IOC Radar
DomainMediumSignal 100/100

cyclophilit.com

Location
ChinaChina
First Seen
Jun 24, 2023
Last Seen
Feb 19, 2026
Jun 24
First Seen
1094d ago
Feb 19
Last Seen
122d ago
11
Reports
source reports
99%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

186 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
106_t1056activity: intelligence gatheringaerospace and defenseaptasiabackdoorbotnetchinacisa kevcommand and controlcountry: barbadoscountry: cubacountry: czech republiccountry: dominican republiccountry: el salvadorcountry: saudi arabiacountry: south africacountry: sri lankacountry: united kingdomcountry: united statescredential harvestingcyber espionage campaigndata exfiltrationdistributed attacksexploit avaliablehashin the wildindicatorinfrastructure acquisitionreconnaissanceintelligence gatheringmalicious softwaremalwaremalware: custom malwaremanualnetworknickelnorth americaosintphishing attackprcprocess injectionremote accessresearchedself-signedsocial engineeringt1001t1001.001t1001.003t1003t1003.001t1003.002t1003.003t1003.004t1005t1007t1008t1010t1011t1012t1014t1016t1017t1018t1020t1021t1021.001t1021.002t1027t1027.009t1027.013t1031t1033t1036t1036.002t1036.004t1036.005t1038t1040t1041t1046t1047t1048t1049t1053t1053.001t1053.002t1053.003t1053.006t1053.007t1055t1055.001t1055.002t1055.003t1055.004t1055.008t1056t1056.001t1056.003t1057t1059t1059.001t1059.003t1059.006t1059.007t1060t1068t1069t1069.002t1070t1071t1071.001t1071.003t1071.004t1074t1074.001t1078t1078.002t1078.004t1081t1082t1083t1085t1087t1087.001t1087.002t1087.003t1088t1090t1094t1095t1102t1102.002t1105t1106t1110.002t1111t1112t1113t1114t1114.001t1114.002t1114.003t1115t1119t1120t1124t1125t1129t1130t1133t1134t1137t1140t1155t1156t1170t1189t1190t1192t1193t1194t1199t1201t1202t1204.t1204.001t1204.002t1210t1213t1213.002t1217t1218t1222t1486t1489t1490t1491t1493t1495t1496t1497t1497.003t1499.002t1499.003t1503t1518t1530t1534t1539t1543t1543.003t1547t1547.001t1548.002t1552t1553t1558t1558.001t1560t1560.001t1562.001t1565t1566t1566.001t1566.002t1566.003t1569t1569.002t1571t1574t1574.006t1583.002t1583.003t1587t1587.001t1588t1588.002t1589t1590.001t1592t1592.004t1595.002t1598t1598.001t1598.002t1598.003t1602t1602.002t1608.001t1608.005t1614t1614.001targeted sector: aerospacetargeted sector: defensetargeted sector: governmenttargeted sector: manufacturingtargeted sector: researchtargeted sector: utilitiesthreat actor: mirageunited states

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **cyclophilit.com** has emerged as a significant indicator of compromise (IOC) linked to botnet and malware activities, with a medium confidence level of attribution to a threat actor originating from China. First observed on June

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenJun 24, 2023
Last seenFeb 19, 2026

VirusTotal

Not checked

WHOIS

registrar
MarkMonitor Inc.
domain rank
-1
raw
Creation Date: 2022-11-22T01:17:57+0000 Creation Date: 2022-11-22T01:17:57Z DNSSEC: unsigned Domain Name: CYCLOPHILIT.COM Domain Name: cyclophilit.com Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS104A.MICROSOFTINTERNETSAFETY.NET Name Server: NS104B.MICROSOFTINTERNETSAFETY.NET Name Server: ns104a.microsoftinternetsafety.net Name Server: ns104b.microsoftinternetsafety.net Registrant City: b6b1ba5f05367788 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 7d1f3c3fb96a62b3 Registrant Name: b70d6f5829d804ce Registrant Organization: 628983377a05fb4c Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 8f198ff1733e2d60 Registrant Postal Code: 2908382a58eb4969 Registrant State/Province: 163b5dbd6196f461 Registrant Street: f7e82401de265d18 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2086851750 Registrar IANA ID: 292 Registrar Registration Expiration Date: 2025-11-22T00:00:00+0000 Registrar URL: http://www.markmonitor.com Registrar WHOIS Server: whois.markmonitor.com Registrar: MarkMonitor Inc. Registrar: MarkMonitor, Inc. Registry Domain ID: 2740033940_DOMAIN_COM-VRSN Registry Expiry Date: 2025-11-22T01:17:57Z Tech Email: [email protected] Updated Date: 2024-10-21T10:52:44+0000 Updated Date: 2024-10-21T10:52:44Z
references
entities (62).csv, https://community.riskiq.com/article/608c02a3
subdomains count
1

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 4 months ago
Appeared in 11 threat reports