IOC Radar
DomainMediumSignal 17/100

kamitore.com

Location
JapanJapan
First Seen
Jan 17, 2026
Last Seen
Jan 22, 2026
Jan 17
First Seen
156d ago
Jan 22
Last Seen
152d ago
1
Reports
source reports
17%
Confidence
medium
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
17%
Signal Score
17 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Feed Intelligence Summary

1 report17% confidence
1
Source reports
17%
Confidence score
Category tags
access controlactive scanningasiaaws cloudfrontbrute forcebrute force attemptsbypass security filtersc2 communicationcdncloud computingcloud migrationcloud securitycloud servicescloud storagecredential accesscredential stuffingcredential theftdeny listftp brute forcegoogle cloudhttp brute forceiaasindicatorinfrastructure abuseiocjapanmalicious indicator blockingmalware communicationmicrosoft azuremulti-cloud managementnetworknetwork intrusionnetwork scanningphishing kitsreconnaissanceremote accessremote servicesresearchedsecurity operationssecurity policysmtp brute forcessh attackt1005t1021t1021.001t1059t1071t1076t1105t1110t1110.002t1190t1563t1566t1573t1583t1584t1587t1588t1595t1595.001t1595.002t1595.003threat intelligencethreat prevention

Activity Timeline

1 total obs
Jan 22Jan 22

Threat Activity Heatmap

· Peak: 2026-01-22
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **kamitore.com**, originating from Japan, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on January

Threat ScoreLow Risk
17
SIGNAL
Signal Score
17%
Confidence
1
Reports
First seenJan 17, 2026
Last seenJan 22, 2026

VirusTotal

Not checked

WHOIS

description
Attackers are abusing legitimate infrastructure providers like Google, Microsoft Azure and AWS CloudFront to host phishing kits and credential- harvesting infrastructure. They user legitimate sources to bypass security filters.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 5 months ago
Appeared in 1 threat report