IOC Radar
DomainMediumSignal 75/100

jftolsa.ws

First Seen
Mar 31, 2025
Last Seen
Jun 7, 2026
Mar 31
First Seen
437d ago
Jun 7
Last Seen
4d ago
10
Reports
source reports
75%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

18 techniques

Feed Intelligence Summary

10 reports75% confidence
10
Source reports
75%
Confidence score
Category tags
abusech-threatfox-c2cactive scanamadeyamadey malware activitybad reputationblock-or-filter-listbotnetbotnet activitybotnet_c2brute forcec2command & controlcommand and controlcommunication protocolcredential accesscredential stealingcredential stuffingdata exfiltrationdata store exposuredistributed attacksdofoildownloaderexploitation activitygethttp scanneridentity & access exploitationindicatorinformation stealerinfostealerinjection activitymalicious softwaremalwarenetworkphishingpotential-c2process injectionresearchedsmoke loadert1041t1055t1059t1059.003t1071t1071.001t1105t1190t1486t1496t1499.002t1499.003t1547t1555t1555.003t1565t1566t1566.001web traffic

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **jftolsa.ws** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
10
Reports
First seenMar 31, 2025
Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

registrar
DYNADOT LLC
description
LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
domain rank
-1
raw
Admin City: San Mateo Admin Country: US Admin Email: [email protected] Admin Postal Code: 94401 Admin State/Province: CA Creation Date: 2024-06-27T20:53:19.0Z Creation Date: 2024-06-27T20:53:19Z DNSSEC: notApplicable DNSSEC: unsigned Domain ID: 6E5B8F05A60DC150E050010AAC011AF0 Domain Name: JFTOLSA.WS Domain Status: clientTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: ns1.dyna-ns.net Name Server: ns2.dyna-ns.net Registrant City: 3715f4e2b12e17cb Registrant Country: US Registrant Email: [email protected] Registrant Name: 388d6d67ffb0a171 Registrant Phone: 41a341e8a1e0e8ba Registrant Postal Code: ae51fcfbe03bd2c4 Registrant State/Province: b1952dfc047df18a Registrant Street: 8a188706046fdffa Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: (650) 585-1961 Registrar Abuse Contact Phone: +1.6502620100 Registrar IANA ID: 1637 Registrar IANA ID: 472 Registrar Registration Expiration Date: 2025-06-27T20:53:19.0Z Registrar Registration Expiration Date: 2026-06-27T20:53:19Z Registrar URL: http://www.dynadot.com Registrar WHOIS Server: whois.dynadot.com Registrar: DYNADOT LLC Registrar: Dynadot Registry Domain ID: 6E5B8F05A60DC150E050010AAC011AF0-GDI Tech City: San Mateo Tech Country: US Tech Email: [email protected] Tech Postal Code: 94401 Tech State/Province: CA Updated Date: 2025-06-27T22:27:01Z Updated Date: 2025-07-27T21:02:58.0Z WHOIS Server: whois.dynadot.com
references
https://www.virustotal.com/graph/g243a6d69d60840e8bbd32dcb306fa23dc76422322d9643b7b23aa7259088282c
subdomains count
7

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 days ago
Appeared in 10 threat reports