New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add amazon phishing host IPs to blocklists #510

Merged

spirillen merged 2 commits into Phishing-Database:main from g0d33p3rsec:add-amazon-smishing-ips-to-blocklists

Nov 22, 2024

Contributor

g0d33p3rsec commented Nov 21, 2024 •

edited

Loading

Phishing Domain/URL/IP(s):

142.171.209.174
184.174.97.59
amazonvrn.co
amazoncwg.com

Impersonated domain

www.amazon.com

Describe the issue

I received another pair of Amazon related smishing lures today, though the format differs from those discussed in #497. They do not begin with [AMAZ0N]. Reviewing the IP addresses for both hosts revealed additional related staged domains and no other unrelated domains, so adding by IP address instead of trying to play wack-a-mole with the disposable domains. This information has also been forwarded to Amazon Security.

Related external source

https://urlscan.io/result/c7bc49a6-8764-465b-b01f-85524d5ba7c0/
https://urlscan.io/ip/142.171.209.174
https://urlscan.io/result/66acacd4-a082-45e0-9254-1845f06ded4e/
https://urlscan.io/ip/184.174.97.59
https://search.censys.io/hosts/184.174.97.59/data/table#80-TCP-HTTP

Screenshot

Click to expand


          add amazon smishing host IPs to blocklists

55ef8b8

Contributor Author

g0d33p3rsec commented Nov 21, 2024

@spirillen I am about to head into another meeting but will add this to the matrix when I get home.


          Merge branch 'mitchellkrogza:main' into add-amazon-smishing-ips-to-bl…

3fb4d68

…ocklists

This was referenced Nov 21, 2024

amazoncil.com mypdns/matrix#1318

Closed

amazoncwb.com mypdns/matrix#1319

Closed

amazonczh.com mypdns/matrix#1320

Closed

amazoncog.com mypdns/matrix#1321

Closed

amazoncwg.com mypdns/matrix#1322

Closed

amazoncdb.com mypdns/matrix#1323

Closed

amazonceb.com mypdns/matrix#1324

Closed

amazoncra.com mypdns/matrix#1325

Closed

amazonctl.com mypdns/matrix#1326

Closed

amazoncdq.com mypdns/matrix#1327

Closed

amazonczk.co mypdns/matrix#1328

Closed

amazoncik.com mypdns/matrix#1329

Closed

amazoncve.com mypdns/matrix#1330

Closed

amazoncim.com mypdns/matrix#1331

Closed

amazonczr.com mypdns/matrix#1332

Closed

amazoncwq.com mypdns/matrix#1333

Closed

amazonces.com mypdns/matrix#1334

Closed

amazonvrn.co mypdns/matrix#1335

Closed

amazonsin.co mypdns/matrix#1337

Closed

Contributor

spirillen commented Nov 22, 2024

Hey @g0d33p3rsec should I say welcome back 😉

Can see you've been busy, and as usual, flawless issues.

Thanks for the heads up, and I'll stat adding them to #matrix

spirillen merged commit 98c3ea7 into Phishing-Database:main

1 check passed

spirillen changed the title ~~add amazon smishing host IPs to blocklists~~ add amazon pmishing host IPs to blocklists

spirillen changed the title ~~add amazon pmishing host IPs to blocklists~~ add amazon phishing host IPs to blocklists

This was referenced Nov 23, 2024

142.171.209.174 mypdns/matrix#1377

Closed

59.97.174.184 mypdns/matrix#1378

Closed

spirillen added a commit to mypdns/matrix that referenced this pull request


          Phishing

23b94ea

Fix #1375 #MTX-1377
Fix #1376 #MTX-1378
Fix #1377 #MTX-1379
Fix #1378 #MTX-1380
Fix #1318
Fix #1319
Fix #1320
Fix #1321
Fix #1322
Fix #1323
Fix #1324
Fix #1325
Fix #1326
Fix #1327
Fix #1328
Fix #1329
Fix #1330
Fix #1331
Fix #1332
Fix #1333
Fix #1334
Fix #1335
Fix #1336
Fix #1337
Fix #1338
Fix #1339
Fix #1340
Fix #1341
Fix #1342
Fix #1343
Fix #1344
Fix #1345
Fix #1346
Fix #1347
Fix #1348
Fix #1349
Fix #1350
Fix #1351
Fix #1352
Fix #1353
Fix #1354
Fix #1355
Fix #1356
Fix #1357
Fix #1358
Fix #1359
Fix #1360
Fix #1361
Fix #1362
Fix #1363
Fix #1364
Fix #1365
Fix #1366
Fix #1367
Fix #1368
Fix #1369
Fix #1370
Fix #1371
Fix #1372
Fix #1373
Fix #1374

Rel: Phishing-Database/phishing#510
Rel: Phishing-Database/phishing#511
Rel: Phishing-Database/phishing#513

## Added the following records as phishing

- 32.57.71.153.43
- 142.171.209.174
- 192.3.55.217
- amazonsin.co
- 59.97.174.184
- amazoncik.com
- amazoncil.com
- amazonceb.com
- amazoncog.com
- amazonczh.com
- amazoncwb.com
- amazoncdb.com
- amazoncwg.com
- amazonctl.com
- amazoncra.com
- amazonczk.co
- amazoncdq.com
- amazoncve.com
- amazonczr.com
- amazoncim.com
- amazonces.com
- amazoncwq.com
- postman-vip.top
- yotpo.com
- amazonvrn.co
- postman-vip.icu
- postoffice-com.icu
- postman-vip.life
- postman-vip.xyz
- parcel-vip.icu
- parcel-vip.help
- parcel-vip.click
- parcel-vip.xyz
- parcel-vip.top
- postman-vip.help
- postofficu.top
- postoffico.xyz
- postoffico.icu
- postoffice-vip.icu
- postoffice-vip.help
- postoffice-com.top
- postoffice-vip.xyz
- postoffice-vip.top
- com-expresa.top
- postoffico.help
- com-expresd.top
- com-expresf.top
- com-expresq.top
- com-expresk.top
- com-expresl.top
- com-expresj.top
- com-expresm.top
- vip-expresg.top
- com-expresh.top
- vip-expresw.top
- vip-expresq.top
- vip-expresh.top
- vip-expresj.top
- vip-expresm.top
- vip-expresd.top
- vip-expresf.top

