Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- There was some typosquatting on popular domains that led to RIG Exploit Kit in August, September, and October of 2019. All redirection chains (involving RIG EK or not) have had similar domains like usd.odysseus-nua.com, usa.odysseus-nua.com, usd.godabert-nap.com, usa.godabert-nap.com, etc., in them. PassiveTotal is showing that these domains are associated with ZeroPark domain redirect traffic. You can see a list of ZeroPark domains at https://community.riskiq.com/search/components/Server/ZeroPark-Traffic/. You can also read about ZeroPark's domain redirect traffic at https://zeropark.com/domain-redirect/. ZeroPark is owned and operated by Codewise.
- Some of these domains are obviously typosquatting popular domains but all these involved ZeroPark redirects and RIG EK:
- 1freewebhosting.org ---------> https://app.any.run/tasks/4e67a42b-abc6-4edf-af03-728d241c2d48/
- ancestrydnatest.net ---------> https://app.any.run/tasks/45e3cea6-9e0c-4bd2-9207-a0f8596a5251/
- app.facebookprofileview.com -> https://app.any.run/tasks/df7c9c5e-a306-4226-86de-c86b3740014d/
- bloomindales.com ------------> https://app.any.run/tasks/6e250b06-d47d-421d-9aae-b88d9f93bc03/
- carefirsst.com --------------> https://app.any.run/tasks/c9534d6a-6ea3-446d-bb85-c689e100b78c/
- cryptaloot.pro --------------> https://app.any.run/tasks/84ad2c80-fbf4-4417-957d-09be495a1849/
- cunyfirst.com ---------------> https://app.any.run/tasks/3ccc47da-0ea0-4b8a-beef-2110211469d4/
- fceacebook.com --------------> https://app.any.run/tasks/98c50023-c3d7-4937-9591-5a03b0563ab9/
- ggole.com -------------------> https://app.any.run/tasks/f6fd68c1-02ee-486a-bc4d-5feb3df1f854/
- go2batch.com ----------------> https://app.any.run/tasks/0914d7d4-110d-4122-a2af-5b34ce8c0968/
- ismetozel.org ---------------> https://app.any.run/tasks/2f61ac2f-d5f9-444f-b954-2a6b8f68a34c/
- mishcon.atalassian.net ------> https://app.any.run/tasks/6fb36c41-8ef2-4947-acb2-04d635a5e0c8/
- moodystotalreward.com -------> https://app.any.run/tasks/8de9207d-ca80-42ac-9276-36d04d12a692/
- nurselabs.com ---------------> https://app.any.run/tasks/7532a1ec-8723-491a-a9fc-04b4e1a40e6f/
- onlinebanking.22web.org -----> https://app.any.run/tasks/73877c8b-2c92-414e-a033-ad30df19859f/
- pollenradar.nl --------------> https://app.any.run/tasks/16344f64-ba5b-47ad-b3e3-30eecbad74a1/
- samsungt.com ----------------> https://app.any.run/tasks/0346fc93-3075-4690-8a62-cfe9dc49aacc/
- scotland.ideasfactory.com ---> https://app.any.run/tasks/4c0dd21a-cbe5-4a1b-a2ff-ca6a3d11de9a/
- visitbmwusa.com -------------> https://app.any.run/tasks/4c5716d5-3fa1-44b6-8ee0-a0f1c02a793b/
- windowsdefender.club --------> https://app.any.run/tasks/fabb95de-8370-46b8-9a33-d2e90b12746d/
- worplace.com ----------------> https://app.any.run/tasks/ae214494-bb9a-4bda-a130-ffc185f90439/
- wwwdailyforex.com -----------> https://app.any.run/tasks/d1687c63-9260-481c-9839-7d031b0f04b6/
- Some typosquatting on popular domains that led to a ZeroPark domain redirect but no RIG EK:
- blackjack-casinos.net -> https://app.any.run/tasks/8236857e-a5c4-40b8-a145-c85bdcbee31c
- capitalone.cm ---------> https://app.any.run/tasks/64f144ee-5e16-4701-966d-2a761d41d90c/
- gmai.com --------------> https://app.any.run/tasks/851ce0bd-c9b0-47d3-be98-562c007e162d/
- gogle.cm --------------> https://app.any.run/tasks/444ab65b-894c-4741-8014-ccf058a99aa2/
- googlew.com -----------> https://app.any.run/tasks/3f3ff8b0-017d-4c2b-af6b-5a76717ab0eb/
- grubhubc.com ----------> https://app.any.run/tasks/1c2a21e5-7a10-41a2-8d7d-87a571d8e906/
- whatsap.com -----------> https://app.any.run/tasks/6ebe86c4-e1de-4710-9ea5-bc6cfc40b186/
- williams-soonoma.com --> https://app.any.run/tasks/1b904b4a-527f-446a-be06-29298f88b07a/
- youyutbe.com ----------> https://app.any.run/tasks/04d74653-422b-48b4-81da-07596e97417e/
- Additional IOCs:
- btcseller.club
- mybestdc.com
- vapeshout.com
- advertland.world
- advertland1.world
- atztds1.world
- atztds177.world
- atztds2.world
- atztds27.world
- atztds277.world
- atztds3.world
- atztds37.world
- atztds775.world
- mtxtds2.world
- mxtds1.world
- 5.101.181.110
- 85.114.146.93
- 88.99.89.222
- 94.130.90.228
- RIG EK:
- 2.59.41.10
- 37.230.117.104
- 46.229.213.144
- 62.109.26.19
- 80.87.200.198
- 92.63.103.145
- 94.250.251.5
- 176.57.217.3
- 185.63.191.25
- 188.120.244.168
- 188.120.244.171
- 188.120.254.174
- 188.225.27.149
- 188.225.32.147
- 188.225.34.40
- 188.225.38.230
- 188.225.46.64
- 188.225.47.78
- 188.225.83.22
- 213.159.208.166
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement