Dns Compromise Attack pushing Spam

description: A new finance spam campaign with HTML attachments has been discovered that utilizes Google's public DNS resolver to retrieve JavaScript commands embedded in a domain's TXT record. These commands will then redirect a user's browser to a aggressive trading advertisement site, which has been reported as a scam.

publish date:

reference :

IOC Table
total 26
type value
domain appteslerapp.com
hostname www.81934bfg36abp.etapportert.icu
hostname fetch.faonwvzso.ourmazdcompany.net
hostname www.66688bfg36abp.ffrirbesoin.icu
hostname fetch.pebabsacc.sarahelizabethjewelry.com
hostname fetch.kkqhoniv.baranweddings.com
hostname ns1.firstdnshoster.com
hostname www.55696bfg36abp.ielassocier.icu
hostname fetch.bucsgwbno.samaste.net
hostname www.12835bfg36abp.ctifsouteni.icu
hostname www.54308bfg36abp.ffrirbesoin.icu
hostname www.7913bfg36abp.etapportert.icu
hostname fetch.nukss.hrhuae.com
hostname ns2.firstdnshoster.com
hostname www.14534bfg36abp.etapportert.icu
hostname www.48028bfg36abp.ffrirbesoin.icu
hostname fetch.qedrbzpzzx.baranevents.com
URL http://www.81934bfg36abp.etapportert.icu/31285.xn--html\-sw3b
URL http://www.54308bfg36abp.ffrirbesoin.icu/3643.xn--html\-sw3b
URL https://appteslerapp.com/
URL http://www.12835bfg36abp.ctifsouteni.icu/42560.xn--html\-sw3b
URL http://www.14534bfg36abp.etapportert.icu/54236.xn--html\-sw3b
URL http://www.66688bfg36abp.ffrirbesoin.icu/30161.xn--html\-sw3b
URL http://www.7913bfg36abp.etapportert.icu/33476.xn--html\-sw3b
URL http://www.55696bfg36abp.ielassocier.icu/72467.xn--html\-sw3b
URL http://www.48028bfg36abp.ffrirbesoin.icu/14460.xn--html\-sw3b