toad.social

Infoblox Threat IntelThis week, we encountered a new phishing campaign utilizing the Tycoon 2FA Phishing-as-a-Service (PhaaS) to bypass multifactor authentication (MFA).The RDGA domains have Russian TLDs but are hosted on CloudFlare infrastructure. We have been seeing them use shared infrastructure for a few months now, definitely trying to make detection more challenging. They continue to obfuscate every piece of code but have updated their verification page. Previously, we always saw their custom Cloudflare Turnstile page, but now they also use a new captcha challenge, as shown below.(You can also check it here <a href="https://urlscan.io/result/0195ed8b-7a48-7348-a814-0a058571b51e/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://urlscan.io/result/0195ed8b-7a48-7348-a814-0a058571b51e/</a> ) Their old Cloudflare Turnstile page seems to still be their favorite, even though they now change their message more frequently: "Checking response before request" or "Tracking security across platform" are some of the new messages they use. Here is a sample of the hundreds of domains we are detecting: womivor[.]ru nthecatepi[.]ru toimlqdo[.]ru dantherevin[.]ru xptdieemy[.]ru<a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/domains" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#domains</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhaaS</a> <a href="https://infosec.exchange/tags/tycoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tycoon</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/2MFABypass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2MFABypass</a>

Infoblox Threat IntelOne of our researchers recently received a text from an unknown number saying they were eligible to receive a full refund for an Amazon order. The message contained a link to a URL on t[.]co, Twitter/X's link shortener. Clicking the link led to the domain 267536[.]cc, which hosted an Amazon phishing page.From this lead, we were able to find many more domains hosting the same content. The actor registering the domains seems to like .cc, the country code TLD for the Cocos Islands.Sample of the domains: 236564[.]cc 267536[.]cc 671624[.]cc 687127[.]cc 319632[.]cc<a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sms</a> <a href="https://infosec.exchange/tags/smishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#smishing</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a>

Infoblox Threat IntelMalicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware. Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments. One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records. Block these:user2ilogon[.]es viewer-ssa-gov[.]es wellsffrago[.]com nf-prime[.]com deilvery-us[.]com wllesfrarqo-home[.]com nahud[.]com. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/ssa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssa</a>

Infoblox Threat IntelWe published a blog yesterday about a PhaaS and phishing kit that employs DoH and DNS MX records to dynamically serve personalized phishing content. It also uses adtech infrastructure to bypass email security and sends stolen credentials to various data collection spaces, such as Telegram, Discord, and email. <a href="https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/</a><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/doh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#doh</a> <a href="https://infosec.exchange/tags/mx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mx</a> <a href="https://infosec.exchange/tags/adtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adtech</a> <a href="https://infosec.exchange/tags/obfuscation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#obfuscation</a> <a href="https://infosec.exchange/tags/phaas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phaas</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/phishingkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishingkit</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wordpress</a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#spam</a> <a href="https://infosec.exchange/tags/telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telegram</a> <a href="https://infosec.exchange/tags/discord" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#discord</a> <a href="https://infosec.exchange/tags/morphingmeerkat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#morphingmeerkat</a>

Infoblox Threat IntelLast week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens. Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies. Here are a few samples of the domains:- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil. - creo--ia[.]com Lookalike for an industrial fabrication firm in WA State. - admiralsmetal[.]com Lookalike for US based metals provider. - ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor. - elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/dod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dod</a>

Infoblox Threat IntelFor one reason or another, some domain registrars seem to attract threat actors. This leads to domains registered through these registrars having higher associated risk. Unlike TLD reputation scores, which are fairly consistent from month to month, registrar reputation scores can vary quite a bit month to month. In fact, this month's riskiest registrar, Dominit (HK) Ltd., increased from a score of 7 to 9 and jumped a whopping 29 spots to reach #1.An explanation and minimum-working-example of our reputation algorithm can be found here: <a href="https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/</a><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Infoblox Threat IntelFake support scammers, regardless of the initial ruse, typically trick victims into installing remote access tools, often describing it as a security or verification check. Many use ConnectWise ScreenConnect, a legitimate tool, hosted on their own domains. They may even jazz things up with custom branding, sometimes changing the brand during the lifetime of the domain, though they really need to avoid heavily compressed images - that fake Apple support site looks janky! Helpfully these scammers seem to follow a standard process for the DNS, allowing us to identify their consistencies: - Registration through NameSilo - Protection provided by Cloudflare - Alphanumeric RDGA domains favouring TLDs '.cfd', '.sbs', '.top' and '.xyz'* - Keyword RDGA domains, using words like 'care', 'help' and 'support', with TLDs '.help', '.live' and '.online' Recent examples: - 'cmonline[.]help' - 'jxcr-ui1[.]top' - 'jdsfrw-11[.]top' - 'ntfre-8e[.]xyz' - 'wlop10[.]top' * We're working with our friends at XYZ.com to take down offending domains using TLDs under their control. <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/supportscam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supportscam</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a>

