DomainHighVerifiedSignal 64/100

`mistreci.com`

Location

Japan

First Seen

Mar 5, 2025

Last Seen

Apr 20, 2026

Mar 5

First Seen

465d ago

Apr 20

Last Seen

54d ago

Reports

source reports

64%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

124 techniques

Feed Intelligence Summary

5 reports64% confidence

Source reports

64%

Confidence score

Category tags

.plaaaaaaaa nxdomainabuseabuse contactabxcdeacademic institutionsacceptaccept encodingaccessaccess controlaccess deniedaccess ta0001access ta0006account compromiseaccount securityacintactiveactive fileactive scanactive scanningactivity miraiadded activeaddressaddress bldgaddress domainaddress firstaddress googleaddress serveraddress virtualadmin cityadministrative accessadwareadware malwareafricaag albertoag ingoage86400 setagentagent teslaai applicationsai researchai solutionsaigaig claimsair forceaitmakamai rankalertsalexaalexa proxyalexa topalf featuresalienvault namealienvault_ransomwareall octoseekall quietall scoreblueall searchalreadyamadeyamazonamazon rsaamerica asnamerica flaganalysis dateanalyzer pasteand chinaandarielandroidandroid adawayandroid deviceanomalous fileapacheapanasapi blogappdataappleapple iosapple phoneapple scriptapplication developmentarial helveticaartemisartificial intelligenceartroas autonomousas35994 akamaiasciiascii textasiaasnone bulgariaasnone canadaasnone dnsasnone germanyasnone relatedasnone unitedattackauroraaustraliaaustriaauthentihashauthor avatarauthorityautomated attackav detectionsavast avgavg clamavawfulawsaws botnetb59bn timestampbackbackdoorbad reputationbank securitybankerbazaarloaderbazaloaderbazarloaderbeach researchbehavbelgiumbinarybinary filebiosbitsblacklist httpblacklist httpsblinkbodybody lengthbotnetbotnet activitybotnet propagationbotnetworkbrazilbrazil unknownbrendan coatesbrian sabeybrowsebrowse tbrute forcebrute force attackbruter cncc requestc2c2 activityc2 commandsca issuersca ozerosslcab nullcallscamera usagecamscanadacanada unknowncapecapturecat cnzerosslcatalog treecc noch uacharter communicationschecked urlcheckinchecks amountchilechinachina unknownchromecisco devicecisco umbrellacitycivil servicesck idclassclassic poemscleanerclick-based attackclickable urlscloud infrastructurecnamecnapple publiccnc beaconcngo daddycobalt strikecodecode executioncode injectioncoinminercom laudecommandcommand & controlcommand and controlcommand executioncommand typecommand_and_controlcommerce cloudcommunication protocolcomodo rsacompromised hostcomputer visioncomspecconduitconfigcontactcontacted hostscontacted urlscontentcontent lengthcontent typecontrol servercontrol ta0011cookiecopycopy md5corecorporate lawcorruptcountrycountry unknowncovid19cp buscpm funcpm networkcrashcrazy dollcreation datecredential accesscredential harvestingcredential stuffingcredential theftcrlf linecrowdstrikecrypcryptercryptocurrencycryptorcsc corporatecuckoocur conocus lsancus oletcus starizonacvescybercyber folkscyber stalkingcyber threatcyber threatscyber warfareczechia unknowndaleydamagedarksidedarkside ransomwaredatadata accessdata centerdata copyingdata encryptiondata exfiltrationdata redacteddata store exposuredata transferdata uploaddatabase securitydawson creekdays agoddosddos attackddos attacksde indicatorsde pagede summarydecodedecoy systemdecryptdeep learningdefense evasiondeletedelete cdelete shadowsdelphidemonbotdenverdenver codenver coloradodetail domainsdetected m1detected m2detection listdetections filedetections nonedetections typedevelopment methodologiesdevice controldevice managementdevopsdgadga domainsdirectordiscovery e1082distributed attacksdiv divdiv lidnsdns attackdnspionagednssecdockdocs pricingdocument filedomaindomains iidomains showdos borlanddownerdownldrdownloaderdran anudrive bydropdrop ordroppeddropperdynamicdynamic dnsdynamic loadingdynamicloaderdyndns checkipe1203 datae1564 hiddeneasteastman kodakeburyecacc saa83ddecc domainecho requestedsaideducational resourceseducational serviceseducational technologyee edcje4jekyxeelectronic health recordsemailsemails infoemotetemotet typeencryptencrypt cnr11encryptionendpoints allengineeringenglishenigmaprotectorenomenterenter scenter sourceenterprise networkingentriesentries httpentries relatedeofaeerrorerror allerror fet infoet malwareet toret useragentsetpro malwareeuropeeurope/asiaevasionevasion ob0006evasion ta0005excludeexe32executable fileexitexit nodeexpirationexpiration dateexpires thuexplexploitexploit noneexploitationexploitation activityexternal ipextortionextrextr dataextractextraction dataextri datafactoryfacts otxfailedfailurefakedout threatfalconfalcon sandboxfalsefancy bearfederation asnfedorafilefilesfiles domainfiles ipfiles locationfiles matchingfiles relatedfin ivdofinal urlfinancefinancial institutionfinancial servicesfindfind sfireholfirstflagflag unitedfollowfooterfor privacyformatformbook cncfoundframeframes domainfrancefraudfree poemsfriendship poemsftpfueryfusioncoreg2 issuerg2 nameg2 validitygafgytgandi sasgeckogeneral fullgeneratorgenericgeneric malwaregeneric36.abkdgepysgermanyget h2get httpget httpsgetcursor getdcghostscriptgif imagegithubgithub pagesglobal outagegmbh versiongmtngobrutgobrut malwaregooglegoogle safegovernment technologygrumgsqueuegts caguardguloaderh1 centerhack typehackershasheshashes capeheader intelheadersheaders datehealth care and social assistancehealth information technologyhealth typehealthcare information systemshealthy checkheavenheavenshelloworldher beamherselfheurhichinahidden usershide artifactshighhigh-volume traffichigher educationhighly targetedhijackhio50 c1historical otxhistorical sslhitmenholidaycheck aghome networkhondurashong konghospital managementhosthostinghostnamehostname addhostname enumerationhostname serverhstrhtmlhtml infohttphttp attackhttp headerhttp headershttp hosthttp performshttp requesthttp responsehttp scannerhttp spammerhttpshuawei hg532huawei remotehungaryhwp supporthybridhypervice fogicedidicmp delphiicmp trafficidentity & access exploitationidlinea8 sepidlogin sepidsids detectionsieedge chrome1iframeim unawareimmobilien agimpact ob0008impact ta0040imphashimphash pehashinboundinclude datainclude reviewindicatorindonesiainfo compilerinfo sectionsinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinhibit systeminjectinjectioninjection activityinjection attacksinput threatinput validation bypassinstallintelintellectual property lawinternet of thingsinternet storminvalid pointerinvalid urliobitiociocsiosiot botnetiot device targetingiot exploitationiot securityiot/ics attackipasns ipipv4ipv4 addipv6irelandireland unknownisotopeissuing cait infrastructureitalyitaly unknownja3sjapanjpeg imagejs userjsauto25 junjson datak-12 educationkalikenyakey algorithmkey identifierkey infokeyloggerkhtmlknown torkodakkodak easysharekong asnkraupakuaizipkukackakurt waltherlabs pulseslanc typelaplasclipperlaw practicelazarus grouplearnlegal consultinglegal researchlegal serviceslegal technologylengthless whoisletterman drlevel 3level analysisli ullicenselicesslight darklimited dbalinklink librarylinks certslinux malwarelinux x8664lnmplnmp alocallockbitlockylog idloginloki botlokibotlokibot requestlondonlooklookuplove poemslowfilowfitrojanltd dbam1machine learningmagic pdfmagic pe32mail spammermainmalicious activitymalicious domainsmalicious downloadmalicious linksmalicious powershell activitymalicious sitemalicious softwaremalicious urlsmaltiverse safemaltiverse topmalvertisingmalvertizingmalwaremalware cmalware configmalware distributionmalware hostmalware hostingmalware infectionmalware sitemalware trafficmalware wormmanually addmarkmark brian sabeymarkmonitormaui ransomwaremaxage aptmaxsize aptmcig sepmediamedia centermedical servicesmediummemory patternmessage interceptionmetameta httpmeta namemeta tagsmetadata analysismeterpretermethod statusmetromexicomicrosoft colormikemillionminage aptminiminiigd upnpmiori hackersmiraimirai botnetmirai botnet activitymirai typemirai variantmisc attackmiss xmitmmitre attmitre attackmivastmobilemobile securitymobile threatmodelmodule loadmonitoringmonths agomoroccomovedmozillams visualms windowsmsdefender aprmsftmsiemsilmsil/noancooemtb descriptionmtb yaramultiple_versionsmusic industrymwinnamename filename jimname md5name servername serversname tacticsname typename valuename verdictname virtualnamecheap incnanocore ratnation-state activitynatural language processingneonet tdneonet titlenetherlandsnetworknetwork capturenetwork infectionnetwork infrastructurenetwork probingnetwork reconnaissancenetwork scanningnetwork trafficnew pulsenextnext associatednextc typenginx httpnidsninitenircmdnjratno expirationnode tcpnode trafficnomiqnondnsnone googlenone indicatornone relatednorth americanorth eastnumberoalibabaob0005 defenseobjectobject modeloceaniaodigicert incoffice openoglobalsignonline networkonlvopenopen portsoperating systemoperating system securityoproporacleorg domainsorgidotx octoseekotx scoreblueotx telemetryoverview ippackerpacking t1045page urlpandapanda bankerpanel itemparent parentpasspassive dnspasswordpassword attackspatcherpath maxpath traversalpatient carepattern domainspattern matchpayload deliverypayload hellopcappdb pathpdf documentpdf executionpdf reportpe packerpe resourcepe32 compilerpe32 executablepedrazperuphishingphishing attackphishing sitephy samopixelpleasepm lowfitrojanpm sizepng imagepoempoem topicspoemspoetrypolandpoland unknownponyporkbun llcpornporn typepornhubportpossible botnet activitypostpost httppostal codepowershellpragmapre crimepresent aprpresent augpresent decpresent febpresent julpresent junpresent marpresent novpresent seppresent showingprivacyprivacy adminprivacy badgerprivacy billingprivacy serviceprivacy techprivate nameprivateloaderprivilege escalationprocess detailsprocess