DomainMediumSignal 59/100
ksaitkktkatfl.com
Location
PolandFirst Seen
Jan 30, 2026
Last Seen
Jun 17, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports59% confidence
10
Source reports
59%
Confidence score
Category tags
abuse.ch threatfoxabuse.ch threatfox apiabusech-threatfox-c2cactive scanactive scanningadventaerospace & defenseasyncratattack signatureautomated analysisautomated attackautomated scanautomated threatautomated-attackautomated_analysisautomated_threatbad reputationblock-or-filter-listbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 communicationc2 infrastructurec2-activityc2-infrastructurec2_serverc2_trafficcaptchacivil servicesclearfake campaignclickfix lurecobalt strikecobalt strike frameworkcobaltstrikecode executioncode injectioncommand & controlcommand and controlcommand executioncommand_and_controlcommunication protocolcommunication technologiescompromise indicatorscompromised hostcompromised systemcredential accesscredential stuffingcredential-accesscvedata encryptiondata exfiltrationdata store exposureddosddos preparationdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attacksdnsdns attackelementoremmenhtal loaderencryptionenergyenergy distributioneuropeexfiltrationexploitexploitation activityftpftp brute forcegovernment technologyhttp brute forcehttp c2http probinghttp scanhttp scannerhttp scanninghttpshttps c2https scanhttps scanninghttps trafficidentity & access exploitationindicatorinfected_hostsinfostealerinfrastructure acquisitionreconnaissanceinjection activityintrusion detectioniociocsiocs: ip addressesiot securityip-addressjavascript injectionknown malicious iplateral movementlateral-movementloaderlogin attemptlumma stealerlumma-stealerlummastealermalicious linksmalicious network activitymalicious softwaremalwaremalware activitymalware analysismalware campaign activitymalware campaign detectionmalware communicationmalware detectedmalware detectionmalware distributionmalware distribution campaignmalware indicatorsmalware-detectedmalware-iocmilitary operationsmobile carriersmobile networksnational securitynetsupport ratnetworknetwork anomalynetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusions detectednetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-iocnetwork_intrusionnovel indicatornovel iocnovel iocsnovel malware detectionnovel-iocnovel_iocoil & gasosintosint-volleypassword attacksphishingpolandport-scanport-scanningpossible botnetpossible malwarepossible malware infectionpotential exploit activitypotential exploit attemptpotential malware beaconpower generationpower systemsprecogprocess injectionprotocol exploitationprotocol: ftpprotocol: httpprotocol: smbprotocol: sshpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesrenewable energyresearchedscams & fraudscannersecurity operationsself-signed certificateself-signed certificatesself-signed-certificateservice scansmtpsmtp probingsocial engineeringssh attacksslssl certificatesssl communicationssl/tlsstix feedt1003t1005t1016t1018t1021t1021.001t1021.002t1027t1027.002t1036t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.004t1059.007t1071t1071.001t1076t1077t1078t1083t1087t1095t1102.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1115t1133t1189t1190t1195.001t1204t1204.001t1204.002t1205t1219t1486t1496t1499.001t1499.002t1499.003t1505.003t1547t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1573.001t1583t1587.001t1588t1589t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreatfox apithreatfox feedtor c2tor nodetraffic distribution systemunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized_accessunique user agentunknown malwareunknown stealerunknown threat actorunknown-malwareunknown-stealervulnerability scanwatering holewatering hole attackweb exploitationweb injectionweb securityweb trafficxfilesxfiles stealer
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain ksaitkktkatfl.com, originating from Poland, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on January
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
10
Reports
First seenJan 30, 2026
Last seenJun 17, 2026
VirusTotal
Not checked
WHOIS
- description
- In November 2025, threat analysts from Sekoia TDR discovered a malware distribution campaign targeting WordPress websites using a social engineering tactic known as ClickFix, facilitated through a Traffic Distribution System (TDS). This campaign primarily employed watering hole attacks, wherein legitimate websites are compromised to lure victims into executing malicious commands. Sekoia TDR implemented an advanced detection capability to identify these watering hole attacks, utilizing generic YARA rules to scan for compromised web pages featuring the ClickFix tactic. These rules are based on specific keywords, resource patterns, and JavaScript functions associated with the tactic's implementation.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 6 days ago
Appeared in 10 threat reports