toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

381
active users

#dns

24 posts22 participants1 post today

One of our researchers recently received a text from an unknown number saying they were eligible to receive a full refund for an Amazon order. The message contained a link to a URL on t[.]co, Twitter/X's link shortener. Clicking the link led to the domain 267536[.]cc, which hosted an Amazon phishing page.

From this lead, we were able to find many more domains hosting the same content. The actor registering the domains seems to like .cc, the country code TLD for the Cocos Islands.

Sample of the domains:
236564[.]cc
267536[.]cc
671624[.]cc
687127[.]cc
319632[.]cc

📣 𝐋𝐚𝐚𝐭𝐬𝐭𝐞 𝐩𝐥𝐚𝐚𝐭𝐬𝐞𝐧 𝐒𝐈𝐃𝐍 𝐓𝐞𝐜𝐡𝐓𝐚𝐥𝐤! Wees er snel bij voor een avond met 2 interessante sprekers: Rejo Zengers (Bits of Freedom) over de controversiële Europese verordening Chat Control en Willem Toorop (NLnet Labs) over het DNS-recordtype DELEG. Uiteraard is er ook ruimte voor vragen en discussie.

Meld je gratis aan en geniet van een gratis maaltijd vooraf en een borrel na afloop. meetup.com/sidn-techtalk/event

MeetupSIDN TechTalk - 15 april 2025, Tue, Apr 15, 2025, 6:00 PM | MeetupOp dinsdag 15 april organiseren we weer een nieuwe TechTalk! Ook dit keer hebben we 2 interessante sprekers én een lekkere maaltijd. Laat je inspireren en kom op 15 april n
#SIDN#techtalk#tech

🔍 Exploring Domain Generation Algorithms (DGAs) in Malware 🔍

Domain Generation Algorithms (DGAs) enable malware to change its domain dynamically. Below is an article I wrote years ago, which explains the difference between seed based and dictionary based algorithms.

malwareandstuff.com/dgas-gener

Malware and Stuff · DGAs – Generating domains dynamicallyA domain generation algorithm is a routine/program that generates a domain dynamically. Think of the following example: An actor registers the domain evil.com. The corresponding backdoor has this d…

Access to domain registration data is neither timely nor uniform. In today's Interisle Insights post, Colin Strutt shares the challenges that law enforcement, first responders, and researchers face in collecting even the “non contact registration data” elements to identify where cybercriminals acquire resources for their attacks.

interisle.substack.com/p/limit

Interisle Insights · Limiting Access to Domain Registration DataBy Interisle Consulting Group
#whois#gdpr#rdap
Replied in thread

@DoctorBrodsky @woe2you @miah given #Quad9 bowed before the #Contentmafia and censored #DNS requests, I'll continue to recommend using #OpenNIC's Servers instead

94.103.153.176 & 2a02:990:219:1:ba:1337:cafe:3 as well as
144.76.103.143 & 2a01:4f8:192:43a5::2

  • If you only add a single #IPv4 address, no #IPv6 resolution will take place over said provider or worse even no IPv6 connectivity at all...

I merely retain quad9 on said list for archival purposes. I Yeeted #CloudFlare aka. #ClownFlare since they are a #RogueISP!

Un mouvement facho essaye de prendre le contrôle de l'équivalent de l'#AFNIC en Nouvelle-Zélande : feijoadispatch.nz/p/free-speec

2600 personnes ont pris une adhésion récemment (alors qu'il n'y avait que 400 adhérents récemment), dans l'idée de prendre le contrôle de l'organisation, pour lutter contre un changement de statuts qui indiquerait une volonté de combattre le racisme entre autres…

Feijoa Dispatch · Free Speech Union plans hostile takeover of InternetNZBy Byron Clark

Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware.

Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments.

One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.

Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.

Block these:

user2ilogon[.]es
viewer-ssa-gov[.]es
wellsffrago[.]com
nf-prime[.]com
deilvery-us[.]com
wllesfrarqo-home[.]com
nahud[.]com.

#dns #lookalikes #lookalikeDomain #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel #infosec #pdns #malware #scam #ssa