[jborak]

Our services were used for C2 as well. I investigated it a bit but eventually decided to just drop TCP forwarding from our free-tier and that reduced our abuse/malware reports for C2 over TCP to zero essentially.

One path I looked at was to use the VirusTotal API to help identify C2's that other security organizations were identifying and leverage that to automatically take down malicious TCP endpoints. I wrote some POCs but did not deploy them. It's something I plan on taking up again at some point next year.

[patricklorio]

Want to chat on discord? Maybe we could combine efforts to try and stop people abusing our services :). We have a few vendors sending us automated reports, maybe I could open it up for multiple projects.

feel free to give me a ping on https://discord.gg/AXAbujx @patrick.