Sekoia.io A.I CyberSecurity Scoring
Sekoia.io
Company Information
Website:http://www.sekoia.io/en
Employees number:135
Number of followers:22,937
NAICS:541514
Industry Type:Computer and Network Security
Homepage:sekoia.io
Sekoia.io Risk Score (AI oriented)
Between 700 and 749
Sekoia.ioComputer and Network Security
Updated:
02/04/2026
02/04/2026
723/1000
Moderate
Ba
Sekoia.io Global Score (TPRM)
xxxx
Sekoia.ioComputer and Network Security
Score locked

Sekoia.ioModerate
Current Score
723Ba (MODERATE)
01000
2 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
726
JUNE 2026
726
MAY 2026
724
APRIL 2026
724
MARCH 2026
723
FEBRUARY 2026
721
JANUARY 2026
742
Cyber Attack
30 Jan 2026 • Sekoia.io
Let's Encrypt and Regway: Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed
TOXICSNAKE Malware Campaign Exploiting Fake Education Domains
721
HIGH-21
SEKLET1769769766
Sophisticated Malware Campaign Exploits Fake Education Domains in TOXICSNAKE Operation
Security researchers have exposed a advanced traffic distribution network (TDS) leveraging deceptive education-themed domains to distribute malware and phishing attacks. Dubbed TOXICSNAKE, the operation mimics legitimate university and educational institution branding to exploit user trust, serving as an effective social engineering vector for cybercriminals running malware-as-a-service schemes.
The attack employs a multi-stage delivery mechanism, beginning with fake educational portals that execute obfuscated JavaScript upon user visits. The first-stage loader decodes a remote URL, injects malicious code, and sets a one-time execution flag in browser storage to evade repeated detections. Researchers at Macs-Hit traced the infrastructure after analyzing a JavaScript loader from toxicsnake-wifes[.]com, a TDS node that routes victims to different payloads based on location, device, and browser data.
While second-stage payloads faced HTTP 504 errors during analysis suggesting inactive or blocked upstream infrastructure the campaign appears to be part of a coordinated cluster of domains sharing identical operational patterns. Related domains include pasangiklan[.]top, asangiklan[.]top, ourasolid[.]com, refanprediction[.]shop, and xelesex[.]top, all using education-themed branding and similar infrastructure.
The operation relies on bulletproof hosting from HZ Hosting Ltd (ASN AS202015), known for permissive abuse policies. Domains are registered with disposable WHOIS data and use Regway nameservers, a tactic common among CIS-region cybercriminals. All domains resolve to IPs within the 185.33.84.0/23 netblock, with each assigned a dedicated IP to evade broad blocking.
To further evade detection, attackers use Let’s Encrypt TLS certificates (valid for 90 days) for rapid domain rotation. The obfuscated JavaScript loader also employs tokenization to generate unique session IDs, ensuring security sandboxes receive benign content while real victims are served malicious payloads.
INCIDENT DETAILS -
TYPE
MOTIVATION
REFERENCES
DECEMBER 2025
741
NOVEMBER 2025
741
OCTOBER 2025
741
SEPTEMBER 2025
740
AUGUST 2025
740
SEPTEMBER 2024
751
Cyber Attack
01 Sep 2024 • Sekoia.io
Sekoia
Evolution of Quad7 Botnet Targets SOHO Devices
734
CRITICAL-17
SEK000091524
Sekoia uncovered the evolution of the Quad7 botnet, which now targets new SOHO devices with stealthier tactics to evade detection. The botnet has compromised various routers and VPN appliances by exploiting vulnerabilities, some of which were previously unknown. The Quad7 operators have refined their methods, transitioning from open SOCKS proxies to using the KCP protocol over UDP for communication to further conceal their activities. Despite no direct reports of data compromise, the botnet's capacity for distributed brute-force attacks presents significant risks, including potential unauthorized access to Microsoft 365 accounts and control over infected devices possibly leading to data breaches or other serious security incidents in the future.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Sekoia.io ??
What was Sekoia.io's A.I Rankiteo Cyber Score in June 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in May 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in April 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in March 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in February 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in January 2026 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in December 2025 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in November 2025 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in October 2025 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in September 2025 ??
What was Sekoia.io's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Sekoia.io's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Sekoia.io ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Sekoia.io's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?