The Hackingpost - © Copyright The Hackingpost. All Rights Reserved.

Saturday, September 6
Header Banner
HomeCyberMassive IPTV Hosted Across More Than 1,000 Domains and Over 10,000 IP Addresses
CyberCybersecurityMainNetworkNewsSecuritySoftwareSport

Massive IPTV Hosted Across More Than 1,000 Domains and Over 10,000 IP Addresses

Vanessa Ray
September 4, 2025
0
4

Cybersecurity

A network of unauthorized Internet Protocol Television (IPTV) services has been identified, operating across more than 1,100 domains and over 10,000 IP addresses.

This infrastructure distributes unlicensed streams of premium content, including sports leagues and subscription services, without proper licensing agreements.

Analysts from Silent Push have highlighted the network’s use of extensive IP address pools and rotating domains, complicating traditional takedown efforts.

The network operates through customized IPTV panels built on modified open-source software, such as Stalker Portal and Xtream UI. These panels automate user authentication and stream distribution, supporting numerous simultaneous sessions.

Operators utilize a large pool of proxy domains, each linked to multiple shared IP addresses, to conceal the true source of the streams.

Silent Push researchers identified two entities, XuiOne and Tiyansoft, along with an individual, Nabi Neamati, as primary beneficiaries of this network.

Infection Mechanism Through Control Panel Exploits

The IPTV piracy network employs an infection mechanism focused on compromised control panels. Operators search for misconfigured or outdated installations of Stalker Portal and Xtream UI using automated scanners to identify vulnerable endpoints.

Upon finding a target, they deploy a multi-stage payload starting with a reconnaissance module that gathers user information and configuration files.

A secondary stage involves installing a persistent backdoor in the panel’s configuration file:

if (!defined('IPTV_INIT')) {
    define('IPTV_INIT', true);
    require_once __DIR__ . '/backdoor.php';
}

The backdoor script, backdoor.php, creates a reverse shell to a command-and-control server, granting attackers full access to the panel.

This access allows continuous updates to infrastructure, seamless domain registration, and dynamic IP management, maintaining the network’s operation despite attempts to disrupt it.

TagsCyberCybersecurityEUGoogleNewsSecuritySoftwareSportUS
Previous Article

Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments

Next Article

US Offers $10M Bounty For FSB Hackers Who Exploited Cisco Vulnerability To ...

Comments are closed.

More News

© Copyright The Hackingpost. All rights reserved.