ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://fijothi.com/dhkjCVBfLnfbhFjpYPoDKNMmLIQjNkGLMQPMQUBJFWELKIYHJHWDIESXVUZHHJNFTNMW.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1815069
IOC: https://fijothi.com/dhkjCVBfLnfbhFjpYPoDKNMmLIQjNkGLMQPMQUBJFWELKIYHJHWDIESXVUZHHJNFTNMW
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is moderate (49%)
Is compromised? : False
ASN:AS139057 ELD-AS-AP
Country:- SG
First seen:2026-05-15 15:58:33 UTC
Last seen:never
UUID:900faa21-5076-11f1-b930-42010aa4000a
Reporter johannes
Reward 5 credits from ThreatFox
Tags:Tycoon 2FA
Reference: https://www.cryptika.com/tycoon-2fa-operators-adopt-oauth-device-code-phishing-to-bypass-mfa/

Avatar
johannes
Operator backend domain used for AES-CBC encrypted session communication, from the Cryptika report "Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA". See all IOC from that report at https://rosti.dev/reports/V1S24mJR