ThreatFox IOC Database
You are viewing the ThreatFox database entry for domain msndla.com.
Database Entry
| IOC ID: | 1024554 |
|---|---|
| IOC: | msndla.com |
| IOC Type : | domain |
| Threat Type : | botnet_cc |
| Malware: | Cobalt Strike |
| Malware alias: | Agentemis, BEACON, CobaltStrike, cobeacon |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS15169 GOOGLE |
| Country: |  US |
| First seen: | 2022-11-27 16:10:54 UTC |
| Last seen: | 2026-06-10 14:22:10 UTC |
| UUID: | 1221f578-6e6e-11ed-8c16-42010aa4000a |
| Reporter |  drb_ra |
| Reward |
30 credits from |
| Tags: | CobaltStrike PONYNET |
drb_ra
Cobalt Strike Server FoundC2: HTTPS @ 107[.]189[.]6[.]139:443
C2 Server: msndla[.]com,/owa/,dev[.]msndla[.]com,/owa/,ms1[.]msndla[.]com,/owa/,backend[.]msndla[.]com,/owa/,routeoffice[.]msndla[.]com,/owa/
POST URI: /OWA/
Country: Luxembourg
ASN: PONYNET
Host Header: routeoffice[.]msndla[.]com