📖 Overview
A domain-based indicator has been flagged as associated with potential payload delivery activity. The site masquerades as a paste service but has been observed in malicious campaigns. Confidence is assessed at 100%.
📌 Key Details
| Field | Information |
|---|---|
| Type | Domain |
| Indicator | paste.c-net[.]org |
| Threat Type | Payload Delivery |
| Malware | Unknown |
| Confidence | 100% |
| Date | 29 Sep 2025 – 16:31:01 UTC |
| Tags | None |
| Reporter | abuse_ch |
| Reference | MalwareBazaar Sample |
🔎 URLScan Result
- Verdict Score: 0
- Page Title: No Title
- Screenshot: View Screenshot
- Result: Full Scan Report
📡 Domain & Certificate Info
- DNS A Record: 20[.]100[.]184[.]134
📡 Related Intelligence
- Certificate Transparency: crt.sh Report
- VirusTotal Report: VirusTotal Domain Report
- URLScan Domain Overview: urlscan.io Domain Page
- DNS Analytics: dnslytics.com Report
🛡️ Defensive Guidance
- Block paste.c-net[.]org and associated IP (20[.]100[.]184[.]134) at DNS, proxy, and endpoint layers.
- Monitor for attempts to fetch payloads or scripts from paste services in your network traffic.
- Incorporate this domain into threat hunting queries focused on suspicious HTTP(S) requests to paste-style platforms.
- Track new infrastructure by monitoring similar domains in certificate transparency logs.
⚠️ This IOC highlights the continued abuse of pastebin-like services for payload delivery, often used by attackers to distribute malware in a low-profile manner.
![[Darknetlive Archive] Alphabay Vendor Amsterdoomed Faces Four Years in Prison](/content/images/size/w1304/format/webp/2025/09/darknetlive_32987479819467823-1.png)
