📖 Overview
A new domain-based indicator has been identified associated with payload delivery activity tied to the malware unknown_loader. This domain, advertised under the guise of a mobile advertising and monetization platform, poses a high-confidence threat to users and organizations.
📌 Key Details
Field | Information |
---|---|
Type | Domain |
Indicator | cpibot[.]com |
Threat Type | Payload Delivery |
Malware | unknown_loader |
Confidence | 90% |
Date | 27 Aug 2025 – 23:27:53 UTC |
Tags | Fake Software, fakeapp, Loader |
Reporter | pancak3lullz |
🔎 URLScan Result
- Verdict: 100
- Page Title: CPIBot – Mobile Ad Network – Buy App Installs – Advertise (DSP for Advertisers) & Monetise (SSP for Publishers) your Android, iOS & Web App
- Screenshot: View Screenshot
- Result: View URLScan Report
📡 Related Intelligence
- WHOIS Record: who.is/whois/cpibot.com
- VirusTotal Report: VirusTotal Domain Report
🛡️ Defensive Guidance
- Block
cpibot[.]com
at the network and endpoint level. - Monitor for suspicious connections that mimic mobile ad networks.
- Hunt for unknown_loader artifacts in endpoint telemetry.
- Review logs for traffic to suspicious DSP/SSP advertising infrastructure.