Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

347
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#dropcatchdomains

0 posts0 participants0 posts today
Public
Infoblox Threat Intel

Continued fun in mobile threats.. One of our analyst received these two different threats on her household Android phones on the same day.. usually Google does a pretty good job filtering them out, but failed here. These show two different #dns trends that we see in practice. The use of a shortener which redirects to an Amazon lookalike domain -- we often just see the lookalike in the message.

The amazon one led to amazonfey[.]co and the same actor had over 300 active lookalikes to Amazon and other services. These guys are fairly easy to track in DNS using fingerprinting. Blocking at DNS providers will help reduce where Google, Apple, and other service providers miss some.

The Wells Fargo / Apple alert used an old domain -- a "drop catch" that has been picked up by a threat actor. This might look obvious but people work on alarm -- if you have a Wells Fargo account and see a big charge, you might just click without thinking.

#dns #cybersecurity #InfobloxThreatIntel #Infoblox #dropCatchDomains #IOCs #threatIntel #cybercrime #lookalikes

ExploreLive feeds
About