Infoblox Threat IntelLast week, we discussed the riskiest TLDs of March. Our reputation algorithm is generic, meaning it can be applied to virtually *any* type of data (read more here: <a href="https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/</a>). This time, we'll take a look at the riskiest mail servers we've identified this month. Top of the list? all-harmless[.]domains -- the irony isn't lost on anyone. These mail servers attract phishing actors like honey does flies -- serving such lovely domains as bbva-web-soporte[.]com and kutxabank-movil-app[.]com. Additionally, we've identified one FunNull / Polyfill domain (69558[.]vip) using both baidu[.]com and shifen[.]com mail servers.<a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Infoblox Threat IntelThreat actors often have their favorite TLDs. This month we've found the following TLDs to have the highest risk. The top 5 retain their spot from last month, with the TLD .bond topping the chart with a risk score of 10. This is rare and only happens when the percentage of risky domains is at least 4.5 standard deviations above the mean. Congratulations, I guess?An explanation and minimum-working-example of our reputation algorithm can be found here: <a href="https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/reliable-reputation-scoring/</a><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Infoblox Threat IntelWe're currently tracking crypto, recruitment, and task scams that all share the same site structure, keeping their template designers busy 24/7, and appearing on thousands of fresh domains daily. While you may be familiar with their modus operandi, please take a moment to inform your less security-savvy friends and family with the warning signs: - Distributed via unsolicited job offers (more on this topic soon) and 'make money online' social media groups—sometimes even shared by other victims, including people you know, in the hope of increasing their earnings via referral bonuses. - Promise high returns with seemingly little to no effort or risk, almost certainly too good to be true. - Often abuse well-known brands to appear legitimate, with recent campaigns mimicking Adidas, Lidl and Macy's, among others. - Start with requests for small payments that increase as the perceived earnings grow, with most transactions using the cryptocurrency Tether (USDT), a stablecoin linked to the US dollar. - Scam domains are sometimes lookalikes, mimicking the legitimate brand, combined with numbers or generic terms like 'invest' or 'vip'. Scammers typically create a sense of urgency and pressure victims into acting quickly without thinking. Many will fall into the sunk cost fallacy, being made to feel that investing one more time will allow them to get their promised reward. The outcome can be devastating, with victims often reported as losing their life savings, racking up debts, and even unwittingly convincing other family members to participate in the scam. Recently observed examples of these shared structure investment scams have used lookalike domains registered through Alibaba and protected by Cloudflare: - `adidaso[.]top` - `macys[.]name` - `lidl02-vip[.]com`<a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/investment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#investment</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a>

Infoblox Threat IntelA huge body of work coming from a 1.9TB data leak around crypto scams began dropping this week. There are 32 news organizations involved including our friends at Qurium. We're going to compare notes and see how our previous reporting on crypto scams align with theirs, though we did see in one of the several pieces the names of two Vextrio companies. So that's fun. This page has several independent pieces in it so you do have to poke about to get everything. More pieces will be released in the coming days. <a href="https://www.qurium.org/scam-empire/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.qurium.org/scam-empire/</a> <a href="https://www.occrp.org/en/project/scam-empire/scam-empire-inside-a-merciless-international-investment-scam" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.occrp.org/en/project/scam-empire/scam-empire-inside-a-merciless-international-investment-scam</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/InfobloxThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfobloxThreatIntel</a> <a href="https://infosec.exchange/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crypto</a>

