Shreshta threat intelligence team has detected a phishing campaign wherein the threat actors have registered domain names impersonating brands such as Adidas and Nike.
Adidas AG is a German multinational corporation, founded and headquartered in Herzogenaurach, Bavaria, that designs and manufactures shoes, clothing and accessories. It is the largest sportswear manufacturer in Europe, and the second largest in the world, after Nike.[5][6] It is the holding company for the Adidas Group, which consists 8.33% stake of the football club Bayern München,[7] and Runtastic, an Austrian fitness technology company. Adidas’s revenue for 2018 was listed at €21.915 billion.1
1. Phishing domain name – adidass.us.com
Threat Indicators Summary
1. adidass.us.com is a domain name impersonating adidas.com and was registered on 2021-06-14
2. Domain registrar – Namecheap, Inc
2. adidass.us.com resolves to 167.160.29.189
3. 167.160.29.189 is an IP address under AS59447 ( Istanbuldc Veri Merkezi Ltd Sti, TR)
4. AS59447 ( Istanbuldc Veri Merkezi Ltd Sti) is based in Turkey
5. Passive DNS analysis of 167.160.29.189 produces similar typo squatting domains impersonating other brands such as Nike
2. Phishing domain name – nikesoutletfactory.us.com
Threat Indicators Summary
1. nikesoutletfactory.us.com is a domain name impersonating adidas.com and was registered on 2021-03-24
2. Domain registrar – Namecheap, Inc
2. adidass.us.com resolves to 167.160.29.189
3. 167.160.29.189 is an IP address under AS59447 ( Istanbuldc Veri Merkezi Ltd Sti, TR)
4. AS59447 ( Istanbuldc Veri Merkezi Ltd Sti) is based in Turkey
5. Passive DNS analysis of 167.160.29.189 produces similar typo squatting domains impersonating other brands such as Nike
The visual indicators among the domain names adidass.us.com and nikesoutletfactory.us.com is the usage of the same phishing kit.
Indicators of Compromise
nikeshoess[.]ca[.]
img[.]nikeshoess[.]ca[.]
monclerjacket[.]com[.]co[.]
trainersshop[.]org[.]uk[.]
jordan1high[.]us[.]
golden-gooses[.]us[.]
jordansretro3[.]us[.]
lebron16shoes[.]us[.]
goldengoosecom[.]us[.]
jordan11sshoes[.]us[.]
pandoracharmscom[.]us[.]
air-jordansneakers[.]us[.]
wholesaleshoescheap[.]us[.]
wholesaleshoesclothing[.]us[.]
wholesaleairjordanscheap[.]us[.]
jordan4s[.]uk[.]com[.]
img[.]jordan4s[.]uk[.]com[.]
www[.]jordan4s[.]uk[.]com[.]
trainerssale[.]uk[.]com[.]
img[.]trainerssale[.]uk[.]com[.]
www[.]trainerssale[.]uk[.]com[.]
nikestrainers[.]uk[.]com[.]
img[.]nikestrainers[.]uk[.]com[.]
www[.]nikestrainers[.]uk[.]com[.]
charmsbracelet[.]uk[.]com[.]
www[.]charmsbracelet[.]uk[.]com[.]
trainersforsale[.]uk[.]com[.]
jewelrynecklacerings[.]uk[.]com[.]
nmd[.]us[.]com[.]
www[.]nmd[.]us[.]com[.]
adidass[.]us[.]com[.]
pandoras[.]us[.]com[.]
air-max90[.]us[.]com[.]
nikesbdunk[.]us[.]com[.]
nmdsadidas[.]us[.]com[.]
jordan11low[.]us[.]com[.]
nike–shoes[.]us[.]com[.]
airjordan11s[.]us[.]com[.]
goldensgoose[.]us[.]com[.]
jordanretros[.]us[.]com[.]
air-jordans11[.]us[.]com[.]
nikeairforces[.]us[.]com[.]
nikehuaraches[.]us[.]com[.]
nikeairjordan1[.]us[.]com[.]
asicsgel-kayano[.]us[.]com[.]
cheapnikesshoes[.]us[.]com[.]
monclerjacketss[.]us[.]com[.]
newjordansshoes[.]us[.]com[.]
outletnikestore[.]us[.]com[.]
yeezyboost350v2[.]us[.]com[.]
adidasshoeswomen[.]us[.]com[.]
img[.]adidasshoeswomen[.]us[.]com[.]
www[.]adidasshoeswomen[.]us[.]com[.]
nikeoutletstores[.]us[.]com[.]
nikeshoesonlines[.]us[.]com[.]
nikesoutletstore[.]us[.]com[.]
nikestorefactory[.]us[.]com[.]
airjordansneakers[.]us[.]com[.]
nikestoresfactory[.]us[.]com[.]
jordan-shoesformen[.]us[.]com[.]
www[.]jordan-shoesformen[.]us[.]com[.]
monclercoatfactory[.]us[.]com[.]
monclerstoreoutlet[.]us[.]com[.]
nikeoutlet-factory[.]us[.]com[.]
nikesoutletfactory[.]us[.]com[.]
goldengoosesneakerss[.]us[.]com[.]
nikesneakersforwomen[.]us[.]com[.]
monclersjacketsoutlet[.]us[.]com[.]
nikewholesalesuppliers[.]us[.]com[.]
pandorajewelry-outlets[.]us[.]com[.]
www[.]pandorajewelry-outlets[.]us[.]com[.]
nikeslidessandalsslipers[.]us[.]com[.]
wholesalenikeshoesonline[.]us[.]com[.]
christianlouboutinshoesinc[.]us[.]com[.]
pandorabracelets-clearance[.]us[.]com[.]
nikeoutletstore-onlineshopping[.]us[.]com[.]
underfeathering[.]backmoreover[.]com[.]
awol189[.]bookcorneronline[.]com[.]
peddler189[.]bookcorneronline[.]com[.]
jordanretroshoes[.]us[.]org[.]
jordanswholesale[.]us[.]org[.]
Get free access to Newly registered domain names (NRD) community feeds
Newly registered domain names or recently registered domains can be a potential security risk for organisations. They are often used to host phishing, malware, and other malicious content.
By monitoring or blocking NRDs, enterprises can eliminate the risk of cyber threats posed by NRDs.
Get no-cost access to our newly registered domain names(NRD) community feeds.
