{
  "name": "Infrastructure of Interest: High Confidence Phishing",
  "slug": "infrastructure-of-interest-high-confidence-phishing",
  "description": "These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with phishing campaigns, targeting credential theft and fraudulent resource access. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.",
  "published": "2025-08-07T04:55:02+00:00",
  "created_at": "2025-08-07T04:55:02+00:00",
  "modified_at": "2025-08-08T05:46:05+00:00",
  "created_at_opencti": "2025-08-07T04:55:02+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-08-07"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "www.signinawsamazon.org"
      },
      {
        "id": "",
        "name": "wwwpostaa.top"
      },
      {
        "id": "",
        "name": "www3.accountsgoogle.es"
      },
      {
        "id": "",
        "name": "www.xenodochial-proskuriakova.191-96-207-56.plesk.page"
      },
      {
        "id": "",
        "name": "www.wshtsapp.com"
      },
      {
        "id": "",
        "name": "www.whsvczpp.com"
      },
      {
        "id": "",
        "name": "www.support-utilisateur-dsp2.com"
      },
      {
        "id": "",
        "name": "www.u2-whotsapp-web.com"
      },
      {
        "id": "",
        "name": "www.s2-wthsaapp.net"
      },
      {
        "id": "",
        "name": "www.quickq-pc.com"
      },
      {
        "id": "",
        "name": "www.rc5-whatsapps.com"
      },
      {
        "id": "",
        "name": "www.qamatx.com"
      },
      {
        "id": "",
        "name": "www.onlinemicrosofttobenow.cfd"
      },
      {
        "id": "",
        "name": "www.paypal-ii.com"
      },
      {
        "id": "",
        "name": "www.oauurftv.netflix-app.com"
      },
      {
        "id": "",
        "name": "www.news-whatsapps.com"
      },
      {
        "id": "",
        "name": "www.luwydtnb.netflix-app.com"
      },
      {
        "id": "",
        "name": "www.l6-whatsapp-web.com"
      },
      {
        "id": "",
        "name": "www.htds666.top"
      },
      {
        "id": "",
        "name": "www.cn-whatssappweb.com"
      },
      {
        "id": "",
        "name": "www.dhleshome-eshtml.life"
      },
      {
        "id": "",
        "name": "www.chat.chatbotgoogle.com"
      },
      {
        "id": "",
        "name": "www.auth-monday.com"
      },
      {
        "id": "",
        "name": "www.amazon321.com"
      },
      {
        "id": "",
        "name": "www.adoring-mccarthy.107-189-16-100.plesk.page"
      },
      {
        "id": "",
        "name": "www.amazen.net"
      },
      {
        "id": "",
        "name": "www.a92-whatsapps.com"
      },
      {
        "id": "",
        "name": "www-oric07oro.shop"
      },
      {
        "id": "",
        "name": "www-hkws.com"
      },
      {
        "id": "",
        "name": "www-appleid-apple-find.us"
      },
      {
        "id": "",
        "name": "www3.xx.accountsgoogle.es"
      },
      {
        "id": "",
        "name": "www.xx-telegramcn.net"
      },
      {
        "id": "",
        "name": "www.boring-pike.217-65-146-141.plesk.page"
      },
      {
        "id": "",
        "name": "www-bmo.com"
      },
      {
        "id": "",
        "name": "web-tools.cloud"
      },
      {
        "id": "",
        "name": "targettredcardlogin.com"
      },
      {
        "id": "",
        "name": "sendennatuursteen.nl"
      },
      {
        "id": "",
        "name": "pulpybizarre.com"
      },
      {
        "id": "",
        "name": "litnet.work"
      },
      {
        "id": "",
        "name": "oliveoilsuperfoods.live"
      },
      {
        "id": "",
        "name": "hurtdetal.com"
      },
      {
        "id": "",
        "name": "firstonlinedirect.com"
      },
      {
        "id": "",
        "name": "effectivecreativeformats.com"
      },
      {
        "id": "",
        "name": "bpr-tgr.com"
      },
      {
        "id": "",
        "name": "drmartens-moscow.ru"
      },
      {
        "id": "",
        "name": "zoom-signin.com"
      },
      {
        "id": "",
        "name": "yurticikrago.cfd"
      },
      {
        "id": "",
        "name": "yurticikargoit.life"
      },
      {
        "id": "",
        "name": "wz6782.com"
      },
      {
        "id": "",
        "name": "x9-whattsapp.org"
      },
      {
        "id": "",
        "name": "x9-whattsapp.com"
      },
      {
        "id": "",
        "name": "wz6784.com"
      },
      {
        "id": "",
        "name": "wz6781.com"
      },
      {
        "id": "",
        "name": "whotsapp.cc"
      },
      {
        "id": "",
        "name": "whatuosapp.com"
      },
      {
        "id": "",
        "name": "whatvopp.com"
      },
      {
        "id": "",
        "name": "whavuopp.com"
      },
      {
        "id": "",
        "name": "whatswcb.com"
      },
      {
        "id": "",
        "name": "whatsappol.com"
      },
      {
        "id": "",
        "name": "whatsappf.co"
      },
      {
        "id": "",
        "name": "whats-wyc.com"
      },
      {
        "id": "",
        "name": "whatsapp-azx.com"
      },
      {
        "id": "",
        "name": "whats-ssr.com"
      },
      {
        "id": "",
        "name": "what-sms.com"
      },
      {
        "id": "",
        "name": "whastmapp.com"
      },
      {
        "id": "",
        "name": "wed-whtusapoo.com"
      },
      {
        "id": "",
        "name": "webmeetgoogle.net"
      },
      {
        "id": "",
        "name": "wahtsr-app.com"
      },
      {
        "id": "",
        "name": "via-admin.shop"
      },
      {
        "id": "",
        "name": "verifications-celsiusclaims.com"
      },
      {
        "id": "",
        "name": "verfolgung-der-lieferung.com"
      },
      {
        "id": "",
        "name": "v-whattsapp.org"
      },
      {
        "id": "",
        "name": "uspspost-us.com"
      },
      {
        "id": "",
        "name": "uspspost-box.com"
      },
      {
        "id": "",
        "name": "uspsoi.shop"
      },
      {
        "id": "",
        "name": "uspsdelivery.fit"
      },
      {
        "id": "",
        "name": "usps.my.id"
      },
      {
        "id": "",
        "name": "us05webzoomus.top"
      },
      {
        "id": "",
        "name": "ukevee.top"
      },
      {
        "id": "",
        "name": "trpttpoa.life"
      },
      {
        "id": "",
        "name": "trexonida.xyz"
      },
      {
        "id": "",
        "name": "tokenpokct.com"
      },
      {
        "id": "",
        "name": "thriveweb.online"
      },
      {
        "id": "",
        "name": "three-terms-condition.com"
      },
      {
        "id": "",
        "name": "thefastprint.in"
      },
      {
        "id": "",
        "name": "tg-login-zhifeiji.com"
      },
      {
        "id": "",
        "name": "teams-web.com"
      },
      {
        "id": "",
        "name": "subskyp-maal.com"
      },
      {
        "id": "",
        "name": "stream-netfllx.com"
      },
      {
        "id": "",
        "name": "soporte-ups.com"
      },
      {
        "id": "",
        "name": "soltse.com"
      },
      {
        "id": "",
        "name": "snap-star-certification.com"
      },
      {
        "id": "",
        "name": "smilesys.site"
      },
      {
        "id": "",
        "name": "slkpostgov.vip"
      },
      {
        "id": "",
        "name": "silzerbizl-kamp-teklfiler-aldn-aldin.store"
      },
      {
        "id": "",
        "name": "singpost.cfd"
      },
      {
        "id": "",
        "name": "silzerbizl-kamp-teklfiler-aldn-aldin.shop"
      },
      {
        "id": "",
        "name": "service-term.com"
      },
      {
        "id": "",
        "name": "securityservicex.com"
      },
      {
        "id": "",
        "name": "secure-auth-x.com"
      },
      {
        "id": "",
        "name": "secure04-schwabalert.click"
      },
      {
        "id": "",
        "name": "sambapokerclub.com"
      },
      {
        "id": "",
        "name": "ruckerstattung-ppl.com"
      },
      {
        "id": "",
        "name": "reverent-babbage.34-116-178-51.plesk.page"
      },
      {
        "id": "",
        "name": "resch-fedex1.live"
      },
      {
        "id": "",
        "name": "renouvellementamazonprime.com"
      },
      {
        "id": "",
        "name": "rechdfed.live"
      },
      {
        "id": "",
        "name": "receber-ctt.com"
      },
      {
        "id": "",
        "name": "prt-tr-gcv.cfd"
      },
      {
        "id": "",
        "name": "preparedeployment.com"
      },
      {
        "id": "",
        "name": "ptt-gev-tr.cfd"
      },
      {
        "id": "",
        "name": "posthll.cfd"
      },
      {
        "id": "",
        "name": "posta-track.sbs"
      },
      {
        "id": "",
        "name": "posstnord.cfd"
      },
      {
        "id": "",
        "name": "posta-get.info"
      },
      {
        "id": "",
        "name": "post-trackinfo.icu"
      },
      {
        "id": "",
        "name": "post-austria.shop"
      },
      {
        "id": "",
        "name": "posstnli.top"
      },
      {
        "id": "",
        "name": "posindanesia.cfd"
      },
      {
        "id": "",
        "name": "pointlogistique.fr"
      },
      {
        "id": "",
        "name": "playgoogle.cloud"
      },
      {
        "id": "",
        "name": "phlpostph.life"
      },
      {
        "id": "",
        "name": "pctelegram.org"
      },
      {
        "id": "",
        "name": "parcelmyhermes.com"
      },
      {
        "id": "",
        "name": "pay--asiakaspalvelu.com"
      },
      {
        "id": "",
        "name": "p-wtatsapp.shop"
      },
      {
        "id": "",
        "name": "oman-postm.com"
      },
      {
        "id": "",
        "name": "orange-login.com"
      },
      {
        "id": "",
        "name": "onlinemicrosofttobenow.cfd"
      },
      {
        "id": "",
        "name": "online-dashboardauth.com"
      },
      {
        "id": "",
        "name": "omanposts.life"
      },
      {
        "id": "",
        "name": "officedocumentations4romportalsystem.com"
      },
      {
        "id": "",
        "name": "nzpostll.ink"
      },
      {
        "id": "",
        "name": "ntflix-cuenta.com"
      },
      {
        "id": "",
        "name": "ns2.skylinehost.in"
      },
      {
        "id": "",
        "name": "ns2.secure-auth-x.com"
      },
      {
        "id": "",
        "name": "ns2.login-activity-x.com"
      },
      {
        "id": "",
        "name": "ns12.hostshabhji.com"
      },
      {
        "id": "",
        "name": "ns1.suspicious-login-x.com"
      },
      {
        "id": "",
        "name": "ns1.skylinehost.in"
      },
      {
        "id": "",
        "name": "myraku-tenco.shop"
      },
      {
        "id": "",
        "name": "myraku-infoco.shop"
      },
      {
        "id": "",
        "name": "my-dscardfuurk.tokyo"
      },
      {
        "id": "",
        "name": "my-docardfg.tokyo"
      },
      {
        "id": "",
        "name": "microsoft-services.com.br"
      },
      {
        "id": "",
        "name": "mi165.info"
      },
      {
        "id": "",
        "name": "mhtplb.com"
      },
      {
        "id": "",
        "name": "meuicloud.com"
      },
      {
        "id": "",
        "name": "mail.google-v3-signin-identifier-authuser-continue-service.ru"
      },
      {
        "id": "",
        "name": "masablakon-buradas-aldisnad-aldn.shop"
      },
      {
        "id": "",
        "name": "mail.creditagricole-contact.com"
      },
      {
        "id": "",
        "name": "m.7882769.com"
      },
      {
        "id": "",
        "name": "logon-my.com"
      },
      {
        "id": "",
        "name": "login-whatsapp-hk.com"
      },
      {
        "id": "",
        "name": "login-celsiusnetwork-claimsportal.com"
      },
      {
        "id": "",
        "name": "login-m-auth-deplik2fwa2fsdf0.com"
      },
      {
        "id": "",
        "name": "login-anz-com.cc"
      },
      {
        "id": "",
        "name": "login-anz-com-au.com"
      },
      {
        "id": "",
        "name": "login-anz-com-au.cc"
      },
      {
        "id": "",
        "name": "lmtoken-web3.com"
      },
      {
        "id": "",
        "name": "liansdj9.shop"
      },
      {
        "id": "",
        "name": "l6-whatsapp-web.com"
      },
      {
        "id": "",
        "name": "lcloud-login-mx-att.us"
      },
      {
        "id": "",
        "name": "kgmwerlgov.cfd"
      },
      {
        "id": "",
        "name": "kgmisgv.click"
      },
      {
        "id": "",
        "name": "k5862.com"
      },
      {
        "id": "",
        "name": "k5863.com"
      },
      {
        "id": "",
        "name": "juanleija.shop"
      },
      {
        "id": "",
        "name": "jpapi.agvip222.com"
      },
      {
        "id": "",
        "name": "japanpost-jp.com"
      },
      {
        "id": "",
        "name": "jeanettetoney.shop"
      },
      {
        "id": "",
        "name": "informationdocumentdeliveryonline.com"
      },
      {
        "id": "",
        "name": "info-mon-colis.com"
      },
      {
        "id": "",
        "name": "info-docardhhkd.tokyo"
      },
      {
        "id": "",
        "name": "info-ddaardsljhhf.tokyo"
      },
      {
        "id": "",
        "name": "info-account-help.com"
      },
      {
        "id": "",
        "name": "googlesetting.shop"
      },
      {
        "id": "",
        "name": "hs-kd-whatsapp.xin"
      },
      {
        "id": "",
        "name": "hk2-whastpapp.com"
      },
      {
        "id": "",
        "name": "hk-inspect.net"
      },
      {
        "id": "",
        "name": "herzamansizlerl-kamp-teklfiler.store"
      },
      {
        "id": "",
        "name": "googlespinjoy.com"
      },
      {
        "id": "",
        "name": "googlemailapi.shop"
      },
      {
        "id": "",
        "name": "googlemailzone.shop"
      },
      {
        "id": "",
        "name": "googlemailtoday.shop"
      },
      {
        "id": "",
        "name": "googlemailapi.icu"
      },
      {
        "id": "",
        "name": "google-v3-signin-identifier-authuser-continue-service.ru"
      },
      {
        "id": "",
        "name": "googbe-admin.com"
      },
      {
        "id": "",
        "name": "goestafeta.sbs"
      },
      {
        "id": "",
        "name": "gf-whatsapp.cc"
      },
      {
        "id": "",
        "name": "fullcopessd.top"
      },
      {
        "id": "",
        "name": "fullcopecr.cfd"
      },
      {
        "id": "",
        "name": "forwardingdeliveries.help"
      },
      {
        "id": "",
        "name": "file.goxexe.top"
      },
      {
        "id": "",
        "name": "fedexpl.info"
      },
      {
        "id": "",
        "name": "fedre2024.bet"
      },
      {
        "id": "",
        "name": "fcattles.xyz"
      },
      {
        "id": "",
        "name": "fasfhhwklfg18.click"
      },
      {
        "id": "",
        "name": "fasfhhwklfg18.cloud"
      },
      {
        "id": "",
        "name": "facobook.si"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "shekvaer.express"
      },
      {
        "id": "",
        "name": "govau.digital"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/68944dc66ee0a9ca5e2e5356"
  ]
}