If you are not sure how to leverage this or have questions feel free to reach out to the @urlscanio team! 🔍

This is a really powerful new feature for CTI teams⚠️ 🔎You can now monitor leak sites, exposure stores or other dark web portals for changes and updates 👁️Don't rely on your vendors to alert you - Be proactive and self-generate intel📄

🇬🇧+44 is a UK number. This is clearly targeting Florida in the US🇺🇸 ♻️We see it both ways, with UK SMS having US or other international numbers being used ⤵️Here is another example hitting the UK but from a US number (+1)🇺🇸 also using RCS 😉

Shifting TTPs for SMS actors is sending using international numbers 🌎 🤔This makes local take down harder for numbers🚔 🔀Additionally using Over the Top (OTP) messages such as RCS and iMessage is the new normal now

This is a great post👍 🔎I have hunted some IoCs by @welivesecurity 🎯3 new domains all linked: 🌐download.totpro[.]app https://t.co/cy0TGdaG6K 🌐totok-pro[.]io https://t.co/nXyCF6ZStj 🌐totok[.]ai

🚨New Premium Intel Report on urlscan Pro: X Phishing - The “Acid” Campaign A phishing kit impersonating 𝕏 is targeting high-value accounts with API-driven infrastructure, Cloudflare masking & AWS redirects. Start your trial of urlscan Pro today: https://t.co/xCeiZZZAWM

Come say "hi" to us at @CYBERWARCON - urlscan is proud to be sponsoring the conference for the third year running. This year it's going down on November 19 in Crystal City, VA. Want to schedule a meeting with our CEO - reach out via DM or email info@urlscan.io.

Phishing campaigns are evolving, moving toward centralized, API-driven infrastructures. Our latest Intel Report in the urlscan Pro portal dives deep into the most prominent API phishing campaigns, focusing on discovery, attribution, and threat collection. https://t.co/UhEWLLYpFj

Vehicle themed SMS campaigns roll on 🚗📱 🔎This kit has only been seen once before 2 months ago 🌐/ky.drivera.cc/pay 🎯IP: 104.21.96.1 ☁️Server: cloudflare 🖥️Looking into domain patterns I have found another 6 linked domains. All domains have been scanned through @urlscanio🥷

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: https://t.co/CpiL9jUdDv - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.

⚠️Actors are sending requests using the contact form pretending to be @Wix support of a security vulnerability on the site. This is a fake message and can be ignored🚫 📧wixzenlabs@gmail.com ☎️+15067170317

Today we're launching the first entry in our new Intel Reports module on the urlscan Pro platform. The report on the "RefBroker" phishing operation documents a cluster of activity targeting customers in the hospitality sector: https://t.co/UhEWLLXRPL

📚If you want to understand more about this check out @mnemonic_sec blog https://t.co/ES0L770aMO

Here is a search to find the scans: Pro🔎: https://t.co/yZGVJEKvI0 Free🖥️: https://t.co/hlnuwJQrwy

I took a look at this SMS today 🔎 🧵One thing led to another and after some pivoting I ended up with 697 linked malicious domains All targeting UK DWP and all linked to the same threat actor group 🥷 📈Nearly all live have been pushed to @urlscanio for others to investigate

HMRC show the scale of these campaigns - Over 4,600 websites 📈 🔨And yet they still get stood up, hundreds per day! https://t.co/yYOiKFP3vs

A new cluster sitting on IP: 47.251.127.54

Always remember hunt, pivot, and analyse. Using the right tools allows you to expand your visibility into threats to assess the risk posed and understand the actors behind them.

Notably 2 domains stand out: fetcetcgovstw[.]top phlmpost-gov[.]com These appear to be targeting government bodies within the Philippines. Ones to watch.

The second domain: golbe-phlu3[.]com is again using Cloudflare🌐 This time rather than pattern matching we can look at nameserver overlaps. Looking at the Cloudflare NSs we find more domains all linked... nameserver:( https://t.co/2qiwRqO8QG AND https://t.co/7TwH8RWR1D)