DomainMediumSignal 59/100
arch2.maxdatahost1.cyou
Location
BrazilFirst Seen
Mar 8, 2026
Last Seen
Jun 8, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
7 reports59% confidence
7
Source reports
59%
Confidence score
Category tags
account compromiseactive scanadministrative accessaerospace & defenseanimateclipperasiabrazilbrute forcecasecivil servicesclick hijackingcode injectioncookiecredential accesscredential harvestingcredential stuffingcredential theftcryptocurrency clipperdefensedefense contractingdefense logisticsdefense systemsdefense technologydustdust spectereuropeeurope/asiaexploitation activityexplorefilefinancefleet managementfrancefraudfreight servicesgeopolitical cyber attacksgermanygovernment technologyhashes filenameidentity & access exploitationindicatorinformation theftinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityiocsiot securityiran strikesiran, islamic republic ofiraqmalicious domain registrationmalicious downloadmalicious javascriptmalicious stagemalwaremalware campaignmalware distributionmaritime transportmiddlemiddle eastmilitary operationsna decryptednational securitynetworkoil and gaspassenger transportationphishingphishing attackpolandprivilege escalationpublic administrationpublic infrastructurepublic policyrail transportransomwareregulatory agenciesremusstealerresearchedrussiarussian federationscams & fraudsessiongateshellcodeshownsocial engineeringsocial engineering campaignssouth americastealcstealc malwarestopstrongt1005t1027t1036.005t1041t1055t1056.001t1056.003t1059t1059.003t1059.007t1071.001t1078t1082t1083t1088t1102.002t1105t1113t1115t1132t1140t1190t1204t1204.001t1204.002t1218.001t1497t1539t1552.001t1555t1555.003t1566t1566.001t1566.002t1566.003t1567.001t1573t1583t1587.001t1588t1590.001t1598tor nodetraffic distribution systemtransportation and warehousingtransportation infrastructuretransportation technologyunited kingdomvalue md5web exploitationzero trustzscaler
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
7
Reports
First seenMar 8, 2026
Last seenJun 8, 2026
VirusTotal
Not checked
WHOIS
- description
- Check Point Research investigated a large-scale operation that impersonates open-source and freeware projects to capture search traffic, including lookalikes for researcher and security tooling such as Ghidra, dnSpy, and SpiderFoot. The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing real upstream resources. The deception is not in the page content alone, it’s in what happens when a user interacts.
- raw
- Administrative city: San Mateo Administrative country: United States Administrative state: California Billing city: San Mateo Billing country: United States Billing state: California Create date: 2025-12-09 00:00:00 Domain name: maxdatahost1.cyou Domain registrar id: 472.0 Domain registrar url: whois.dynadot.com Expiry date: 2026-12-09 00:00:00 Name server 1: aliza.ns.cloudflare.com Name server 2: hasslo.ns.cloudflare.com Query time: 2025-12-19 03:21:48 Registrant address: 8a188706046fdffa Registrant city: 3715f4e2b12e17cb Registrant company: 473daf17453d83cd Registrant country: United States Registrant name: 1f8f4166599d23ee Registrant phone: bd610aea3d112609 Registrant state: 77ab92f1911d7c5f Registrant zip: ae51fcfbe03bd2c4 Technical city: San Mateo Technical country: United States Technical state: California Update date: 2025-12-18 00:00:00
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 6 days ago
Appeared in 7 threat reports