{ "type": "Domain", "indicator": "dvrinside.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/dvrinside.net", "alexa": "http://www.alexa.com/siteinfo/dvrinside.net", "indicator": "dvrinside.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4166205659, "indicator": "dvrinside.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6947aab59d9ecdfe392a8878", "name": "Aisuru botnet: Early October attacks escalate into record-setting DDoS activity", "description": "The Aisuru botnet, a notably advanced Internet of Things (IoT)-based threat, has rapidly expanded to approximately 500,000 compromised devices, doubling in size within a month. The botnet employs a multifaceted infection strategy, which may include a firmware supply-chain compromise, to grow its network. By late October 2025, Aisuru had executed one of the largest and most sustained DDoS (Distributed Denial of Service) attacks on record, detected by Cloudflare. The attack involved a diverse array of devices, such as routers, DVRs, internet-connected cameras, and firewall appliances.\n\nCloudflare's analysis highlights a significant surge in hyper-volumetric DDoS attacks, primarily characterized by UDP (User Datagram Protocol) flood techniques. The DDoS attack record escalated dramatically from 4.2 Tbps in October 2024 to an unprecedented 29.7 Tbps just a year later-a staggering increase of 707%.", "modified": "2026-01-20T08:04:26.478000", "created": "2025-12-21T08:07:17.529000", "tags": [ "october", "cloudflare", "aisuru", "ddos", "tbps", "september", "ddos attack", "aisuru botnet", "http", "internet", "snow", "sha256 hash", "encryption key", "host artifact", "main", "domain", "initial c2", "rc4 key", "xor key", "c2 ips", "dns txt", "malware" ], "references": [ "https://www.cloudflare.com/en-au/threat-intelligence/research/report/aisuru-botnet/" ], "public": 1, "adversary": "Aisuru", "targeted_countries": [], "malware_families": [ { "id": "Aisuru", "display_name": "Aisuru", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1498.001", "name": "Direct Network Flood", "display_name": "T1498.001 - Direct Network Flood" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" } ], "industries": [ "Telecommunications", "Information Technology", "Gaming" ], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 5, "domain": 7, "hostname": 21, "URL": 1 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.cloudflare.com/en-au/threat-intelligence/research/report/aisuru-botnet/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Aisuru" ], "malware_families": [ "Aisuru" ], "industries": [ "Information technology", "Telecommunications", "Gaming" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6947aab59d9ecdfe392a8878", "name": "Aisuru botnet: Early October attacks escalate into record-setting DDoS activity", "description": "The Aisuru botnet, a notably advanced Internet of Things (IoT)-based threat, has rapidly expanded to approximately 500,000 compromised devices, doubling in size within a month. The botnet employs a multifaceted infection strategy, which may include a firmware supply-chain compromise, to grow its network. By late October 2025, Aisuru had executed one of the largest and most sustained DDoS (Distributed Denial of Service) attacks on record, detected by Cloudflare. The attack involved a diverse array of devices, such as routers, DVRs, internet-connected cameras, and firewall appliances.\n\nCloudflare's analysis highlights a significant surge in hyper-volumetric DDoS attacks, primarily characterized by UDP (User Datagram Protocol) flood techniques. The DDoS attack record escalated dramatically from 4.2 Tbps in October 2024 to an unprecedented 29.7 Tbps just a year later-a staggering increase of 707%.", "modified": "2026-01-20T08:04:26.478000", "created": "2025-12-21T08:07:17.529000", "tags": [ "october", "cloudflare", "aisuru", "ddos", "tbps", "september", "ddos attack", "aisuru botnet", "http", "internet", "snow", "sha256 hash", "encryption key", "host artifact", "main", "domain", "initial c2", "rc4 key", "xor key", "c2 ips", "dns txt", "malware" ], "references": [ "https://www.cloudflare.com/en-au/threat-intelligence/research/report/aisuru-botnet/" ], "public": 1, "adversary": "Aisuru", "targeted_countries": [], "malware_families": [ { "id": "Aisuru", "display_name": "Aisuru", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" }, { "id": "T1498.001", "name": "Direct Network Flood", "display_name": "T1498.001 - Direct Network Flood" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" } ], "industries": [ "Telecommunications", "Information Technology", "Gaming" ], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 5, "FileHash-SHA256": 5, "domain": 7, "hostname": 21, "URL": 1 }, "indicator_count": 44, "is_author": false, "is_subscribing": null, "subscriber_count": 539, "modified_text": "131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "dvrinside.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "dvrinside.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780248637.2636786 }