{ "type": "Domain", "indicator": "magicallyday.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/magicallyday.com", "alexa": "http://www.alexa.com/siteinfo/magicallyday.com", "indicator": "magicallyday.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4156940475, "indicator": "magicallyday.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69df7473b4ccceebf262bcb8", "name": "Update 2: IRGC-Linked Cyber Threat Landscape: Charming Kitten and Allied APT Activity", "description": "", "modified": "2026-05-15T11:14:06.666000", "created": "2026-04-15T11:20:19.664000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cherryid", "id": "383941", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69326c41d42decb549286c69", "name": "EbeeDec2025 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-01-04T05:04:24.496000", "created": "2025-12-05T05:23:13.601000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20121823 cve", "cve20213156 cve", "cve20214034 cve", "cve20222588 cve" ], "references": [], "public": 1, "adversary": "APT-C-35 (DoNot), Morte Loader, FunkSec Ransomware, Albiriox, eBPF-based rootkits, Arkanix Stealer", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 145, "FileHash-SHA1": 201, "FileHash-SHA256": 191, "CVE": 9, "URL": 35, "domain": 72, "email": 2, "hostname": 26 }, "indicator_count": 681, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "147 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692fa5a7db80663ecb7b4ca6", "name": "IOC - MuddyWater: Snakes by the riverbank", "description": "ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent targeting of government and critical infrastructure sectors, often leveraging custom malware and publicly available tools.", "modified": "2026-01-02T02:01:13.062000", "created": "2025-12-03T02:51:19.915000", "tags": [ "gosocks5", "fooder", "muddywater", "c server", "muddywater c", "blub", "cenotes", "na hosterdaddy", "private", "lpnotes", "mimikatz", "first", "nova", "muddyviper" ], "references": [ "https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MuddyWater", "display_name": "MuddyWater", "target": null }, { "id": "MuddyViper", "display_name": "MuddyViper", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 61, "FileHash-SHA256": 2, "domain": 2, "hostname": 1 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6936550ed7272aa500c595cb", "name": "IOC - MuddyWater: Snakes by the riverbank", "description": "", "modified": "2026-01-02T02:01:13.062000", "created": "2025-12-08T04:33:18.895000", "tags": [ "gosocks5", "fooder", "muddywater", "c server", "muddywater c", "blub", "cenotes", "na hosterdaddy", "private", "lpnotes", "mimikatz", "first", "nova", "muddyviper" ], "references": [ "https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MuddyWater", "display_name": "MuddyWater", "target": null }, { "id": "MuddyViper", "display_name": "MuddyViper", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "692fa5a7db80663ecb7b4ca6", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 61, "FileHash-SHA256": 2, "domain": 2, "hostname": 1 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692f91be795fddab8a73fe2b", "name": "MuddyWater Iran APT - Israel/Egypt Critical Infrastructure (ESET Nov 2025)", "description": "Fresh MuddyWater IOCs from ESET research Nov 26, 2025. Iranian state-sponsored APT targeting critical infrastructure in Israel and Egypt. Uses Fooder launcher, Blub browser-data stealer, CE-Notes/LP-Notes credential stealers, MuddyViper backdoor, go-socks5 reverse tunnels. Curated by DugganUSA LLC.", "modified": "2026-01-02T01:01:58.418000", "created": "2025-12-03T01:26:22.682000", "tags": [ "muddywater", "iran", "apt", "israel", "egypt", "critical-infrastructure", "eset" ], "references": [ "https://www.welivesecurity.com" ], "public": 1, "adversary": "MuddyWater", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1, "FileHash-SHA1": 4 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/", "https://www.welivesecurity.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "APT-C-35 (DoNot), Morte Loader, FunkSec Ransomware, Albiriox, eBPF-based rootkits, Arkanix Stealer", "MuddyWater" ], "malware_families": [ "Muddyviper", "Muddywater" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69df7473b4ccceebf262bcb8", "name": "Update 2: IRGC-Linked Cyber Threat Landscape: Charming Kitten and Allied APT Activity", "description": "", "modified": "2026-05-15T11:14:06.666000", "created": "2026-04-15T11:20:19.664000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Cherryid", "id": "383941", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 5 }, "indicator_count": 5, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69326c41d42decb549286c69", "name": "EbeeDec2025 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-01-04T05:04:24.496000", "created": "2025-12-05T05:23:13.601000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "cve20121823 cve", "cve20213156 cve", "cve20214034 cve", "cve20222588 cve" ], "references": [], "public": 1, "adversary": "APT-C-35 (DoNot), Morte Loader, FunkSec Ransomware, Albiriox, eBPF-based rootkits, Arkanix Stealer", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 145, "FileHash-SHA1": 201, "FileHash-SHA256": 191, "CVE": 9, "URL": 35, "domain": 72, "email": 2, "hostname": 26 }, "indicator_count": 681, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "147 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692fa5a7db80663ecb7b4ca6", "name": "IOC - MuddyWater: Snakes by the riverbank", "description": "ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent targeting of government and critical infrastructure sectors, often leveraging custom malware and publicly available tools.", "modified": "2026-01-02T02:01:13.062000", "created": "2025-12-03T02:51:19.915000", "tags": [ "gosocks5", "fooder", "muddywater", "c server", "muddywater c", "blub", "cenotes", "na hosterdaddy", "private", "lpnotes", "mimikatz", "first", "nova", "muddyviper" ], "references": [ "https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MuddyWater", "display_name": "MuddyWater", "target": null }, { "id": "MuddyViper", "display_name": "MuddyViper", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 61, "FileHash-SHA256": 2, "domain": 2, "hostname": 1 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6936550ed7272aa500c595cb", "name": "IOC - MuddyWater: Snakes by the riverbank", "description": "", "modified": "2026-01-02T02:01:13.062000", "created": "2025-12-08T04:33:18.895000", "tags": [ "gosocks5", "fooder", "muddywater", "c server", "muddywater c", "blub", "cenotes", "na hosterdaddy", "private", "lpnotes", "mimikatz", "first", "nova", "muddyviper" ], "references": [ "https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "MuddyWater", "display_name": "MuddyWater", "target": null }, { "id": "MuddyViper", "display_name": "MuddyViper", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "692fa5a7db80663ecb7b4ca6", "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 61, "FileHash-SHA256": 2, "domain": 2, "hostname": 1 }, "indicator_count": 68, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "692f91be795fddab8a73fe2b", "name": "MuddyWater Iran APT - Israel/Egypt Critical Infrastructure (ESET Nov 2025)", "description": "Fresh MuddyWater IOCs from ESET research Nov 26, 2025. Iranian state-sponsored APT targeting critical infrastructure in Israel and Egypt. Uses Fooder launcher, Blub browser-data stealer, CE-Notes/LP-Notes credential stealers, MuddyViper backdoor, go-socks5 reverse tunnels. Curated by DugganUSA LLC.", "modified": "2026-01-02T01:01:58.418000", "created": "2025-12-03T01:26:22.682000", "tags": [ "muddywater", "iran", "apt", "israel", "egypt", "critical-infrastructure", "eset" ], "references": [ "https://www.welivesecurity.com" ], "public": 1, "adversary": "MuddyWater", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1555.003", "name": "Credentials from Web Browsers", "display_name": "T1555.003 - Credentials from Web Browsers" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1059.001", "name": "PowerShell", "display_name": "T1059.001 - PowerShell" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "pduggusa", "id": "371400", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_371400/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2, "hostname": 1, "FileHash-SHA1": 4 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 194, "modified_text": "149 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "magicallyday.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "magicallyday.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780237646.292285 }