DomainMediumSignal 77/100
a2abotnet.com
Location
Taiwan, Province of ChinaFirst Seen
Feb 10, 2026
Last Seen
Jun 19, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
12 reports77% confidence
12
Source reports
77%
Confidence score
Category tags
abuseabuse.ch threatfox apiabusech-threatfox-c2cactive scanactive scanningai impersonationalienvault_ransomwareapac targetingapplication layer protocolaptapt activityapt group activityasiaasyncratauto-generatedautomated analysisautomated attackautomated osintautomated scanautomated threatautomated threat detectionbackbad reputationbash scriptbotnetbotnet activitybotnet trafficbotnet_c2british indian ocean territorybrute forcebrute force attackbrute force attemptbrute force attemptsbrute_forcec2c2 activityc2 candidatesc2 channelc2 communicationc2 frameworkc2 infrastructurec2-infrastructurecephalus ransomwareclaude artifacts abusecobaltcobalt strikecobalt-strikecobaltstrikecommand & controlcommand and controlcommand-and-controlcommand_executioncommunication protocolcompromised hostcompromised host detectioncompromised hostscompromised systemcontent hubcredential accesscredential harvestingcredential stuffingcredential-accesscvedata encryptiondata exfiltrationdata store exposuredata theftdcratddosddos attacksddos attemptdeerstealerdenial of servicedetected malwaredevnulldgadistributed attacksdmgdmgsencryptioneuropeexecutable fileexploitexploit attemptexploitation activityexploitation attemptexternal accessextortionfeodo trackerfeodo-trackerfooterfranceftpftp brute forceftp brute-forceftp bruteforceghost ratgitlab pages abusegobratgoogle adsgoogle ads abusehavochavoc frameworkhong konghttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshttps scanidentity & access exploitationindiaindicatorinfected systeminfected systemsinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityinternet of thingsiociocsiot botnetiot securityiot/ics attackip-addressircitalyjapankeenadulateral movementloadermachomacosmacsyncmacsync infostealermacsyncstealermalaysiamalicious network activitymalicious softwaremalvertisingmalwaremalware activitymalware c2malware c2 activitymalware campaignmalware campaign activitymalware communicationmalware detectedmalware detectionmalware distributionmalware indicatorsmeterpretermirai botnetnetworknetwork attacksnetwork communicationnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnetwork_reconnaissancenorth americanovel iocnovel threat indicatornovel-iocnovel_iocodysseyosintosint-volleypassword attackspayload deliveryphishingphishing attackplistplugin dmgpossible botnet activitypossible intrusionpossible malware activitypossible malware infectionpost-exploitationpotential c2 activitypotential exploitpotential malwareprecogpreocgprocess injectionprotectprotocol exploitationquasar ratransomwareratrdp bruteforcereconnaissancereconnaissance activityremcos trojanremote accessremote access attemptremote access toolremote access toolsremote access trojanremote servicesresearchedscams & fraudscanning activitysecurity operationsself-signed certificateself-signed certificatesself-signed-certificateservice scansilentsingaporesliversmb scanningsmtpsmtp brute forcesocial engineeringssh attackssh bruteforcesslstagestealersystem disruptiont1003t1005t1016t1018t1021t1021.001t1021.002t1027t1033t1036.005t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.002t1059.003t1059.004t1060t1068t1070.004t1071t1071.001t1071.002t1076t1077t1078t1082t1083t1095t1102.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1140t1189t1190t1204t1204.002t1204.003t1205t1210t1219t1486t1490t1496t1497.001t1499.002t1499.003t1539t1552.001t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1567t1568t1569t1569.002t1573t1573.001t1583t1583.006t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003t1598taiwantcp protocoltelnet threatthreat actorthreat intelligencethreat-intelligencethreatfox apithreatfox feedtor nodetransparent tribetrojan malwareunauthorized accessunauthorized access attemptunited statesunknown ratunknown stealerunknown threat actorunusual trafficuser agent iocuxxxxxxvalleyratvidarvulnerability scanweb protocolsweb trafficxworm
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
12
Reports
First seenFeb 10, 2026
Last seenJun 19, 2026
VirusTotal
Not checked
WHOIS
- domain rank
- -1
- raw
- Administrative city: Dover Administrative country: United States Administrative email: [email protected] Administrative state: DE Billing city: Dover Billing country: United States Billing email: [email protected] Billing state: DE Create date: 2025-04-11 00:00:00 Domain name: a2abotnet.com Domain registrar id: 4326.0 Domain registrar url: https://api.unstoppabledomains.com/rdap/ Expiry date: 2027-04-11 00:00:00 Name server 1: kyrie.ns.cloudflare.com Name server 2: nelci.ns.cloudflare.com Query time: 2026-04-15 01:39:32 Registrant address: bed8bc4c6ddafe77 Registrant city: 97241cd6760ba39e Registrant company: b31f6eaa73283f9c Registrant country: United States Registrant email: [email protected] Registrant phone: 433e5dc4eace6f1a Registrant state: 97cfd4da5223fce4 Registrant zip: 5fa482b397d8dbdc Technical city: Dover Technical country: United States Technical email: [email protected] Technical state: DE Update date: 2026-04-12 00:00:00
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 2 days ago
Appeared in 12 threat reports