injectionprocess32nextwproduct developmentproducts idproject piprotocol h2proud eveningproxypublic administrationpublic infrastructurepublic keypublic policypulsepulse indicatorpulse pulsespulse submitpulse usepulsespulses emailpulses nonepulses otxpulses urlpuma sepushpythonqbotquality assurancequantum fiberquantumfiberquasarquasar ratqueryquery typeradar ineractiveradar trackingragnar lockerrankransomransomexxransomwareratrdds serviceread crealtek sdkreconnaissancerecordrecord typerecord valuerecycle binredacted forredcapredline stealerref breferral urlrefreshregexregszregulatory agenciesregulatory compliancerelated nidsrelated pulsesrelated tagsrelicremote accessremote attacksremote servicesreport spamrequestrequest idresearch groupresearchedresolverrorresource hashresponse iprestartresults julreverse dnsreview excludereview iocsreview locsrich peroad cityrobotorobots contentrole titleromantic poemsroundrounduprpcsrsa tlsrsdsr7siwwd drunnerruntime processrussiasabeysafe browsingsafe sitesakulasakula ratsalessalitiysamplessamuelsamuel tulachsan rafaelsandboxsandbox evasionsatellite trackingsavbwcdsc datascams & fraudscan endpointsscanning activityscanning hostscans recordscreen capturescriptscript domainsscript scriptscript urlsscripting attacksse datasea xsearchsearch livesearchbox0securesecure serversecure sitesecurity operationssecurity policysecurity tlsseen asnseen lastserce internetuserverserver caserver errorserver responseserversserviceservice tdserving ipset cookieshellshell codeshone paleshowshowingsiblings domainsides withsigning casingaporesinkhole cookiesitesiteggsizesize entropysize rawskynetskynet botslcc2slovakiaslugsmoke loadersoa nxdomainsoap commandsocial engineeringsocial media securitysoftware architecturesoftware developmentsoftware engineeringsoftware exploitationsoftware testingsourcesouth americasouth koreaspainspamspammerspanspan aspan spanspotify artistssqlitesqlite versionssdeepssh attackssh attackerssl bypassssl certificatessl vulnerabilitystarstatusstatus codestatus hostnamestealerstixstopstreamstringssubjectsubject keysubject publicsuggessuggested essummarysurf tdsuspsvg scalablesweepswipperswrortsymantec timesystemsystem disruptionsystem information discoveryt1001t1003t1005t1010t1012t1016t1021t1021.001t1023t1027t1030t1035t1036t1036 createst1040t1043t1045t1047t1053t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1060t1064t1068t1069.001t1071t1071.001t1071.004t1071.005t1078t1078.001t1078.002t1078.003t1081t1082t1083t1086t1088t1089t1090t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1112t1114t1119t1129t1132t1133t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1140t1143t1158t1173t1176t1179t1189t1189 foundt1190t1203t1204t1204.001t1204.002t1210t1485t1486t1490t1496t1497t1497.001t1498t1498.001t1499.001t1499.002t1499.003t1518t1546t1547.001t1553t1555t1563t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1568t1569.002t1573t1573.001t1583t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1589.001t1590.001t1595t1595.001t1595.002t1595.003tag counttag managertagstags nonetaiwantaiwan as3462targettargeting databasetcp trafficteamtech contacttech idtelpertemptexoragtexttext archivertext htaccessthailandthanthou bearestthreat actorthreat intelligencethreat preventionthreat reportthreat roundthreat roundupthreatstiggretimetimo salzsiedertitletitle errortls handshaketls webtlsv1tmobile metrotofseetompctoolstopictopicstor knowntor nodetor relayroutertotaltptjswtrackertrackers googletraffictraffic grouptrent wiltshiretrextrid adobetrid upxtrojantrojan featurestrojan malwaretrojanclickertrojandroppertrojanproxytrojanspytsara brashearsttl valuetulachtulach typetwittertwitter runningtypetype gettype indicatortypeoftypes ofua fullua platformuac bypassubuntuuchaumbrella rankunionuniqueunisunitedunited kingdomunited statesunixunix malwareunknown cnameunknown nsunknown soaunknown trafficunsafeupatreupdated dateupgradeupx softwareurlsurls dateurls httpurls httpsurls showurls urlursnifus creationusa windowsuser executionusersutc facebookutc gtm5z5w687vutc gtmp4hkt96v2 documentv3 serialvaluevalue snkzvector graphicsverdictverifyvhashvietnamviewviprevirtoolvirusvirustotal apivoicemail accessvt graphvulnerability scanwacatacwannacrywaypoint objectweb application attackweb application exploitationweb crawlerweb crawlingweb exploitationweb securityweb trafficwelcomewest domainswestlawwestlaw njratwewattawhite cvewhitelisted ipwhoiswhois lookupswhois recordwhois registrarwhois serverwhois sslcertwhois whoiswin16 newin32 dllwin32 dynamicwin32 exewin32 malwarewin32 typewin32upatre janwin32upatre sepwindirwindowswindows controlwindows malwarewindows ntworldwormwritewrite cwriting guiwsasendx cachex poweredx sucurix509v3 keyx509v3 subjectxamzexpires300xe exml documentxor ddosxorddosxportxratxssxtratyandexyapaxiyara detectionsyara ruleyaxpaxyndxyomi hunteryoutubezbotzemlin namezenboxzeuszuorat

