add 184.174.97.68 to IP blocklists - Amazon smishing #520

g0d33p3rsec · 2024-11-29T18:36:21Z

Phishing Domain/URL/IP(s):

184.174.97.68
amazoncrx.com
amazoncrw.com
amazonwwj.com
amazoncvo.co
amazonczf.co
amazonctg.com
amazoncth.com

Impersonated domain

https://www.amazon.com

Describe the issue

I received a smishing lure using a shortened link that claimed an unusual charge was made. The server/ CloudFlare returns "NotFound 1001" when attempting to browse from a sandbox but the Amazon favicon can be seen in the screenshot from AnyRun Several other Amazon related domain names can be seen associated with the IP.

Related external source

https://search.censys.io/hosts/184.174.97.68/data/table#80-TCP-HTTP
https://urlscan.io/ip/184.174.97.68
https://app.any.run/tasks/af5d4374-820b-41e0-ace3-ab205f83fda3
https://urlscan.io/result/f1f9aa53-9d19-4a30-89c8-8a719ef8c0c6/#summary

Screenshot

Click to expand

Fixing #1387 Rel Phishing-Database/phishing#520 Signed-off-by: Spirillen <[email protected]>

add 184.174.97.68 to IP blocklists - Amazon smishing

9596768

g0d33p3rsec mentioned this pull request Nov 29, 2024

184.174.97.68/24 mypdns/matrix#1387

Closed

spirillen merged commit efed336 into Phishing-Database:main Nov 30, 2024
1 check passed

spirillen added a commit to mypdns/matrix that referenced this pull request Nov 30, 2024

184.174.97.68

f3bb731

Fixing #1387 Rel Phishing-Database/phishing#520 Signed-off-by: Spirillen <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add 184.174.97.68 to IP blocklists - Amazon smishing #520

add 184.174.97.68 to IP blocklists - Amazon smishing #520

g0d33p3rsec commented Nov 29, 2024

add 184.174.97.68 to IP blocklists - Amazon smishing #520

add 184.174.97.68 to IP blocklists - Amazon smishing #520

Conversation

g0d33p3rsec commented Nov 29, 2024

Phishing Domain/URL/IP(s):

Impersonated domain

Describe the issue

Related external source

Screenshot