Educause Security Discussion mailing list archives
Re: Active Phishing Attack Against EDUs
From: "Manjak, Martin" <mmanjak () ALBANY EDU>
Date: Thu, 21 Jun 2018 12:55:41 +0000
Performing a pDNS lookup on the IP shows nothing by gibberish domains, many of which were first seen only very recently. The oldest dates from June 14. Here's a sample: 89.36.213.44 nmcvvorozb.com.mx. A 2018-06-19 04:44:21 2018-06-19 04:44:21 89.36.213.44 www.nmcvvorozb.com.mx. A 2018-06-19 05:14:02 2018-06-19 05:14:03 89.36.213.44 nmcvvorozab.com.mx. A 2018-06-19 04:45:01 2018-06-19 05:14:38 89.36.213.44 www.nmcvvorozab.com.mx. A 2018-06-19 04:44:26 2018-06-19 04:44:27 89.36.213.44 nmcvvorozac.com.mx. A 2018-06-19 05:17:03 2018-06-19 05:17:03 89.36.213.44 www.nmcvvorozac.com.mx. A 2018-06-19 04:44:14 2018-06-19 05:14:10 89.36.213.44 nmcvvorozav.com.mx. A 2018-06-19 04:44:59 2018-06-19 16:01:55 89.36.213.44 d4.caixaservico.com. A 2017-02-20 01:20:11 2017-05-05 09:23:58 89.36.213.44 dedaoermekya.com. A 2018-06-20 02:51:32 2018-06-21 06:41:47 89.36.213.44 www.dedaoermekya.com. A 2018-06-20 02:51:34 2018-06-20 02:59:49 89.36.213.44 dedaoermekyc.com. A 2018-06-20 02:58:25 2018-06-21 04:28:59 89.36.213.44 www.dedaoermekyc.com. A 2018-06-20 02:51:02 2018-06-20 02:57:48 89.36.213.44 dedaoermekyn.com. A 2018-06-20 02:54:12 2018-06-21 04:08:47 89.36.213.44 www.dedaoermekyn.com. A 2018-06-20 02:52:02 2018-06-20 02:58:41 I don't think you'll loss anything valuable by blocking the IP. Marty Manjak CISO University at Albany
Mokaortmdesm.club/<yourschool>/index.php
Mokaortmdesm.club/<yourschoolhttps>/index.php
IP address of web site: 89.36.213.44
Current thread:
- Active Phishing Attack Against EDUs Sargent, Joe E (Jun 20)
- Re: Active Phishing Attack Against EDUs Shawn Shirley (Jun 20)
- Re: Active Phishing Attack Against EDUs Simanovich, Roman (Jun 20)
- Re: Active Phishing Attack Against EDUs Lee Weers (Jun 20)
- Re: Active Phishing Attack Against EDUs Sargent, Joe E (Jun 20)
- Re: Active Phishing Attack Against EDUs Schroeder, Christopher (Jun 20)
- Re: Active Phishing Attack Against EDUs Lee Weers (Jun 20)
- Re: Active Phishing Attack Against EDUs Ken Connelly (Jun 20)
- Re: Active Phishing Attack Against EDUs Sargent, Joe E (Jun 20)
- Re: Active Phishing Attack Against EDUs Sargent, Joe E (Jun 20)
- Re: Active Phishing Attack Against EDUs Steven Alexander (Jun 20)
- Re: Active Phishing Attack Against EDUs Manjak, Martin (Jun 21)
- Re: Active Phishing Attack Against EDUs Sargent, Joe E (Jun 20)
- Re: Active Phishing Attack Against EDUs Manjak, Martin (Jun 22)
- <Possible follow-ups>
- Re: Active Phishing Attack Against EDUs Bridges, Robert A. (Jun 22)
- Re: Active Phishing Attack Against EDUs Scott Finlon (Jun 22)