Renée BurtonSurvey says.. it's a scam! Here is the second in my blog series on the user experience of malicious adtech. This time focusing on gift card and survey scams. Bad dudes create endless webs to entrap users and take advantage of people's hope for a better life. Stealing money via scams ilke these is no different than via a phishing link. <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/InfobloxThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfobloxThreatIntel</a> <a href="https://infosec.exchange/tags/vextrio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vextrio</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/adtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adtech</a> <a href="https://blogs.infoblox.com/threat-intelligence/survey-says-its-a-scam/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/survey-says-its-a-scam/</a>

Infoblox Threat IntelWhile everyone is enjoying Carnival in Brazil, threat actors are still out there trying to lure people into their traps. We have found a cluster of lookalikes to the Brazilian DMV office (DETRAN in Portuguese). We observed at least two instances where they were impersonating the DMV office for the Brazilian states of Paraná and Maranhão. The actor(s) create domains with the same label, but on several different TLDs (mostly highly abused). Here are some examples of what they look like. consultes-seu-debitos2025.<space|site|shop|cloud> debitos-sp-2025.<club|com|lat|net|online|store|xyz> de3trasn2025.<click|fun|life|online|xyz> departamentodetran2025.<click|icu|lat> detran2025.<click|icu|lat|sbs> l1cenciamento-detran2025.<click|icu|lat|sbs> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/</a> <a href="https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/</a>

Infoblox Threat IntelTelegram users BOLO for suspicious links posing as terms of service violation notices! We've observed over 4,000 domains in the past week attempting to trick users into granting web access to their accounts. How it works: - Presents itself in either Chinese, English, Japanese, Korean, Spanish, Vietnamese, German, Dutch or Thai depending on your browser language - Prompts you to enter your phone number and triggers sending a legit login code to your phone using a modified version of the Telegram WebK - Entering the login code allows the threat actor to authenticate to your account under the guise of a 'Telegram Security Check' - These domains are propagated within Telegram itself, with victims unwittingly sending links to their contacts. Domain indicators: - Uses niche-oriented and commonly abused TLDs like '.auction', '.beer' and '.boutique' instead of traditional TLDs* - Domains are registered through Dynadot or West[.]cn and protected by Cloudflare - Mix of random RDGA-like domains, along with homoglyph and jumbled versions of 'Telegram' Examples: - `telegrom[.]tax` - `telegreet[.]bar` - `qwvlftokhc[.]club` The motive remains unclear but likely involves collecting sensitive data for later exploitation. * Big thanks to XYZ.COM LLC for their prompt response to our takedown request, some 4k domains using TLDs under their control have been suspended. <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#telegram</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a>

Infoblox Threat IntelA large-scale operation of fake online stores is running wild, bulk-registered through Alibaba Cloud and shielded by Cloudflare. These aren’t just random scams—they’re coordinated, automated, and built on WordPress with WooCommerce, making them look and feel like legitimate shops. Stores like micorders[.]com and familydailyitems[.]com don’t work alone. They rely on a shady payment redirection chain, bouncing transactions through sketchy processors like adelaytoung[.]com and oscarkitto[.]com before vanishing with your cash. The core of this operation is a network of fraudulent store domains, the real indicators of compromise: pexer[.]store, pinor[.]store, rilon[.]store, falix[.]store, toxil[.]store, uvixy[.]store, sytox[.]store, kyxon[.]store, zizzy[.]store These sites use off-the-shelf e-commerce tools to appear trustworthy, but behind the scenes, they’re engineered for fraud. If a deal looks too good to be true… it probably is. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fraud</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/InfobloxThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfobloxThreatIntel</a>

Infoblox Threat IntelCriminal organizations are doubling down on malicious adtech to enable delivery of fake applications, malware, credential theft, and more -- not to mention the ability to circumvent enterprise security controls AND target victims with custom content: <a href="https://blogs.infoblox.com/threat-intelligence/the-hidden-dangers-of-malicious-adtech/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/the-hidden-dangers-of-malicious-adtech/</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/adtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adtech</a>

Infoblox Threat IntelWe use the term Registered DGA in a different way than a traditional DGA since they serve a different purpose. We've created this cheatsheet to help you understand why we make the distinction. Tell us what you think and if there are any terms you would like explained!<a href="https://infosec.exchange/tags/rdga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rdga</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/ds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ds</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a>

