← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mail Phishing Sites
WHITE ajmeese7 2023-12-30 Modified: 2024-06-10
243
IOCs
HIGH VOLUME
These sites impersonate legitimate services like USPS, DHL, and FedEx and attempt to phish users out of address and payment information. Findings are primarily my own, but include additional IOCs identified by other threat hunters.
MailFedExUSPS
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (243)
All FileHash-SHA256 URL domain hostname email FileHash-MD5 URI
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 1d96416495b7fa2eaf3ddc05840137b374ae228af589a355e20dfce1e5f695de 2023-12-30
URL http://unassigned.172-81-63-114.spryt.net/ 2023-12-30
URL http://unassigned.172-81-63-114.spryt.net/YnCwt.swf 2023-12-30
URL http://unassigned.172-81-63-114.spryt.net/YnCwt.swf?cmmw2nbcsMX5cyL9LcdcNRddcF3gPlKtgcbbb4X 2023-12-30
URL http://unassigned.207-174-1-44.spryt.net/ 2023-12-30
URL http://unassigned.207-174-1-44.spryt.net/dtwe.swf?cmmw2nbcsLljcyN9fcdcV4ddcDsP8fm3Mcbbb4X 2023-12-30
URL http://unassigned.207-174-1-44.spryt.net/w4y5yL3vyxP.swf?cmmw2nbcsRV2cyN9fcdcV4ddcG3LplSPscbbb4X 2023-12-30
URL http://usps.uspskkv.com/ 2023-12-30
URL https://fipackages.com/ 2023-12-30
URL https://nebraskaipackage.com/ 2023-12-30
URL https://us.upspwd.cyou/ 2023-12-30
URL https://usps-usp.top/ 2023-12-30
URL https://usps.comhelpox.com/ 2023-12-30
URL https://uups.lsup.xyz/ 2023-12-30
domain bpstl.com 2023-12-30
domain cannotbesent.com 2023-12-30
domain catchfire-parcel.com 2023-12-30
domain comhelpox.com 2023-12-30
domain cpostl.com 2023-12-30
domain drop-parcel.com 2023-12-30
domain fipackages.com 2023-12-30
domain issue-parcel.com 2023-12-30
domain jrzshore.com 2023-12-30
domain kpostl.com 2023-12-30
domain loginadmin.xyz 2023-12-30
domain lsup.xyz 2023-12-30
domain missing-parcel.com 2023-12-30
domain nebraskaipackage.com 2023-12-30
domain package-address.com 2023-12-30
domain package-lose.com 2023-12-30
domain package-lost.com 2023-12-30
domain post2fe.com 2023-12-30
domain post2ly.com 2023-12-30
domain post2or.com 2023-12-30
domain post2re.com 2023-12-30
domain pp-drop.com 2023-12-30
domain pp-issue.com 2023-12-30
domain pp-lose.com 2023-12-30
domain qpstl.com 2023-12-30
domain questionprov259705.com 2023-12-30
domain shelve-parcel.com 2023-12-30
domain spryt.net 2023-12-30
domain spryt.ru 2023-12-30
domain upostvdrty.com 2023-12-30
domain upostverif.com 2023-12-30
domain upostvpvol.com 2023-12-30
domain upostvrtu.xyz 2023-12-30
domain upostvtyia.com 2023-12-30
domain upspp.com 2023-12-30
domain upspwd.cyou 2023-12-30
domain us-ps-posyzms.top 2023-12-30
domain uspadq.com 2023-12-30
domain uspostrivlo.com 2023-12-30
domain usps-usp.top 2023-12-30
