-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy path2024-08-12-Olympic-themed-domains-similar-infrastructure-2020-and-2024.txt
61 lines (49 loc) · 1.95 KB
/
2024-08-12-Olympic-themed-domains-similar-infrastructure-2020-and-2024.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
2024-08-12 (MONDAY): SIMILARITIES IN PHISHING INFRASTRUCTURE BETWEEN TOKYO OLYMPICS & PARIS 2024 OLYMPICS
AUTHORS:
- Zhanhao Chen, Shu Wang, Daiping Liu, Fan Fei
REFERENCES:
- https://www.linkedin.com/posts/unit42_olympics-phishing-scams-activity-7229166831943524353-SiRP
- https://x.com/Unit42_Intel/status/1823387841797161385
NOTES:
- We recently uncovered connections between scam/phishing domains from the Tokyo 2021 Summer Olympics and the Paris 2024 Summer Olympics.
- The shared infrastructure and similarities in naming patterns indicate a threat actor persistently abuses domains for Olympic events.
- Of note, the 2020 Summer Olympics was delayed due to the COVID-19 pandemic and held in 2021, resulting in Olympic-themed domains with 2021 in the name.
- Below are a list of domains related to each Olympic games event and the shared IP addresses that hosted domains from both years.
DOMAINS USED FOR SCAMS OR PHISHING RELATED TO THE TOKYO 2021 OLYMPICS:
- 2021olympicupdates[.]com
- 2021olympicupdates[.]live
- 2021olympicupdateslive[.]com
- olympic2021[.]in
- olympicgames2021[.]co[.]za
- olympics2020[.]in
- olympics2021[.]in
- olympictickets2020[.]com
- tokyoolympicplay[.]com
- tokyoolympicsport[.]com
- usolympics2020[.]com
- usolympics2021[.]com
DOMAINS USED FOR SCAMS OR PHISHING RELATED TO THE PARIS 2024 OLYMPICS:
- 2024olympicslive[.]com
- 2024parisolympicathletes[.]com
- olympicparis2024[.]com
- paris-olympics2024[.]com
- paris24olympics[.]com
- parisolympic24[.]com
- parisolympicgames2024[.]com
- parisolympicgames2024official[.]com
- parisolympicgamesevents[.]com
- parisolympicgamesofficial[.]com
- parisolympicgamestickets[.]com
- parisolympicsphotographe[.]com
- parisolympictickets[.]com
IP ADDRESSES HOSTING DOMAINS USED FOR SCAMS OR PHISHING COMMON TO 2020 AND 2024 OLYMPICS:
- 3.33.152[.]147
- 3.64.163[.]50
- 13.248.169[.]48
- 13.248.213[.]45
- 15.197.142[.]173
- 34.98.99[.]30
- 34.102.136[.]180
- 76.223.54[.]146
- 76.223.67[.]189
- 184.168.131[.]241