IOC Radar
DomainHighVerifiedSignal 64/100

cam.tipsy.coffee

Location
United StatesUnited States
First Seen
Jul 8, 2025
Last Seen
Mar 15, 2026
Jul 8
First Seen
343d ago
Mar 15
Last Seen
93d ago
4
Reports
source reports
64%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

157 techniques

Feed Intelligence Summary

4 reports64% confidence
4
Source reports
64%
Confidence score
Category tags
abuseadvanced persistent threatamazonappleaptapt groupberbewbingbotnetcaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcrimedata exfiltrationdata theftddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexploitfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingindicatorinformation technologyingress tool transferintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywarenetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonystatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat intelligencetraffic maskingtrojan downloadertrojan malwareunited statesweb exploitationwindows malwarewixzero click exploitzero-day exploit

Activity Timeline

1 total obs
Mar 15Mar 15

Threat Activity Heatmap

· Peak: 2026-03-15
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
4
Reports
First seenJul 8, 2025
Last seenMar 15, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
GANDI SAS
description
Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
raw
Admin City: Paris Admin City: REDACTED FOR PRIVACY Admin Country: FR Admin Country: REDACTED FOR PRIVACY Admin Email: [email protected] Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: 75013 Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: Paris Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2016-03-24T14:22:16Z Creation Date: 2016-03-24T15:22:16Z DNSSEC: Unsigned DNSSEC: unsigned Domain Name: tipsy.coffee Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS.TIPSY.COFFEE Name Server: NS2.HE.NET Name Server: NS3.HE.NET Name Server: NS4.HE.NET Name Server: NS5.HE.NET Name Server: dns.tipsy.coffee Name Server: ns2.he.net Name Server: ns3.he.net Name Server: ns4.he.net Name Server: ns5.he.net Registrant City: 1f8f4166599d23ee Registrant City: a636bf00e930d002 Registrant Country: FR Registrant Country: TW Registrant Email: [email protected] Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 1f8f4166599d23ee Registrant Fax: 562daf56b5226979 Registrant Name: 1f8f4166599d23ee Registrant Organization: 3432650ec337c945 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1f8f4166599d23ee Registrant Phone: f79faf7a74e845ae Registrant Postal Code: 1f8f4166599d23ee Registrant Postal Code: 5577d233147c6455 Registrant State/Province: 3432650ec337c945 Registrant State/Province: a636bf00e930d002 Registrant Street: 1f8f4166599d23ee Registrant Street: aea7a2dfde1f4a29 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.170377661 Registrar IANA ID: 81 Registrar Registration Expiration Date: 2026-03-24T15:22:16Z Registrar URL: http://www.gandi.net Registrar URL: https://www.gandi.net Registrar WHOIS Server: whois.gandi.net Registrar: GANDI SAS Registrar: Gandi SAS Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: 9389894ae3c44f34b0e0a84ebe07f66f-DONUTS Registry Expiry Date: 2026-03-24T15:22:16Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: Paris Tech City: REDACTED FOR PRIVACY Tech Country: FR Tech Country: REDACTED FOR PRIVACY Tech Email: [email protected] Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: 75013 Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: Paris Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2025-02-21T13:30:50Z Updated Date: 2025-02-26T13:30:57Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 3 months ago
Appeared in 4 threat reports