Status of - is it malicious or non malicious?

This site is found in many malware communication. So we are writing this post to clear the mist that it is not malicious. Please refer the below status from the security researcher community and look at the conclusion section for our comments.

Comments from security researchers: is being used by malware C&C. As of the date of this post, the site itself is not currently malicious, instead it is being abused by malicious software.

To find related malware which at some point makes use of this API, use virustotal's search feture and enter these into it. Do not visit these sites with your browser!!! 

Many ransomware families used this public API to collect or gather the IP address of the infected machines aka victim machine details. But in many real world applications using this public API for legitimate purpose. So it can't be blocked. But keep an eye on this API and check for what it is used in your network.

Post made by


Popular Posts