IOC Radar
DomainHighVerifiedSignal 77/100

rdygsj.es

First Seen
Jun 4, 2025
Last Seen
Apr 21, 2026
Jun 4
First Seen
373d ago
Apr 21
Last Seen
53d ago
6
Reports
source reports
77%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

16 techniques

Feed Intelligence Summary

6 reports77% confidence
6
Source reports
77%
Confidence score
Category tags
aitmbotnetbotnet activitybrute forcecommand and controlcredential harvestingcredential stuffingcredential theftdata exfiltrationdata store exposuredgadistributed attacksexploitation activityidentity & access exploitationindicatorinjection activitymalicious domainmalicious softwaremalwaremfa bypassnetworknetwork connectionphishingphishing attackprocess injectionresearchedsession hijackingsocial engineeringt1055t1071t1071.001t1133t1140t1189t1192t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003tycoon2fa phaas

Activity Timeline

1 total obs
Apr 21Apr 21

Threat Activity Heatmap

· Peak: 2026-04-21
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **rdygsj.es** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, malware distribution, and phishing campaigns. First observed on June

Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
6
Reports
First seenJun 4, 2025
Last seenApr 21, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
his pulse identifies network connections to the Tycoon2FA domain, which is associated with malicious activities. The detection leverages Microsoft Defender for Endpoint to monitor and alert on suspicious network traffic, helping to mitigate potential threats and enhance overall security posture.
domain rank
-1
references
https://raw.githubusercontent.com/NoMorePhish/Tycoon2FADomains/refs/heads/main/MaliciousDomains, https://github.com/SecurityAura/DE-TH-Aura/blob/main/Defender%20for%20Endpoint/ExternalData%20-%20Network%20Connection%20to%20Tycoon2FA%20Domain.md, https://github.com/NoMorePhish/Tycoon2FADomains/, https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass, https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/
subdomains count
11

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 1 month ago
Appeared in 6 threat reports