Phishing Campaign PasasteSinTAG - New domain rotation identified associated with the campaign impersonating the PasasteSinTAG portal
A phishing campaign targeting Chile continues to evolve with significant infrastructure expansion. Security researchers identified 99 new domains impersonating the legitimate PasasteSinTAG portal, with 22 domains confirmed active and 77 registered but not yet activated. The active domains utilize various top-level domains including .click, .cfd, .cyou, .mom, .best, .rest, .top, .help, .sbs, .icu, .life, .xyz, .buzz, .casa, and .pics. The infrastructure is hosted across seven IP addresses. This campaign represents an ongoing threat to Chilean users through brand impersonation tactics, with threat actors maintaining a large reserve of dormant domains for future rotation.
AI Analysis
Technical Summary
The PasasteSinTAG phishing campaign is an evolving threat targeting users in Chile by impersonating the legitimate PasasteSinTAG portal. Security researchers have identified 99 new domains linked to this campaign, with 22 currently active and 77 registered but inactive, indicating preparation for future domain rotation. The active domains span multiple top-level domains such as .click, .cfd, .cyou, .mom, .best, .rest, .top, .help, .sbs, .icu, .life, .xyz, .buzz, .casa, and .pics, and are hosted across seven IP addresses. This infrastructure expansion supports ongoing credential harvesting and brand impersonation tactics. No known exploits or patches apply as this is a phishing campaign rather than a software vulnerability.
Potential Impact
The campaign poses a medium-level threat primarily to Chilean users by deceiving them into interacting with fraudulent domains that mimic the legitimate PasasteSinTAG portal. This can lead to credential theft and potential unauthorized access to user accounts. The large pool of dormant domains allows threat actors to maintain persistence and evade detection by rotating domains frequently.
Mitigation Recommendations
No official patches or fixes apply since this is a phishing campaign. Organizations and users in Chile should be made aware of the ongoing threat and advised to verify URLs carefully before entering credentials. Security teams should monitor for the identified domains and block or filter access where possible. User education on recognizing phishing attempts remains critical. Since the campaign uses domain rotation, continuous monitoring of new domains is recommended.
Affected Countries
Chile
Indicators of Compromise
- domain: pasastesintag.pics
- domain: parastesintago.click
- domain: parastesintago.help
- domain: pasastesintagc.top
- domain: pasastesintago.cyou
- domain: pasastesintago.online
- domain: pasastesintag26.click
- domain: pasastesintap.cfd
- domain: pasastesintap.cyou
- domain: pasastesintagas.mom
- domain: pasastesintagi.best
- domain: pasastesintagi.rest
- domain: pasastesintagi.top
- domain: pasastesintagionline.click
- domain: pasastesintagionline.help
- domain: pasastesintagionline.sbs
- domain: pasastesintagcl.best
- domain: pasastesintagcl.icu
- domain: pasastesintagcl.life
- domain: pasastesintagcl.mom
- domain: pasastesintagcl.rest
- domain: pasastesintaplmw.click
- domain: pasastesintag.xyz
- domain: pasastesintagas.best
- domain: pasastesintagas.click
- domain: pasastesintagas.buzz
- domain: pasastesintagas.help
- domain: pasastesintagas.casa
- domain: parastesintag.buzz
- domain: parastesintag.cfd
- domain: parastesintag.click
- domain: parastesintag.cyou
- domain: parastesintag.help
- domain: parastesintag.homes
- domain: parastesintag.icu
- domain: parastesintag.lat
- domain: parastesintag.lol
- domain: parastesintag.sbs
- domain: parastesintag.top
- domain: parastesintag.yachts
- domain: pasastesintag.beer
- domain: pasastesintag.best
- domain: pasastesintag.casa
- domain: pasastesintag.courses
- domain: pasastesintag.cyou
- domain: pasastesintag.digital
- domain: pasastesintag.fit
- domain: pasastesintag.icu
- domain: pasastesintag.mom
- domain: pasastesintag.online
- domain: pasastesintag.study
- domain: pasastesintag.surf
- domain: pasastesintag26.xin
- domain: pasastesintagapp.lat
