Flop (my dog) recently asked me what I spend all day doing, so this evening I showed her. "But first Flop....where is kong?" - (flop went and got kong) Once she was paws on keyboard. We got her started with the most basic hunting query, searching page titles (for kong) She growled at the results, it was clear she understood these were not real kongs. Flop wanted to sniff around some more... We promoted her to Level2 Good Girl and showed her the campaigns view. She noticed an ASN stack that was used for 3x bad kongs and 224 global scans, it was time to dig up this bone. After digging (clicking "pivot"), we can see that this ASN fingerprint is hosting over 200 consumer brand phishing websites with full stores shopping cart logic that collects delivery address and card details. Other brands that caught the fleas on this one include Primark, Babyliss, Tupperware, JBL, Timberland, River Island, Casio One fingerprint value with high confidence the campaign is operated by the same Threat Actor. Last seen today, ongoing 270x days, 217x unique domains.......and 0x false positive results for the fingerprint, all malicious. If that doesn't deserve a dentistick, I don't know what does.

This will never happen again webamon.com/pricing Ends end of may

02telfonica[.]online - Registered 20260507 via NameCheap. Still active Collects card details for @Telefonica @O2 customers

Fake @enisa_eu. Registered via namecheap 20260427 and still hosting today on cloudlfare Directs users to a WhatsApp conversation with Spanish number 34604163041 The number has been tied to previous fake job offers and banking scams. Ready for the domain name..... enisacybersec[.]com Ready for how you would detect this..... domain:*enisa* - (Level 1 detection) I have no comments besides.....welcome to European cybersecurity

17,000 Telegram phishing websites, all using the same Links Fingerprint. Most likely operated by the same Threat Actor Only 2x ASNs contacted. (Cloudflare Telegram) Highest daily registration count - 426x new domains Highest weekly, 1495x new domains intel.webamon.com/search?luc…

Here's an OSINT workflow you can use immediately: Take a domain → Run through @webamon_search to ID infra → Pull SSL certs → Check CT logs → Map in @MaltegoHQ → check against threat feeds Simple, repeatable, effective. What's your go-to domain investigation workflow?

Web3mon - Web3 Threat Hunting youtu.be/bBAOte8u0sY?si=Vw1y… via @YouTube

Webamon Search Threat Hunting Demo youtu.be/x4_kBsYmZjE?si=5BcD… via @YouTube

Fake identitytheft[.]gov website. Registered 6th May - infosecure[.]site Part of a larger ongoing campaign targeting .gov services intel.webamon.com/report/2e8…

Webamon Monitoring youtu.be/-FfZgdgTWrw?si=q6PY… via @YouTube

Webamon URL Scanner youtu.be/tv1JFf3qrfY?si=NUHK… via @YouTube

Detecting What Others Miss youtu.be/PdqDbEWuHQw?si=6Fsb… via @YouTube

Webamon Fingerprints - youtu.be/KH0H2BRRp-k?si=VjrW…

Large amount of websites targeting USA gov services intel.webamon.com/search?luc…