DomainHighVerifiedSignal 26/100
ftp.jornais.org
First Seen
Mar 27, 2025
Last Seen
Apr 21, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports26% confidence
4
Source reports
26%
Confidence score
Category tags
abuseactive scanadmin account compromiseadvanced persistent threatappleaptapt groupbad reputationbingbotnetbotnet activitybrute forceca validcivilcivil servicescivilian targetingclick-based attackcode executioncode injectioncommand and controlcommand executioncommunication technologiescompromised routercredential accesscredential harvestingcredential stuffingdatadata exfiltrationdata store exposureddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsemailsencryptionenomenterprise securityerrorexecutable fileexpiry dateexploitexploitation activityfilesfinal urlfirmware infectionfirmware modificationformfromgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshistorical sslhospital managementhostname enumerationicann whoisidentity & access exploitationindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsiosios malwareiot botnetiot securityiot/ics attackipv4known torlateral movementlazarus grouplinklinuxlinux malwaremacmalicious activitymalicious linksmalicious softwaremalwaremalware analysismalware indicatorsmarkmonitor incmass surveillancemedical servicesmirai botnetmisc attackmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatnamename serversnation-state activitynetworknetwork intrusion detectionnetwork scanningnode trafficnumberoperating systempanmappassive dnspatch managementpatient carepdfpegasuspegasus projectpersistence mechanismsphishingphishing attackpoliceprimary rootprocess injectionpublic administrationpublic infrastructurepublic policyquery timereconnaissanceregulatory agenciesremote accessrequest emailresearchedscan endpointssearchserversservice scansigning casmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredstatus codesubject keyt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021t1021.001t1021.006t1027t1031t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.002t1071.004t1076t1078t1082t1084t1087t1105t1110t1113t1114t1114.003t1125t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.001t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1548t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1571t1573t1574t1578t1580t1583t1584t1585t1585.001t1586t1587t1587.001t1587.003t1588t1589t1589.001t1590t1590.001t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstechtelecom servicestelecommunicationsthreat actortor nodeunitedupdate dateurlsuser executionvulnerability scanwhois databasewin32 exewindows malwarex509v3 keyyoutubeyoutube channel hijackingzero click exploitzero-day exploit
Activity Timeline
Apr 21Apr 21
Threat Activity Heatmap
· Peak: 2026-04-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain ftp.jornais.org has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, exploits, malware distribution, and phishing campaigns. First observed on March
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
4
Reports
First seenMar 27, 2025
Last seenApr 21, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- NAMECHEAP INC
- description
- Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Admin City: REDACTED Admin City: Reykjavik Admin Country: IS Admin Country: REDACTED Admin Email: [email protected] Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Organization: REDACTED Admin Postal Code: 101 Admin Postal Code: REDACTED Admin State/Province: Capital Region Admin State/Province: REDACTED Creation Date: 2004-10-13T19:11:54.65Z Creation Date: 2004-10-13T19:11:54Z DNSSEC: unsigned Domain Name: jornais.org Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: transferPeriod https://icann.org/epp#transferPeriod Domain name: jornais.org Name Server: ns1.maisnet.com Name Server: ns2.maisnet.com Registrant City: 3495bcf1839c6374 Registrant City: ddbf76e4e8cee320 Registrant Country: IS Registrant Email: [email protected] Registrant Email: fb6ff66ef97c0518s@ Registrant Fax Ext: 3432650ec337c945 Registrant Fax Ext: 3495bcf1839c6374 Registrant Fax: 3432650ec337c945 Registrant Fax: 3495bcf1839c6374 Registrant Name: 3495bcf1839c6374 Registrant Name: 37bfbc24cafea5d2 Registrant Organization: 4b7a0912c26a13e2 Registrant Phone Ext: 3432650ec337c945 Registrant Phone Ext: 3495bcf1839c6374 Registrant Phone: 1c9a7bcdeaf95e9f Registrant Phone: 3495bcf1839c6374 Registrant Postal Code: 3495bcf1839c6374 Registrant Postal Code: f206c9d9737ad45d Registrant State/Province: 3e0204199d8ebf9c Registrant Street: 3495bcf1839c6374 Registrant Street: c6523241936df1ba Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.9854014545 Registrar IANA ID: 1068 Registrar Registration Expiration Date: 2025-10-13T19:11:54.65Z Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NAMECHEAP INC Registrar: NameCheap, Inc. Registry Admin ID: REDACTED Registry Domain ID: 0ad948a0668d4f65ab48c86eb04b4a73-LROR Registry Expiry Date: 2025-10-13T19:11:54Z Registry Registrant ID: REDACTED Registry Tech ID: REDACTED Tech City: REDACTED Tech City: Reykjavik Tech Country: IS Tech Country: REDACTED Tech Email: [email protected] Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Organization: REDACTED Tech Postal Code: 101 Tech Postal Code: REDACTED Tech State/Province: Capital Region Tech State/Province: REDACTED Updated Date: 2024-08-27T17:45:13.79Z Updated Date: 2025-01-21T17:19:09Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 year ago · Last seen 1 month ago
Appeared in 4 threat reports