Attackers can use *.repl.co to host their phishing websites.
Command and Control
Attackers can use a customized subdomain of repl.co as their C&C server.
Attackers can add upload functionalities hosted on *.repl.co and exfiltrate data on there.
Attackers can host their malicious tools on an external provider and then use *.repl.co to fetch the files.
Last Update: 2022-01-20