IOC Radar
DomainMediumSignal 58/100

mts-egy.net

Location
JordanJordan
First Seen
Apr 17, 2026
Last Seen
May 2, 2026
Apr 17
First Seen
58d ago
May 2
Last Seen
43d ago
4
Reports
source reports
58%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Feed Intelligence Summary

4 reports58% confidence
4
Source reports
58%
Confidence score
Category tags
asiaaustraliabodybypasscapital onechaseclosecodecommercial bankingcyber securityeducationenergyetradeeuropeexploitation activityffiecfinance and insurancefirstftpbdgermanyhninthttphuntindiaindicatoriocsjordankorea, republic oflatest cyberlazaruslinkedin rssnetworknewsnorth americaoceaniapolandqatarransomwareresearchedsandboxsaudi arabiasecurity newssoarspainstrongt1003t1059.007t1071.001t1140t1204.001t1566t1566.001t1566.002t1584.004targettelecommunicationsthreat actorti lookuptor nodeunited statesurlsvectyara

Activity Timeline

1 total obs
May 2May 2

Threat Activity Heatmap

· Peak: 2026-05-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **mts-egy.net**, originating from Jordan, has emerged as a significant indicator of compromise (IOC) associated with ransomware activities. First observed on April

Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
4
Reports
First seenApr 17, 2026
Last seenMay 2, 2026

VirusTotal

Not checked

WHOIS

registrar
GoDaddy.com, LLC
description
The BlobPhish campaign, which surfaced in 2024, represents a sophisticated phishing threat that targets credentials across multiple sectors, particularly focusing on U.S. financial institutions and Microsoft 365 accounts. This campaign utilizes a novel method of delivering phishing pages directly in the browser's memory through the use of blob objects, bypassing traditional detection mechanisms that rely on HTTP requests and file activity. As a result, the phishing payload leaves minimal traceable artifacts in logs, caches, or network telemetry, making it significantly harder to detect.
domain rank
-1
raw
Creation Date: 2022-08-05T11:15:01Z DNSSEC: unsigned Domain Name: MTS-EGY.NET Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.MYSECURECLOUDHOST.COM Name Server: NS2.MYSECURECLOUDHOST.COM Name Server: NS3.MYSECURECLOUDHOST.COM Name Server: NS4.MYSECURECLOUDHOST.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 480-624-2505 Registrar IANA ID: 146 Registrar URL: http://www.godaddy.com Registrar WHOIS Server: whois.godaddy.com Registrar: GoDaddy.com, LLC Registry Domain ID: 2716089880_DOMAIN_NET-VRSN Registry Expiry Date: 2026-08-05T11:15:01Z Updated Date: 2025-10-16T18:53:53Z
subdomains count
7

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 4 threat reports