DomainMediumSignal 83/100

`ty.klipxytozyi.shop`

First Seen

Feb 19, 2025

Last Seen

Apr 7, 2026

Feb 19

First Seen

478d ago

Apr 7

Last Seen

65d ago

Reports

source reports

83%

Confidence

medium

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

83%

Signal Score

83 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

9 reports83% confidence

Source reports

83%

Confidence score

Category tags

aerospace & defenseaes encryptionamadeyaptatomicbinance smartbinance smart chainbitcoinblockchainbnb smartbnb smart chainbotnetbotnet activitybrute forcec2 checkinchainclickfix lurecloud infrastructurecloudflare pagescode executioncode injectioncoinbasecommand & controlcommand and controlcommand executioncommodity contracts intermediationcredential harvestingcredential stuffingcredential theftcrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingdata exfiltrationdata store exposuredecentralized financedefensedefense contractingdefense logisticsdefense systemsdefense technologydgadigital currencydistributed attacksencryptionexecutable fileexploitation activityfinancegtighostinghtmlidentity & access exploitationindicatorinfostealerinfostealersingress tool transferinjection activityiocs sha256iot securityjavascript code injectionlambdalevelloaderlumma stealerlummac.v2lummac2mainmain operatormalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware familymetamaskmilitary operationsnation-state activitynational securitynetworkoperating systemphishingphishing attackprocess injectionpythonransomwareresearchedresource hijackingrestartscams & fraudscripting attackssmart contractsmart contractssocial engineeringstealcstealersupply chain attackt1021.001t1027t1036t1055t1059t1059.001t1059.005t1059.007t1069.001t1071t1071.001t1078t1086t1102.002t1104t1105t1140t1189t1190t1199t1204t1204.001t1204.002t1218t1486t1496t1499.002t1499.003t1539t1546t1547t1547.001t1555t1555.003t1560t1565t1566t1566.001t1566.002t1566.003t1573.001t1583.001t1588.002t1588.006t1608t1608.001threat actorthreat defensetor nodeunc5142unc5142 c2unc5142 payloadurlsvidarvidar c2web exploitationweb injectionweb security

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **ty.klipxytozyi.shop** has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats, including botnets, malware, phishing, and ransomware. First observed on February

Threat ScoreHigh Risk

SIGNAL

Signal Score

83%

Confidence

Reports

First seenFeb 19, 2025

Last seenApr 7, 2026

VirusTotal

Not checked

WHOIS

raw: Create date: 2024-12-04 00:00:00 Domain name: klipxytozyi.shop Domain registrar id: 1606 Domain registrar url: http://reg.ru Expiry date: 2025-12-04 00:00:00 Name server 1: brit.ns.cloudflare.com Name server 2: donald.ns.cloudflare.com Query time: 2024-12-05 14:20:45 Registrant country: Russia Registrant state: da659dbc45e47994 Update date: 2024-12-04 00:00:00

`ty.klipxytozyi.shop`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy