Back to Home

Research

DomainTools Investigations Deceptive Browser Extensions AI Slop

AIBrowser ExtensionsThreat Intelligence

Deceptive Browser Extensions within the Google Store: A Study in AI Slop

Like any garden, the digital landscape experiences the emergence of unexpected blooms. Among the helpful flora of browser...

Malicious DownloadMalwareThreat Intelligence

Newly Registered Domains Distributing SpyNote Malware

Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic...

Proton66 This is Where to Find Aspiring Hackers

Bulletproof HostingCybercrimeSpoofed DomainThreat Intelligence

Where to Find Aspiring Hackers

This research analyzes Proton66, a bulletproof hosting network enabling cybercrime operations, serving as a hub for aspiring...

Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict

credential harvestingCyber EspionageCybercrimePhishingSpoofed DomainUkraine

Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict

DomainTools Investigations (DTI) identified a large-scale phishing infrastructure heavily focused on defense and aerospace...

domain-registrars-russian-disinformation

DisinformationHomoglyph AttacksTyposquatting

Domain Registrars Powering Russian Disinformation: A Deep Dive into Tactics and Trends

In the digital battlefield of influence operations, domain registrations serve as the foundation for launching disinformation...

Chinese Malware Delivery Domains Part II: Data Collection

This report dives deeper into activity relating to the previously reported cluster of Chinese Malware Delivery domains. Spoofed...

Account TraffickingDisinformationFraud

Account Trafficking Websites in December 2024

This report examines the illicit online trade of aged and verified accounts for platforms like social media, email, and Google...

Chinese Malware Delivery Websites

Malicious Browsers, Messengers, VPNs, and More… Hundreds of newly registered domains are actively targeting Chinese-speaking...

Announcing DomainTools Investigations

CTI Grapevine Becomes DomainTools Investigations

Hello CTI Grapevine Superfriends! You may have noticed some subtle changes to our website: As of today, CTI Grapevine became part...

Cyberhaven Breach Likely Part of a Long-Term Criminal Campaign

Overview On 27 December 2024, the technology company Cyberhaven reported that an unnamed actor replaced its Google Chrome...