Infoblox Threat IntelLumma Stealer is currently one of the most popular malware. Campaigns involving this info stealer have a notable presence in DNS. We’ve been tracking a threat actor that deploys large number of domains to advertise file share links dropping Lumma Stealer. These campaigns are interesting because the actor uses traffic distribution system (TDS), cloaking, and web tracking technology (e.g. Matomo, Bablosoft) to hide and protect the malicious content. Here are recent examples of the TDS and landing page domains. :::TDS + Cloaking::: am4[.]myidmcrack[.]site bjnhuy[.]shop filefetch[.]click mplopop[.]shop oyoclean[.]sbs psldi3z[.]com readyf1[.]click volopi[.]cfd :::Landing Page::: 14redirect[.]cfd downf[.]lol fbfgsnew[.]com icjvueszx[.]com lkjpoisjnil[.]site sikoip[.]cfd zulmie[.]cfd An attack that we investigated today showed a new Lumma Stealer payload and C2 domain that is only a day old. :::Lumma Stealer executable SHA256::: df148680db17e221e6c4e8aed89b4d3623f4a8ad86a3a4d43c64d6b1768c5406 :::Text sites containing Lumma Stealer configuration details::: hXXps://rentry[.]co/feouewe5/raw hXXps://pastebin[.]com/raw/uh1GCpxx :::Newly created Lumma Stealer C2::: hXXps://urbjanjungle[.]tech/api<a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/lummastealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lummastealer</a> <a href="https://infosec.exchange/tags/c2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#c2</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/tracker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tracker</a> <a href="https://infosec.exchange/tags/cloaking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloaking</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a>

Renée BurtonThe hack that turned the US government website of the Center for Disease Control into a porn site turns out to be more interesting than I originally thought. And that's not just because the CDC has not done anything to fix the problem 24 hours later...   Yesterday we found that a number of universities, enterprises and other government sites have been hacked by the same actor. Visiting the specific URLs takes you into a malicious adtech traffic distribution system (TDS). Depending on your device and location, you might get the pornography. bud, you also might get other scams like scareware. From my sacrificial phone, I was able to trigger a bunch of push notification requests.   Bottom Line: malicious adtech pays, their TDS allow actors to hide, and hackers are quite happy to compromise well known websites to get that money. But it's not just about scams, these types of techniques are frequently used for delivering information stealers, which lead to breaches.   Here's a few notes about the attack: * The site is modified to add pages which attempt to load a specific image name. If that isn't there, then it redirects to the actor controlled malicious domain which funnels into the TDS * The actor seems to be using blogspot for this now, but previously used a tiny URL. From here they will go to adtech TDS. * There were what seemed possible to be dangling CNAME records in many cases, but in some of them didn't appear to be any issues with the DNS records. I suspect combo of accesses. * In cases where there's no apparent DNS record issue, the legit site seems to be hosting in GitHub. Perhaps they have a credential compromised. * I saw at least two adtech companies used, Adsterra and Roller Ads. these are checking for VPN and anonymous proxies before serving the final landing page. * This image redirect actor seems to be riding off of a different actor who originally hacked the site, uses SEO poisoning techniques, and hacked universities to host porn content.   I put a bunch of images in imgur.   Thanks Krebs for the lead.   <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/adtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#adtech</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tds</a> <a href="https://infosec.exchange/tags/InfobloxThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfobloxThreatIntel</a> <a href="https://imgur.com/a/cdc-website-hijack-leads-to-malicious-adtech-XfguIcN" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://imgur.com/a/cdc-website-hijack-leads-to-malicious-adtech-XfguIcN</a>

Infoblox Threat IntelWe researched the domains involved and found that some had been registered at NiceNIC, which we recognize as a problematic registrar located in China. This connection to China aligns with the type of pig-butchering / fake crypto platform scams that we're seeing. What makes this case unique is the use of political disinformation as a lure. An important lesson here is how adtech is being misused to facilitate disinformation and fraud. This is a trend you're probably familiar with if you've been following our content. Sample of identified domains: ecno26r4jj[.]com, affiltrack5681[.]com, client[.]fx-trinity[.]com, smartbrokerreviews[.]top <a href="https://infosec.exchange/tags/pigbutchering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pigbutchering</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disinformation</a> <a href="https://infosec.exchange/tags/canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#canada</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mastodon</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> 3/3

Recent searches

Search options

Administered by:

Server stats:

#infobloxthreatintel