|
🇭🇰
61.4.117.30
|
|
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_b ...
show more
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_blacklist as "人机验证失败" (human verification failed) — characteristic dev/test workstation footprint. Kit operates 39 sibling brand-impersonation domains under one FastAPI/OpenResty backend at 43.160.241.151 (Tencent Cloud SG / ACEVILLE PTE.LTD), targeting ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC. Internal projectName "hsbctianka" (甜卡=credit-card in Chinese) + Chinese debug strings confirm Chinese-speaking operator. 5 of 7 HK source IPs in operator log resolve to Tung Chung suburb (AS55361 Lucky Tone). Sample phish: https://anzrewardse-homes.info/com/ . Authorized defensive analysis 2026-04-14.
show less
|
Bad Web Bot
Web App Attack
|
|
🇭🇰
84.17.57.121
|
|
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_b ...
show more
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_blacklist as "人机验证失败" (human verification failed) — characteristic dev/test workstation footprint. Kit operates 39 sibling brand-impersonation domains under one FastAPI/OpenResty backend at 43.160.241.151 (Tencent Cloud SG / ACEVILLE PTE.LTD), targeting ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC. Internal projectName "hsbctianka" (甜卡=credit-card in Chinese) + Chinese debug strings confirm Chinese-speaking operator. 5 of 7 HK source IPs in operator log resolve to Tung Chung suburb (AS55361 Lucky Tone). Sample phish: https://anzrewardse-homes.info/com/ . Authorized defensive analysis 2026-04-14.
show less
|
Bad Web Bot
Web App Attack
|
|
🇭🇰
122.8.87.247
|
|
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_b ...
show more
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_blacklist as "人机验证失败" (human verification failed) — characteristic dev/test workstation footprint. Kit operates 39 sibling brand-impersonation domains under one FastAPI/OpenResty backend at 43.160.241.151 (Tencent Cloud SG / ACEVILLE PTE.LTD), targeting ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC. Internal projectName "hsbctianka" (甜卡=credit-card in Chinese) + Chinese debug strings confirm Chinese-speaking operator. 5 of 7 HK source IPs in operator log resolve to Tung Chung suburb (AS55361 Lucky Tone). Sample phish: https://anzrewardse-homes.info/com/ . Authorized defensive analysis 2026-04-14.
show less
|
Bad Web Bot
Web App Attack
|
|
🇭🇰
122.8.62.207
|
|
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_b ...
show more
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_blacklist as "人机验证失败" (human verification failed) — characteristic dev/test workstation footprint. Kit operates 39 sibling brand-impersonation domains under one FastAPI/OpenResty backend at 43.160.241.151 (Tencent Cloud SG / ACEVILLE PTE.LTD), targeting ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC. Internal projectName "hsbctianka" (甜卡=credit-card in Chinese) + Chinese debug strings confirm Chinese-speaking operator. 5 of 7 HK source IPs in operator log resolve to Tung Chung suburb (AS55361 Lucky Tone). Sample phish: https://anzrewardse-homes.info/com/ . Authorized defensive analysis 2026-04-14.
show less
|
Bad Web Bot
Web App Attack
|
|
🇭🇰
122.8.17.77
|
|
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_b ...
show more
Suspected operator/test source IP for "Jwr" multi-brand phishing kit. Found in operator backend ip_blacklist as "人机验证失败" (human verification failed) — characteristic dev/test workstation footprint. Kit operates 39 sibling brand-impersonation domains under one FastAPI/OpenResty backend at 43.160.241.151 (Tencent Cloud SG / ACEVILLE PTE.LTD), targeting ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC. Internal projectName "hsbctianka" (甜卡=credit-card in Chinese) + Chinese debug strings confirm Chinese-speaking operator. 5 of 7 HK source IPs in operator log resolve to Tung Chung suburb (AS55361 Lucky Tone). Sample phish: https://anzrewardse-homes.info/com/ . Authorized defensive analysis 2026-04-14.
show less
|
Bad Web Bot
Web App Attack
|
|
🇸🇬
43.160.241.151
|
|
Active phishing-as-a-service backend serving 39 brand-impersonation domains targeting AU/NZ/UK/CA ba ...
show more
Active phishing-as-a-service backend serving 39 brand-impersonation domains targeting AU/NZ/UK/CA banks (ANZ, Westpac, CommBank, Suncorp, Bendigo, St.George, Macquarie, Qantas, HSBC AU, Lloyds, NatWest, RBC). Single OpenResty/FastAPI backend (md5 03234bcd44856a84a3f719c093f34e08 main.js) hosting Chinese-language "Jwr" credit-card harvest kit. 100 confirmed paid victim IPs extracted from operator backend (mostly Australian Telstra residential). Hosts include anzrewardse-homes.info, westpacone-homes{a-g}.info, commbank-homesa.info, lloydsbank-homes{a,b}.info, rbcroyalbank-homes{a.cc,c-e}.info, hsbcrewards-homes{a,b}.info, qantasrewards{a,b}-homes.info, suncorp-homes{a,b}.info, bendigo-homesa.info, stgeorge-homesd.info, natwest-homesa.info. Cert CN=invalid.localhost (multi-tenant SNI-routed phishing). Operator IP cluster traces to AS55361 Lucky Tone, Tung Chung HK. Hosting: AS132203 Tencent Cloud SG (ACEVILLE PTE.LTD).
show less
|
Phishing
Open Proxy
Web App Attack
IoT Targeted
|