THREATNOIR
Subscribe
Back to Feed
MalwareJun 9, 2026

Botnet C2 tied to an unidentified #malware family trying to hide as FortiGate device 😜 🌐Domain...

Botnet C2 infrastructure masquerading as FortiGate device discovered with malware samples.

Read at source

Summary

Security researchers identified a botnet command-and-control server using the domain az2030port.duckdns.org and IP 178.16.55.28:2030 that attempts to disguise itself as a FortiGate device by using a forged SSL certificate. The infrastructure is linked to an unidentified malware family and is hosted by Omegatech LTD in the Netherlands. Multiple malware samples associated with this C2 network have been documented.

Indicators of Compromise

  • domain — az2030port.duckdns.org
  • ip — 178.16.55.28

Entities

FortiGate (product)Fortinet (vendor)DuckDNS (technology)