It’s not uncommon to see free web hosting providers get abused as part of phishing campaigns. IBM X-Force Exchange, in fact, published three indicators of compromise (IoCs) related to such an incident, namely:
- URL: http[:]//direc7890[.]mypressonline[.]com
- Email address: [email protected][.]com
- IP address: 185[.]176[.]43[.]106
The domain mypressonline[.]com leads to a website that offers a way for users to easily add subdomains related to their projects. Screenshot Lookup led us to that particular finding.
As part of our work to bring transparency to Internet usage and help keep users safe from digital threats, we used a combination of WHOIS, IP, and DNS intelligence sources and found:
- 1,460 subdomains under…
Source link