- domain: pasastesintagapp.pics
- domain: pasastesintagas.top
- domain: pasastesintagcl.casa
- domain: pasastesintagcl.cyou
- domain: pasastesintagcl.qpon
- domain: pasastesintagcl.shop
- domain: pasastesintagcl.surf
- domain: pasastesintagclonline.casa
- domain: pasastesintagclonline.click
- domain: pasastesintagclonline.help
- domain: pasastesintagclonline.mom
- domain: pasastesintagclonline.sbs
- domain: pasastesintagclonline.top
- domain: pasastesintage.cyou
- domain: pasastesintage.online
- domain: pasastesintages.casa
- domain: pasastesintages.online
- domain: pasastesintagi.casa
- domain: pasastesintagi.cfd
- domain: pasastesintagi.lol
- domain: pasastesintagi.mom
- domain: pasastesintagionline.best
- domain: pasastesintagionline.life
- domain: pasastesintagionline.mom
- domain: pasastesintagionline.top
- domain: pasastesintago.beer
- domain: pasastesintago.best
- domain: pasastesintago.bond
- domain: pasastesintago.casa
- domain: pasastesintago.life
- domain: pasastesintago.lol
- domain: pasastesintago.work
- domain: pasastesintagoapp.casa
- domain: pasastesintagp.online
- domain: pasastesintags.beer
- domain: pasastesintags.best
- domain: pasastesintags.fit
- domain: pasastesintags.fun
- domain: pasastesintags.homes
- domain: pasastesintags.ink
- domain: pasastesintags.lat
- domain: pasastesintags.pics
- domain: pasastesintags.surf
- domain: pasastesintags.top
- domain: pasastesintagx.online
- domain: pasastesintagy.online
- domain: pasastesintap.skin
- domain: pasastesintax.help
- domain: pasastesintax.online
- domain: pasesetcsintag.xyz
- domain: thepasastesintagi.casa
- ip: 130.94.104.165
- ip: 130.94.104.219
- ip: 149.33.20.102
Phishing Campaign PasasteSinTAG - New domain rotation identified associated with the campaign impersonating the PasasteSinTAG portal
Description
A phishing campaign targeting Chile continues to evolve with significant infrastructure expansion. Security researchers identified 99 new domains impersonating the legitimate PasasteSinTAG portal, with 22 domains confirmed active and 77 registered but not yet activated. The active domains utilize various top-level domains including .click, .cfd, .cyou, .mom, .best, .rest, .top, .help, .sbs, .icu, .life, .xyz, .buzz, .casa, and .pics. The infrastructure is hosted across seven IP addresses. This campaign represents an ongoing threat to Chilean users through brand impersonation tactics, with threat actors maintaining a large reserve of dormant domains for future rotation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The PasasteSinTAG phishing campaign is an evolving threat targeting users in Chile by impersonating the legitimate PasasteSinTAG portal. Security researchers have identified 99 new domains linked to this campaign, with 22 currently active and 77 registered but inactive, indicating preparation for future domain rotation. The active domains span multiple top-level domains such as .click, .cfd, .cyou, .mom, .best, .rest, .top, .help, .sbs, .icu, .life, .xyz, .buzz, .casa, and .pics, and are hosted across seven IP addresses. This infrastructure expansion supports ongoing credential harvesting and brand impersonation tactics. No known exploits or patches apply as this is a phishing campaign rather than a software vulnerability.
Potential Impact
The campaign poses a medium-level threat primarily to Chilean users by deceiving them into interacting with fraudulent domains that mimic the legitimate PasasteSinTAG portal. This can lead to credential theft and potential unauthorized access to user accounts. The large pool of dormant domains allows threat actors to maintain persistence and evade detection by rotating domains frequently.
Mitigation Recommendations
No official patches or fixes apply since this is a phishing campaign. Organizations and users in Chile should be made aware of the ongoing threat and advised to verify URLs carefully before entering credentials. Security teams should monitor for the identified domains and block or filter access where possible. User education on recognizing phishing attempts remains critical. Since the campaign uses domain rotation, continuous monitoring of new domains is recommended.
Affected Countries
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://x.com/tial_cl/status/2071307374497861790"]
- Adversary
- null
- Pulse Id
- 6a42124a18e7d2cb639c06dd
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainpasastesintag.pics | — | |
domainparastesintago.click | — | |
domainparastesintago.help | — | |
domainpasastesintagc.top | — | |
domainpasastesintago.cyou | — | |
domainpasastesintago.online | — | |
domainpasastesintag26.click | — | |
domainpasastesintap.cfd | — | |
domainpasastesintap.cyou | — | |
domainpasastesintagas.mom | — | |
domainpasastesintagi.best | — | |
domainpasastesintagi.rest | — | |
domainpasastesintagi.top | — | |
domainpasastesintagionline.click | — | |
domainpasastesintagionline.help | — | |
domainpasastesintagionline.sbs | — | |
domainpasastesintagcl.best | — | |
domainpasastesintagcl.icu | — | |
domainpasastesintagcl.life | — | |
domainpasastesintagcl.mom | — | |
domainpasastesintagcl.rest | — | |
domainpasastesintaplmw.click | — | |
domainpasastesintag.xyz | — | |
domainpasastesintagas.best | — | |
domainpasastesintagas.click | — | |
domainpasastesintagas.buzz | — | |
domainpasastesintagas.help | — | |
domainpasastesintagas.casa | — | |
domainparastesintag.buzz | — | |
domainparastesintag.cfd | — | |
domainparastesintag.click | — | |
domainparastesintag.cyou | — | |
domainparastesintag.help | — | |
domainparastesintag.homes | — | |
domainparastesintag.icu | — | |
domainparastesintag.lat | — | |
domainparastesintag.lol | — | |
domainparastesintag.sbs | — | |
domainparastesintag.top | — | |
domainparastesintag.yachts | — | |
domainpasastesintag.beer | — | |
domainpasastesintag.best | — | |
domainpasastesintag.casa | — | |
domainpasastesintag.courses | — | |
domainpasastesintag.cyou | — | |
domainpasastesintag.digital | — | |
domainpasastesintag.fit | — | |
domainpasastesintag.icu | — | |
domainpasastesintag.mom | — | |
domainpasastesintag.online | — | |
domainpasastesintag.study | — | |
domainpasastesintag.surf | — | |
domainpasastesintag26.xin | — | |
domainpasastesintagapp.lat | — | |
domainpasastesintagapp.pics | — | |
domainpasastesintagas.top | — | |
domainpasastesintagcl.casa | — | |
domainpasastesintagcl.cyou | — | |
domainpasastesintagcl.qpon | — | |
domainpasastesintagcl.shop | — | |
domainpasastesintagcl.surf | — | |
domainpasastesintagclonline.casa | — | |
domainpasastesintagclonline.click | — | |
domainpasastesintagclonline.help | — | |
domainpasastesintagclonline.mom | — | |
domainpasastesintagclonline.sbs | — | |
domainpasastesintagclonline.top | — | |
domainpasastesintage.cyou | — | |
domainpasastesintage.online | — | |
domainpasastesintages.casa | — | |
domainpasastesintages.online | — | |
domainpasastesintagi.casa | — | |
domainpasastesintagi.cfd | — | |
domainpasastesintagi.lol | — | |
domainpasastesintagi.mom | — | |
domainpasastesintagionline.best | — | |
domainpasastesintagionline.life | — | |
domainpasastesintagionline.mom | — | |
domainpasastesintagionline.top | — | |
domainpasastesintago.beer | — | |
domainpasastesintago.best | — | |
domainpasastesintago.bond | — | |
domainpasastesintago.casa | — | |
domainpasastesintago.life | — | |
domainpasastesintago.lol | — | |
domainpasastesintago.work | — | |
domainpasastesintagoapp.casa | — | |
domainpasastesintagp.online | — | |
domainpasastesintags.beer | — | |
domainpasastesintags.best | — | |
domainpasastesintags.fit | — | |
domainpasastesintags.fun | — | |
domainpasastesintags.homes | — | |
domainpasastesintags.ink | — | |
domainpasastesintags.lat | — | |
domainpasastesintags.pics | — | |
domainpasastesintags.surf | — | |
domainpasastesintags.top | — | |
domainpasastesintagx.online | — | |
domainpasastesintagy.online | — | |
domainpasastesintap.skin | — | |
domainpasastesintax.help | — | |
domainpasastesintax.online | — | |
domainpasesetcsintag.xyz | — | |
domainthepasastesintagi.casa | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip130.94.104.165 | — | |
ip130.94.104.219 | — | |
ip149.33.20.102 | — |
Threat ID: 6a42473227e9c79719ab487d
Added to database: 06/29/2026, 10:21:38 UTC
Last enriched: 06/29/2026, 10:36:57 UTC
Last updated: 06/29/2026, 23:26:54 UTC
Views: 22
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.