DomainHighVerifiedSignal 32/100
pedidos.duomospizza.com
First Seen
Jul 8, 2025
Last Seen
Apr 7, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports32% confidence
4
Source reports
32%
Confidence score
Category tags
abuseadvanced persistent threatamazonappleaptapt groupbad reputationberbewbingbotnetbotnet activitybrute forcecivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingcrimedata exfiltrationdata store exposureddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsendgameenterprise securityeu cyber policieseuropeexecutable fileexploitexploitation activityfirmware infectionfirmware modificationgooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingidentity & access exploitationindicatorinfostealeringress tool transferinjection activityinternet of thingsiosios malwareiot botnetiot securityiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile threatnation-state activitynetworknsonso groupoperating systemparagonpatch managementpatient carepdfpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware vulnerabilitiessonystatestate-promovedstate-sponsoredstealert1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat actorthreat intelligencetor nodetrojan downloadertrojan malwarevulnerability scanwindows malwarewixzero click exploitzero-day exploit
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
4
Reports
First seenJul 8, 2025
Last seenApr 7, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- OVH sas
- description
- Operation Endgame: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or **Mirai** (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
- raw
- Admin City: REDACTED FOR PRIVACY Admin Country: ES Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2003-05-27T17:13:12Z DNSSEC: unsigned Domain Name: DUOMOSPIZZA.COM Domain Name: duomospizza.com Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS107.OVH.NET Name Server: NS107.OVH.NET Name Server: dns107.ovh.net Name Server: ns107.ovh.net Registrant City: 1f8f4166599d23ee Registrant Country: ES Registrant Email: 0809924504b3d45cs@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: 1f8f4166599d23ee Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 1f8f4166599d23ee Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.972101007 Registrar IANA ID: 433 Registrar Registration Expiration Date: 2025-05-27T17:13:12+02:00 Registrar URL: http://www.ovh.com Registrar URL: https://ovh.com Registrar WHOIS Server: whois.ovh.com Registrar: OVH sas Registrar: OVH, SAS Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: 98415698_DOMAIN_COM-VRSN Registry Domain ID: REDACTED FOR PRIVACY Registry Expiry Date: 2026-05-27T17:13:12Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: ES Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2024-05-28T07:23:22Z Updated Date: 2025-05-28T07:28:24Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 11 months ago · Last seen 2 months ago
Appeared in 4 threat reports