Phishing targeting Luxembourg services (hosted and served on/from AWS)
Phishing targeting Luxembourg services (hosted and served on/from AWS)
AI Analysis
Technical Summary
This threat involves a phishing campaign specifically targeting services related to Luxembourg, with the phishing infrastructure hosted and served from Amazon Web Services (AWS). The attack technique employed is a classic phishing method (MITRE ATT&CK T1566), where attackers create fake websites designed to impersonate legitimate Luxembourg-based services. These fake websites aim to deceive users into divulging sensitive information such as login credentials, personal data, or financial details. The psychological acceptability of the phishing attempt is rated high, indicating that the phishing pages are crafted to appear highly credible and trustworthy, increasing the likelihood of user interaction and successful credential harvesting. The campaign leverages the cloud infrastructure of AWS, which can provide attackers with scalable and resilient hosting, making takedown efforts more challenging. Although no specific affected software versions or patches are identified, the threat remains persistent and perpetual, as indicated by the OSINT lifetime tag. No known exploits in the wild have been reported, but the medium severity rating reflects the potential risk posed by successful phishing attempts, which can lead to unauthorized access, data breaches, and subsequent lateral movement within targeted organizations.
Potential Impact
For European organizations, especially those operating in or with Luxembourg, this phishing threat poses significant risks. Successful phishing can lead to credential compromise, unauthorized access to sensitive systems, and potential data breaches affecting confidentiality and integrity. Luxembourg is a key financial and administrative hub in Europe, so organizations there often handle sensitive financial data, personal information, and critical infrastructure services. A successful phishing attack could disrupt business operations, damage reputations, and lead to regulatory penalties under GDPR due to data exposure. Additionally, compromised credentials could be used to pivot into other European networks, amplifying the impact beyond Luxembourg. The use of AWS hosting complicates incident response and takedown efforts, potentially prolonging exposure and increasing the window of opportunity for attackers.
Mitigation Recommendations
To mitigate this threat, European organizations should implement targeted anti-phishing measures beyond generic advice. These include deploying advanced email filtering solutions that leverage machine learning to detect and block phishing emails targeting Luxembourg services. Organizations should conduct regular, realistic phishing simulation exercises tailored to the threat landscape of Luxembourg-based services to raise user awareness and resilience. Implementing multi-factor authentication (MFA) is critical to reduce the impact of credential compromise. Monitoring for domain registrations and hosting activity on AWS that mimic legitimate Luxembourg services can help identify phishing infrastructure early. Collaboration with AWS abuse teams to report and expedite takedown of malicious hosting is essential. Additionally, organizations should enhance endpoint detection and response (EDR) capabilities to identify suspicious activity resulting from successful phishing. Finally, maintaining up-to-date threat intelligence feeds focused on phishing campaigns targeting Luxembourg will help in proactive defense.
Affected Countries
Luxembourg, Belgium, France, Germany, Netherlands
Indicators of Compromise
- ip: 18.117.184.102
- domain: ccss-public.com
- domain: cns-lu.com
- domain: luxtrust.support
- domain: luxtrust.help
- domain: www-cns-lu.com
- ip: 54.93.211.218
- ip: 35.177.103.239
- ip: 3.71.1.255
- domain: www-cns.com
- domain: luxtrust-cancel.com
- domain: luxtrust-unlock.com
- domain: ccss-sante-lu.com
- url: https://public-ccss.com/index.php
- ip: 51.20.69.186
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-07T13:42:52+00:00
- text: A
- text: 18.117.184.102
- text: luxtrust.help
- datetime: 2023-12-07T13:42:52+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-15T14:56:56+00:00
- text: A
- text: 18.117.184.102
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-137.awsdns-17.com
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-1028.awsdns-00.org
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-1684.awsdns-18.co.uk
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-566.awsdns-06.net
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: SOA
- text: ns-566.awsdns-06.net awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-417.awsdns-52.com
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1004.awsdns-61.net
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1064.awsdns-05.org
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1932.awsdns-49.co.uk
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: A
- text: 18.117.184.102
- text: cns-lu.com
- datetime: 2023-12-19T07:21:13+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:21:32+00:00
- text: SOA
- text: ns-1064.awsdns-05.org awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: cns-lu.com
- datetime: 2023-12-19T07:21:32+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-04T15:07:11+00:00
- text: A
- text: 54.211.144.11
- text: ccss-public.com
- datetime: 2023-12-06T12:43:27+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-07T09:57:23+00:00
- text: A
- text: 18.117.184.102
- text: ccss-public.com
- datetime: 2023-12-11T12:51:55+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: A
- text: 54.93.211.218
- text: www-cns-lu.com
- datetime: 2023-12-29T12:53:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-1809.awsdns-34.co.uk
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-800.awsdns-36.net
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-1377.awsdns-44.org
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-185.awsdns-23.com
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T10:11:18+00:00
- text: A
- text: 35.177.103.239
- text: www-cns-lu.com
- datetime: 2024-01-01T18:02:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-28T07:20:46+00:00
- text: A
- text: 54.93.211.218
- text: luxtrust.co
- datetime: 2023-12-28T07:20:46+00:00
- counter: 6
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: A
- text: 54.93.211.218
- text: www-cns-lu.com
- datetime: 2023-12-29T12:53:49+00:00
- counter: 2
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T06:20:20+00:00
- text: A
- text: 35.177.103.239
- text: tango-lu.com
- datetime: 2024-01-01T10:19:23+00:00
- counter: 5
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T10:11:18+00:00
- text: A
- text: 35.177.103.239
- text: www-cns-lu.com
- datetime: 2024-01-01T18:02:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-02T13:42:31+00:00
- text: A
- text: 35.177.103.239
- text: luxtrust.co
- datetime: 2024-01-02T13:42:31+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-10T14:00:09+00:00
- text: A
- text: 3.71.1.255
- text: cns-public.eu
- datetime: 2024-01-10T14:00:09+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-11T09:15:56+00:00
- text: A
- text: 3.71.1.255
- text: ccss-lu.eu
- datetime: 2024-01-11T09:15:56+00:00
- counter: 3
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-09T07:44:24+00:00
- text: A
- text: 3.71.1.255
- text: www-cns-lu.com
- datetime: 2024-01-16T15:18:05+00:00
- domain: ccss.support
- domain: cfl-lu.com
- port: 443
- domain: ccss.support
- domain: cfl-lu.com
- domain: 3-71-1-255.plesk.page
- domain: quizzical-feistel.3-71-1-255.plesk.page
- domain: ec2-3-71-1-255.eu-central-1.compute.amazonaws.com
- ip: 3.71.1.255
- ip: 3.71.1.255
- as: 16509
- text: HTTPS
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-29T08:16:34+00:00
- text: A
- text: 13.48.203.238
- text: luxtrust-cancel.com
- datetime: 2024-01-29T08:16:34+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-1194.awsdns-21.org
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-1016.awsdns-63.net
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-356.awsdns-44.com
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-2013.awsdns-59.co.uk
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-27T06:43:33+00:00
- text: SOA
- text: ns-356.awsdns-44.com awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: www-cns.com
- datetime: 2024-01-27T06:43:33+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T21:02:34+00:00
- text: A
- text: 13.48.203.238
- text: www-cns.com
- datetime: 2024-01-29T08:14:18+00:00
- domain: sante-lu.com
- domain: 13.48.203.238
- text: 3705060
- url: https://sante-lu.com/index.php
- url: https://sante-lu.com/
- text: Yes
- text: CCSS
- domain: luxtrust-help.com
- domain: luxtrust-help.com
- ip: 54.170.251.238
- port: 443
- text: Amazon Technologies Inc.
- counter: 2
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:49:51+00:00
- text: A
- text: 35.180.136.109
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-1769.awsdns-29.co.uk
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-668.awsdns-19.net
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-1148.awsdns-15.org
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-508.awsdns-63.com
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: SOA
- text: ns-1769.awsdns-29.co.uk awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-296.awsdns-37.com
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-920.awsdns-51.net
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-1790.awsdns-31.co.uk
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-1129.awsdns-13.org
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 3
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-07T07:43:10+00:00
- text: A
- text: 35.180.136.109
- text: ccss-sante-lu.com
- datetime: 2024-02-08T09:02:37+00:00
- url: https://public-ccss.com/index.php
- text: com
- text: /index.php
- domain: public-ccss.com
- text: public-ccss
- domain: public-ccss.com
- counter: 6
- text: https://www.circl.lu/pdns/
- datetime: 2024-03-07T09:27:05+00:00
- text: A
- text: 51.20.69.186
- text: public-ccss.com
- datetime: 2024-03-13T10:22:44+00:00
- url: https://help-luxtrust.lu/index.php?success=validatedok
- text: lu
- text: /index.php
- text: ?success=validatedok
- domain: help-luxtrust.lu
- text: help-luxtrust
- domain: help-luxtrust.lu
- domain: 3.82.24.34
- text: 3772453
- text: abuse@amazonaws.com
- url: https://carte-sante-lu.com/index.php?success=validatedok
- url: https://cns-order.com/
- text: Yes
- text: CCSS
- url: https://infoluxtrust.com/steps/luxtrust/
- domain: infoluxtrust.com
- text: infoluxtrust
- ip: 3.79.236.229
- port: 443
- text: /steps/luxtrust/
- url: https://luxtrust.help/
- domain: luxtrust.help
- text: luxtrust
- ip: 52.59.212.17
- port: 443
- domain: 3.82.24.34
- url: https://ccss.digital/
- url: https://etat-public.lu
- text: Yes
- domain: 3.82.24.34
- text: 3801349
- url: https://public-order.lu/
- url: https://c0nbrjdy.r.us-east-1.awstrack.me/L0/https:%2F%2Fpublic-order.lu/1/0100018ef98d16dd-9631e726-429b-4ad6-90a9-e25371506197-000000/7x9NDhmFipPjGlHSTAfnvM2JBjw=370
- url: https://order-public.com/
- domain: order-public.com
- ip: 16.171.58.164
- port: 443
- url: https://support-luxtrust.com/
- domain: support-luxtrust.com
- ip: 52.58.64.31
- port: 443
- url: https://guichet.me/login_up.php
- domain: guichet.me
- text: guichet
- ip: 44.200.31.79
- port: 443
- text: https://t.ly/ROJIS
- domain: cfl-lu.com
- domain: cfl-lu.com
- ip: 3.71.1.255
- port: 443
- domain: card-order.lu
- domain: card-order.lu
- ip: 44.200.31.79
- port: 443
- text: % WHOIS card-order.lu domainname: card-order.lu domaintype: ACTIVE nserver: ns1.eurodns.com nserver: ns2.eurodns.com nserver: ns3.eurodns.com nserver: ns4.eurodns.com ownertype: ORGANISATION registered: 03/05/2024 org-name: ORANGE Lyon org-address: 10 Parc de la Tête d'Or org-zipcode: 69100 org-city: Lyon - 09 org-country: FR adm-name: duval nico adm-address: ORANGE Lyon adm-address: 10 Parc de la Tête d'Or adm-zipcode: 69100 adm-city: Lyon - 09 adm-country: FR adm-email: wailbanaid93500@gmail.com tec-name: Adlani Anouar tec-address: EuroDNS S.A tec-address: 2, rue Leon Laval tec-zipcode: L-3372 tec-city: Leudelange tec-country: LU tec-email: hostmaster@eurodns.com
- domain: payconiq.direct
- domain: payconiq.direct
- ip: 54.155.71.44
- text: https://payconiq.direct/index.php
- domain: payconiq.tel
- domain: 18.197.141.155
- url: https://support-luxtrust.lu/
- text: Yes
- domain: payconiq.support
- ip: 18.197.141.155
- url: payconiq.support
- text: Yes
- text: Yes
- domain: app-luxtrust.com
- ip: 3.64.63.56
- url: https://app-luxtrust.com/LUXTRUST/
- text: Yes
- domain: payconiq-blocage.com
- ip: 50.112.61.79
- url: http://payconiq-blocage.com/
- text: Yes
- domain: payconiq-suspension.net
- domain: update-lu.com
- ip: 13.60.60.38
- url: http://update-lu.com
- text: Yes
- domain: luxtrust-support.com
- ip: 13.60.60.3
- url: https://luxtrust-support.com/Luxtrust/
