DomainMediumSignal 82/100

`esf-kg.com`

Location

Kazakhstan

First Seen

Aug 6, 2025

Last Seen

Jun 18, 2026

Aug 6

First Seen

318d ago

Jun 18

Last Seen

yesterday

Reports

source reports

82%

Confidence

medium

Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

82%

Signal Score

82 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

64 techniques

Feed Intelligence Summary

10 reports82% confidence

Source reports

82%

Confidence score

Category tags

active scanactive scanningamaranth-dragonapi abuseaptapt activityapt groupapt24asiaattack vector: emailautomotive manufacturingautumn dragonbad reputationbankingbelarusbloody wolfbloody wolf groupbotnet activitybrand impersonationbrute forcecentral asiacivil servicescloud atlascommand and controlcommunication protocolconnected devicescredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescustomer experiencecyber espionagecyber threatsdata exfiltrationdata store exposuredata theftddosddos attacksdecoydevice managementdigital commercedigital marketplacedistribution managemente-commercee-commerce platformelectronic health recordselectronics manufacturingeuropeeurope/asiaevasive pandaexfiltrationexploitation activityf httpsfake websitefilehash:md5filehash:sha1filehash:sha256financefinancial servicesfinancial technologyfraudfreight forwardingghoulsgovernment impersonationgovernment technologyhasheshealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp scannerhttpsidentity & access exploitationindicatorindicators of compromiseindustrial automationindustrial iotindustrial productioningress tool transferinitial accessinjection activityinternet of thingsinventory managementiot analyticsiot applicationsiot botnetiot platformsiot securityiot targetingiot/ics attackipv4jar filejarsjava archive malwarekazakhstankyrgyzstanlogistics technologymacos malwaremalicious softwaremalwaremalware type: ratmanufacturing technologymedical servicesmirai botnetnetsupport ratnetworknetwork scanningnorth americanotepad++online paymentonline retailonline shoppingoperation dreamjobpatient carepayload: jar filepayment processingphishingphishing attackphishing attack campaignpossible reconnaissanceprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlransomwareratrat: netsupport ratratsreconnaissanceregion: central asiaregulatory agenciesremote access trojanresearchedrussiarussianscams & fraudserbiaserviceshai-hulud campaignshipping servicessmart devicessocial engineeringspear phishing campaignspearphishingstan ghoulsstrratsupply chain attacksupply chain compromisesupply chain managementsystembct1003.001t1014t1027t1048t1048.003t1053t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1087t1105t1110t1134.001t1134.002t1140t1189t1190t1192t1195.002t1204t1204.002t1210t1219t1486t1496t1499.001t1499.002t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1569t1574t1583t1583.001t1583.004t1588t1588.002t1595t1595.001t1595.002t1595.003t1598t1598.003targeted attacksthreat actortor nodetransportation managementtrojan malwareturkeyunited statesuzbekuzbekistanwarehouse operationswater gamayunwealth managementweb application attackweb traffic

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain esf-kg.com, originating from Kazakhstan, has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats. First observed on August

Threat ScoreHigh Risk

SIGNAL

Signal Score

82%

Confidence

Reports

First seenAug 6, 2025

Last seenJun 18, 2026

VirusTotal

Not checked

WHOIS

registrar: HOSTINGER operations, UAB
creation date: 2025-06-19T08:18:15
expiration date: 2026-06-19T08:18:15
updated date: 2025-06-19T08:18:20
name servers: NS1.DNS-PARKING.COM, NS2.DNS-PARKING.COM
emails: [email protected]
status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

`esf-kg.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey