{"id":880,"date":"2026-01-28T14:07:44","date_gmt":"2026-01-28T14:07:44","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/"},"modified":"2026-01-28T14:07:44","modified_gmt":"2026-01-28T14:07:44","slug":"who-operates-the-badbox-2-0-botnet","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/","title":{"rendered":"Who Operates the Badbox 2.0 Botnet?"},"content":{"rendered":"
\n

The cybercriminals in control of Kimwolf<\/strong> \u2014 a disruptive botnet that has infected more than 2 million devices \u2014 recently shared a screenshot indicating they\u2019d compromised the control panel for Badbox 2.0<\/strong>, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.<\/p>\n

Our first story of 2026, The Kimwolf Botnet is Stalking Your Local Network<\/a>, detailed the unique and highly invasive methods Kimwolf uses to spread. The story warned that the vast majority of Kimwolf infected systems were unofficial Android TV boxes that are typically marketed as a way to watch unlimited (pirated) movie and TV streaming services for a one-time fee.<\/p>\n

Our January 8 story, Who Benefitted from the Aisuru and Kimwolf Botnets?<\/a>, cited multiple sources saying the current administrators of Kimwolf went by the nicknames \u201cDort<\/strong>\u201d and \u201cSnow<\/strong>.\u201d Earlier this month, a close former associate of Dort and Snow shared what they said was a screenshot the Kimwolf botmasters had taken while logged in to the Badbox 2.0 botnet control panel.<\/p>\n

That screenshot, a portion of which is shown below, shows seven authorized users of the control panel, including one that doesn\u2019t quite match the others: According to my source, the account \u201cABCD<\/strong>\u201d (the one that is logged in and listed in the top right of the screenshot) belongs to Dort, who somehow figured out how to add their email address as a valid user of the Badbox 2.0 botnet.<\/p>\n

\"\"<\/a><\/p>\n

The control panel for the Badbox 2.0 botnet lists seven authorized users and their email addresses. Click to enlarge.<\/p>\n<\/div>\n

Badbox has a storied history that well predates Kimwolf\u2019s rise in October 2025. In July 2025, Google filed a \u201cJohn Doe\u201d lawsuit<\/a> (PDF) against 25 unidentified defendants accused of operating Badbox 2.0, which Google described as a botnet of over ten million unsanctioned Android streaming devices engaged in advertising fraud. Google said Badbox 2.0, in addition to compromising multiple types of devices prior to purchase, also can infect devices by requiring the download of malicious apps from unofficial marketplaces.<\/p>\n

Google\u2019s lawsuit came on the heels of a\u00a0June 2025 advisory<\/a>\u00a0from the\u00a0Federal Bureau of Investigation<\/strong>\u00a0(FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malware prior to the user\u2019s purchase, or infecting the device as it downloads required applications that contain backdoors \u2014 usually during the set-up process.<\/p>\n

The FBI said Badbox 2.0 was discovered after the original Badbox campaign<\/a> was disrupted in 2024. The original Badbox was identified in 2023, and primarily consisted of Android operating system devices (TV boxes) that were compromised with backdoor malware prior to purchase.<\/p>\n

KrebsOnSecurity was initially skeptical of the claim that the Kimwolf botmasters had hacked the Badbox 2.0 botnet. That is, until we began digging into the history of the qq.com email addresses in the screenshot above.<\/p>\n

CATHEAD<\/h2>\n

An online search for the address 34557257@qq.com<\/strong> (pictured in the screenshot above as the user \u201cChen<\/strong>\u201c) shows it is listed as a point of contact for a number of China-based technology companies, including:<\/p>\n

\u2013Beijing Hong Dake Wang Science & Technology Co Ltd.<\/strong>
\n\u2013Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.<\/strong>
\n\u2013Moxin Beijing Science and Technology Co. Ltd.<\/strong><\/p>\n

The website for Beijing Hong Dake Wang Science is asmeisvip[.]net<\/strong>, a domain that was flagged in a March 2025 report<\/a> by HUMAN Security<\/strong> as one of several dozen sites tied to the distribution and management of the Badbox 2.0 botnet. Ditto for moyix[.]com<\/strong>, a domain associated with Beijing Hengchuang Vision Mobile.<\/p>\n

A search at the breach tracking service Constella Intelligence<\/strong> finds 34557257@qq.com at one point used the password \u201ccdh76111<\/strong>.\u201d Pivoting on that password in Constella shows it is known to have been used by just two other email accounts: daihaic@gmail.com<\/strong> and cathead@gmail.com<\/strong>.<\/p>\n

Constella found cathead@gmail.com registered an account at jd.com (China\u2019s largest online retailer) in 2021 under the name \u201c\u9648\u4ee3\u6d77,\u201d which translates to \u201cChen Daihai<\/strong>.\u201d According to DomainTools.com<\/strong>, the name Chen Daihai is present in the original registration records (2008) for moyix[.]com, along with the email address cathead@astrolink[.]cn<\/strong>.<\/p>\n

Incidentally, astrolink[.]cn also is among the Badbox 2.0 domains identified in HUMAN Security\u2019s 2025 report<\/a>. DomainTools finds cathead@astrolink[.]cn was used to register more than a dozen domains, including vmud[.]net<\/strong>, yet another Badbox 2.0 domain tagged by HUMAN Security.<\/span><\/p>\n

XAVIER<\/h2>\n

A cached copy of astrolink[.]cn preserved at archive.org shows the website belongs to a mobile app development company whose full name is Beijing Astrolink Wireless Digital Technology Co. Ltd<\/strong>. The archived website reveals a \u201cContact Us\u201d page<\/a> that lists a Chen Daihai as part of the company\u2019s technology department. The other person featured on that contact page is Zhu Zhiyu<\/strong>, and their email address is listed as xavier@astrolink[.]cn<\/strong>.<\/p>\n

\"\"<\/p>\n

A Google-translated version of Astrolink\u2019s website, circa 2009. Image: archive.org.<\/p>\n<\/div>\n

Astute readers will notice that the user Mr.Zhu<\/strong> in the Badbox 2.0 panel used the email address xavierzhu@qq.com<\/strong>. Searching this address in Constella reveals a jd.com account registered in the name of Zhu Zhiyu. A rather unique password used by this account matches the password used by the address xavierzhu@gmail.com<\/strong>, which DomainTools finds was the original registrant of astrolink[.]cn.<\/p>\n

ADMIN<\/h2>\n

The very first account listed in the Badbox 2.0 panel \u2014 \u201cadmin,\u201d registered in November 2020 \u2014 used the email address 189308024@qq.com<\/strong>. DomainTools shows this email is found in the 2022 registration records for the domain guilincloud[.]cn<\/strong>, which includes the registrant name \u201cHuang Guilin<\/strong>.\u201d<\/p>\n

Constella finds 189308024@qq.com is associated with the China phone number 18681627767<\/strong>. The open-source intelligence platform osint.industries<\/strong> reveals this phone number is connected to a Microsoft profile created in 2014 under the name Guilin Huang (\u6842\u6797 \u9ec4)<\/strong>. The cyber intelligence platform Spycloud<\/strong> says that phone number was used in 2017 to create an account at the Chinese social media platform Weibo under the username \u201ch_guilin<\/strong>.\u201d<\/p>\n

\"\"<\/p>\n

The public information attached to Guilin Huang\u2019s Microsoft account, according to the breach tracking service osintindustries.com.<\/p>\n<\/div>\n

The remaining three users and corresponding qq.com email addresses<\/a> were all connected to individuals in China. However, none of them (nor Mr. Huang) had any apparent connection to the entities created and operated by Chen Daihai and Zhu Zhiyu \u2014 or to any corporate entities for that matter. Also, none of these individuals responded to requests for comment.<\/p>\n

The mind map below includes search pivots on the email addresses, company names and phone numbers that suggest a connection between Chen Daihai, Zhu Zhiyu, and Badbox 2.0.<\/p>\n

\"\"<\/a><\/p>\n

This mind map includes search pivots on the email addresses, company names and phone numbers that appear to connect Chen Daihai and Zhu Zhiyu to Badbox 2.0. Click to enlarge.<\/p>\n<\/div>\n

UNAUTHORIZED ACCESS<\/h2>\n

The idea that the Kimwolf botmasters could have direct access to the Badbox 2.0 botnet is a big deal, but explaining exactly why that is requires some background on how Kimwolf spreads to new devices. The botmasters figured out they could trick residential proxy services into relaying malicious commands to vulnerable devices behind the firewall on the unsuspecting user\u2019s local network.<\/p>\n

The vulnerable systems sought out by Kimwolf are primarily Internet of Things (IoT) devices like unsanctioned Android TV boxes and digital photo frames that have no discernible security or authentication built-in. Put simply, if you can communicate with these devices, you can compromise them with a single command.<\/p>\n

Our January 2 story<\/a> featured research<\/a> from the proxy-tracking firm Synthient<\/strong>, which alerted 11 different residential proxy providers that their proxy endpoints were vulnerable to being abused for this kind of local network probing and exploitation.<\/p>\n

Most of those vulnerable proxy providers have since taken steps to prevent customers from going upstream into the local networks of residential proxy endpoints, and it appeared that Kimwolf would no longer be able to quickly spread to millions of devices simply by exploiting some residential proxy provider.<\/p>\n

However, the source of that Badbox 2.0 screenshot said the Kimwolf botmasters had an ace up their sleeve the whole time: Secret access to the Badbox 2.0 botnet control panel.<\/p>\n

\u201cDort has gotten unauthorized access,\u201d the source said. \u201cSo, what happened is normal proxy providers patched this. But Badbox doesn\u2019t sell proxies by itself, so it\u2019s not patched. And as long as Dort has access to Badbox, they would be able to load\u201d the Kimwolf malware directly onto TV boxes associated with Badbox 2.0.<\/p>\n

The source said it isn\u2019t clear how Dort gained access to the Badbox botnet panel. But it\u2019s unlikely that Dort\u2019s existing account will persist for much longer: All of our notifications to the qq.com email addresses listed in the control panel screenshot received a copy of that image, as well as questions about the apparently rogue ABCD account.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The cybercriminals in control of Kimwolf \u2014 a disruptive botnet that has infected more than 2 million devices \u2014 recently shared a screenshot indicating they\u2019d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[521,522,523,354,524,525,526,114,527,528,529,90,530,414,531,532,357,409,533,534,425,136,145,535,536,537,538,539],"tags":[91],"class_list":["post-880","post","type-post","status-publish","format-standard","hentry","category-521","category-189308024qq-com","category-34557257qq-com","category-badbox-2-0","category-beijing-astrolink-wireless-digital-technology-co-ltd","category-beijing-hengchuang-vision-mobile-media-technology-co-ltd","category-beijing-hong-dake-wang-science-technology-co-ltd","category-breadcrumbs","category-catheadgmail-com","category-chen-daihai","category-constella-intelligence","category-cybersecurity","category-daihaicgmail-com","category-dort","category-federal-bureau-of-investigation","category-guilin-huang","category-human-security","category-internet-of-things-iot","category-moxin-beijing-science-and-technology-co-ltd","category-osint-industries","category-snow","category-spycloud","category-web-fraud-2-0","category-xavierzhugmail-com","category-xavierzhuqq-com","category-zhu-zhiyu","category-538","category-539","tag-cybersecurity"],"yoast_head":"\nWho Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Who Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"The cybercriminals in control of Kimwolf \u2014 a disruptive botnet that has infected more than 2 million devices \u2014 recently shared a screenshot indicating they\u2019d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-28T14:07:44+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Who Operates the Badbox 2.0 Botnet?\",\"datePublished\":\"2026-01-28T14:07:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\"},\"wordCount\":1468,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"18681627767\",\"189308024@qq.com\",\"34557257@qq.com\",\"BadBox 2.0\",\"Beijing Astrolink Wireless Digital Technology Co. Ltd\",\"Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.\",\"Beijing Hong Dake Wang Science & Technology Co Ltd.\",\"Breadcrumbs\",\"cathead@gmail.com\",\"Chen Daihai\",\"Constella Intelligence\",\"Cybersecurity\",\"daihaic@gmail.com\",\"Dort\",\"Federal Bureau of Investigation\",\"Guilin Huang\",\"HUMAN Security\",\"Internet of Things (IoT)\",\"Moxin Beijing Science and Technology Co. Ltd.\",\"osint.industries\",\"Snow\",\"SpyCloud\",\"Web Fraud 2.0\",\"xavierzhu@gmail.com\",\"xavierzhu@qq.com\",\"Zhu Zhiyu\",\"\u6842\u6797 \u9ec4\",\"\u9648\u4ee3\u6d77\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\",\"name\":\"Who Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png\",\"datePublished\":\"2026-01-28T14:07:44+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage\",\"url\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png\",\"contentUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Who Operates the Badbox 2.0 Botnet?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Who Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/","og_locale":"en_US","og_type":"article","og_title":"Who Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited","og_description":"The cybercriminals in control of Kimwolf \u2014 a disruptive botnet that has infected more than 2 million devices \u2014 recently shared a screenshot indicating they\u2019d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-01-28T14:07:44+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Who Operates the Badbox 2.0 Botnet?","datePublished":"2026-01-28T14:07:44+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/"},"wordCount":1468,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png","keywords":["Cybersecurity"],"articleSection":["18681627767","189308024@qq.com","34557257@qq.com","BadBox 2.0","Beijing Astrolink Wireless Digital Technology Co. Ltd","Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.","Beijing Hong Dake Wang Science & Technology Co Ltd.","Breadcrumbs","cathead@gmail.com","Chen Daihai","Constella Intelligence","Cybersecurity","daihaic@gmail.com","Dort","Federal Bureau of Investigation","Guilin Huang","HUMAN Security","Internet of Things (IoT)","Moxin Beijing Science and Technology Co. Ltd.","osint.industries","Snow","SpyCloud","Web Fraud 2.0","xavierzhu@gmail.com","xavierzhu@qq.com","Zhu Zhiyu","\u6842\u6797 \u9ec4","\u9648\u4ee3\u6d77"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/","name":"Who Operates the Badbox 2.0 Botnet? - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png","datePublished":"2026-01-28T14:07:44+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#primaryimage","url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png","contentUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/01\/badboxpanel.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/28\/who-operates-the-badbox-2-0-botnet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Who Operates the Badbox 2.0 Botnet?"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=880"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/880\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}