How to Protect Against Phishy Top-level Domains, Part 2

In a previous article, we explained that risk-averse organizations routinely adopt TLD blocking as a defense against cyber-attacks.

We EMPHASIZED why this is a last resort measure and offered examples of TLDs that were persistently associated with major phishing and scam attacks in CY2025. We also describe how to make an informed TLD blocking decision.

In our earlier post, we explained how organizations or individuals could use Cisco’s OpenDNS service to adopt TLD blocking. Today, we’ll be taking a look at how NextDNS could be used to block TLDs.

https://interisle.substack.com/p/how-to-protect-against-phishy-top-b41

#phishing #cybercrime #blocklisting #tld #domainnames #dnsabuse

@Remittancegirl Reported and blocked. But it looks like reporting to this instance akkoma.neoeden.org is likely to be futile; instead, an admin-level #block (and #blocklisting) of the entire instance is likely to be needed. AFAICT this #racist harasser is the only user there. Admins, please take note if you see this.

He is himself likely to be the admin there. For the same reason, I wouldn't count on any suspension of his account being permanent. Whole instance block is still needed.

EDIT/UPDATE from @rainynight65 (with which I agree 100%):

"I would in fact suggest that admins block the entire domain neoeden.org. The user account 'ergo' has been previously observed with a different subdomain of neoeden.org but doing the exact same stuff. Looks like single user instances being spun up at will."

#fediblock

@freakazoid I don't think this will benefit the users but only act as an easy to jump-over fence for #hategrooming orgs like #KiwiFarms...

Having them burn through costly domains is a more effective deterrent, and #DenyListing / #Blocklisting is a proven strategy...

We really love that the Block CloudFlare MITM Attack (#BCMA) Add-on for #Firefox (and #TorBrowser) is finally offered by Mozilla.

Its not perfect, but it is version 1.0.0. 😃

We are concerned that the "Block request immediately" option could be used to fingerprint a person as a BCMA user. We are supportive of #blocklisting for min 6 months (currently it only stores the last 500 #MITM'd domains, but sites could get dropped from the list in a matter of weeks, given the preponderance of CF sites).