DomainHighVerifiedSignal 100/100
realitydefenyb.cyou
Location
SpainFirst Seen
Jan 21, 2026
Last Seen
Jun 8, 2026
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
6 reports99% confidence
6
Source reports
99%
Confidence score
Category tags
acceptaccess attaccount securityactive scanaitypesappleascii textautorunblack rockbloatbodybrian sabeycapecheckinchristopher p. ahmanncivil servicesck idck matrixck techniquesclick-based attackcommandcommand and controlcommand executioncommunication protocolconsumer goodscorporation10data exfiltrationdata store exposuredata uploaddefense evasiondelete cdelphidns attackdrivedynamic dnsdynamicloaderencryptencryptionenougherroreuropeexcludeexclude suggesexploitexploitation activityfailedfastfilesfiles domainfiles relatedfind sflaggooglegovernment technologyhookwowlow dechookwowlow novhosthostname enumerationhostshttp attackhttp scannerhybridiframeinclude reviewindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjectioninjection activityinput validation bypassinteliocsiosiot securityipv4 addit infrastructurelearnlink initiallocallowfimalicious linksmalicious powershell activitymalicious softwaremalwaremalware hostingmeta namemitre attmobile threatname tacticsnetworknetwork scanningnextno expirationnone googlenorth americaopen threatopeniocopenurl coperating systemoperating system securityotxpassive dnspath traversalpattern matchpcappdf reportpegasusphishingpleaseportpresent augpresent decpresent janpresent octpresent sepprocess injectionpublic administrationpublic infrastructurepublic policyread creconnaissancerecord valueredacted forregulatory agenciesrelated tagsremote servicesresearchedretail tradescripting attackssearchsectigo limitedsectigo publicshow techniquesnowsocial engineeringsoftware developmentspainspawnsstarfieldstate of coloradostatic dnsstixstop datastringsstrongstwasuspt1001.003t1003.003t1021t1021.001t1027t1053t1055t1055.008t1057t1059t1059.001t1060t1069t1069.001t1069.002t1071t1071.001t1071.004t1078t1082t1086t1105t1113t1114t1143t1147t1155t1189t1190t1204t1204.001t1204.002t1480t1486t1499.002t1553t1553.002t1557t1562t1562.001t1564.005t1565t1566t1566.002t1568t1568.002t1583t1583.001t1587.001t1588t1589.001t1590.001t1598t1608.001threat actortls issuingtlsv1tor analysistor nodetrojan malwaretrojandroppertwitterunitedunited statesunknown cnameurlsuser executionvirtoolweb application attackweb application exploitationweb securityweb trafficwin32 malwarewindirwindows malwarewormwritex msedge
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **realitydefenyb.cyou** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats originating from Spain. First observed on January
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
6
Reports
First seenJan 21, 2026
Last seenJun 8, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- Stichting Registrar of Last Resort Foundation
- creation date
- 2024-10-28T20:08:44
- expiration date
- 2026-10-28T23:59:59
- updated date
- 2025-10-29T00:20:39
- name servers
- NS911A.MICROSOFTINTERNETSAFETY.NET, NS911B.MICROSOFTINTERNETSAFETY.NET
- emails
- [email protected]
- status
- clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited, clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 4 months ago · Last seen 3 days ago
Appeared in 6 threat reports