IOC Radar
DomainMediumSignal 100/100

essaih332-001-site1.jtempurl.com

Location
JapanJapan
First Seen
Jun 12, 2025
Last Seen
Mar 18, 2026
Jun 12
First Seen
372d ago
Mar 18
Last Seen
93d ago
8
Reports
source reports
99%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Feed Intelligence Summary

8 reports99% confidence
8
Source reports
99%
Confidence score
Category tags
acceptaccount manipulationactive relatedafricaagentanalysis dateappleaptapt groupascii textasiaav detectionsbackdoorbingbotnetchinacivilcnamecode executioncode injectioncommandcommand and controlcommand executioncomments createconnected devicescontrol ta0011country namecputype i386credential accesscredential harvestingcredential theftdatadata deletiondata exfiltrationddosddos attacksdefense evasiondefense-evasiondevice managementdgadistributed attacksedgeelfelf infoelf32 cryptoenterprise securityentriesevasion ta0005exif dataexploitfirmware infectiongeckoget httpgtmkvjvztk dlhostname enumerationhtml documenthtml internethttp attacki386icmpids detectionsindicatorindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceingress tool transferinternet of thingsiosiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackipv4japankey valuekhtmlkingdomlazarus grouplinklinuxmacmalicious linksmalicious softwaremalwaremalware distributionmedium riskmirai botnetmobilemobile malwaremobile securitymozillamtb descriptionmutexes nothingnetworknetwork scanningnothingoperating systempatch managementpdfpegasusphishingphishing attackphishing campaignportprocess injectionproperty valuepwsreconnaissanceremote accessrequestresearchedresolved ipssearchsmart devicessmssnisocial engineeringsoftware vulnerabilitiessouth africastatestate-promovedstate-sponsoredt1003t1003.001t1003.004t1018t1021.001t1021.006t1027t1037.003t1053.005t1055t1059t1059.004t1062t1064t1068t1069.001t1071t1071.001t1071.004t1076t1078t1084t1105t1130t1133t1185t1189t1190t1192t1193t1204.001t1204.002t1210t1211t1212t1485t1486t1496t1499.002t1499.003t1553.003t1557t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1587.003t1589.001t1590.001t1598t1598.003t1602.001t1602.002ta0004 defensetitle addedtlstrojan malwaretypes ofunitedweb securitywindows ntx86 baddrxoryarayara detections

Activity Timeline

1 total obs
Mar 18Mar 18

Threat Activity Heatmap

· Peak: 2026-03-18
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
8
Reports
First seenJun 12, 2025
Last seenMar 18, 2026

VirusTotal

Not checked

WHOIS

registrar
TUCOWS, INC.
description
Yara Detections Mirai_Botnet_Malware | SUSP_XORed_Mozilla {*/dev/misc/watchdog {o-o}} Trojan.PWS.Agent-53 Retry - Difficult- 0 yield Pulse | Cannot annotate
raw
Creation Date: 2024-01-20T12:54:35 Creation Date: 2024-01-20T12:54:35Z DNSSEC: unsigned Domain Name: JTEMPURL.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.SITE4NOW.NET Name Server: NS2.SITE4NOW.NET Name Server: NS3.SITE4NOW.NET Name Server: ns1.site4now.net Name Server: ns2.site4now.net Name Server: ns3.site4now.net Registrant City: 1f8f4166599d23ee Registrant Country: HK Registrant Email: f18507d02d5d25b0s@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 1f8f4166599d23ee Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 7043151881d2a7f0 Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4165350123 Registrar IANA ID: 69 Registrar Registration Expiration Date: 2026-01-20T12:54:35 Registrar URL: http://tucowsdomains.com Registrar URL: http://www.tucows.com Registrar WHOIS Server: whois.tucows.com Registrar: TUCOWS, INC. Registrar: Tucows Domains Inc. Registry Domain ID: 2847892681_DOMAIN_COM-VRSN Registry Expiry Date: 2026-01-20T12:54:35Z Updated Date: 2025-01-11T08:34:05 Updated Date: 2025-01-11T08:34:05Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports