IOC Radar
DomainHighVerifiedSignal 26/100

hostingpt.com

Location
Saudi ArabiaSaudi Arabia
First Seen
Mar 27, 2025
Last Seen
Apr 8, 2026
Mar 27
First Seen
443d ago
Apr 8
Last Seen
67d ago
5
Reports
source reports
26%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

155 techniques

Feed Intelligence Summary

5 reports26% confidence
5
Source reports
26%
Confidence score
Category tags
aaaaabuseaccount securityactive scanaddressadmin account compromiseadvanced persistent threatagentall scoreblueallowed serverappleaptapt groupas56864 xeonas57416 llcasiaasnone hongbad reputationbingbodybody lengthbotnetbotnet activitybrute forceca validchina unknownchromecivilcivil servicescivilian targetingck t1003click-based attackcode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiescompromised routercontactcontent lengthcontent typecookiecountrycreation datecredential accesscredential harvestingcredential stuffingcrypdatadata accessdata copyingdata exfiltrationdata store exposuredata transferddosddos attacksdefense evasiondefense-evasiondeletedelete cdelphidiscovery t1027distributed attacksdiv divdnsdns attackdumping t1005dynamicloaderelectronic health recordsemailsencryptencryptionendgameenglishenomenterprise securityerroret toreuropeexecutable fileexitexpiry dateexploitexploitation activityfacefilesfiles matchingfinal urlfirmware infectionfirmware modificationfirstformfoundfrancefromgenericgovernment technologygrumh3 phealth care and social assistancehealth information technologyhealthcare information systemshighhistorical sslhospital managementhostname enumerationhttp attackhttp responsehttp scannerhungary unknownhybridicann whoisicmp trafficidentity & access exploitationindicatorinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinstalls ipinternet of thingsiocsiosios malwareiot botnetiot securityiot/ics attackipv4it infrastructurekey algorithmkey identifierkey infoknown torkong unknownlateral movementlazarus grouplinklinuxlinux malwarelocallocal systemmacmalicious activitymalicious linksmalicious softwaremalwaremalware analysismalware indicatorsmarkmonitor incmass surveillancemedical servicesmediummethodmexico unknownmirai botnetmisc attackmitre attmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatmsienamename serversnation-state activitynetworknetwork intrusion detectionnetwork scanningnextnode trafficnsone as63949numberopeniocoperating systemoperating system securityoperation endgameos credentialpanmappassive dnspatch managementpatient carepattern matchpcappdb pathpdfpdf reportpegasuspegasus projectpersistence mechanismsphishingphishing attackpolicepornpornhubprimary rootprivacy toolsprocess injectionpublic administrationpublic infrastructurepublic keypublic policypulse pulsespulse submitqueryquery timeransomreconnaissanceregistry t1018regszregulatory agenciesremote accessremote servicesremote systemrequest emailresearchedrticonrussia unknownsaudi arabiascan endpointsscript urlssearchserversservice scanshowshowingsigning casinkhole cookiesmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiesspan divspan h3statestate-promovedstate-sponsoredstatus codestixstreamstringssubject keysubject publict1003t1003.001t1003.004t1004t1005t1012t1016t1018t1020t1021t1021.001t1021.006t1027t1030t1031t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.002t1071.004t1076t1078t1082t1084t1087t1105t1110t1113t1114t1114.003t1125t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1204t1204.001t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1548t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1571t1573t1574t1578t1580t1583t1584t1585t1585.001t1586t1587t1587.001t1587.003t1588t1589t1589.001t1590t1590.001t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666tagstags twittertargeted spyware campaigntargeted-attackstechtelecom servicestelecommunicationstextthreat actorthreat rounduptitle telegramtofseetor nodetrojan featurestrojan malwaretwittertwitter redirectukraine unknownuniqueunitedunited kingdom unknownupdate dateupdaterurlsuser executionv3 serialvalue snkzvulnerability scanweb securityweb trafficwhois databasewin32 exewin32 malwarewindows malwarewritex509v3 keyyara detectionsyara ruleyoutubeyoutube channel hijackingzero click exploitzero-day exploit

