Thread Reader
Share this page!
×
Post
Share
Email
Enter URL or ID to Unroll
×
Unroll Thread
You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649
How to get URL link on X (Twitter) App
On the Twitter thread, click on
or
icon on the bottom
Click again on
or
Share Via icon
Click on
Copy Link to Tweet
Paste it above and click "Unroll Thread"!
More info at
Twitter Help
Osumi, Yusuke
@ozuma5119
Threat Intelligence, Cyber Security Researcher, PenTester. CISSP,CISA
Subscribe
Save as PDF
Jun 26, 2022
•
4 tweets
•
3 min read
⚠️
#Phishing
Alert
IP: 158.51.96[.]35 (AS397270 NetInformatik)
IoC:
otx.alienvault.com/pulse/62b87f1c…
Brand: JR East えきねっと
eki-nzt[.]com[.]iofo[.]crmiet[.]com[.]cn
eki-nzt[.]com[.]iofo[.]jgmm[.]com[.]cn
eki-nzt[.]com[.]iofo[.]jgmd[.]com[.]cn
eki-nzt[.]com[.]iofo[.]jgmh[.]com[.]cn
→
#phishing
eki-nzt[.]com[.]iofo[.]zxtj[.]com[.]cn
eki-nzt[.]com[.]personal[.]crmiet[.]com[.]cn
eki-nzt[.]com[.]personal[.]jgmd[.]com[.]cn
eki-nzt[.]com[.]personal[.]jgmh[.]com[.]cn
eki-nzt[.]com[.]personal[.]jgmm[.]com[.]cn
eki-nzt[.]com[.]personal[.]zxtj[.]com[.]cn
→
Save as PDF
Jun 25, 2022
•
4 tweets
•
3 min read
🔥⚠️Massive 2618
#Phishing
Sites on 1 IP! 🔥
Domain: com[.]cn🇨🇳
IP: 107.175.3[.]44 (AS36352 COLOCROSSING)
IoC:
otx.alienvault.com/pulse/62b7301b…
Brand: VISA/Master/JCB/AMEX
➡️DGA based, Third Level Domain
hxxp://www[.]masccsorod[.]asosscemend[.]6ei2p4y1[.]com[.]cn/ic6oXx7P3s/page1.php
...
This Actor uses domains just before they expire.
They may be purchasing second-hand domains(二手域名) at a discount.❓