## My Privacy DNS Issues

https://kb.mypdns.org/issue/MTX-1377/32.57.71.153.43 Closed
https://kb.mypdns.org/issue/MTX-1379/142.171.209.174 Closed
https://kb.mypdns.org/issue/MTX-1378/192.3.55.217 Closed
https://kb.mypdns.org/issue/MTX-1339/amazonsin.co  Closed
https://kb.mypdns.org/issue/MTX-1380/59.97.174.184 Closed
https://kb.mypdns.org/issue/MTX-1331/amazoncik.com Closed
https://kb.mypdns.org/issue/MTX-1320/amazoncil.com Closed
https://kb.mypdns.org/issue/MTX-1326/amazonceb.com Closed
https://kb.mypdns.org/issue/MTX-1323/amazoncog.com Closed
https://kb.mypdns.org/issue/MTX-1322/amazonczh.com Closed
https://kb.mypdns.org/issue/MTX-1321/amazoncwb.com Closed
https://kb.mypdns.org/issue/MTX-1325/amazoncdb.com Closed
https://kb.mypdns.org/issue/MTX-1324/amazoncwg.com Closed
https://kb.mypdns.org/issue/MTX-1328/amazonctl.com Closed
https://kb.mypdns.org/issue/MTX-1327/amazoncra.com Closed
https://kb.mypdns.org/issue/MTX-1330/amazonczk.co Closed
https://kb.mypdns.org/issue/MTX-1329/amazoncdq.com Closed
https://kb.mypdns.org/issue/MTX-1332/amazoncve.com Closed
https://kb.mypdns.org/issue/MTX-1334/amazonczr.com Closed
https://kb.mypdns.org/issue/MTX-1333/amazoncim.com Closed
https://kb.mypdns.org/issue/MTX-1336/amazonces.com Closed
https://kb.mypdns.org/issue/MTX-1335/amazoncwq.com Closed
https://kb.mypdns.org/issue/MTX-1340/postman-vip.top Closed
https://kb.mypdns.org/issue/MTX-1338/yotpo.com Closed
https://kb.mypdns.org/issue/MTX-1337/amazonvrn.co Closed
https://kb.mypdns.org/issue/MTX-1342/postman-vip.icu Closed
https://kb.mypdns.org/issue/MTX-1341/postoffice-com.icu Closed
https://kb.mypdns.org/issue/MTX-1344/postman-vip.life Closed
https://kb.mypdns.org/issue/MTX-1343/postman-vip.xyz Closed
https://kb.mypdns.org/issue/MTX-1347/parcel-vip.icu Closed
https://kb.mypdns.org/issue/MTX-1346/parcel-vip.help Closed
https://kb.mypdns.org/issue/MTX-1345/parcel-vip.click Closed
https://kb.mypdns.org/issue/MTX-1349/parcel-vip.xyz Closed
https://kb.mypdns.org/issue/MTX-1348/parcel-vip.top Closed
https://kb.mypdns.org/issue/MTX-1351/postman-vip.help Closed
https://kb.mypdns.org/issue/MTX-1350/postofficu.top Closed
https://kb.mypdns.org/issue/MTX-1353/postoffico.xyz Closed
https://kb.mypdns.org/issue/MTX-1352/postoffico.icu Closed
https://kb.mypdns.org/issue/MTX-1356/postoffice-vip.icu Closed
https://kb.mypdns.org/issue/MTX-1355/postoffice-vip.help Closed
https://kb.mypdns.org/issue/MTX-1354/postoffice-com.top Closed
https://kb.mypdns.org/issue/MTX-1358/postoffice-vip.xyz Closed
https://kb.mypdns.org/issue/MTX-1357/postoffice-vip.top Closed
https://kb.mypdns.org/issue/MTX-1360/com-expresa.top Closed
https://kb.mypdns.org/issue/MTX-1359/postoffico.help Closed
https://kb.mypdns.org/issue/MTX-1363/com-expresd.top Closed
https://kb.mypdns.org/issue/MTX-1362/com-expresf.top Closed
https://kb.mypdns.org/issue/MTX-1361/com-expresq.top Closed
https://kb.mypdns.org/issue/MTX-1365/com-expresk.top Closed
https://kb.mypdns.org/issue/MTX-1364/com-expresl.top Closed
https://kb.mypdns.org/issue/MTX-1367/com-expresj.top Closed
https://kb.mypdns.org/issue/MTX-1366/com-expresm.top Closed
https://kb.mypdns.org/issue/MTX-1369/vip-expresg.top Closed
https://kb.mypdns.org/issue/MTX-1368/com-expresh.top Closed
https://kb.mypdns.org/issue/MTX-1372/vip-expresw.top Closed
https://kb.mypdns.org/issue/MTX-1371/vip-expresq.top Closed
https://kb.mypdns.org/issue/MTX-1370/vip-expresh.top Closed
https://kb.mypdns.org/issue/MTX-1374/vip-expresj.top Closed
https://kb.mypdns.org/issue/MTX-1373/vip-expresm.top Closed
https://kb.mypdns.org/issue/MTX-1375/vip-expresd.top Closed
https://kb.mypdns.org/issue/MTX-1376/vip-expresf.top Closed

## Credit:

- @g0d33p3rsec

---------

You can always be following My Privacy DNS at https://kb.mypdns.org/issues?u=1

Sponsor us by Donate to My Privacy DNS https://kb.mypdns.org/articles/MTX-A-3/DONATION

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet