@briankrebs The real story here isn’t limited to these basic top level sites being down. #Pubmed is down. Biomedical research will hit a brick wall immediately without it. #nih #dns

#adminForge #Spenden Update Februar 2025

1.700,20 € erreicht!

Es sind 542,91 € in 66 Transaktionen hinzugekommen!!!
Vielen Dank an alle Unterstützer, macht weiter so

https://adminforge.de/unterstuetzen

#Ente https://erpel.cloud
#Pixelfed https://pixelshot.it
#PeerTube https://clip.place
#LinkStack https://linklist.me
#OpenTalk https://teamjoin.de
#DNS https://dnsforge.de
#Nextcloud https://my.adminforge.de
#Mastodon https://kanoa.de
#Matrix https://nope.chat

Repórter Retro 111

https://retropolis.com.br/2025/02/28/reporter-retro-111/

While everyone is enjoying Carnival in Brazil, threat actors are still out there trying to lure people into their traps. We have found a cluster of lookalikes to the Brazilian DMV office (DETRAN in Portuguese). We observed at least two instances where they were impersonating the DMV office for the Brazilian states of Paraná and Maranhão.

The actor(s) create domains with the same label, but on several different TLDs (mostly highly abused). Here are some examples of what they look like.

consultes-seu-debitos2025.<space|site|shop|cloud>
debitos-sp-2025.<club|com|lat|net|online|store|xyz>
de3trasn2025.<click|fun|life|online|xyz>
departamentodetran2025.<click|icu|lat>
detran2025.<click|icu|lat|sbs>
l1cenciamento-detran2025.<click|icu|lat|sbs>

#lookalikes #dns #threatintel #cybercrime #threatintelligence #cybersecurity #infoblox #infobloxthreatintel

https://urlscan.io/result/802374b7-6c8b-433b-b6e0-32561f74b7d3/
https://urlscan.io/result/721b12bb-d5fe-4c7e-b2b5-724e07aa22e0/

Bestie is that unused domain 4 years old? It's smelling RIPE

Telegram users BOLO for suspicious links posing as terms of service violation notices!

We've observed over 4,000 domains in the past week attempting to trick users into granting web access to their accounts.

How it works:
- Presents itself in either Chinese, English, Japanese, Korean, Spanish, Vietnamese, German, Dutch or Thai depending on your browser language
- Prompts you to enter your phone number and triggers sending a legit login code to your phone using a modified version of the Telegram WebK
- Entering the login code allows the threat actor to authenticate to your account under the guise of a 'Telegram Security Check'
- These domains are propagated within Telegram itself, with victims unwittingly sending links to their contacts.

Domain indicators:
- Uses niche-oriented and commonly abused TLDs like '.auction', '.beer' and '.boutique' instead of traditional TLDs*
- Domains are registered through Dynadot or West[.]cn and protected by Cloudflare
- Mix of random RDGA-like domains, along with homoglyph and jumbled versions of 'Telegram'

Examples:
- `telegrom[.]tax`
- `telegreet[.]bar`
- `qwvlftokhc[.]club`

The motive remains unclear but likely involves collecting sensitive data for later exploitation.

* Big thanks to XYZ.COM LLC for their prompt response to our takedown request, some 4k domains using TLDs under their control have been suspended.



#scam #telegram #dns #threatintel #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel

Bye Cloudflare

Now maikel.dev is served by EU-based Hetzner. Now trying to move out of a US-based registrar.

https://who.is/whois/maikel.dev

EDIT: Nevermind, I chose Hetzner.

Dear #fediverse could you please recommend me a EU-based alternative to Cloudflare to use as nameservers?

Thank you in advance.

Knot Resolver: The High-Performance, Modular DNS Solution Transforming Infrastructure

Knot Resolver is redefining DNS resolution with its modular architecture and high-performance capabilities. Designed for scalability and security, this open-source resolver is gaining traction among i...

https://news.lavx.hu/article/knot-resolver-the-high-performance-modular-dns-solution-transforming-infrastructure

Évitez les pannes de vos services internet, en maintenant au mieux votre zone DNS avec notre formation "Administrateur DNS" dispensée par @bortzmeyer

Prochaines sessions :
3 et 4 avril
19 et 20 juin
16 et 17 octobre
11 et 12 décembre

Programme complet et inscription https://www.afnic.fr/produits-services/formations/formation-administrateur-dns/

I'm guessing .irish is gearing up for St. Paddy's day? +1K new names since yesterday.

https://www.netmeister.org/tldstats/irish/

At #IETF122, we will be co-organizing a side meeting on Post-Quantum DNSSEC research

Check out the agenda here:
https://wiki.ietf.org/en/group/pq-dnssec

Remote participation is possible

#DNS
Pour un article, je cherche un exemple d'un domaine où les adresses IP des serveurs de noms indiquées dans le domaine parent (la colle) diffèrent des « vraies ».
Une idée ? Je ne vais quand même pas en créer un moi-même :-)

Apple seems to own mac.eu, me.com, shop-different.com, thinkdifferent.com etc.

See more on:

$ dig ptr 4.142.253.17.in-addr.arpa

My website at https://troz.net is down right now. I made the switch to Eleventy and the DNS change is propagating.

Changing to Eleventy was fun - once the site is up again, I'll post about my experiences doing the migration from Hugo.

A large-scale operation of fake online stores is running wild, bulk-registered through Alibaba Cloud and shielded by Cloudflare. These aren’t just random scams—they’re coordinated, automated, and built on WordPress with WooCommerce, making them look and feel like legitimate shops.

Stores like micorders[.]com and familydailyitems[.]com don’t work alone. They rely on a shady payment redirection chain, bouncing transactions through sketchy processors like adelaytoung[.]com and oscarkitto[.]com before vanishing with your cash.

The core of this operation is a network of fraudulent store domains, the real indicators of compromise:
pexer[.]store, pinor[.]store, rilon[.]store, falix[.]store, toxil[.]store, uvixy[.]store, sytox[.]store, kyxon[.]store, zizzy[.]store

These sites use off-the-shelf e-commerce tools to appear trustworthy, but behind the scenes, they’re engineered for fraud. If a deal looks too good to be true… it probably is.



#dns #cybercrime #cybersecurity #fraud #scam #infoblox #threatintel #infosec #InfobloxThreatIntel

I don't usually post about work-related stuff, but here's something...

The state of DNSSEC on the wider Internet is sad, to say the least. Most large services don't sign their domains and most OSes can't do validation —
"systemd-resolved" can, but not by default.

It looks better regarding encryption at the OS level but, again, not by default.

Combining these two, not even 0.5% of queries are fully protected from tampering.

https://blog.cloudflare.com/new-dns-section-on-cloudflare-radar/
https://radar.cloudflare.com/dns

Cloudflare publie des statistiques #DNS très intéressantes, récoltées par son résolveur public 1.1.1.1. On peut notamment les afficher par pays (j'ai testé la France).

https://radar.cloudflare.com/dns/

Par exemple, on peut voir (pourcentage des requêtes via DoT ou DoH, pourcentage des réponses validées par DNSSEC) que personne n'en a rien à foutre de la sécurité (tant qu'il ne s'agit pas de cocher des cases pour une certification).