Social Media-Based Celebrity Scams in the DNS | WhoisXML API

Threat Reports

Looking for Traces of Social Media-Based Celebrity Scams in the DNS

Fake or compromised celebrity profiles on social media are often used to entice their followers to click malicious links. A recently discovered cryptocurrency scam utilizing that technique was featured in Infoblox’s Q4 2022: Cyber Threat Report.1

Fake endorsements from politicians and other celebrities convincing users to avail of nonexistent Meta coins, supposedly part of the Metaverse, were seen targeting users based in EU countries.

The Infoblox report revealed five IoCs, which we then expanded, allowing us to uncover:

  • Three additional IP addresses that played host to the domains identified as IoCs
  • 800+ domains that shared the IoCs’ IP hosts, 20+ of which turned out to be malicious
  • 1,600+ domains that contained the same strings as those tagged as IoCs, one of which was dubbed a malware host
  • 500+ Facebook and LinkedIn pages that made their way into the DNS from 1 January 2023 onward, 10+ of which were found to be malicious

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1]
Try our WhoisXML API for free
Get started