Redirectors proxy requests coming from the target back to our attack infrastructure.


  • Reusing IP addresses will immediately attract attention of someone on the blue team

  • If the IP address of a C2 server controlling dozens of machines on a target is blacklisted, we must be able to roll out a new server in a matter of seconds with a fresh IP to receive new connections, without interrupting ongoing jobs not subject to the IP ban.

  • We need to be able to serve multiple clients/targets. Too much from one IP address makes for suspicions.