{ "type": "Domain", "indicator": "cdnbl.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/cdnbl.com", "alexa": "http://www.alexa.com/siteinfo/cdnbl.com", "indicator": "cdnbl.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4316167697, "indicator": "cdnbl.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69e95aa76cef96a2cbd889bd", "name": "EbeeApril2026 Pt6", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-22T23:04:42.859000", "created": "2026-04-22T23:32:55.340000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "yara" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "JitterDropper, FudCrypt, Janela RAT, PowMix, STAX RAT, Kyber Ransomware", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 49, "CIDR": 6, "CVE": 3, "FileHash-MD5": 125, "FileHash-SHA1": 115, "FileHash-SHA256": 191, "domain": 227, "email": 2, "hostname": 23 }, "indicator_count": 741, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e2859f161ed33fb1c106f4", "name": "Post-Sanction Persistence: Triad Nexus' Operations Infrastructure Reborn as Threat Actor Distances Activity from FUNNULL CDN", "description": "Triad Nexus, a cybercrime organization linked to extensive investment scams and brand impersonation, has evolved its operational security following 2025 U.S. Treasury sanctions. The group has implemented geographic fencing to obscure its operations from U.S. law enforcement, alongside laundering its infrastructure through account muling and establishing a rotating network of clean front companies. This criminal network has reportedly caused over $200 million in losses globally, primarily through sophisticated scams such as pig-butchering and fraudulent virtual currency schemes, averaging $150,000 in losses per victim.", "modified": "2026-04-17T19:10:23.886000", "created": "2026-04-17T19:10:23.886000", "tags": [ "triad nexus", "cname", "cname chain", "funnull", "cname domain", "lookup", "amazon", "funnull cdn", "silent push", "amazon ips", "april", "nexus", "front", "bank", "june", "tiffany", "tools", "global", "tron", "error", "silent", "push" ], "references": [ "https://www.silentpush.com/blog/triad-nexus-funnull-2026/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1568.001", "name": "Fast Flux DNS", "display_name": "T1568.001 - Fast Flux DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" } ], "industries": [ "Retail", "Technology", "Finance" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 22 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 544, "modified_text": "47 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.silentpush.com/blog/triad-nexus-funnull-2026/", "IOCs.2026.csv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "JitterDropper, FudCrypt, Janela RAT, PowMix, STAX RAT, Kyber Ransomware" ], "malware_families": [], "industries": [ "Finance", "Technology", "Retail" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69e95aa76cef96a2cbd889bd", "name": "EbeeApril2026 Pt6", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-05-22T23:04:42.859000", "created": "2026-04-22T23:32:55.340000", "tags": [ "filehashsha256", "filehashmd5", "filehashsha1", "yara" ], "references": [ "IOCs.2026.csv" ], "public": 1, "adversary": "JitterDropper, FudCrypt, Janela RAT, PowMix, STAX RAT, Kyber Ransomware", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 49, "CIDR": 6, "CVE": 3, "FileHash-MD5": 125, "FileHash-SHA1": 115, "FileHash-SHA256": 191, "domain": 227, "email": 2, "hostname": 23 }, "indicator_count": 741, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e2859f161ed33fb1c106f4", "name": "Post-Sanction Persistence: Triad Nexus' Operations Infrastructure Reborn as Threat Actor Distances Activity from FUNNULL CDN", "description": "Triad Nexus, a cybercrime organization linked to extensive investment scams and brand impersonation, has evolved its operational security following 2025 U.S. Treasury sanctions. The group has implemented geographic fencing to obscure its operations from U.S. law enforcement, alongside laundering its infrastructure through account muling and establishing a rotating network of clean front companies. This criminal network has reportedly caused over $200 million in losses globally, primarily through sophisticated scams such as pig-butchering and fraudulent virtual currency schemes, averaging $150,000 in losses per victim.", "modified": "2026-04-17T19:10:23.886000", "created": "2026-04-17T19:10:23.886000", "tags": [ "triad nexus", "cname", "cname chain", "funnull", "cname domain", "lookup", "amazon", "funnull cdn", "silent push", "amazon ips", "april", "nexus", "front", "bank", "june", "tiffany", "tools", "global", "tron", "error", "silent", "push" ], "references": [ "https://www.silentpush.com/blog/triad-nexus-funnull-2026/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1568.001", "name": "Fast Flux DNS", "display_name": "T1568.001 - Fast Flux DNS" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1586", "name": "Compromise Accounts", "display_name": "T1586 - Compromise Accounts" } ], "industries": [ "Retail", "Technology", "Finance" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 22 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 544, "modified_text": "47 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "cdnbl.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "cdnbl.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780518747.9947128 }