domain uspsbjm.com 2023-12-30
domain uspsbp.com 2023-12-30
domain uspsccc.com 2023-12-30
domain uspsgt.com 2023-12-30
domain uspsgu.com 2023-12-30
domain uspshz.com 2023-12-30
domain uspsjsq.com 2023-12-30
domain uspsjx.com 2023-12-30
domain uspskkhh.com 2023-12-30
domain uspskkk.com 2023-12-30
domain uspsmz.com 2023-12-30
domain uspspz.com 2023-12-30
domain uspsrz.com 2023-12-30
domain uspsxg.com 2023-12-30
domain uspsxk.com 2023-12-30
domain usspsl.com 2023-12-30
domain wrongparcel.com 2023-12-30
hostname castaneda.jrzshore.com 2023-12-30
hostname qis.lsup.xyz 2023-12-30
hostname unassigned.172-81-63-114.spryt.net 2023-12-30
hostname unassigned.207-174-1-44.spryt.net 2023-12-30
hostname ups.lsup.xyz 2023-12-30
hostname us.lsup.xyz 2023-12-30
hostname us.upspwd.cyou 2023-12-30
hostname uso.lsup.xyz 2023-12-30
hostname usps.aabnlac.com 2023-12-30
hostname usps.cannotbesent.com 2023-12-30
hostname usps.catchfire-parcel.com 2023-12-30
hostname usps.comhelpox.com 2023-12-30
hostname usps.drop-parcel.com 2023-12-30
hostname usps.issue-parcel.com 2023-12-30
hostname usps.missing-parcel.com 2023-12-30
hostname usps.package-address.com 2023-12-30
hostname usps.package-lose.com 2023-12-30
hostname usps.pp-drop.com 2023-12-30
hostname usps.pp-issue.com 2023-12-30
hostname usps.pp-lose.com 2023-12-30
hostname usps.shelve-parcel.com 2023-12-30
hostname usps.upsbbn.com 2023-12-30
hostname usps.upspp.com 2023-12-30
hostname usps.uspsbjm.com 2023-12-30
hostname usps.uspsbp.com 2023-12-30
hostname usps.uspsccc.com 2023-12-30
hostname usps.uspsgu.com 2023-12-30
hostname usps.uspsjsq.com 2023-12-30
hostname usps.uspsjx.com 2023-12-30
hostname usps.uspskkhh.com 2023-12-30
hostname usps.uspskkk.com 2023-12-30
hostname usps.uspskkv.com 2023-12-30
hostname usps.wrongparcel.com 2023-12-30
hostname uups.lsup.xyz 2023-12-30
hostname www.upostvdrty.com 2023-12-30
hostname www.upostvpvol.com 2023-12-30
hostname www.upostvrtu.xyz 2023-12-30
hostname www.upostvtyia.com 2023-12-30
hostname www.upostvvjok.com 2023-12-30
hostname www.uspostrivlo.com 2023-12-30
domain questionprov161847.com 2024-01-20
URL http://unassigned.172-81-63-114.spryt.net/c7ssVaFT.swf?cmmw2nbctn08cyL9LcdcNRddcDsP7msj0cbbb4X 2024-01-20
hostname cabrera.jrzshore.com 2024-01-20
domain jrzshore.com 2024-01-20
URL https://rocketagencia3894.lt.acemlnc.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZiaXR0cmV4LnNvbHV0aW9ucy1vbW5pYWdlbnQuY29tJTJG&sig=EiuR9kscYFgbh5sf3TKa7XUtPGcHBhPpZfz2vuLqERUN&iat=1704806863&a=%7C%7C650041865%7C%7C&account=rocketagencia3894%2Eactivehosted%2Ecom&email=k742eKFGumixtN2979tkQennV7KcbWFhOvc1Vqpm58onTg%3D%3D%3ADBh74ekFJgHAeBsgDdhX%2F9w12a8JqQkS&s=9d86426296d22fe9b2e05ef4a73fea85&i=1073A1075A13A3731 2024-01-20
hostname rocketagencia3894.lt.acemlnc.com 2024-01-20
URL https://cases.omniagentsolutions.com/claim?clientid=3662 2024-01-20
hostname cases.omniagentsolutions.com 2024-01-20
domain omniagentsolutions.com 2024-01-20
URL https://ilinks.bittrex.com/u/click?_t=750560a322a8447aa1556f1046726423&_m=702e46fbb14d4a5b9c65be5f1a71b493&_e=VsyUjPQUVxPFw5zkyY5hSdqeOTlfpWdhE3xpILwfoLqsXwVwNPO_upeP7GiGIoO3xwXbSpNmklUcAg7lezoZh_rtGL3Kf_RE7_rnfiJDG3kmJoNChDMwT92Qfgvg3UFW2swEXY5rgawBe6GQzyEVYFYStfuW0Pjj5MHlhyk1Kr_DFq_polSVaS-V0eNDyi3glEiKU-4ZmaBdvL-3GwHTi8Y9un-wTSL5H_fsuUym62w%3D 2024-01-20
hostname ilinks.bittrex.com 2024-01-20
domain vizorbarn.xyz 2024-01-22
URL https://vizorbarn.xyz/c101beb153229ca39089424f3b2194d1 2024-01-22
domain improvehold.com 2024-01-22
URL https://improvehold.com/0/0/0/025d73c480f794443316b5587c499b55/2_1163053_2780108/2176_2141157_5095258_54/67117190_174-219-239-151$ Redirects to either USPS phishing site or an innocuous site to throw off scanners, i.e. bing.com 2024-01-22
URL https://storage.googleapis.com/d2i7c4n0i8z9i7f5/s4f8u8r3c1z9w5j5.html#o9T3iIb4.aspx?cmmw2ncctpRhcyMkCcdcNRddcHqwKmsj0cbbb4X Redirects to phishing URL https://improvehold.com/0/0/0/025d73c480f794443316b5587c499b55/2_1163053_2780108/2176_2141157_5095258_54/67117190_174-219-239-151$. 2024-01-22
domain questionprov41735.com Used to send phishing emails. 2024-01-22
URL http://t9iba.net/upgrade/ 2024-01-25
domain t9iba.net 2024-01-25
hostname uspis.trackilnifo.coiei.top 2024-01-25
hostname usps-tracikinfiio.xic2i.top 2024-01-25
hostname usps.notifcation.com 2024-01-25
hostname uspss-tracikinfio.coiei.top 2024-01-25
hostname usspps-trackinfo.cewrb.top 2024-01-25
URL https://evri-rearrange-delivery.club/online 2024-01-29
URL https://instrumentm.ru/include/EVRi/ 2024-01-29
domain evri-rearrange-delivery.club 2024-01-29
domain instrumentm.ru 2024-01-29
email evri-support@evri-bookings.com 2024-01-29
email evri@evri-charge-id.com 2024-01-29
email evri@evri-contacts.com 2024-01-29
email evri@evri-my-charge.com 2024-01-29
email evri@evri-reserve.com 2024-01-29
email evri@evri-transport.com 2024-01-29
email info@bjbconsulting.co.za 2024-01-29
hostname evri.customeralerts-id.com 2024-01-29
hostname evri.logisticsinfo-id.com 2024-01-29
hostname evri.mydispatchtrack-id.com 2024-01-29
hostname evri.mygoodsupdate-id.com 2024-01-29
hostname evri.mytransportupdates-id.com 2024-01-29
hostname evri.packageupdates-id.com 2024-01-29
domain mygoodsupdate-id.com 2024-01-29
domain packageupdates-id.com 2024-01-29
domain logisticsinfo-id.com 2024-01-29
domain customeralerts-id.com 2024-01-29
URL https://evri.customeralerts-id.com 2024-01-29
URL http://evri.customeralerts-id.com 2024-01-29
URL http://evri.logisticsinfo-id.com 2024-01-29
URL https://evri.mygoodsupdate-id.com/ 2024-01-29
URL https://evri.packageupdates-id.com/TrackAParcel_EFvAawMniwU3o4ei.php?sslchannel=true&sessionid=ImELJqYQl6mZAkceXdeboAtpXchDTwuzm7Un487mZO4AgeE9gBgmopDlTZcZEYbA5PTmTrd4EAv8yF0jDt02mteBM2Xue4QNiZ0cfSOs72oRzfGkMfRttzGmMq29fPvluU 2024-01-29
URL https://evri.logisticsinfo-id.com/TrackAParcel_EFvAawMniwU3o4ei.php?sslchannel=true&sessionid=lefhabpxLYjUru6iuxx7fKBIVoAk9kGDdFYwMrt2eVhRjNHnzCbZUKFel0u2tVHDYvoJ148KwUiwwsKiYjBbOvXeIFUJ6Sff0npqy3CBrpom2KG0kwjoeV46V9r5mEW9oK 2024-01-29
URL http://evri-rearrange-delivery.club/online 2024-01-29
URL https://ablaktas.com/IT/1479/ 2024-02-02
domain ablaktas.com 2024-02-02
email evri-support@evri-bookings.com 2024-02-02
email evri@evri-contacts.com 2024-02-02
email evri@evri-reserve.com 2024-02-02
email royal-mail@royal-mail-charge-id.com 2024-02-02
email royal-mail@royal-mail-rebook.com 2024-02-02
email royal-mail@royal-mail-tracklink.com 2024-02-02
email royal-mail@ryml-me.com 2024-02-02
email ryml@ryml-id.com 2024-02-02
hostname evri.customeralerts-id.com 2024-02-02
hostname evri.logisticsinfo-id.com 2024-02-02
hostname evri.packageupdates-id.com 2024-02-02
hostname royalmail.mypackageupdates-id.com 2024-02-02
hostname royalmail.mytrackingdetails-id.com 2024-02-02
hostname royalmail.shipmentprogress-id.com 2024-02-02
hostname royalmail.shipmentstatus-id.com 2024-02-02
hostname royalmail.trackingdetails-id.com 2024-02-02
domain lightmotor.biz 2024-02-05
domain questionprov917930146982432336.com 2024-02-05
domain r9u4w667a22eyrt.com 2024-02-05
domain statusbest.com 2024-02-05
hostname unassigned.207-174-1-46.spryt.net 2024-02-05
email wf4wd2jm6zxobtcwr.v4xf651faq@vilr.c.one.pl 2024-02-05
email j69lglsbslnyx8hj-kuabnkweeitl@r9u4w667a22eyrt.com 2024-02-05
hostname vilr.c.one.pl 2024-02-05
URL http://unassigned.207-174-1-44.spryt.net/USffxJCSn.swf?cmmw2nbctzzPcyN9fcdcV4ddcDkYbmggncbbb4X 2024-02-05
URL https://storage.googleapis.com/d2i7c4n0i8z9i7f5/s4f8u8r3c1z9w5j5.html#USffxJCSn.aspx?cmmw2ncctzzPcyN9fcdcV4ddcDkYbmggncbbb4X 2024-02-05
domain volublemarionettes.space 2024-02-09
domain post-dhl-redelivery.com 2024-02-09
hostname www.dhl.880405.bat05u1s.club 2024-02-09
FileHash-MD5 90b5b1f5ecb754ce20b92f4d7d144a27 2024-02-10
URL http://kelsat.com/?Z289MiZzMT0xODA4NzQzJnMyPTIwNzY0MTExNCZzMz1HTEI=3D 2024-02-10
URL https://balin.live/?var=Om5hdj11bnN1Ym9mZnJlOjp0cmFja2VyJmRlcGxveT0xODA4NzQzJnVzZXI9YWptZWVzZTclNDBnbWFpbC5jb20mZW1haWxfaWQ9MjA3NjQxMTE0JnVybD1hSFIwY0hNNkx5OWxiSFZ6YVhabGMyNWhaSE11WTI5dEx6QXZNQzh3TDNWbE56bGhPV1l5T1RVeU9XVTFNV05rTjJJeVpETmtaR1prTnpFd05qUmxNQzg9 2024-02-10
URL https://balin.live/public/?:nav=default::index&go=2&s1=1808743&s2=207641114 2024-02-10
