Infrastructure of Interest: High Confidence Phishing
Aug. 8, 2025, 7:46 a.m.
Description
These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with phishing campaigns, targeting credential theft and fraudulent resource access. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.
External References
Tags
Date
- Created: Aug. 7, 2025, 6:55 a.m.
- Published: Aug. 7, 2025, 6:55 a.m.
- Modified: Aug. 8, 2025, 7:46 a.m.
Indicators
- www.signinawsamazon.org
- wwwpostaa.top
- www3.accountsgoogle.es
- www.xenodochial-proskuriakova.191-96-207-56.plesk.page
- www.wshtsapp.com
- www.whsvczpp.com
- www.support-utilisateur-dsp2.com
- www.u2-whotsapp-web.com
- www.s2-wthsaapp.net
- www.quickq-pc.com
- www.rc5-whatsapps.com
- www.qamatx.com
- www.onlinemicrosofttobenow.cfd
- www.paypal-ii.com
- www.oauurftv.netflix-app.com
- www.news-whatsapps.com
- www.luwydtnb.netflix-app.com
- www.l6-whatsapp-web.com
- www.htds666.top
- www.cn-whatssappweb.com
- www.dhleshome-eshtml.life
- www.chat.chatbotgoogle.com
- www.auth-monday.com
- www.amazon321.com
- www.adoring-mccarthy.107-189-16-100.plesk.page
- www.amazen.net
- www.a92-whatsapps.com
- www-oric07oro.shop
- www-hkws.com
- www-appleid-apple-find.us
- www3.xx.accountsgoogle.es
- www.xx-telegramcn.net
- www.boring-pike.217-65-146-141.plesk.page
- www-bmo.com
- web-tools.cloud
- targettredcardlogin.com
- sendennatuursteen.nl
- pulpybizarre.com
- litnet.work
- oliveoilsuperfoods.live
- hurtdetal.com
- firstonlinedirect.com
- effectivecreativeformats.com
- bpr-tgr.com
- drmartens-moscow.ru
- zoom-signin.com
- yurticikrago.cfd
- yurticikargoit.life
- wz6782.com
- x9-whattsapp.org
- x9-whattsapp.com
- wz6784.com
- wz6781.com
- whotsapp.cc
- whatuosapp.com
- whatvopp.com
- whavuopp.com
- whatswcb.com
- whatsappol.com
- whatsappf.co
- whats-wyc.com
- whatsapp-azx.com
- whats-ssr.com
- what-sms.com
- whastmapp.com
- wed-whtusapoo.com
- webmeetgoogle.net
- wahtsr-app.com
- via-admin.shop
- verifications-celsiusclaims.com
- verfolgung-der-lieferung.com
- v-whattsapp.org
- uspspost-us.com
- uspspost-box.com
- uspsoi.shop
- uspsdelivery.fit
- usps.my.id
- us05webzoomus.top
- ukevee.top
- trpttpoa.life
- trexonida.xyz
- tokenpokct.com
- thriveweb.online
- three-terms-condition.com
- thefastprint.in
- tg-login-zhifeiji.com
- teams-web.com
- subskyp-maal.com
- stream-netfllx.com
- soporte-ups.com
- soltse.com
- snap-star-certification.com
- smilesys.site
- slkpostgov.vip
- silzerbizl-kamp-teklfiler-aldn-aldin.store
- singpost.cfd
- silzerbizl-kamp-teklfiler-aldn-aldin.shop
- service-term.com
- securityservicex.com
- secure-auth-x.com
- secure04-schwabalert.click
- sambapokerclub.com
- ruckerstattung-ppl.com
- reverent-babbage.34-116-178-51.plesk.page
- resch-fedex1.live
- renouvellementamazonprime.com
- rechdfed.live
- receber-ctt.com
- prt-tr-gcv.cfd
- preparedeployment.com
- ptt-gev-tr.cfd
- posthll.cfd
- posta-track.sbs
- posstnord.cfd
- posta-get.info
- post-trackinfo.icu
- post-austria.shop
- posstnli.top
- posindanesia.cfd
- pointlogistique.fr
- playgoogle.cloud
- phlpostph.life
- pctelegram.org
- parcelmyhermes.com
- pay--asiakaspalvelu.com
