IOC Radar
DomainMediumSignal 0/100

flip.shop

First Seen
Feb 3, 2026
Last Seen
Feb 3, 2026
Feb 3
First Seen
139d ago
Feb 3
Last Seen
139d ago
1
Reports
source reports
0%
Confidence
medium
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

1 report0% confidence
1
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Feb 3Feb 3

Threat Activity Heatmap

· Peak: 2026-02-03
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This indicator of compromise (IOC), `flip.shop`, is currently identified as benign due to its whitelisted status. It carries a negligible threat score of 0.0, indicating that it does not pose an immediate or significant cybersecurity risk to the organization. Such indicators are typically flagged in threat intelligence feeds but subsequently deemed harmless through further analysis or explicit whitelisting by services like Appealer Whitelist Service. Its inclusion in threat intelligence does not…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
1
Reports
First seenFeb 3, 2026
Last seenFeb 3, 2026

VirusTotal

Not checked

WHOIS

description
These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 4 months ago
Appeared in 1 threat report