Hunting “Legit” Red Teams C2 Infrastructure

Doggo

There is legit looking website

https://facilities-awareness.]com

However, if you pay attention there is one interesting detail here. The website logo/name (Model/Remodel) is not matching with URL: facilities-awareness[.]com

facilities-awarness.com

Categorized as Real Estate according to Cisco Talos.

Let's investigate the domain and IP address.

Looks like the website is behind Amazon Cloudfront and the IP address is 13.249.22[.]98

Let's check the domain with VirusTotal. Fortinet is flagging the domain as malware.

VT Analysis