- p-wtatsapp.shop
- oman-postm.com
- orange-login.com
- onlinemicrosofttobenow.cfd
- online-dashboardauth.com
- omanposts.life
- officedocumentations4romportalsystem.com
- nzpostll.ink
- ntflix-cuenta.com
- ns2.skylinehost.in
- ns2.secure-auth-x.com
- ns2.login-activity-x.com
- ns12.hostshabhji.com
- ns1.suspicious-login-x.com
- ns1.skylinehost.in
- myraku-tenco.shop
- myraku-infoco.shop
- my-dscardfuurk.tokyo
- my-docardfg.tokyo
- microsoft-services.com.br
- mi165.info
- mhtplb.com
- meuicloud.com
- mail.google-v3-signin-identifier-authuser-continue-service.ru
- masablakon-buradas-aldisnad-aldn.shop
- mail.creditagricole-contact.com
- m.7882769.com
- logon-my.com
- login-whatsapp-hk.com
- login-celsiusnetwork-claimsportal.com
- login-m-auth-deplik2fwa2fsdf0.com
- login-anz-com.cc
- login-anz-com-au.com
- login-anz-com-au.cc
- lmtoken-web3.com
- liansdj9.shop
- l6-whatsapp-web.com
- lcloud-login-mx-att.us
- kgmwerlgov.cfd
- kgmisgv.click
- k5862.com
- k5863.com
- juanleija.shop
- jpapi.agvip222.com
- japanpost-jp.com
- jeanettetoney.shop
- informationdocumentdeliveryonline.com
- info-mon-colis.com
- info-docardhhkd.tokyo
- info-ddaardsljhhf.tokyo
- info-account-help.com
- googlesetting.shop
- hs-kd-whatsapp.xin
- hk2-whastpapp.com
- hk-inspect.net
- herzamansizlerl-kamp-teklfiler.store
- googlespinjoy.com
- googlemailapi.shop
- googlemailzone.shop
- googlemailtoday.shop
- googlemailapi.icu
- google-v3-signin-identifier-authuser-continue-service.ru
- googbe-admin.com
- goestafeta.sbs
- gf-whatsapp.cc
- fullcopessd.top
- fullcopecr.cfd
- forwardingdeliveries.help
- file.goxexe.top
- fedexpl.info
- fedre2024.bet
- fcattles.xyz
- fasfhhwklfg18.click
- fasfhhwklfg18.cloud
- facobook.si
- exprurss.guru
- evri.onliechange.cfd
- enattente-paquet30.com
- estafeto.cfd
- emv1.qamatx.com
- emiratespostin.life
- elta-coulreir-gr.cc
- eloquent-vaughan.37-221-67-12.plesk.page
- egpost-track.icu
- egyptlpostsl.ink
- drive.my.accountsgoogle.es
- ds888.goxexe.top
- dmv.red
- dhlin.top
- disn.ey-plus.com
- dhles-eshtmlde.life
- dhlat.me
- dhl-paket.live
- dhl-certificat.shop
- dhl-austria.my
- dhill.sbs
- dh1-serviec.cfd
- dgtesadvertir.cfd
- ddill.icu
- cp.ltdnetwork.info
- correoargentlno-com.top
- correos-gob.cfd
- correoargentinocom-ar.top
- correoargentino-comarr.top
- coopercarga.net
- correes.cfd
- cn-whatssapp.net
- chatbotgoogle.com
- chocolabonbon.cfd
- chat.chatbotgoogle.com
- cf9ag66v.fbxos.fr
- certifcat-dhl.cyou
- certifcat-dhl.click
- celsiusnetwork-third-distribution.com
- cationinfodhl.shop
- canadapost-postescanada.shop
- ca-bmo.com
- burdsnherzm-alirsdn-kamp-cadrldar.shop
- boring-pike.217-65-146-141.plesk.page
- bnc-securite.com
- bgpost-bgi.com
- automateddocumentationonlineservice.com
- auspost-serve.com
- aupostsuported.click
- aupostsuport.click
- aupostend.click
- aupostcentre.click
- auparcels.live
- aupackage.live
- au-ao-whatsapp.love
- asdtvonlinewsign.cfd
- areyothereyet.cfd
- anz-com.us
- anz-com-au.us
- anpost-shipment.com
- anpost-go.click
- amazonvp.shop
- amazoncrw.com
- amazoncto.com
- amazoncnn.com
- amazoncax.com
- amazon321.com
- amaetb.com
- albaik-up.shop
