Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Seems to be even more Azure based or Azure targeting phishing out there. Here is another batch to block:
- Redirector Pages:
- http://23579465336784576.azureedge.net/
- http://4387847993.azureedge.net/
- http://543647584.azureedge.net/
- http://56443657.azureedge.net/
- Landing Pages Sites:
- https://072319.z13.web.core.windows.net/ - ya still up
- https://35476857968771348-secondary.z6.web.core.windows.net
- https://73482787690670835-secondary.z16.web.core.windows.net
- https://76485987679659-secondary.z16.web.core.windows.net
- https://793620853act2.blob.core.windows.net/2nd/index.html
- https://893683089367363rd.blob.core.windows.net/3rd/index.html
- https://98257307825735acct.blob.core.windows.net/1st/index.html
- https://admindeploy.blob.core.windows.net/terminatnnotice356/index.html
- https://bankremit.blob.core.windows.net/desjardnsbnk/index.html
- https://ce93893080208.blob.core.windows.net/90848/index.html
- https://csa793wimikuog4nxq6.z19.web.core.windows.net/eeemeemg.html
- https://fideli.blob.core.windows.net/fidel/index.html
- https://friend.blob.core.windows.net/friday/index.html
- https://grees.blob.core.windows.net/grees/index.html
- https://level.blob.core.windows.net/level/index.html
- https://loo.blob.core.windows.net/hell/index.html
- https://mailfax.z13.web.core.windows.net/
- https://melod.blob.core.windows.net/love/index.html
- https://miccrosoftonline.z13.web.core.windows.net/
- https://owaanyexchange33v3.z5.web.core.windows.net/eeemeemg.html
- https://s3.us-east-2.amazonaws.com/c0nnecticut.d0.cusig.n.gi3hwjxvck2wbgvsmv11j3wlw7bmbihnixvhqtqz/kLwCmEK0Qq2zvD4DEZpsNgjqr2VL0XrUbmugi00V/ReYU4XdM1EK60dS3BZZM+j5wyTZ3MzXV4q56xTxCC/HjYX18oMd8zBVivx2Rtd.html
- https://sharepointonline1997.z13.web.core.windows.net/
- https://vect.blob.core.windows.net/vec/index.html
- https://vvsucccess5.blob.core.windows.net/owe5/update5.html
- https://wining.blob.core.windows.net/win/index.html
- https://wwwnhbgoutlookofficeowa.blob.core.windows.net/auth/vmnotemessage.html
- Non-Azure Landing:
- https://outlook.office365user463467677ur.srv159890.hoster-test.ru/rema.html
- https://fixexprss7129.jmjelectricvehicles.com/asxxpn/login.php
- The .ru link above is mostly delivered via random bit.ly links.
- To get them to show an address to phish on, you add #whatever@domain.tld at the end of most.
- Processing/validation sites:
- https://alalion.com/press/xxx.php
- https://anixtcr.com/api/api.php
- https://ansariha.ir/language/english/office/processor.php
- https://apmultiproducts.com/cgi-bin/popup.php - may be offline
- https://kavianpsh.com/money/language/malay/bless/processor.php
- https://lifeeways.co.uk/kdot/processor.php
- https://modaresan.org/money/blessing/follow/menow/processor.php
- https://outletin.pw/processor.php
- https://skmiarcon.com/qbbice/send.php
- https://www.direct2canada.com/forum/proc/processor.php
- Thanks to @urlscanio and @ps66uk for help with this list :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement