IP hosts ipt29.forex-signalbot[.]de (CNAME target for 09e4c1e1.touspatron[.]fr), which served a cred ...
show moreIP hosts ipt29.forex-signalbot[.]de (CNAME target for 09e4c1e1.touspatron[.]fr), which served a credential harvesting page impersonating Crazy Domains (crazydomains.co.nz). Credentials POSTed to /sn.php on this IP. Full report (PDF, MISP, PCAP): github.com/ApthNZ/reports-portfolio/tree/main/crazydomains-phishing-2026
show less
IP hosts the subdomain 39115153.tous-patron[.]fr, used as a phishing link in an email impersonating ...
show moreIP hosts the subdomain 39115153.tous-patron[.]fr, used as a phishing link in an email impersonating Crazy Domains (crazydomains.co.nz). Link redirected to a credential harvesting page. Full report (PDF, MISP, PCAP): github.com/ApthNZ/reports-portfolio/tree/main/crazydomains-phishing-2026
show less
IP hosts the subdomain 86797515.delphine-mari[.]com, used as a phishing link in an email impersonati ...
show moreIP hosts the subdomain 86797515.delphine-mari[.]com, used as a phishing link in an email impersonating Crazy Domains (crazydomains.co.nz). Full report (PDF, MISP, PCAP): github.com/ApthNZ/reports-portfolio/tree/main/crazydomains-phishing-2026
show less
In December 2025, a phishing email was received by the owner of a domain registered with Crazy Domai ...
show moreIn December 2025, a phishing email was received by the owner of a domain registered with Crazy Domains (crazydomains[.]co[.]nz). The email impersonated Crazy Domains and attempted to harvest credentials by persuading the recipient to resolve a fictitious payment issue. A second, almost identical phishing email was received in January of 2026, using a different malicious domain. The infrastructure behind both emails has been correlated. The phishing link from the first email was inactive at the time it was visited. The phishing link from the second email led to a login page impersonating Crazy Domains. The page harvested credentials entered into the page, and redirected the user to a fake 404 page. Full report (PDF, MISP, PCAP): github.com/ApthNZ/reports-portfolio/tree/main/crazydomains-phishing-2026 This is my first report, feedback and constructive criticism are very welcome.
show less
In December 2025, a phishing email was received by the owner of a domain registered with Crazy Domai ...
show moreIn December 2025, a phishing email was received by the owner of a domain registered with Crazy Domains (crazydomains[.]co[.]nz). The email impersonated Crazy Domains and attempted to harvest credentials by persuading the recipient to resolve a fictitious payment issue.
A second, almost identical phishing email was received in January of 2026, using a different malicious domain. The infrastructure behind both emails has been correlated.
The phishing link from the first email was inactive at the time it was visited. The phishing link from the second email led to a login page impersonating Crazy Domains. The page harvested credentials entered into the page, and redirected the user to a fake 404 page.
Full report (PDF, MISP, PCAP): github.com/ApthNZ/reports-portfolio/tree/main/crazydomains-phishing-2026
This is my first report, feedback and constructive criticism are very welcome.
show less
Phishing
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.