Real-Time Anti-Phishing: Essential Defense Against Evolving Cyber Threats

    Tuesday, March 25, 2025 In: Threat Research Print

    Date: 03/25/2025

    Severity: Critical 

    Summary

    Recent threat data reveals key insights into phishing campaigns and evolving cybercriminal tactics. Facebook remains a top phishing target due to its widespread use and valuable user data, with scams often disguised as account warnings. In mid-February, phishing attacks spiked against Roblox, tricking users with fake alerts and prize notifications. Late January saw a surge in phishing attempts targeting various platforms, highlighting the broad reach of these attacks.

    Indicators of Compromise (IOC) List

    Domains\URLs :

    case-id-10012125556.vercel.app

    policy-violation-10002321704.github.io

    cpa.firebaseapp.com

    rbxodi.blogspot.com

    www.telegramtgtg.com

    www.91gsh.com

    67a34b6bfc0d210a820d0cf5--brilliant-mermaid-bad0bd.netlify.app

    gworldhomes.com/ionos-ag/ionos-es/login/login.php

    000414-coinbase.com

    coinbsphnnumbe.gitbook.io/us

    paypalloginonline.blogspot.com

    niemalssoeder.de/c/index/myaccount

    uncloabatles.ru/votes/7838610

    vim.vimeo18.ru/votes/3818905

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\Urls :

    userdomainname like "000414-coinbase.com" or url like "000414-coinbase.com" or userdomainname like "policy-violation-10002321704.github.io" or url like "policy-violation-10002321704.github.io" or userdomainname like "www.telegramtgtg.com" or url like "www.telegramtgtg.com" or userdomainname like "67a34b6bfc0d210a820d0cf5--brilliant-mermaid-bad0bd.netlify.app" or url like "67a34b6bfc0d210a820d0cf5--brilliant-mermaid-bad0bd.netlify.app" or userdomainname like "case-id-10012125556.vercel.app" or url like "case-id-10012125556.vercel.app" or userdomainname like "rbxodi.blogspot.com" or url like "rbxodi.blogspot.com" or userdomainname like "cpa.firebaseapp.com" or url like "cpa.firebaseapp.com" or userdomainname like "www.91gsh.com" or url like "www.91gsh.com" or userdomainname like "gworldhomes.com/ionos-ag/ionos-es/login/login.php" or url like "gworldhomes.com/ionos-ag/ionos-es/login/login.php" or userdomainname like "coinbsphnnumbe.gitbook.io/us" or url like "coinbsphnnumbe.gitbook.io/us" or userdomainname like "paypalloginonline.blogspot.com" or url like "paypalloginonline.blogspot.com" or userdomainname like "niemalssoeder.de/c/index/myaccount" or url like "niemalssoeder.de/c/index/myaccount" or userdomainname like "uncloabatles.ru/votes/7838610" or url like "uncloabatles.ru/votes/7838610" or userdomainname like "vim.vimeo18.ru/votes/3818905" or url like "vim.vimeo18.ru/votes/3818905"

    Reference:    

    https://www.fortinet.com/blog/threat-research/real-time-anti-phishing-essential-defense-against-evolving-cyber-threats


    Tags

    MalwarePhishingAnti-PhishingFacebookRoblox

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.