Activity Timeline

1 total obs
Apr 8Apr 8

Threat Activity Heatmap

· Peak: 2026-04-08
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
5
Reports
First seenMar 27, 2025
Last seenApr 8, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
GoDaddy.com, LLC
description
Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank
-1
raw
Creation Date: 2006-12-21T17:25:47Z DNSSEC: unsigned Domain Name: HOSTINGPT.COM Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS1.AFTERNIC.COM Name Server: NS2.AFTERNIC.COM Name Server: VERIFICATION-J8YFCE5BTMDXY4VRWDYYPD.NS101.VERIFY.HN Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 480-624-2505 Registrar IANA ID: 146 Registrar URL: http://www.godaddy.com Registrar WHOIS Server: whois.godaddy.com Registrar: GoDaddy.com, LLC Registry Domain ID: 720835992_DOMAIN_COM-VRSN Registry Expiry Date: 2025-12-21T17:25:47Z Updated Date: 2025-02-11T18:54:52Z
references
Pornhub.com | Telegram https://t.me/login/36861 | loopprojects.t.me, Cookie : stel_ssid b86d14460f22d8fea8_13386273115952986987, www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, https://www.pornhub.com/video/search?search=tsara+brashears, ads.pornhub.com | ams-v61.pornhub.com | api-stage.pornhub.com, api-stage.pornhub.com | abtesting.pornhub.com | pornhub.com | cms-stage20.pornhub.com | imgs.pornhub.com | http://tourcdn.girlsdoporn.com, girlsdoporn.com | bar.pornhub.com | bar.pornhub.com | cdn-d-vid-embed.pornhub.com | http://pornhub.tv/Jena6599 | whatsapp.pornhub.com, https://sslproxy.gatewayclient3.v.hikops.com, api2ip.ua » External IP Lookup Service Domain, 83610e8d2924c9886b25ad530e8ad971.pornhub.com, Win32:PWSX-gen\ [Trj] IDS Detections Potential Dridex.Maldoc Minimal Executable Request External IP Address Lookup DNS Query (2ip .ua) Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Query to a *.top domain - Likely Hostile Suspicious User Agent (Microsoft Internet Explorer) SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 HTTP Request to a *.top domain Dotted Quad Host ZIP Request Possible EXE Download From Suspicious TLD TLS Handshake Failure ... Less, IDS Detections: Potential Dridex.Maldoc Minimal Executable Request External IP Address Lookup DNS Query (2ip .ua), IDS Detections: Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) Query to a *.top domain - Likely Hostile, IDS Detections: Suspicious User Agent (Microsoft Internet Explorer) SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016, Win32:RansomX-gen\ [Ransom] Trojan:Win32/Neconyd.A, admin2.6cv25r3l.sbs, 6cv25r3l.sbs, Network Related [ATT&CK ID T1566] Possible high-risk domain detected details Domain: "admin2.6cv25r3l.sbs" possible high risk indicator source, https://hybrid-analysis.com/sample/22530e989e1d0e1121edd79cb620951b0a78dc0a4a1fb7ae07719ebb2f2414b0, Matches rule CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), "Crowdsourced YARA rules: Matches rule aPLib_decompression from ruleset aPLib_decompression by @r3c0nst Ruleset:  YARA ruleset cannot be loaded. Crowdsourced Sigma Rules CRITICAL 0 HIGH 2 MEDIUM 1 LOW 0 Matches rule Remote Thread Creation By Uncommon Source Image by Perez Diego (@darkquassar), oscd.community Matches rule Remote Thread Creation In Uncommon Target Image by Florian Roth (Nextron Systems) Matches rule CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodo, CSSR: Matches rule Remote Thread Creation By Uncommon Source Image by Perez Diego (@darkquassar), oscd.community, CSSR: Matches rule Remote Thread Creation In Uncommon Target Image by Florian Roth (Nextron Systems) Matches rule CurrentVersion Autorun Keys Modification by Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), CS IDS rules: Matches rule ET MALWARE Tinba Checkin 2 | Matches rule ET MALWARE [PTsecurity] Tinba Checkin 4, CS IDS rules: Matches rule PROTOCOL-ICMP Unusual PING detected Matches rule PROTOCOL-ICMP traceroute, CS IDS rules: Matches rule (eth) truncated ethernet header Matches rule PROTOCOL-ICMP PING Matches rule PROTOCOL-ICMP Echo Reply, MALWARE BANKER EVADER, CSR YARA rules: Matches rule aPLib_decompression from ruleset aPLib_decompression by @r3c0nst
subdomains count
14

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 2 months ago
Appeared in 5 threat reports