Seeing a handful of newly registered domains with VMware-impersonating landing... - Random

neurovagrant, 19 days ago

Seeing a handful of newly registered domains with VMware-impersonating landing pages.

Registrar: Gname
IP: CloudFlare
NS: share-dns[.]com
First observed: 2024-04-24

Landing page impersonating vmware:
gl-vmwareopts[.]com
vmwarewebs[.]com
gl-vmwarewebs[.]com

Same domain profile, currently 404's:
vmwareopts[.]com

#infosec #cybersecurity #threatintel

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ neurovagrant

Image

Image alternative text

neurovagrant, 19 days ago

Looking at my favorite pet peeves, IDN homoglyph domains, it appears actors are targeting procurement SaaS procurify[.]com from Russian IPs, example:

xn--procurfy-h2a[.]com

which in most contexts displays as:

procurífy[.]com

(note the diacritical mark over the i)

Interestingly, the IP hosts several other sites targeting Brunei and Dubai.

#threatintel

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

neurovagrant, 19 days ago

oop, broke the thread. continues here:

https://masto.deoan.org/@neurovagrant/112355182220822719

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment