Unearthing the DNS Roots of the Latest Lotus Blossom Attack | WhoisXML API
WhoisXML API found 210+ artifacts that could be connected to the latest Lotus Blossom attack. Download the threat research materials now.
Continue reading Download reportTempering Tax Season Troubles with DNS Intel
Another year, another chance to take advantage of U.S. taxpayers paying their dues. Despite the fact that tax day—15 April 2025—has passed, WhoisXML API believes threat actors can continue to prey on potential victims who filed for extension up to 15 October 2025.2
Microsoft cybersecurity researchers identified 11 domains and one IP address as indicators of compromise (IoCs) related to ongoing tax-themed phishing campaigns.3 WhoisXML API expanded the current IoC list and uncovered potentially connected artifacts, namely:
- Two alleged victim IP records, obtained from the Internet Abuse Signal Collective (IASC), tied to one Autonomous System number (ASN)
- 153 email-connected domains, one of which turned out to be malicious
- 13 additional IP addresses, 11 of which have already figured in malicious campaigns
- Two IP-connected domains
- 197 string-connected domains
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.today.com/news/irs-tax-deadline-2025-rcna200992
- [2] https://www.irs.gov/newsroom/taxpayers-who-need-more-time-to-file-a-federal-tax-return-should-request-an-extension
- [3] https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/