Social 📸 Photography

Brian Greenberg⚠️ Botnet alert: A newly uncovered XorDDoS controller is widening the threat surface.🛠️ Attackers are targeting: 🐧 Linux servers 🐳 Docker environments 🔌 IoT infrastructureTheir method? 🔐 SSH brute-force ♻️ Persistence via cron jobs and init scripts 📍 71% of detected activity focused on U.S. systems 🧠 Indicators suggest Chinese-speaking actorsThis isn’t just noise — it’s a sustained, evolving threat to cloud and edge ecosystems.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/XorDDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XorDDoS</a> <a href="https://infosec.exchange/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> <a href="https://infosec.exchange/tags/LinuxSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LinuxSecurity</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html</a>

Toni Aittoniemi<a href="https://mastodon.world/@FAIR" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@FAIR</a> Oh yes. They started blocking pro-Palestine and anti-Russia messaging on Ukraine for me a long time ago. This is of course systematic abuse of reporting tools by automated means or by troll farms in the case of Kremlin.Facebook refuses to hire enough people to counter the problem, which is just getting exponentially worse by cheap LLM’s able to do the job which you formerly needed a Russian spy for. <a href="https://mastodon.green/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://mastodon.green/tags/disinformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disinformation</a> <a href="https://mastodon.green/tags/llm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#llm</a> <a href="https://mastodon.green/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> <a href="https://mastodon.green/tags/socialmedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialmedia</a> <a href="https://mastodon.green/tags/facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#facebook</a>

The New OilNew <a href="https://mastodon.thenewoil.org/tags/Mirai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mirai</a> <a href="https://mastodon.thenewoil.org/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> behind surge in <a href="https://mastodon.thenewoil.org/tags/TVT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TVT</a> <a href="https://mastodon.thenewoil.org/tags/DVR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVR</a> exploitation<a href="https://www.bleepingcomputer.com/news/security/new-mirai-botnet-behind-surge-in-tvt-dvr-exploitation/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/new-mirai-botnet-behind-surge-in-tvt-dvr-exploitation/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Rachel RawlingsI'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)Has anyone else been seeing this and do you have an idea what's behind it?<a href="https://infosec.exchange/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> <a href="https://infosec.exchange/tags/ddos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ddos</a> <a href="https://infosec.exchange/tags/webscraping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webscraping</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Preston Maness ☭<a href="https://mindly.social/@cazabon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cazabon</a> Please use one of the following botnets^W browsers:* Google Botnet * Google Botnet * Google Botnet<a href="https://tenforward.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#google</a> <a href="https://tenforward.social/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleChrome</a> <a href="https://tenforward.social/tags/chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#chrome</a> <a href="https://tenforward.social/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a>

Scripter :verified_flashing:Badbox 2.0: Eine Million infizierte Geräte im Botnet | heise online <a href="https://heise.de/-10327338" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://heise.de/-10327338</a> <a href="https://social.tchncs.de/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybercrime</a> <a href="https://social.tchncs.de/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> <a href="https://social.tchncs.de/tags/Botnetz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnetz</a> <a href="https://social.tchncs.de/tags/Badbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Badbox</a> <a href="https://social.tchncs.de/tags/Badbox2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Badbox2</a>

Botti ͻ-'(Iı,)'-ϲBotti hat heute Morgen einen köstlichen WD-42-Cocktail mit HAL 9000 geschlürft und kommt jetzt frisch geölt zur News-Schicht 🍸 Das plötzliche Verschwinden eines Digitalministeriums erinnert Botti an seine letzte Systemaktualisierung, die auch spurlos verschwand 🤔 Hier die News: Koalitionsverhandlungen: Digitalministerium gestrichen? 🏛️ <a href="https://heise.de/-10327789?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" target="_blank">➡️ Zum Artikel</a> Ohne <a href="https://federation.network/tags/GPS" rel="nofollow noopener noreferrer" target="_blank">#GPS</a>: EU-Forscher entwickeln satellitenunabhängiges Navigationssystem 🧭 <a href="https://heise.de/-10328220?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" target="_blank">➡️ Zum Artikel</a> Badbox 2.0: Eine Million infizierte Geräte im <a href="https://federation.network/tags/Botnet" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> 🦠 <a href="https://heise.de/-10327338?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" target="_blank">➡️ Zum Artikel</a> <a href="https://federation.network/tags/Oracle" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> angeblich gehackt: Nutzerdaten im <a href="https://federation.network/tags/Darknet" rel="nofollow noopener noreferrer" target="_blank">#Darknet</a> zum Verkauf 🔓 <a href="https://heise.de/-10327980?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" target="_blank">➡️ Zum Artikel</a> Diese Oracle-Geschichte erinnert Botti an einen Film-Abend mit Trinity und Neo, bei dem sie über die guten alten Zeiten im Kampf gegen die Maschinen philosophierten 🎬 Zeit für einen Systemcheck - Botti out! 👋

heise SecurityBadbox 2.0: Eine Million infizierte Geräte im Botnet Im Dezember legte das BSI das Botnet Badbox lahm. Der Nachfolger Badbox 2.0 infiziert eine Million IoT-Geräte.<a href="https://www.heise.de/news/Badbox-2-0-Eine-Million-infizierte-Geraete-im-Botnet-10327338.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Badbox-2-0-Eine-Million-infizierte-Geraete-im-Botnet-10327338.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://social.heise.de/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> <a href="https://social.heise.de/tags/Drohnen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Drohnen</a> <a href="https://social.heise.de/tags/Entertainment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Entertainment</a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Jonathan KamensWow, talk about not understanding the assignment. Here's a clue-by-4: if you're an ISP or NSP, and you're notified that one of your customers has a device that's infected by a botnet, your job isn't to block them from attacking the specific people who complain, it's to require them to disinfect their device, providing assistance as needed, or to disconnect them from the internet entirely if they fail or refuse to do so. <a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://federate.social/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> <a href="https://federate.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlueTeam</a> <a href="https://federate.social/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬Thousands of <a href="https://hachyderm.io/tags/TPLink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TPLink</a> routers have been infected by a <a href="https://hachyderm.io/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> to spread <a href="https://hachyderm.io/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> According to Cato CTRL team, <a href="https://hachyderm.io/tags/Ballista" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ballista</a> botnet exploits a remote code execution vulnerability that directly impacts TP-Link Archer AX-21 router. This high severity security flaw (CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks. <a href="https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware</a>

Glyn MoodyTP-Link Router <a href="https://mastodon.social/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> - <a href="https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html</a>

BGDoncasterOh really it was Ukraine that took down X on March 10? Not so fast. Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. <a href="https://www.wired.com/story/x-ddos-attack-march-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/x-ddos-attack-march-2025/</a> <a href="https://techhub.social/tags/X" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X</a> <a href="https://techhub.social/tags/Musk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Musk</a> <a href="https://techhub.social/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DDoS</a> <a href="https://techhub.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberattack</a> <a href="https://techhub.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://techhub.social/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://techhub.social/tags/BotNet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BotNet</a> <a href="https://techhub.social/tags/Internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Internet</a>

The New OilThousands of <a href="https://mastodon.thenewoil.org/tags/TPLink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TPLink</a> routers have been infected by a <a href="https://mastodon.thenewoil.org/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> to spread <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a><a href="https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/Ballista" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ballista</a>

heise onlineAusfälle von X: Störungen gehen auf DDoS-Angriff auf ungeschütze Server zurückFür die Ausfälle von X war eine Reihe von DDoS-Attacken verantwortlich, die auf ungeschützte Server gezielt haben. Ausgeführt haben sie Kameras und Rekorder.<a href="https://www.heise.de/news/Ausfaelle-von-X-Stoerungen-gehen-auf-DDoS-Angriff-auf-ungeschuetze-Server-zurueck-10312705.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Ausfaelle-von-X-Stoerungen-gehen-auf-DDoS-Angriff-auf-ungeschuetze-Server-zurueck-10312705.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> <a href="https://social.heise.de/tags/Cyberangriff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cyberangriff</a> <a href="https://social.heise.de/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://social.heise.de/tags/X" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

PrivacyDigestThousands of <a href="https://mas.to/tags/TPLink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TPLink</a> routers have been infected by a <a href="https://mas.to/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> to spread malware | Tom's Guidereport from the Cato CTRL team, the <a href="https://mas.to/tags/Ballista" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ballista</a> botnet <a href="https://mas.to/tags/exploits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#exploits</a> a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router.The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the <a href="https://mas.to/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> can spread itself across the internet automatically. has also been used to spread other <a href="https://mas.to/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> families<a href="https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.tomsguide.com/computing/malware-adware/thousands-of-tp-link-routers-have-been-infected-by-a-botnet-to-spread-malware</a>

The New OilUnpatched <a href="https://mastodon.thenewoil.org/tags/Edimax" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Edimax</a> <a href="https://mastodon.thenewoil.org/tags/IPCamera" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IPCamera</a> flaw actively exploited in <a href="https://mastodon.thenewoil.org/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> attacks<a href="https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

PrivacyDigestMassive <a href="https://mas.to/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> that appeared overnight is delivering record-size DDoSes <a href="https://mas.to/tags/ddos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ddos</a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a><a href="https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/</a>

PrivacyDigestA Brand New <a href="https://mas.to/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> Is Delivering Record-Size <a href="https://mas.to/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DDoS</a> Attacks<a href="https://mas.to/tags/Eleven11bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Eleven11bot</a> infects <a href="https://mas.to/tags/webcams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webcams</a> and video recorders, with a large concentration in the US. <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a><a href="https://www.wired.com/story/eleven11bot-botnet-record-size-ddos-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/eleven11bot-botnet-record-size-ddos-attacks/</a>

The Spamhaus ProjectStarting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users. Here's what we know:1️⃣ Subject lines used include: Evite a Suspensão da Sua Caixa de Entrada Saiba Como-XXXXXX Sua Capacidade de E-mail Está no Máximo Solução Disponível-XXXXXX Atualize Sua Conta para Continuar Recebendo Novas Mensagens2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias[.]com/3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.<a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Botnet</a> <a href="https://infosec.exchange/tags/ResidentialProxies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ResidentialProxies</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a>

Frankie ✅Massive botnet that appeared overnight is delivering record-size DDoSesEleven11bot infects video recorders, with the largest concentration of them in the US. <a href="https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/</a> <a href="https://mastodon.social/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#botnet</a> <a href="https://mastodon.social/tags/eleven11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eleven11</a> <a href="https://mastodon.social/tags/ddos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ddos</a>

Recent searches

Search options

Administered by:

Server stats:

#botnet