Infoblox Threat Intel<p>Malicious actors have taken notice of news about the US Social Security System. We've seen multiple spam campaigns that attempt to phish users or lure them to download malware. </p><p>Emails with subjects like "Social Security Administrator.", "Social Security Statement", and "ensure the accuracy of your earnings record" contain malicious links and attachments. <br> <br>One example contained a disguised URL that redirected to user2ilogon[.]es in order to download the trojan file named SsaViewer1.7.exe.</p><p>Actors using social security lures are connected to malicious campaigns targeting major brands through their DNS records.<br> <br>Block these:</p><p>user2ilogon[.]es<br>viewer-ssa-gov[.]es <br>wellsffrago[.]com<br>nf-prime[.]com<br>deilvery-us[.]com<br>wllesfrarqo-home[.]com<br>nahud[.]com. <br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikes</span></a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikeDomain</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pdns</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/ssa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ssa</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!
Administered by:
Server stats:
250active users
bolha.us: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#lookalikes
1 post · 1 participant · 0 posts today
Infoblox Threat Intel<p>While everyone is enjoying Carnival in Brazil, threat actors are still out there trying to lure people into their traps. We have found a cluster of lookalikes to the Brazilian DMV office (DETRAN in Portuguese). We observed at least two instances where they were impersonating the DMV office for the Brazilian states of Paraná and Maranhão.<br> <br>The actor(s) create domains with the same label, but on several different TLDs (mostly highly abused). Here are some examples of what they look like.<br> <br>consultes-seu-debitos2025.<space|site|shop|cloud><br>debitos-sp-2025.<club|com|lat|net|online|store|xyz><br>de3trasn2025.<click|fun|life|online|xyz><br>departamentodetran2025.<click|icu|lat><br>detran2025.<click|icu|lat|sbs><br>l1cenciamento-detran2025.<click|icu|lat|sbs><br> <br><a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lookalikes</span></a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a><br> <br><a href="https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">urlscan.io/result/802374b7-6c8</span><span class="invisible">b-433b-b6e0-32561f74b7d3/</span></a><br><a href="https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">urlscan.io/result/721b12bb-d5f</span><span class="invisible">e-4c7e-b2b5-724e07aa22e0/</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload