Possible Encrypted Phishing Site Visit
rfc-constancia.com
9/21/23, 1:55 PM
Stage: Initial Attem ...
show morePossible Encrypted Phishing Site Visit
rfc-constancia.com
9/21/23, 1:55 PM
Stage: Initial Attempts
Tactic: Initial Access (TA0001)
Technique: Phishing (T1566)
A suspicious visit was observed in encrypted traffic from "IP: 10.2.0.90, name: p1fcg.prodecon.gob.mx" to "IP: 66.29.131.15, name: rfc-constancia.com" which has a recently registered domain (rfc-constancia.com). This indicates a possible phishing site.
show less
Possible Phishing Site Visit from Email
constancia-rfc.com
9/21/23, 10:42 AM
Stage: Initial Att ...
show morePossible Phishing Site Visit from Email
constancia-rfc.com
9/21/23, 10:42 AM
Stage: Initial Attempts
Tactic: Initial Access (TA0001)
Technique: Phishing (T1566)
A user visited a recently registered domain shortly after using email, indicating a possible phishing site visit. Check to see if the site is malicious. If so, check with the user to see if they are compromised.
85
SCORE
1
ACTUAL
Fidelity
Severity
Threat Intel
Data Period
99
80
N/A
5 min
show less
Recently Registered Domains
9/11/23, 8:42 AM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
...
show moreRecently Registered Domains
9/11/23, 8:42 AM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
Technique: XDR New Domain (XT2008)
metadata.response.answers
{"host_addr":"172.67.198.161","host_type":"A","name":"araneilzzz.com","section_type":"Answer","ttl":300}
{"host_addr":"104.21.21.128","host_type":"A","name":"araneilzzz.com","section_type":"Answer","ttl":300}
{"host_type":"OPT","section_type":"Additional Answer"}
metadata.response.answers.host_addr
172.67.198.161
104.21.21.128
metadata.response.answers.host_type
A
A
show less
Recently Registered Domains
9/7/23, 12:15 PM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
...
show moreRecently Registered Domains
9/7/23, 12:15 PM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
Technique: XDR New Domain (XT2008)
2 security vendors flagged this URL as malicious
Reanalyze
Search
Graph
API
http://gobbmx.com/
gobbmx.com
Status
200
Last Analysis Date
2 minutes ago
DETECTION
DETAILS
COMMUNITY
Security vendors' analysis
Do you want to automate checks?
Kaspersky
Phishing
Trustwave
Phishing
show less
Recently Registered Domains
9/7/23, 12:15 PM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
...
show moreRecently Registered Domains
9/7/23, 12:15 PM
Stage: Initial Attempts
Tactic: XDR NBA (XTA0002)
Technique: XDR New Domain (XT2008)
2 security vendors flagged this URL as malicious
Reanalyze
Search
Graph
API
http://gobbmx.com/
gobbmx.com
Status
200
Last Analysis Date
2 minutes ago
DETECTION
DETAILS
COMMUNITY
Security vendors' analysis
Do you want to automate checks?
Kaspersky
Phishing
Trustwave
Phishing
show less
A suspicious visit was observed in encrypted traffic from "IP: x.x.x.x name: p1fcg.prodecon.gob.mx" ...
show moreA suspicious visit was observed in encrypted traffic from "IP: x.x.x.x name: p1fcg.prodecon.gob.mx" to "IP: 52.207.94.119, name: trac.impulsolatinus.com" which has a recently registered domain (trac.impulsolatinus.com). This indicates a possible phishing site.
show less
A suspicious visit was observed in encrypted traffic from "IP/name: 10.2.210.225" to "IP: 104.21.27. ...
show moreA suspicious visit was observed in encrypted traffic from "IP/name: 10.2.210.225" to "IP: 104.21.27.135, name: gob-ws.top" which has a recently registered domain (gob-ws.top). This indicates a possible phishing site.
show less
A suspicious visit was observed in encrypted traffic from "IP/name: x.x.x.x" to "IP: 172.67.142.187, ...
show moreA suspicious visit was observed in encrypted traffic from "IP/name: x.x.x.x" to "IP: 172.67.142.187, name: gob-ws.top" which has a recently registered domain (gob-ws.top). This indicates a possible phishing site.
show less
A suspicious visit was observed in encrypted traffic from "IP: 10.2.0.90, name: p1fcg.prodecon.gob.m ...
show moreA suspicious visit was observed in encrypted traffic from "IP: 10.2.0.90, name: p1fcg.prodecon.gob.mx" to "IP: 103.209.129.124, name: kpost-cdmx.top" which has a recently registered domain (kpost-cdmx.top). This indicates a possible phishing site.
show less
Fraud OrdersPhishingWeb SpamEmail SpamHackingBad Web BotExploited Host
El día 29 de agosto del 2023 de acuerdo con la investigación se observaron visitas
sospechosas en e ...
show moreEl día 29 de agosto del 2023 de acuerdo con la investigación se observaron visitas
sospechosas en el tráfico DNS desde la IP x.x.x.x hacia el dominio
jtudtna.top, al analizar el sitio se observa una página donde recaba información de datos
y de información de tarjetas de credito esto nos alerta que estan ingresando un sitio de
de phishing al ver que se estan haciendo pasar por SEGOB.
show less
DNS CompromiseDNS PoisoningPhishingWeb SpamSpoofing
file:\\172.86.68.194@80\4545\4545CcPmUQSEkFjkAvxnMgQFDoJF.jse
Dont download this
Malware download ...
show morefile:\\172.86.68.194@80\4545\4545CcPmUQSEkFjkAvxnMgQFDoJF.jse
Dont download this
Malware download INK
show less
Stage: Persistent Foothold
Tactic: XDR Intel (XTA0005)
Technique: XDR Command and Control Reputati ...
show moreStage: Persistent Foothold
Tactic: XDR Intel (XTA0005)
Technique: XDR Command and Control Reputation (XT5001)
An anomalously large number (#: 27) of connections are made to the known command & control server ("IP/name: 159.127.40.133") that has a reputation category of SpywareCnC, measured in a 5-minute interval.
show less
El día 18 de agosto del 2023 de acuerdo con la investigación se observa 1 alerta que se origina desd ...
show moreEl día 18 de agosto del 2023 de acuerdo con la investigación se observa 1 alerta que se origina desde la Ila red interna consultando un sitio potencial DGA con el dominio de destino wpadmngr.com. Se considera necesario bloquear estas conexiones a esta IP y Dominio.
js.wpadmngr.com
show less
DNS CompromiseDNS PoisoningWeb App Attack
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.