![lontze7's tweet photo. Expanding Google Careers phishing indicators with @ValidinLLC Lookalike Domains & @silentpush WHOIS Scanner
807 total indicators - This campaign is massive.
sample regex: /^(apply|hire|start)\.g(recruit|talent|team|app|hiring|hire|career)[a-z]+\.com$/
https://t.co/FLwWZxksKq https://t.co/c1sI5AhdpJ](https://pbs.twimg.com/media/G2UIxnHW0AAtgGm.png)
![lontze7's tweet photo. Expanding Google Careers phishing indicators with @ValidinLLC Lookalike Domains & @silentpush WHOIS Scanner
807 total indicators - This campaign is massive.
sample regex: /^(apply|hire|start)\.g(recruit|talent|team|app|hiring|hire|career)[a-z]+\.com$/
https://t.co/FLwWZxksKq https://t.co/c1sI5AhdpJ](https://pbs.twimg.com/media/G2UImhkWoAAxzVW.png)
![MalasadaTech's tweet photo. Some more PoisonSeed domains! The ones at the top were created just 30 minutes ago! They don't appear to be up yet. Block it proactively!
ytcareersstaffing[.]com
ytcareersprospect[.]com
ytcareersdesk[.]com
ytcareersjob[.]com
ytcareersgroup[.]com
ytcareersopportunity[.]com
ytcareersprogress[.]com
ytcareersregister[.]com
ytcareersgrow[.]com
ytcareersselect[.]com
ytcareersenroll[.]com
ytcareersjoin[.]com
ytcareersinvite[.]com
ytcareerssearch[.]com
ytcareersapplication[.]com
ytjobsgroup[.]com
ytjobsinvite[.]com
ytjobsprogress[.]com
ytjobspeople[.]com
ytjobsopenings[.]com
ytjobssubmit[.]com
ytjobsadvance[.]com
ytjobsnetworkhub[.]com
ytjobsteams[.]com
ytjobsenrollment[.]com
ytjobsstaffing[.]com
ytjobsconnects[.]com
ytjobslist[.]com
ytjobshires[.]com
ytjobsworkplace[.]com
ytjobsprospects[.]com
ytjobsplatform[.]com
ytjobsgoals[.]com
ytjobscenterhub[.]com
ytjobslisting[.]com
ytjobscareerpath[.]com
ytjobspathway[.]com
ytjobsfocus[.]com
ytjobsrecruiters[.]com
ytjobscareer[.]com
ytjobsflow[.]com
ytjobszone[.]com
ytjobsglobal[.]com
ytjobsvacancies[.]com
ytjobsapplynow[.]com
ytjobsworks[.]com
ytjobsunit[.]com
ytjobscenter[.]com
ytjobslaunch[.]com
ytjobsrecruitment[.]com
ytjobshiring[.]com
ytjobsgrow[.]com
ytjobsselect[.]com
ytjobssuccess[.]com
ytjobsgrowth[.]com
ytjobsline[.]com
ytjobslink[.]com
ytjobsstaff[.]com
ytjobsmatch[.]com
ytjobssquad[.]com
ytjobssearch[.]com
ytjobsbridge[.]com
ytjobsbuild[.]com
ytjobsapplyhub[.]com
ytjobsnetwork[.]com
ytjobsplace[.]com
ytjobsnext[.]com
ytjobspath[.]com
ytjobspartner[.]com
ytjobsnow[.]com
ytjobsdesk[.]com
ytjobsmember[.]com
ytjobsrecruiting[.]com
ytjobsemployment[.]com
ytjobscollab[.]com
@500mk500
https://t.co/rjJU9znloD](https://pbs.twimg.com/media/G3OUidyWoAA9j5n.jpg)
![MalasadaTech's tweet photo. Some more PoisonSeed domains! The ones at the top were created just 30 minutes ago! They don't appear to be up yet. Block it proactively!
ytcareersstaffing[.]com
ytcareersprospect[.]com
ytcareersdesk[.]com
ytcareersjob[.]com
ytcareersgroup[.]com
ytcareersopportunity[.]com
ytcareersprogress[.]com
ytcareersregister[.]com
ytcareersgrow[.]com
ytcareersselect[.]com
ytcareersenroll[.]com
ytcareersjoin[.]com
ytcareersinvite[.]com
ytcareerssearch[.]com
ytcareersapplication[.]com
ytjobsgroup[.]com
ytjobsinvite[.]com
ytjobsprogress[.]com
ytjobspeople[.]com
ytjobsopenings[.]com
ytjobssubmit[.]com
ytjobsadvance[.]com
ytjobsnetworkhub[.]com
ytjobsteams[.]com
ytjobsenrollment[.]com
ytjobsstaffing[.]com
ytjobsconnects[.]com
ytjobslist[.]com
ytjobshires[.]com
ytjobsworkplace[.]com
ytjobsprospects[.]com
ytjobsplatform[.]com
ytjobsgoals[.]com
ytjobscenterhub[.]com
ytjobslisting[.]com
ytjobscareerpath[.]com
ytjobspathway[.]com
ytjobsfocus[.]com
ytjobsrecruiters[.]com
ytjobscareer[.]com
ytjobsflow[.]com
ytjobszone[.]com
ytjobsglobal[.]com
ytjobsvacancies[.]com
ytjobsapplynow[.]com
ytjobsworks[.]com
ytjobsunit[.]com
ytjobscenter[.]com
ytjobslaunch[.]com
ytjobsrecruitment[.]com
ytjobshiring[.]com
ytjobsgrow[.]com
ytjobsselect[.]com
ytjobssuccess[.]com
ytjobsgrowth[.]com
ytjobsline[.]com
ytjobslink[.]com
ytjobsstaff[.]com
ytjobsmatch[.]com
ytjobssquad[.]com
ytjobssearch[.]com
ytjobsbridge[.]com
ytjobsbuild[.]com
ytjobsapplyhub[.]com
ytjobsnetwork[.]com
ytjobsplace[.]com
ytjobsnext[.]com
ytjobspath[.]com
ytjobspartner[.]com
ytjobsnow[.]com
ytjobsdesk[.]com
ytjobsmember[.]com
ytjobsrecruiting[.]com
ytjobsemployment[.]com
ytjobscollab[.]com
@500mk500
https://t.co/rjJU9znloD](https://pbs.twimg.com/media/G3OUZpZWcAA0rlu.jpg)
![skocherhan's tweet photo. #NetSupportRat #C2
5[.]181[.]159[.]204
94[.]158[.]244[.]161
AS39798 MivoCloud SRL 🇺🇸
@Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud https://t.co/OmNa6ExoQX](https://pbs.twimg.com/media/GvjQ6YKXUAEBxHt.jpg)
Olivia
Online
Security Chat
@PhishSecurity
Keeping an eye on the cyber security sector. How much is marketing nonsense?
Reston
Joined September 2015
794 Following
1.7K Followers
8.2K Posts
As we prepare for 2026, we can look back on what happened in 2025 to forecast the types of threats the global community will encounter in the new year. Kasey Best of @SilentPush offers #predictions and #trends to watch out for. https://t.co/tC3P6o35qh
#AI #ransomware #security
Expanding Google Careers phishing indicators with @ValidinLLC Lookalike Domains & @silentpush WHOIS Scanner
807 total indicators - This campaign is massive.
sample regex: /^(apply|hire|start)\.g(recruit|talent|team|app|hiring|hire|career)[a-z]+\.com$/
https://t.co/FLwWZxksKq
![lontze7's tweet photo. Expanding Google Careers phishing indicators with @ValidinLLC Lookalike Domains & @silentpush WHOIS Scanner
807 total indicators - This campaign is massive.
sample regex: /^(apply|hire|start)\.g(recruit|talent|team|app|hiring|hire|career)[a-z]+\.com$/
https://t.co/FLwWZxksKq https://t.co/c1sI5AhdpJ](https://pbs.twimg.com/media/G2UJ4gFWsAAfRhv.png)
https://t.co/d1x2t6Zc8y
The @FBI has reported a series of fake websites impersonating the Internet Crime Complaint Center (IC3) for phishing attacks.
The sites are near pixel perfect copies of the official IC3 site, and are used to gather personal information from users for later targeting with #phishing.
By looking at web content "borrowed" from the official IC3 site, we can discover some of the fake pages with a web query.
Who to follow
eSentire
@eSentire
eSentire is a leader in Controlled Autonomy SecOps, powered by the unified agentic AI Atlas Platform. Learn more: https://t.co/btaNhRAQuA
Eric Smith
@PCISecurityTips
Director of Content Marketing for @SecurityMetrics, writing about #cybersecurity, #infosec, #pcicompliance, and #HIPAA news and tips. I'm also a wandmaker.
Titania
@TitaniaLtd
Preventing adversarial attacks and network disruptions by transforming the readiness, recoverability and resilience of your network infrastructure.
Rumors are spreading about a mayor #LawEnforcement operation against #Rhadamanthys #Stealer.
@g0njxa and me have been monitoring the situation closely.
-Rhada domains under active law enforcement control
- Customers are adviced to delete all servers
Image via club1337
Some more PoisonSeed domains! The ones at the top were created just 30 minutes ago! They don't appear to be up yet. Block it proactively!
ytcareersstaffing[.]com
ytcareersprospect[.]com
ytcareersdesk[.]com
ytcareersjob[.]com
ytcareersgroup[.]com
ytcareersopportunity[.]com
ytcareersprogress[.]com
ytcareersregister[.]com
ytcareersgrow[.]com
ytcareersselect[.]com
ytcareersenroll[.]com
ytcareersjoin[.]com
ytcareersinvite[.]com
ytcareerssearch[.]com
ytcareersapplication[.]com
ytjobsgroup[.]com
ytjobsinvite[.]com
ytjobsprogress[.]com
ytjobspeople[.]com
ytjobsopenings[.]com
ytjobssubmit[.]com
ytjobsadvance[.]com
ytjobsnetworkhub[.]com
ytjobsteams[.]com
ytjobsenrollment[.]com
ytjobsstaffing[.]com
ytjobsconnects[.]com
ytjobslist[.]com
ytjobshires[.]com
ytjobsworkplace[.]com
ytjobsprospects[.]com
ytjobsplatform[.]com
ytjobsgoals[.]com
ytjobscenterhub[.]com
ytjobslisting[.]com
ytjobscareerpath[.]com
ytjobspathway[.]com
ytjobsfocus[.]com
ytjobsrecruiters[.]com
ytjobscareer[.]com
ytjobsflow[.]com
ytjobszone[.]com
ytjobsglobal[.]com
ytjobsvacancies[.]com
ytjobsapplynow[.]com
ytjobsworks[.]com
ytjobsunit[.]com
ytjobscenter[.]com
ytjobslaunch[.]com
ytjobsrecruitment[.]com
ytjobshiring[.]com
ytjobsgrow[.]com
ytjobsselect[.]com
ytjobssuccess[.]com
ytjobsgrowth[.]com
ytjobsline[.]com
ytjobslink[.]com
ytjobsstaff[.]com
ytjobsmatch[.]com
ytjobssquad[.]com
ytjobssearch[.]com
ytjobsbridge[.]com
ytjobsbuild[.]com
ytjobsapplyhub[.]com
ytjobsnetwork[.]com
ytjobsplace[.]com
ytjobsnext[.]com
ytjobspath[.]com
ytjobspartner[.]com
ytjobsnow[.]com
ytjobsdesk[.]com
ytjobsmember[.]com
ytjobsrecruiting[.]com
ytjobsemployment[.]com
ytjobscollab[.]com
@500mk500
https://t.co/rjJU9znloD
![MalasadaTech's tweet photo. Some more PoisonSeed domains! The ones at the top were created just 30 minutes ago! They don't appear to be up yet. Block it proactively!
ytcareersstaffing[.]com
ytcareersprospect[.]com
ytcareersdesk[.]com
ytcareersjob[.]com
ytcareersgroup[.]com
ytcareersopportunity[.]com
ytcareersprogress[.]com
ytcareersregister[.]com
ytcareersgrow[.]com
ytcareersselect[.]com
ytcareersenroll[.]com
ytcareersjoin[.]com
ytcareersinvite[.]com
ytcareerssearch[.]com
ytcareersapplication[.]com
ytjobsgroup[.]com
ytjobsinvite[.]com
ytjobsprogress[.]com
ytjobspeople[.]com
ytjobsopenings[.]com
ytjobssubmit[.]com
ytjobsadvance[.]com
ytjobsnetworkhub[.]com
ytjobsteams[.]com
ytjobsenrollment[.]com
ytjobsstaffing[.]com
ytjobsconnects[.]com
ytjobslist[.]com
ytjobshires[.]com
ytjobsworkplace[.]com
ytjobsprospects[.]com
ytjobsplatform[.]com
ytjobsgoals[.]com
ytjobscenterhub[.]com
ytjobslisting[.]com
ytjobscareerpath[.]com
ytjobspathway[.]com
ytjobsfocus[.]com
ytjobsrecruiters[.]com
ytjobscareer[.]com
ytjobsflow[.]com
ytjobszone[.]com
ytjobsglobal[.]com
ytjobsvacancies[.]com
ytjobsapplynow[.]com
ytjobsworks[.]com
ytjobsunit[.]com
ytjobscenter[.]com
ytjobslaunch[.]com
ytjobsrecruitment[.]com
ytjobshiring[.]com
ytjobsgrow[.]com
ytjobsselect[.]com
ytjobssuccess[.]com
ytjobsgrowth[.]com
ytjobsline[.]com
ytjobslink[.]com
ytjobsstaff[.]com
ytjobsmatch[.]com
ytjobssquad[.]com
ytjobssearch[.]com
ytjobsbridge[.]com
ytjobsbuild[.]com
ytjobsapplyhub[.]com
ytjobsnetwork[.]com
ytjobsplace[.]com
ytjobsnext[.]com
ytjobspath[.]com
ytjobspartner[.]com
ytjobsnow[.]com
ytjobsdesk[.]com
ytjobsmember[.]com
ytjobsrecruiting[.]com
ytjobsemployment[.]com
ytjobscollab[.]com
@500mk500
https://t.co/rjJU9znloD](https://pbs.twimg.com/media/G3OUmxUXUAABkay.jpg)
NEW THREAT REPORT 🚨 We're tracking the spread of a new malware loader we have named “CountLoader,” that is strongly associated with Russian ransomware gangs. 🇷🇺
Read: https://t.co/RW7a9w5loQ
#countloader #threat #russia #ukraine #cybersecurity #ransomware
Remember: https://t.co/0rhGTdCrfC
@silentpush searching on keywords that are often used by threatactors can bring you to juicy open directories!
hxxp://84.247.147.214:8080/
uhoh, the worst ransomware I have seen.
Pivoting on a file named google-privacy-policy-Cb0CGVRT.svg was used in a ClickFix campaign.
hash: 51da32d8582706c6229f9a548da21b9845cb51ee55736a252addcdf2b1df5848
@silentpush
@banthisguy9349
@RacWatchin8872
@SquiblydooBlog
@skocherhan
@500mk500
@volrant136
@smica83
#NetSupportRat #C2
5[.]181[.]159[.]204
94[.]158[.]244[.]161
AS39798 MivoCloud SRL 🇺🇸
@Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud
![skocherhan's tweet photo. #NetSupportRat #C2
5[.]181[.]159[.]204
94[.]158[.]244[.]161
AS39798 MivoCloud SRL 🇺🇸
@Huntio @abuse_ch @JAMESWT_WT @500mk500 @anyrun_app @silentpush @MivoCloud https://t.co/OmNa6ExoQX](https://pbs.twimg.com/media/GvjRjwpWwAECAOn.jpg)
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ https://t.co/BndT67pe3y 🖖🏻
We're seeing lots of similar #phishing domains to those reported by @_JohnHammond 🚨
The actors are using consistent naming schemes and web hosting software that we can capture with a search query.
The actors have also made two other woopsies that we'll show down below👇
In this type of field its important to never rely on one tooling. Nothing is the holy grail in my opinion. So combine the bunch to that overview going.
I just learned that you can use several datasources @silentpush
Lets see what I can find with open-dir datasource.
Fake Google Chrome download site: https://google.[tw].cn/
The SSL cert for this domain has been given by "Google Trust Services". Not think I have to say anything about it...
🤷♂️
![malwrhunterteam's tweet photo. Fake Google Chrome download site: https://google.[tw].cn/
The SSL cert for this domain has been given by "Google Trust Services". Not think I have to say anything about it...
🤷♂️ https://t.co/oxDdXNyFac](https://pbs.twimg.com/media/Gc2cY68XwAAoR3z.jpg)
Definite threat alert: https://d[.]goldmansachserfd[.]top/?jp=1 found on https://t.co/Yoxr4cAHOL via @silentpush @GoldmanSachs
![silentpush's tweet photo. Definite threat alert: https://d[.]goldmansachserfd[.]top/?jp=1 found on https://t.co/Yoxr4cAHOL via @silentpush @GoldmanSachs https://t.co/rSAbY06QgY](https://pbs.twimg.com/media/GdRDilzbAAAjZ6C.jpg)
Nice and Simple Scattered Spider Pivots - Thanks to Initial Intel and previous posts from @TLP_R3D
1⃣ Regex Pattern And Server Header
2⃣ Regex, Server Header and ASN
3⃣ Regex, Dates, ASN and Name Server
Utilising Domain Search and Web Scanner from @silentpush
https://t.co/2mKp8lI8D1
Very interesting watering hole attack by Fin7- going for the AI nude audience #ThreatIntelligence #cybersecuritytips initial investigation by @silentpush
Incredible what security teams can access for free these days. https://t.co/bw5PlVjAw6 #informationsecurity #threatintelligence #freecybertools
Shadowserver did a nice mapping of UK gov IPs with exposed IPP https://t.co/uP0S23KHcV. .
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers