Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Active Phishing Attack Against EDUs

From: "Manjak, Martin" <mmanjak () ALBANY EDU>
Date: Thu, 21 Jun 2018 12:55:41 +0000
Performing a pDNS lookup on the IP shows nothing by gibberish domains, many of which were first seen only very 
recently. The oldest dates from June 14. Here's a sample:

89.36.213.44

nmcvvorozb.com.mx.

A

2018-06-19 04:44:21

2018-06-19 04:44:21

89.36.213.44

www.nmcvvorozb.com.mx.

A

2018-06-19 05:14:02

2018-06-19 05:14:03

89.36.213.44

nmcvvorozab.com.mx.

A

2018-06-19 04:45:01

2018-06-19 05:14:38

89.36.213.44

www.nmcvvorozab.com.mx.

A

2018-06-19 04:44:26

2018-06-19 04:44:27

89.36.213.44

nmcvvorozac.com.mx.

A

2018-06-19 05:17:03

2018-06-19 05:17:03

89.36.213.44

www.nmcvvorozac.com.mx.

A

2018-06-19 04:44:14

2018-06-19 05:14:10

89.36.213.44

nmcvvorozav.com.mx.

A

2018-06-19 04:44:59

2018-06-19 16:01:55


89.36.213.44

d4.caixaservico.com.

A

2017-02-20 01:20:11

2017-05-05 09:23:58

89.36.213.44

dedaoermekya.com.

A

2018-06-20 02:51:32

2018-06-21 06:41:47

89.36.213.44

www.dedaoermekya.com.

A

2018-06-20 02:51:34

2018-06-20 02:59:49

89.36.213.44

dedaoermekyc.com.

A

2018-06-20 02:58:25

2018-06-21 04:28:59

89.36.213.44

www.dedaoermekyc.com.

A

2018-06-20 02:51:02

2018-06-20 02:57:48

89.36.213.44

dedaoermekyn.com.

A

2018-06-20 02:54:12

2018-06-21 04:08:47

89.36.213.44

www.dedaoermekyn.com.

A

2018-06-20 02:52:02

2018-06-20 02:58:41


I don't think you'll loss anything valuable by blocking the IP.

Marty Manjak
CISO
University at Albany







Mokaortmdesm.club/<yourschool>/index.php







Mokaortmdesm.club/<yourschoolhttps>/index.php















IP address of web site: 89.36.213.44
Previous By Date Next
Previous By Thread Next

Current thread: