopline.com	—
domainkr-vipshopmall.com	—
domainkr-vipshopshop.com	—
domainkr-vipshoptop.com	—
domainkr-vipsuperhot.com	—
domainkr-vipsupermall.com	—
domainkr-vipsupermarket.com	—
domainkr-vipsupershop.com	—
domainkr-vipsuperstore.com	—
domainkr-viptejiashop.com	—
domainkr-vipthmallshop.com	—
domainkr-viptodaysale.com	—
domainlcloud-find-my.org	—
domainlcloud-fmi.com	—
domainlcloud-lost.com	—
domainlcloud-lost.online	—
domainlcloud-mi.online	—
domainlcloud-soporte.online	—
domainldfindmy.com	—
domainldsupports.com	—
domainlinebuy-jp.com	—
domainlinebuy-kr.com	—
domainlinemall-kr.com	—
domainlocated-find.xyz	—
domainlost-iphone.us	—
domainlostlcloud.com	—
domainlphoneflnd.com	—
domainlubuys.com	—
domainluckybuy-jp.com	—
domainluckybuy-kr.com	—
domainlulbuy.com	—
domainmall-hu.com	—
domainmall-pl.com	—
domainmall-ro.com	—
domainmallknc.com	—
domainmallnxj.com	—
domainmaps-iphone.cloud	—
domainmaps-iphone.online	—
domainmaps-support-findmy.com	—
domainmchmall.com	—
domainmeyou-jp.com	—
domainmgdert.com	—
domainmlumall.com	—
domainmyid-maps.com	—
domainmymall-jp.com	—
domainmyphone-lost.com	—
domainonlineuw.com	—
domainonlinevipmall-kr.com	—
domainphone-located.support	—
domainphone-lost.support	—
domainpi-shopvip.com	—
domainpl-hot.com	—
domainpl-hotsale.com	—
domainpl-todaysale.com	—
domainqougle.com	—
domainremix-ethereum-ide-bot.com	—
domainro-todaysale-ro.com	—
domainshoping-jp.com	—
domainshopvip-jp.com	—
domainshopvip-th.com	—
domainshopvip-tw.com	—
domainshopyvip-tw.com	—
domainsoport-apple.com	—
domainsoporte-apple.com	—
domainsoported-appleid.com	—
domainsoportt-apple-lost.com	—
domainsopport-phone-mx.org	—
domainsupermarket-tw.com	—
domainsuport-apple-store.com	—
domainsupport-imaps.com	—
domainsupport-lost-phone.com	—
domainsupport-lost-us.com	—
domainsupport-maps-id.com	—
domainsupport-myid.com	—
domainsupporte-mylost.com	—
domainsupportid-findmy.com	—
domaintelegaenzm.top	—
domaintelegracvm.cc	—
domaintelegramflp.cc	—
domaintelegramoimn.cc	—
domaintelegrasnm.cc	—
domaintelegraxcim.top	—
domaintelegrxcnm.cc	—
domainthmallshop-jp.com	—
domaintlegraincm.cc	—
domaintodaysale-jp.com	—
domaintop-kr.com	—
domainuaeioa2.com	—
domainuyeqa2.com	—
domainvip-hotbuy-kr.com	—
domainvip-hotmall-kr.com	—
domainvip-linebuy-kr.com	—
domainvip-linemall-kr.com	—
domainvip-lineshop-kr.com	—
domainvip-sale-kr.com	—
domainvipbuyonline-kr.com	—
domainvipdiscount-kr.com	—
domainvipgoodbuy-jp.com	—
domainvipgoodbuy-kr.com	—
domainviphappybuy-jp.com	—
domainviphappybuy-kr.com	—
domainvipluckybuy-jp.com	—
domainvipmall-th.com	—
domainvipmallmall-kr.com	—
domainvipngf-tw.com	—
domainvipshop-jp.com	—
domainvipshopline-jp.com	—
domainvipshopline-kr.com	—
domainvipstore-jp.com	—
domainzbgde.com	—

Threat ID: 69a952710e5bba37ca8f2edc

Added to database: 3/5/2026, 9:52:49 AM

Last enriched: 3/5/2026, 10:08:26 AM

Last updated: 3/5/2026, 1:45:52 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.