Phishing Campaign – Adidas and Nike

Shreshta threat intelligence team has detected a phishing campaign wherein the threat actors have registered domain names impersonating brands such as Adidas and Nike.

Adidas AG is a German multinational corporation, founded and headquartered in Herzogenaurach, Bavaria, that designs and manufactures shoes, clothing and accessories. It is the largest sportswear manufacturer in Europe, and the second largest in the world, after Nike.[5][6] It is the holding company for the Adidas Group, which consists 8.33% stake of the football club Bayern München,[7] and Runtastic, an Austrian fitness technology company. Adidas’s revenue for 2018 was listed at €21.915 billion.1

1. Phishing domain name – adidass.us.com

Image: Website screenshot of adidass.us.com
Image: Search of adidass.us.com in VirusTotal

Threat Indicators Summary
1. adidass.us.com is a domain name impersonating adidas.com and was registered on 2021-06-14
2. Domain registrar – Namecheap, Inc
2. adidass.us.com resolves to 167.160.29.189
3. 167.160.29.189 is an IP address under AS59447 ( Istanbuldc Veri Merkezi Ltd Sti, TR)
4. AS59447 ( Istanbuldc Veri Merkezi Ltd Sti) is based in Turkey
5. Passive DNS analysis of 167.160.29.189 produces similar typo squatting domains impersonating other brands such as Nike

2. Phishing domain name – nikesoutletfactory.us.com

Image: Website screenshot of nikesoutletfactory.us.com
Image: Search of nikesoutletfactory.us.com in VirusTotal

Threat Indicators Summary
1. nikesoutletfactory.us.com is a domain name impersonating adidas.com and was registered on 2021-03-24
2. Domain registrar – Namecheap, Inc
2. adidass.us.com resolves to 167.160.29.189
3. 167.160.29.189 is an IP address under AS59447 ( Istanbuldc Veri Merkezi Ltd Sti, TR)
4. AS59447 ( Istanbuldc Veri Merkezi Ltd Sti) is based in Turkey
5. Passive DNS analysis of 167.160.29.189 produces similar typo squatting domains impersonating other brands such as Nike

The visual indicators among the domain names adidass.us.com and nikesoutletfactory.us.com is the usage of the same phishing kit.

Image: Product selection page of adidas.us.com
Image: Product selection page of nikesoutletfactory.us.com
Image: Registration/Sign in page of nikesoutletfactory.us.com
Image: Registration/Sign in page of adidas.us.com

Indicators of Compromise

nikeshoess[.]ca[.]
img[.]nikeshoess[.]ca[.]
monclerjacket[.]com[.]co[.]
trainersshop[.]org[.]uk[.]
jordan1high[.]us[.]
golden-gooses[.]us[.]
jordansretro3[.]us[.]
lebron16shoes[.]us[.]
goldengoosecom[.]us[.]
jordan11sshoes[.]us[.]
pandoracharmscom[.]us[.]
air-jordansneakers[.]us[.]
wholesaleshoescheap[.]us[.]
wholesaleshoesclothing[.]us[.]
wholesaleairjordanscheap[.]us[.]
jordan4s[.]uk[.]com[.]
img[.]jordan4s[.]uk[.]com[.]
www[.]jordan4s[.]uk[.]com[.]
trainerssale[.]uk[.]com[.]
img[.]trainerssale[.]uk[.]com[.]
www[.]trainerssale[.]uk[.]com[.]
nikestrainers[.]uk[.]com[.]
img[.]nikestrainers[.]uk[.]com[.]
www[.]nikestrainers[.]uk[.]com[.]
charmsbracelet[.]uk[.]com[.]
www[.]charmsbracelet[.]uk[.]com[.]
trainersforsale[.]uk[.]com[.]
jewelrynecklacerings[.]uk[.]com[.]
nmd[.]us[.]com[.]
www[.]nmd[.]us[.]com[.]
adidass[.]us[.]com[.]
pandoras[.]us[.]com[.]
air-max90[.]us[.]com[.]
nikesbdunk[.]us[.]com[.]
nmdsadidas[.]us[.]com[.]
jordan11low[.]us[.]com[.]
nike–shoes[.]us[.]com[.]
airjordan11s[.]us[.]com[.]
goldensgoose[.]us[.]com[.]
jordanretros[.]us[.]com[.]
air-jordans11[.]us[.]com[.]
nikeairforces[.]us[.]com[.]
nikehuaraches[.]us[.]com[.]
nikeairjordan1[.]us[.]com[.]
asicsgel-kayano[.]us[.]com[.]
cheapnikesshoes[.]us[.]com[.]
monclerjacketss[.]us[.]com[.]
newjordansshoes[.]us[.]com[.]
outletnikestore[.]us[.]com[.]
yeezyboost350v2[.]us[.]com[.]
adidasshoeswomen[.]us[.]com[.]
img[.]adidasshoeswomen[.]us[.]com[.]
www[.]adidasshoeswomen[.]us[.]com[.]
nikeoutletstores[.]us[.]com[.]
nikeshoesonlines[.]us[.]com[.]
nikesoutletstore[.]us[.]com[.]
nikestorefactory[.]us[.]com[.]
airjordansneakers[.]us[.]com[.]
nikestoresfactory[.]us[.]com[.]
jordan-shoesformen[.]us[.]com[.]
www[.]jordan-shoesformen[.]us[.]com[.]
monclercoatfactory[.]us[.]com[.]
monclerstoreoutlet[.]us[.]com[.]
nikeoutlet-factory[.]us[.]com[.]
nikesoutletfactory[.]us[.]com[.]
goldengoosesneakerss[.]us[.]com[.]
nikesneakersforwomen[.]us[.]com[.]
monclersjacketsoutlet[.]us[.]com[.]
nikewholesalesuppliers[.]us[.]com[.]
pandorajewelry-outlets[.]us[.]com[.]
www[.]pandorajewelry-outlets[.]us[.]com[.]
nikeslidessandalsslipers[.]us[.]com[.]
wholesalenikeshoesonline[.]us[.]com[.]
christianlouboutinshoesinc[.]us[.]com[.]
pandorabracelets-clearance[.]us[.]com[.]
nikeoutletstore-onlineshopping[.]us[.]com[.]
underfeathering[.]backmoreover[.]com[.]
awol189[.]bookcorneronline[.]com[.]
peddler189[.]bookcorneronline[.]com[.]
jordanretroshoes[.]us[.]org[.]
jordanswholesale[.]us[.]org[.]

Get free access to Newly registered domain names (NRD) community feeds

Newly registered domain names or recently registered domains can be a potential security risk for organisations. They are often used to host phishing, malware, and other malicious content.

By monitoring or blocking NRDs, enterprises can eliminate the risk of cyber threats posed by NRDs.

Get no-cost access to our newly registered domain names(NRD) community feeds.

Download the free NRD community feeds

Website | + posts