logo

Infoblox Threat Intel Blog

ID: ca5a5d7c-5b69-538a-89e5-cad879478bfa

STIX ID: identity--ca5a5d7c-5b69-538a-89e5-cad879478bfa

Feed Type: rss

Earliest post: 2024-05-28

Latest post: 2026-05-14

Research-driven DNS threat intelligence, highlighting emerging domains, threat actor infrastructure, and global DNS abuse patterns.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
Lookalike Domains Expose the iPhone Theft Economy2026-05-14TrueInfoblox Threat IntelTrue
Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs2026-04-23TrueInfoblox Threat IntelTrue
Scams, Slaves and (Malware-as-a) Service: Tracking a Trojan to Cambodia’s Scam Centers2026-04-10TrueInfoblox Threat IntelTrue
Patterns, Pirates, and Provider Action: What We Learned Working with Keitaro2026-03-31TrueInfoblox Threat IntelTrue
No Reach, No Risk: The Keitaro Abuse in Modern Cybercrime Distribution2026-03-26TrueInfoblox Threat IntelTrue
Inside Keitaro Abuse: A Persistent Stream of AI-Driven Investment Scams2026-03-19TrueInfoblox Threat IntelTrue
Abusing .arpa: The TLD That Isn’t Supposed to Host Anything2026-02-26TrueInfoblox Threat IntelTrue
Banners, Bots and Butchers: An Automated Long Con Targeting Japan, Asia, and Beyond2026-02-17TrueInfoblox Threat IntelTrue
Compromised Routers, DNS, and a TDS Hidden in Aeza Networks2026-02-03TrueInfoblox Threat IntelTrue
Inside a Malicious Push Network: What 57M Logs Taught Us2026-01-15TrueInfoblox Threat IntelTrue
Kimwolf Howls from Inside the Enterprise2026-01-13TrueRenée BurtonTrue
Scaling the Fraud Economy: Pig Butchering as a Service2026-01-08TrueInfoblox Threat IntelTrue
Parked Domains Become Weapons with Direct Search Advertising2025-12-16TrueInfoblox Threat IntelTrue
Parked Domains Become Weapons with Direct Search Advertising2025-12-16TrueInfoblox Threat IntelTrue
DNS Uncovers Infrastructure Used in SSO Attacks2025-12-01TrueInfoblox Threat IntelTrue
DNS Uncovers Infrastructure Used in SSO Attacks2025-12-01TrueInfoblox Threat IntelTrue
Vault Viper: High Stakes, Hidden Threats2025-10-23TrueInfoblox Threat IntelTrue
Vault Viper: High Stakes, Hidden Threats2025-10-23TrueInfoblox Threat IntelTrue
Pig Butchering Scams and Their DNS Trail: Linking Threats to Malicious Compounds2025-10-09TrueInfoblox Threat IntelTrue
Detour Dog: DNS Malware Powers Strela Stealer Campaigns2025-09-30TrueInfoblox Threat IntelTrue
Detour Dog: DNS Malware Powers Strela Stealer Campaigns2025-09-30TrueInfoblox Threat IntelTrue
Deniability by Design: DNS-Driven Insights into a Malicious Ad Network2025-09-16TrueInfoblox Threat IntelTrue
Deniability by Design: DNS-Driven Insights into a Malicious Ad Network2025-09-16TrueInfoblox Threat IntelTrue
Inside the Robot: Deconstructing VexTrio’s Affiliate Advertising Platform2025-08-14TrueInfoblox Threat IntelTrue
Inside the Robot: Deconstructing VexTrio’s Affiliate Advertising Platform2025-08-14TrueInfoblox Threat IntelTrue
VexTrio Unmasked: A Legacy of Spam and Homegrown Scams2025-08-12TrueInfoblox Threat IntelTrue
VexTrio Unmasked: A Legacy of Spam and Homegrown Scams2025-08-12TrueInfoblox Threat IntelTrue
VexTrio’s Origin Story: From Spam to Scam to Adtech2025-08-06TrueInfoblox Threat IntelTrue
VexTrio’s Origin Story: From Spam to Scam to Adtech2025-08-06TrueInfoblox Threat IntelTrue
Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal2025-06-12TrueInfoblox Threat IntelTrue
Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal2025-06-12TrueInfoblox Threat IntelTrue
Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor2025-05-20TrueInfoblox Threat IntelTrue
Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor2025-05-20TrueInfoblox Threat IntelTrue
Telegram Tango: Dancing with a Scammer2025-05-06TrueInfoblox Threat IntelTrue
Telegram Tango: Dancing with a Scammer2025-05-06TrueInfoblox Threat IntelTrue
Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams2025-04-28TrueInfoblox Threat IntelTrue
DNS Early Detection – Malicious Trojan Installers for WINSCP and PUTTY – Breaking the Kill Chain2024-08-29TrueMichael ZuckermanTrue
DNS Early Detection – Breaking the Black Basta Ransomware Kill Chain2024-08-01TrueMichael ZuckermanTrue
Who Knew? Domain Hijacking Is So Easy2024-07-31TrueInfoblox Threat IntelTrue
Let’s Be Careful Out There2024-07-25TrueCricket LiuTrue
Gambling is No Game: DNS Links Between Chinese Organized Crime and Sports Sponsorships2024-07-22TrueInfoblox Threat IntelTrue
RDGAs: The Next Chapter in Domain Generation Algorithms2024-07-17TrueInfoblox Threat IntelTrue
DNS Early Detection – Breaking the CoralRaider Kill Chain2024-07-02TrueMichael ZuckermanTrue
What a Show! An Amplified Internet Scale DNS Probing Operation2024-06-03TrueInfoblox Threat IntelTrue
DNS Early Detection – Breaking the Fake Web3 Gaming Kill Chain2024-05-29TrueMichael ZuckermanTrue
VexTrio Viper Adds a New DNS TDS Domain2024-05-28TrueInfoblox Threat IntelTrue

1–46 of 46

Built by the dogesec team. Copyright 2026.