API tools faq
paste
Advertisement
jroosen

Even More Azure Phishing

jroosen
Jul 30th, 2019
4,017
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.85 KB | None | 0 0
raw download clone embed print report
  1. Seems to be even more Azure based or Azure targeting phishing out there. Here is another batch to block:
  2.  
  3. Redirector Pages:
  4.  
  5. http://23579465336784576.azureedge.net/
  6. http://4387847993.azureedge.net/
  7. http://543647584.azureedge.net/
  8. http://56443657.azureedge.net/
  9.  
  10. Landing Pages Sites:
  11.  
  12. https://072319.z13.web.core.windows.net/ - ya still up
  13. https://35476857968771348-secondary.z6.web.core.windows.net
  14. https://73482787690670835-secondary.z16.web.core.windows.net
  15. https://76485987679659-secondary.z16.web.core.windows.net
  16. https://793620853act2.blob.core.windows.net/2nd/index.html
  17. https://893683089367363rd.blob.core.windows.net/3rd/index.html
  18. https://98257307825735acct.blob.core.windows.net/1st/index.html
  19. https://admindeploy.blob.core.windows.net/terminatnnotice356/index.html
  20. https://bankremit.blob.core.windows.net/desjardnsbnk/index.html
  21. https://ce93893080208.blob.core.windows.net/90848/index.html
  22. https://csa793wimikuog4nxq6.z19.web.core.windows.net/eeemeemg.html
  23. https://fideli.blob.core.windows.net/fidel/index.html
  24. https://friend.blob.core.windows.net/friday/index.html
  25. https://grees.blob.core.windows.net/grees/index.html
  26. https://level.blob.core.windows.net/level/index.html
  27. https://loo.blob.core.windows.net/hell/index.html
  28. https://mailfax.z13.web.core.windows.net/
  29. https://melod.blob.core.windows.net/love/index.html
  30. https://miccrosoftonline.z13.web.core.windows.net/
  31. https://owaanyexchange33v3.z5.web.core.windows.net/eeemeemg.html
  32. https://s3.us-east-2.amazonaws.com/c0nnecticut.d0.cusig.n.gi3hwjxvck2wbgvsmv11j3wlw7bmbihnixvhqtqz/kLwCmEK0Qq2zvD4DEZpsNgjqr2VL0XrUbmugi00V/ReYU4XdM1EK60dS3BZZM+j5wyTZ3MzXV4q56xTxCC/HjYX18oMd8zBVivx2Rtd.html
  33. https://sharepointonline1997.z13.web.core.windows.net/
  34. https://vect.blob.core.windows.net/vec/index.html
  35. https://vvsucccess5.blob.core.windows.net/owe5/update5.html
  36. https://wining.blob.core.windows.net/win/index.html
  37. https://wwwnhbgoutlookofficeowa.blob.core.windows.net/auth/vmnotemessage.html
  38.  
  39. Non-Azure Landing:
  40.  
  41. https://outlook.office365user463467677ur.srv159890.hoster-test.ru/rema.html
  42. https://fixexprss7129.jmjelectricvehicles.com/asxxpn/login.php
  43.  
  44. The .ru link above is mostly delivered via random bit.ly links.
  45. To get them to show an address to phish on, you add #whatever@domain.tld at the end of most.
  46.  
  47. Processing/validation sites:
  48.  
  49. https://alalion.com/press/xxx.php
  50. https://anixtcr.com/api/api.php
  51. https://ansariha.ir/language/english/office/processor.php
  52. https://apmultiproducts.com/cgi-bin/popup.php - may be offline
  53. https://kavianpsh.com/money/language/malay/bless/processor.php
  54. https://lifeeways.co.uk/kdot/processor.php
  55. https://modaresan.org/money/blessing/follow/menow/processor.php
  56. https://outletin.pw/processor.php
  57. https://skmiarcon.com/qbbice/send.php
  58. https://www.direct2canada.com/forum/proc/processor.php
  59.  
  60.  
  61. Thanks to @urlscanio and @ps66uk for help with this list :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!