Skip to content Dark Web Informer - Cyber Threat Intelligence
IOC

IOC Alert: unknown_loader Payload Delivery


📖 Overview

A new domain-based indicator has been identified associated with payload delivery activity tied to the malware unknown_loader. This domain, advertised under the guise of a mobile advertising and monetization platform, poses a high-confidence threat to users and organizations.


📌 Key Details

FieldInformation
TypeDomain
Indicatorcpibot[.]com
Threat TypePayload Delivery
Malwareunknown_loader
Confidence90%
Date27 Aug 2025 – 23:27:53 UTC
TagsFake Software, fakeapp, Loader
Reporterpancak3lullz

🔎 URLScan Result

  • Verdict: 100
  • Page Title: CPIBot – Mobile Ad Network – Buy App Installs – Advertise (DSP for Advertisers) & Monetise (SSP for Publishers) your Android, iOS & Web App
  • Screenshot: View Screenshot
  • Result: View URLScan Report


🛡️ Defensive Guidance

  • Block cpibot[.]com at the network and endpoint level.
  • Monitor for suspicious connections that mimic mobile ad networks.
  • Hunt for unknown_loader artifacts in endpoint telemetry.
  • Review logs for traffic to suspicious DSP/SSP advertising infrastructure.

Latest