Infrastructure of Interest: Medium Confidence Phishing

Aug. 8, 2025, 7:46 a.m.

Description

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with phishing campaigns, targeting credential theft and fraudulent resource access. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.

External References

https://otx.alienvault.com/pulse/689453a1603f3d4b93557f2a
Tags
2025-08-07

Date

  • Created: Aug. 7, 2025, 7:20 a.m.
  • Published: Aug. 7, 2025, 7:20 a.m.
  • Modified: Aug. 8, 2025, 7:46 a.m.

Indicators

  • www.whatsapp-im.net
  • www.x9-whattsapp.org
  • www.x8-whattsapp.net
  • www.tubematedownload.org.37-49-227-160.cpanel.site
  • www.spcentral-amazon.com
  • www.s2-wthsaapp.org
  • www.reverent-dubinsky.213-226-123-177.plesk.page
  • www.rc5-whatsapp.org
  • www.rc5-whatsapp.net
  • www.nifty-galileo.213-226-123-177.plesk.page
  • www.news-whatsapps.net
  • www.microsoftnowonline.com
  • www.m-whatsapps.net
  • www.goxexe.top
  • www.google-v3-signin-identifier-authuser-continue-service.ru
  • www.flixfoxapk.app.37-49-227-160.cpanel.site
  • www.chatbotfundraiser.com
  • www.autoezpreso.cfd
  • www.ww-whatsapps-chat.net
  • www.v-whattsapp.org
  • www.u1-whotsapp.net
  • www.teams-web.com
  • www.s2-wthsaapp.com
  • www.netflix-app.com
  • www.doctolib-remboursement.co
  • www.cn-whatssappweblogin.com
  • www.app8-whatsap.net
  • www-whatsinapp.com
  • yhbcii.com
  • nlapp.nl
  • multi-fresh.site
  • jobsrozaana.com
  • ij-scan-utility.com
  • chetgpt.com
  • ywnjb.login-offlce.com
  • wildslots666.com
  • whatsuapq.com
  • whatilsapp.com
  • webdisk.23-237-26-135.cprapid.com
  • wahtsapp.cc
  • vps-d95a1b18.vps.ovh.net
  • vpn915794487.softether.net
  • very.dzo8.com
  • verify-address-partnership.top
  • verfolg.top
  • verifloginvancity.com
  • usps-update06.click
  • usps-checkupdate.info
  • uscgv.cn
  • us05webzoomus.life
  • us.quooa.com
  • us.y5ys.com
  • us.dzcmw.com
  • univarsolutlons.co
  • ulys-impaye.com
  • uksan.top
  • trusting-ritchie.191-96-207-56.plesk.page
  • takeoffexperts.ca
  • support-idevices-found.com
  • slackchannels.co.uk
  • sambapoker.club
  • roselinph.com
  • redsq.fotografkalasky.cz
  • rastreament.ink
  • quepos.freeboxos.fr
  • quickq-pc.com
  • qae4324.duckdns.org
  • postofficeinza.life
  • postoffsa.icu
  • posts-tracktrace.top
  • posstnli.sbs
  • posstnli.cfd
  • poosst.top
  • orico.index.co.jp.poakjma7.shop
  • paypal-ii.com
  • online-secureaccess.com
  • ns3.nicehosting.in
  • ogs.login-offlce.com
  • ns2.companyrolinc.pro
  • ns2.alramiqa.sa.com
  • ns1.box.post-bobs.co.uk
  • mydietanalysis-cert.pearson.com
  • nachver.top
  • my.axonalia.com
  • mcs.agvip222.com
  • microsoft365page.live
  • mail.facebookalert.com
  • kmsorguyapalimhemenqae.duckdns.org
  • login-upps.shop
  • kmsorgulartamsanlarshuzkyler.duckdns.org
  • k5892.com
  • itsablessing.cfd
  • intelligent-bouman.185-196-10-166.plesk.page
  • installer.login-xero.com
  • inspiring-matsumoto.213-226-123-177.plesk.page
  • inpost-go.click
  • gzmantu.com
  • hasfdyta.fwlanmsl.co
  • great-borg.34-175-60-117.plesk.page
  • gls-hk.help
  • fullcopesel.top
  • fullcopesss.top
  • fullcopeca.top
  • fuilcopui.cc
  • frosty-wright.3-87-0-221.plesk.page
  • fedexpayments.com
  • fedex-update01.ink
  • estafeta.city
  • esqws.top
  • es-amazon.com
  • egypteposts.cfd
  • eggypttpost.top
  • e-station2-axs.asia
  • dpostr.cfd
  • dokumentnik.si
  • dhltracking-info.top
  • dhlhomes-esde.cfd
  • dhleshome-eshtml.life
  • dhhii.cfd
  • ctt-e.com
  • cs4.jskcdns.net
  • corrgodms.xyz
  • cpcalendars.23-237-26-135.cprapid.com
  • correo.host
  • conta-google.com
  • clasd.top
  • canadapost-postescanada.store
  • businessalerter.com
  • belizepostalservice-gov.shop
  • av2x.com
  • auposteam.click
  • aupostal.live
  • anmpostt.top
  • amazonvrc.co
  • amazonztv.co
  • amazonzgzc.co
  • amazonzmc.co
  • amazonzhzc.co
  • amazonyyc.co
  • amazonuyc.co
  • amazontyc.co
  • amazonoon.co
  • amazonqmc.co
  • amazonnetb.com
  • amazonnec.co
  • amazonmusiccode.com
  • amazonfyc.co
  • amazoncip.com
  • amazoncot.com
  • amazonche.com
  • amazoncae.com
  • amabrbr.com
  • amabbr.com
  • 7777-bet.com
  • us05webzoomus.world
  • unpaid-ticket-ca.live
  • ttrackshb.live
  • temzdsf-burdsna-aldin-aldn.shop
  • sogouocs.top
  • smbccard-jp.sbs
  • postas-mk.icu
  • postas-md.icu
  • posta-delivery.shop
  • interactivebrokers-hk.icu
  • estofetta.cfd
  • entrpreneur.org
  • dhill.cfd
  • demo.bd2h.com
  • delive-mx.top
  • ddill.cfd
  • correoargentina.sbs
  • awj-waapp.top
  • awz-waapp.top
  • ad-telegran.shop
  • bizlerle-endsiyi-budsaa-aldin-aldin.shop
  • amazon-co-jp.shop
  • townoflakelure.com
Download all indicators here!

Additional Informations

  • spica.international