Ian Campbell on Nostr: Catching a lot of badness watching domains with 'noreply' roll in - they're often ...
Catching a lot of badness watching domains with 'noreply' roll in - they're often used for impersonation during phishing. Example: noreply-homeoffice[.]co[.]uk - popped up 2025-01-08, currently connected to Hungarian IPspace.
New or newly active in the last few days:
microsoft-noreply[.]com (Swiss IP)
noreplygoogle[.]com (Cloudflare)
noreplyairtelbank[.]com
#cybersecurity #infosec #threatintel
Published at
2025-01-13 15:18:37Event JSON
{
"id": "3e33827d33c1816f5959ad67828f9494e3890c25aafe7331b42f0e2ad6921a7c",
"pubkey": "a516f2358a20a90c560bed25b34fb39ee5bd12a7187837df8c96a19e0070ce6d",
"created_at": 1736781517,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"infosec"
],
[
"t",
"threatintel"
],
[
"proxy",
"https://masto.deoan.org/users/neurovagrant/statuses/113821713505568985",
"activitypub"
]
],
"content": "Catching a lot of badness watching domains with 'noreply' roll in - they're often used for impersonation during phishing. Example: noreply-homeoffice[.]co[.]uk - popped up 2025-01-08, currently connected to Hungarian IPspace.\n\nNew or newly active in the last few days:\n\nmicrosoft-noreply[.]com (Swiss IP)\n\nnoreplygoogle[.]com (Cloudflare)\n\nnoreplyairtelbank[.]com\n\n#cybersecurity #infosec #threatintel",
"sig": "a31b00845681844b3dd5608376ac7a29679cf36409b38790389d7152fbd263af64403e70a7364f0da856d382931bb6da48295c671ffc378794ac9198a89b26ec"
}
