Skip to first unread message
SW-ISAC Announce
Oct 9, 2024, 9:16:25 AM10/9/24
to SW-ISAC Announce
The vast majority of servers observed to be compromised by yesterday's spam attack have modified their registration options and/or removed the inauthentic accounts and content.
The following servers remain compromised and are potentially abandoned, we recommend limiting, suppressing or blocking content from these servers until they are observed to be under control:
- cryptodon[.]lol
- elderscrolls[.]space
- kitsui[.]life
- lawsocial[.]org
- m[.]corduba[.]tech
- m[.]n1l[.]dev
- mk[.]chiwa[.]net
- nekton[.]social
- oyasumi[.]ski
- seda[.]social
- startrekshitposting[.]com
- elderscrolls[.]space
- kitsui[.]life
- lawsocial[.]org
- m[.]corduba[.]tech
- m[.]n1l[.]dev
- mk[.]chiwa[.]net
- nekton[.]social
- oyasumi[.]ski
- seda[.]social
- startrekshitposting[.]com
Additionally, we have observed several email domains used to create the inauthentic accounts, all of which resolve to an anonymous email service mx[.]fex[.]plus - we recommend blocking this email provider from being able to verify new accounts.
A full list of targeted service providers, known email domains in use, and observed content is available at https://docs.google.com/spreadsheets/d/13sskOdKraYo2hSMK353Ijm0_K8WCp-JHs6cyruffedA/ - we will update this resource for each service once it is observed to be under control. We will continue to notify impacted service providers.
Reply all
Reply to author
Forward
0 new messages