- 6dpe4.cn
- address-verification.sbs
- 026598.com
- 311900.com
- agropacificcargoservicesanddel.com
- aeromeixco.top
- abonnementsstatus.help
- 2027777.com
- 7882769.com
- 82166google.com
- accountverif.com
- accountsgoogle.es
- account-suspended.com
- 788sun.com
- accountsgooglesignin.com
- 726516.com
- static.login-certificate.org
- spotify-br.com
- xx-telegramcn.net
- xsywshxhjy.xyz
- xn--doctolib-sant-nhb.com
- xiaomi-brasil.com
- xazmm.top
- x8-whattsapp.net
- ww-whatsapp-chat.net
- ww-whatsapps-chat.net
- ww-whatsapp-chat.com
- wl-whatsapp.cc
- whatsapp-labs.com
- whatsapp-pc.cc
- whatsapp-labs.net
- whatsapp-im.net
- whatsapp-ew.cc
- whatsapp-beveiliging.com
- wh-whatsapp.cc
- web03pnc.com
- vps113151.serveur-vps.net
- viveterpel.cyou
- viewcert.shop
- ups-asistencia.com
- vamasablakon-buradas-aldisnad-aldn.shop
- ulys-pay.com
- uspspost.top
- uspsdelivery.help
- usapost-usps.com
- ups-relais.fr
- track-usps.one
- telegramn-im.net
- support-utilisateur-dsp2.com
- soporte-netflix.com
- snd-marayksia-laskuttaa.com
- slapostgov.vip
- signin-arnazon.com
- signinawsamazon.org
- signin-identifi.com
- service-orange-reunion.com
- saveh.xyz
- royalmail.fun
- rc5-whatsapp.org
- rc5-whatsapps.com
- rc5-whatsapp.net
- postcan-track-elment.live
- posusps-trck.info
- postch.buzz
- pi-whatsapp.vip
- pcwhatsapp.com
- onedrive-microsoftonline.com
- offlceoutlookmaill.com
- ns2.box.post-bobs.co.uk
- ns1.ltdnetwork.info
- nicepe.xyz
- nfxx360.com
- news-whatsapps.net
- news-whatsapps.org
- news-whatsapps.com
- netflix-app.com
- netflix-network.info
- ne3tflixaccount-redirection.com
- moreles.net
- microsoftnowonline.com
- microsoftde.top
- m168588.shop
- m-whatsapps.net
- loginsalesforce.org
- login-account-google.com
- login-certificate.org
- login-celsius-secureportals.com
- log-whatsapp-hk.com
- login-activity-x.com
- livraison-monrelay.com
- lie-whatsapp.com
- kgmwerlgov.sbs
- k5661.com
- info-merrcdijhh.tokyo
- i-netflix.com
- icloud-localizado.com
- hrezmn-endsiyi-budsaa-aldin-aldin.shop
- herzamsnd-burdans-aldin-aldn.shop
- gouwanhai.shop
- google-account-login.com
- fwfrgegfwgrw.xyz
- forms-microsoft.com
- fedex-update01.wiki
- fedex-update01.help
- fastgithub.com
- facebookalert.com
- expruiss.guru
- exodus-tokenization.com
- emag-hu.cfd
- eir-mobile-terms.com
- dpkww.com
- dpd-link.info
- chatbotfundraiser.com
- documentation4sharingfileonlinewithgooglefile.com
- dedouanement-ups.com
- dgtg.shop
- dexef-kisu.life
- deutschepost-web.de
- delivery-demex.top
- consultefacture0-rngelogn.fr
- compte-vitale.info
- com-ar.top
- cn-whatssappweblogin.com
- auspost-help.top
- choisir-creneau-mondialrelay.fr
- camilnera.cfd
- business-posteit.cfd
- auspost-verify.com
- acconut-mail.com
- app8-whatsap.net
- amazonbr.vip
- amazoncms.com
- aupost-verify.net
- amazoncfp.com
- 6z.fit
- 4-72sdw.shop
- amazontask.top
- americanexpresss-jp.shop
- autoezpreso.cfd
- account-drive.com
- applebrasil-suporte.com
- axonalia.com
- amazoncoo.com
- bcaild.cfd
- a92-whatsapps.com
- a92-whatsapps.net
- aupost-verify.com
- getstranto.club
Additional Informations
- shekvaer.express
- govau.digital