IOC Radar
DomainHighVerifiedSignal 26/100

serp.usepredict.com

Location
United StatesUnited States
First Seen
Jul 8, 2025
Last Seen
Apr 5, 2026
Jul 8
First Seen
349d ago
Apr 5
Last Seen
78d ago
4
Reports
source reports
26%
Confidence
high
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
26%
Signal Score
26 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

157 techniques

Feed Intelligence Summary

4 reports26% confidence
4
Source reports
26%
Confidence score
Category tags
abuseadvanced persistent threatamazonappleaptapt groupbad reputationberbewbingbotnetbotnet activitybrute forcecaretocivilcivil servicescivilian targetingcode injectioncommand and controlcommunication technologiescompromised routercredential harvestingcredential stuffingcrimedata exfiltrationdata store exposuredata theftddosddos attacksdefense evasiondefense-evasiondistributed attacksdnsdns attackelectronic health recordsencrypted connectionsendgameenterprise securityeu cyber policieseuropeexecutable fileexploitexploitation activityfirmware infectionfirmware modificationformbook stealergooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtml smugglinghtml_smugglingidentity & access exploitationindicatorinformation technologyinfostealeringress tool transferinjection activityintelligence agency surveillanceinternet of thingsiosios malwareiot botnetiot securityiot/ics attackit infrastructurejavalaw enforcement surveillancelazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremalware campaignmass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywaremobile threatnation-state activitynetworknorth americansonso groupoperating systemparagonpatch managementpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregional securityregulatory agenciesremote accessremote access trojanresearchedsamsungsecurity operationsskynetsmssms exploitsocial engineeringsoftware developmentsoftware vulnerabilitiessonystatestate-promovedstate-sponsoredstealersupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1055.001t1056t1059t1059.001t1059.004t1059.007t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1105t1110t1113t1114.002t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1202t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationsthreat actorthreat intelligencetor nodetraffic maskingtrojan downloadertrojan malwareunited statesvulnerability scanweb exploitationwindows malwarewixzero click exploitzero-day exploit

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **serp.usepredict.com** has been identified as a critical indicator of compromise (IOC) associated with advanced persistent threat (APT) activities originating from the United States. First observed on July

Threat ScoreLow Risk
26
SIGNAL
Signal Score
26%
Confidence
4
Reports
First seenJul 8, 2025
Last seenApr 5, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
Key-Systems GmbH
description
Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
raw
Admin City: Alexandria Admin Country: US Admin Email: [email protected] Admin Organization: c/o whoisproxy.com Admin Postal Code: 22314 Admin State/Province: VA Billing City: Alexandria Billing Country: US Billing Email: [email protected] Billing Organization: c/o whoisproxy.com Billing Postal Code: 22314 Billing State/Province: VA Creation Date: 2019-05-21T16:22:14Z DNSSEC: unsigned Domain Name: USEPREDICT.COM Domain Name: usepredict.com Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.DNSIMPLE.COM Name Server: NS2.DNSIMPLE.COM Name Server: NS3.DNSIMPLE.COM Name Server: NS4.DNSIMPLE.COM Name Server: ns1.dnsimple.com Name Server: ns2.dnsimple.com Name Server: ns3.dnsimple.com Name Server: ns4.dnsimple.com Registrant City: 476ffb42e8723566 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: c1ab5e60bb470097 Registrant Organization: 8e1838cb7004a438 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 64d13e3464553026 Registrant Postal Code: 6be8de69277f8f13 Registrant State/Province: 5aaf24d1828ccd0b Registrant Street: 9f000467f4d32ad5 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +49.68949396850 Registrar IANA ID: 269 Registrar Registration Expiration Date: 2026-05-21T16:22:14Z Registrar URL: http://www.key-systems.net Registrar URL: https://dnsimple.com Registrar WHOIS Server: whois.rrpproxy.net Registrar: Key-Systems GmbH Registry Admin ID: Not Available From Registry Registry Billing ID: Not Available From Registry Registry Domain ID: 2393305229_DOMAIN_COM-VRSN Registry Expiry Date: 2026-05-21T16:22:14Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Alexandria Tech Country: US Tech Email: [email protected] Tech Organization: c/o whoisproxy.com Tech Postal Code: 22314 Tech State/Province: VA Updated Date: 2025-01-21T23:30:24Z

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 2 months ago
Appeared in 4 threat reports