Activity Timeline

1 total obs

Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **mistreci.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from Japan. First observed on March

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenMar 5, 2025

Last seenApr 20, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: NAMECHEAP INC
domain rank: -1
raw: Admin City: Reykjavik Admin Country: IS Admin Email: [email protected] Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Postal Code: 101 Admin State/Province: Capital Region Creation Date: 2012-02-09T05:21:58.00Z Creation Date: 2012-02-09T05:21:58Z DNSSEC: unsigned Domain Name: MISTRECI.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain name: mistreci.com Name Server: NS1.FP261.PARKLOGIC.COM Name Server: NS2.FP261.PARKLOGIC.COM Name Server: ns1.fp261.parklogic.com Name Server: ns2.fp261.parklogic.com Registrant City: ddbf76e4e8cee320 Registrant Country: IS Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 37bfbc24cafea5d2 Registrant Organization: 4b7a0912c26a13e2 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1c9a7bcdeaf95e9f Registrant Postal Code: f206c9d9737ad45d Registrant State/Province: 3e0204199d8ebf9c Registrant Street: c6523241936df1ba Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6613102107 Registrar Abuse Contact Phone: +1.9854014545 Registrar IANA ID: 1068 Registrar Registration Expiration Date: 2026-02-09T05:21:58.00Z Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NAMECHEAP INC Registrar: NameCheap, Inc. Registry Domain ID: 1701239617_DOMAIN_COM-VRSN Registry Expiry Date: 2026-02-09T05:21:58Z Tech City: Reykjavik Tech Country: IS Tech Email: [email protected] Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Postal Code: 101 Tech State/Province: Capital Region Updated Date: 2025-01-10T03:06:50.00Z Updated Date: 2025-04-18T13:39:06Z
subdomains count: 26

`mistreci.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy