← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Post-Sanction Persistence: Triad Nexus' Operations Infrastructure Reborn as Threat Actor Distances Activity from FUNNULL CDN
Triad Nexus, a cybercrime organization linked to extensive investment scams and brand impersonation, has evolved its operational security following 2025 U.S. Treasury sanctions. The group has implemented geographic fencing to obscure its operations from U.S. law enforcement, alongside laundering its infrastructure through account muling and establishing a rotating network of clean front companies. This criminal network has reportedly caused over $200 million in losses globally, primarily through sophisticated scams such as pig-butchering and fraudulent virtual currency schemes, averaging $150,000 in losses per victim.
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | alicdn9858.com | — | 2026-04-17 | |
| domain | attackcdn.com | — | 2026-04-17 | |
| domain | cdn1.ai | — | 2026-04-17 | |
| domain | cdn5.com | — | 2026-04-17 | |
| domain | cdn899.com | — | 2026-04-17 | |
| domain | cdnbl.com | — | 2026-04-17 | |
| domain | ddge.ru | — | 2026-04-17 | |
| domain | dns888.xyz | — | 2026-04-17 | |
| domain | dnycdn.com | — | 2026-04-17 | |
| domain | fc686.xyz | — | 2026-04-17 | |
| domain | fn01.vip | — | 2026-04-17 | |
| domain | fn02.vip | — | 2026-04-17 | |
| domain | fn03.vip | — | 2026-04-17 | |
| domain | funnull.org | — | 2026-04-17 | |
| domain | funnull.vip | — | 2026-04-17 | |
| domain | funnull301.com | — | 2026-04-17 | |
| domain | funnull6.com | — | 2026-04-17 | |
| domain | iiauuw.com | — | 2026-04-17 | |
| domain | kanejwo.com | — | 2026-04-17 | |
| domain | smaooe.com | — | 2026-04-17 | |
| domain | tripdsdvjea.com | — | 2026-04-17 | |
| domain | vietnampost.vn | — | 2026-04-17 |
References (1)