URL https://www.athomedaily.com/?sc=17742 2024-02-10
URL https://www.unsubscribout.com/o-twxs-n15-90b5b1f5ecb754ce20b92f4d7d144a27 2024-02-10
domain balin.live 2024-02-10
domain kelsat.com 2024-02-10
hostname www.athomedaily.com 2024-02-10
hostname www.unsubscribout.com 2024-02-10
email edgar_palma_segundo@comunidad.unam.mx 2024-02-10
hostname comunidad.unam.mx 2024-02-10
hostname comunidadunammx.onmicrosoft.com 2024-02-10
domain taiwansecurities.com 2024-02-11
hostname wilkerson.taiwansecurities.com 2024-02-11
email royal-mail@royal-mail-shipping.com 2024-02-20
hostname royalmail.shippingnotifications-id.com 2024-02-20
hostname www.navigatixflow.com 2024-02-24
domain englishclib.xyz 2024-02-24
URL https://englishclib.xyz/?encoded_value=22HBBSQ&sub1=1412063996&sub2=&sub3=690515&sub4=&sub5=14967&source_id=2_1176581_2835791&ip=174.219.236.42&domain=www.navigatixflow.com 2024-02-24
domain minesofearth.com 2024-02-24
URL https://minesofearth.com/1765442215d6321f800/2_1176581_2835791/2176_2194426_5143551_54/67117190_174-219-236-42$ 2024-02-24
domain navigatixflow.com 2024-02-24
email return@impact-boat.net 2024-02-24
hostname johnson.adviceforhome.com 2024-02-24
domain adviceforhome.com 2024-02-24
domain impact-boat.net 2024-02-24
domain anecdotalsmovie.com 2024-02-24
domain allworldcruise.com 2024-02-24
URL http://allworldcruise.com/anchor 2024-02-24
URL https://storage.googleapis.com/d2i7c4n0i8z9i7f5/s4f8u8r3c1z9w5j5.html#dUH29ZDgN3c.aspx?cmmw2ncctB75czlK2cdcNRddcH9n2myj8cbbb4X 2024-02-24
URI https://storage.googleapis.com/d2i7c4n0i8z9i7f5/s4f8u8r3c1z9w5j5.html#dUH29ZDgN3c.aspx?cmmw2nfctB75czlK2cdcNRddcH9n2myj8cbbb4X 2024-02-24
domain meetlucks.com 2024-02-24
URL https://meetlucks.com/v21/?pub=989&click_id=cda99651b4ae48a888eaad4ef39a0641&c1= 2024-02-24
email royalmail@royal-mail-info.com 2024-03-04
email royalmail@royal-mail-infos.com 2024-03-04
hostname royalmail.parcelstatus-id.com 2024-03-04
hostname royalmail.trackmyparcel-id.com 2024-03-04
email royal-mail@royal-mail-helps.com 2024-03-07
email royal-mail@royal-mail-ship-id.com 2024-03-07
hostname royalmail.deliveryoptions-id.com 2024-03-07
hostname royalmail.deliveryupdates-id.com 2024-03-07
URL http://usps.com.daz11.vip/ 2024-04-07
domain daz11.vip 2024-04-07
hostname usps.com.daz11.vip 2024-04-07
URL http://funvodafone.com/anchor 2024-06-10
domain funvodafone.com 2024-06-10
URL https://storage.googleapis.com/vtuca3aw8cqe54/qsvg3pmsrpytzq.html#jrW.aspx?cmmw2ndcv5NYczg0KcdcNRddcHCV0ncDFcbbb4X 2024-06-10
URL http://funvodafone.com/unsubscribe.php 2024-06-10
References (1)
↗ https://www.virustotal.com/gui/collection/28494bec494167193f9d09fb4851a4ea559d2eac87433bbe9d9d7d462c8a5f06