DomainHighVerifiedSignal 36/100

`cbtoo.com`

Location

United States

First Seen

Jul 8, 2025

Last Seen

Apr 6, 2026

Jul 8

First Seen

340d ago

Apr 6

Last Seen

68d ago

Reports

source reports

36%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

36%

Signal Score

36 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

189 techniques

Feed Intelligence Summary

5 reports36% confidence

Source reports

36%

Confidence score

Category tags

.com.ru.tk domainaaaaabuseacceptaccount securityactiveactive relatedactive scanactive scanningadded activeadmin orgadvanced persistent threatalienvault_ransomwareamazonamericaamerica asnanti-analysisappleaptapt grouparcflexasiabackdoorbad reputationberbewbingblock messagesbotnetbotnet activitybrute forcebusyboxc2capturecaretocellebrite exploitchromecivilcivil servicescivil societycivilian targetingclasscloud infrastructurecmanual jancnamecode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised routercookiecredential accesscredential dumpingcredential harvestingcredential stuffingcrimecriminal intentdata accessdata copyingdata exfiltrationdata extractiondata store exposuredata theftdata transferdata uploadddosddos attacksdead connectdefense evasiondefense-evasiondelete cdenverdistributed attacksdivxdnsdns attackdockdropelectronic health recordsemailsemotetencryptencrypted connectionsendgameenter scenter sourceenterprise securityentriesenumerationerroret infoet smtpet trojanetproetpro trojaneu cyber policieseuropeeurope/asiaexecutable downloadexecutable fileexpiration dateexploitexploitation activityexploitation attemptsextrextraction datafailedfastwebfilesfiles ipfirmware infectionfirmware modificationformbook stealerfoundfrancegather victimgermanygmailgooglegovernment technologygpl telnetgrabberhackershealth care and social assistancehealth information technologyhealthcare information systemshighhomair sweethospital managementhosthostilehostname addhostname enumerationhours agohtml smugglinghtml_smugglinghttp attackhttp c2http scannericmpidentity & access exploitationidron anvieedge chrome1include manualvindiaindicatorindicators of compromiseinformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassintelintelligence agency surveillanceinternet of thingsiociocsiosios malwareiot botnetiot securityiot/ics attackipv4ipv4 addit infrastructureitalyiterngjapanjavajlu11qkelihoskryptiklaw enforcement surveillancelazarus grouplearn morelinklinuxlinux malwarelogiclogin attemptmacmalicious activitymalicious downloadmalicious linksmalicious softwaremalwaremalware campaignmalware distributionmass surveillancemedical servicesmediummessagemeta namemirai botnetmirai login attemptmobilemobile carriersmobile malwaremobile networksmobile securitymobile spywaremobile threatmodify existingmonitored targetmonitoringmsiemtb descriptionname serversnation-state activitynetherlandsnetherlands asnnetworknetwork communicationnetwork reconnaissancenetwork scanningnetwork securitynextnorth americansonso groupoperating systemoperating system securityparagonpassive dnspatch managementpath traversalpatient carepdfpdf exploitpegasuspegasus projectpeoplephishingphishing attackpitfallpoliceportpresent augpresent decpresent janpresent julpresent junpresent novpresent octpresent sepprocess injectionprocess32nextwprotocol exploitationpublic administrationpublic infrastructurepublic policypulse pulsespulse submitpulses hostnamepushransomwareread creconnaissanceregional securityregulatory agenciesrelated pulsesrelated tagsremote accessremote access trojanremote servicesreport spamrequestresearchedreverse dnsreview datarobots contentrole titlerussiasamsungscript headscripting attackssearchsecurity operationsserversserviceshellexecuteexwskynetsmssms exploitsocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiessonyspamstatestate-promovedstate-sponsoredstatusstealerstreamsupply chain attackt1001t1003t1003.001t1003.004t1004t1005t1011t1016t1018t1019t1020t1021t1021.001t1021.006t1027t1030t1031t1036t1037t1037.003t1040t1041t1043t1045t1053t1055t1055.001t1056t1057t1059t1059.001t1059.004t1059.007t1060t1062t1064t1068t1069t1069.001t1070t1071t1071.001t1071.004t1076t1078t1078.004t1082t1084t1087t1088t1094t1096t1098t1105t1110t1110.002t1112t1113t1114.002t1119t1123t1129t1130t1133t1140t1143t1147t1156t1185t1187t1189t1190t1192t1193t1195t1196t1199t1202t1203t1204t1204.001t1204.002t1205t1210t1211t1212t1218.001t1480t1485t1486t1490t1491t1495t1496t1497t1497.001t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1547.001t1552t1553t1553.003t1553.004t1555t1556t1557t1562t1563.002t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1583.005t1584t1584.005t1585t1586t1587t1587.001t1587.003t1588t1589t1589.001t1590t1590.001t1591t1592t1593t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted malware campaigntargeted spyware campaigntargeted-attackstelecom servicestelecommunicationstelnet logintelnet roottelnet threattexiragthreat actorthreat intelligencetitletitle addedtofseetor nodetqbplotraffic maskingtrojan downloadertrojan malwaretwittertype indicatortypes ofukraineunitedunited statesunknown nsurlsverdictvulnerability scanweb application attackweb application exploitationweb attackweb exploitationweb securityweb trafficwhite labelwin32 malwarewindows malwarewindows ntwixwritex82xd4x86xd3xe8xc2x14xpiratyahooyandexzenboxzero click exploitzero-day exploitzipcode

Activity Timeline

1 total obs

Apr 6Apr 6

Threat Activity Heatmap

· Peak: 2026-04-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **cbtoo.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on July

Threat ScoreLow Risk

SIGNAL

Signal Score

36%

Confidence

Reports

First seenJul 8, 2025

Last seenApr 6, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: CSC Corporate Domains, Inc.
description: Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
domain rank: -1
raw: Creation Date: 1999-09-01T22:00:29Z DNSSEC: unsigned Domain Name: CBTOO.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-CLOUD-E1.GOOGLEDOMAINS.COM Name Server: NS-CLOUD-E2.GOOGLEDOMAINS.COM Name Server: NS-CLOUD-E3.GOOGLEDOMAINS.COM Name Server: NS-CLOUD-E4.GOOGLEDOMAINS.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 8887802723 Registrar IANA ID: 299 Registrar URL: http://cscdbs.com Registrar WHOIS Server: whois.corporatedomains.com Registrar: CSC Corporate Domains, Inc. Registry Domain ID: 9709677_DOMAIN_COM-VRSN Registry Expiry Date: 2025-09-01T22:00:29Z Updated Date: 2024-08-28T05:08:41Z
subdomains count: 1

`cbtoo.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy