A recent anonymous tip from a reader drew my attention to a malicious IP address allegedly involved in a widespread phishing campaign against users in Ireland.
The malicious actors behind this campaign have created hundreds of fake domains, impersonating several Irish banks, the national postal service of Ireland, courier services, Sky TV, covid pass issuers, as well as several other financial entities abroad, the English NHS and many others.
The IP in question – 35.234.96.61 – belongs to Google and at the time of writing was connected to 371 hostnames and 924 URLs.
Active domains hosted on the IP in question can be found here, while a complete list, including passive DNS and older domains can be viewed here.
Fantastic report, amazing work, thank you.
Well done. Appreciate the detail, and examples. And the examples of pivots.