Infoblox Threat IntelJan 6

A domain registration is more like a lease rather than a deed. You get the exclusive right to use a domain name for a fixed term, but if you miss renewal, someone else can swoop in. What's scary is that with dropcatch services, cybercriminals can automate monitoring of pending‑delete domains and fire off registrations the split‑second a name is deleted by the registry and becomes available again. Think hawks circling for high‑value prey. 🦅

That's what happened to fita[.]org, a popular website owned by the Federation of International Trade Associations (FITA) and referenced by many government bodies including the International Trade Administration (trade.gov). The domain now sits behind Cloudflare and functions as a command-and-control (C2) for the AsyncRAT malware. The actor controlling it also stood up these C2 endpoints:

90phutif[.]cc,90phutis[.]cc,90phutiv[.]cc,90phuttn[.]cc,xoilaclinkf[.]cc,xoilactivi[.]uk,xoilactivik[.]cc,xoilactivil[.]cc,xoilactivim[.]cc,xoilactivin[.]cc,xoilactivio[.]cc,xoilactivip[.]cc,xoilactiviq[.]cc,xoilactivir[.]cc,xoilactivis[.]cc,xoilactivit[.]cc,xoilactiviu[.]cc,xoilactiviv[.]cc,xoilactiviw[.]cc,xoilactivix[.]cc,xoilactiviy[.]cc,xoilactiviz[.]cc,xoilacvnnc[.]tv,xoilacvnnf[.]tv,xoilacvzb[.]cc,xoilacvzc[.]cc,xoilacvze[.]cc,xoilacvzi[.]cc,xoilacvzk[.]cc,xoilacvzn[.]cc,xoilacvzp[.]cc,xoilacvzq[.]cc,xoilacvzz[.]cc,xoilacyys[.]cc,xoilaczc[.]mobi,xoilaczzbb[.]cc,xoilaczzczz[.]tv,xoilaczzdd[.]cc,xoilaczzdzz[.]tv,xoilaczziz[.]tv,xoilaczzszz[.]tv,xoilaczzvzz[.]tv

So make sure to set auto pay for any valuable domains you possess 💳 otherwise you could risk losing them. Proactive IT governance is also part of security.

#InfobloxThreatIntel #dns #async #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #rat #asyncrat #malware #dropcatch #domain #cloudflare #remoteaccesstrojan #infostealer #c2

Infoblox Threat IntelApr 8, 2025

Online gambling operators are sponsoring charities?? If only :(

We've identified a malicious gambling affiliate whose specialty is to buy expired domain names which used to belong to charities or reputable organisations.

Once they own a domain, they host a website impersonating its previous owner, where they claim to "deeply appreciate the support from [their] sponsors", which surprise surprise, all turn out to be dubious online gambling companies.

Because the domain they are taking over is often abandoned or managed by non-technical people, its previous owner often doesn't notify anyone that they've lost control of their website, so it continues being referenced in genuine content, and it continues getting traffic from old links scattered throughout the internet.

teampiersma[.]org (screenshots below)
americankayak[.]org
getelevateapp[.]com
hotshotsarena[.]com
nehilp[.]org
questionner-le-numerique[.]org
sip-events[.]co[.]uk
studentlendinganalytics[.]com
thegallatincountynews[.]com

Comparison content:
2018: https://web.archive.org/web/20180119043432/https://teampiersma.org/
2025: https://web.archive.org/web/20250401092253/https://teampiersma.org/

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #infosec #scam #dropcatch #charity

Global Flyway Ecology – Team Piersma

This is the home page's excerpt

Global Flyway Ecology – Team Piersma
melMar 7, 2023
$99 sale http://NonProgrammed.com, http://MixedMartialArts.bet, http://KnotWord.com, http://BalticStartups.com get them before they go to dropcatch #domaining #domain #dropcatch
nonprogrammed.com steht zum Verkauf - Sedo GmbH

ManchibabaDec 26, 2020

That's what @[email protected] wants , little bit of luck. Now make it count. Go champ.go ❤️

#dropcatch #AUSvIND