- text: Yes
- domain: luxtrust-support.com
- ip: 3.79.3.191
- url: https://luxtrust-support.com/Luxtrust/
- text: Yes
- text: Yes
Phishing targeting Luxembourg services (hosted and served on/from AWS)
Description
Phishing targeting Luxembourg services (hosted and served on/from AWS)
AI-Powered Analysis
Technical Analysis
This threat involves a phishing campaign specifically targeting services related to Luxembourg, with the phishing infrastructure hosted and served from Amazon Web Services (AWS). The attack technique employed is a classic phishing method (MITRE ATT&CK T1566), where attackers create fake websites designed to impersonate legitimate Luxembourg-based services. These fake websites aim to deceive users into divulging sensitive information such as login credentials, personal data, or financial details. The psychological acceptability of the phishing attempt is rated high, indicating that the phishing pages are crafted to appear highly credible and trustworthy, increasing the likelihood of user interaction and successful credential harvesting. The campaign leverages the cloud infrastructure of AWS, which can provide attackers with scalable and resilient hosting, making takedown efforts more challenging. Although no specific affected software versions or patches are identified, the threat remains persistent and perpetual, as indicated by the OSINT lifetime tag. No known exploits in the wild have been reported, but the medium severity rating reflects the potential risk posed by successful phishing attempts, which can lead to unauthorized access, data breaches, and subsequent lateral movement within targeted organizations.
Potential Impact
For European organizations, especially those operating in or with Luxembourg, this phishing threat poses significant risks. Successful phishing can lead to credential compromise, unauthorized access to sensitive systems, and potential data breaches affecting confidentiality and integrity. Luxembourg is a key financial and administrative hub in Europe, so organizations there often handle sensitive financial data, personal information, and critical infrastructure services. A successful phishing attack could disrupt business operations, damage reputations, and lead to regulatory penalties under GDPR due to data exposure. Additionally, compromised credentials could be used to pivot into other European networks, amplifying the impact beyond Luxembourg. The use of AWS hosting complicates incident response and takedown efforts, potentially prolonging exposure and increasing the window of opportunity for attackers.
Mitigation Recommendations
To mitigate this threat, European organizations should implement targeted anti-phishing measures beyond generic advice. These include deploying advanced email filtering solutions that leverage machine learning to detect and block phishing emails targeting Luxembourg services. Organizations should conduct regular, realistic phishing simulation exercises tailored to the threat landscape of Luxembourg-based services to raise user awareness and resilience. Implementing multi-factor authentication (MFA) is critical to reduce the impact of credential compromise. Monitoring for domain registrations and hosting activity on AWS that mimic legitimate Luxembourg services can help identify phishing infrastructure early. Collaboration with AWS abuse teams to report and expedite takedown of malicious hosting is essential. Additionally, organizations should enhance endpoint detection and response (EDR) capabilities to identify suspicious activity resulting from successful phishing. Finally, maintaining up-to-date threat intelligence feeds focused on phishing campaigns targeting Luxembourg will help in proactive defense.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Uuid
- f3290493-8f74-4220-aa04-b83408e37a0c
- Original Timestamp
- 1721049635
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip18.117.184.102 | — | |
ip54.93.211.218 | — | |
ip35.177.103.239 | — | |
ip3.71.1.255 | — | |
ip51.20.69.186 | — | |
ip3.71.1.255 | — | |
ip3.71.1.255 | — | |
ip54.170.251.238 | — | |
ip3.79.236.229 | — | |
ip52.59.212.17 | — | |
ip16.171.58.164 | — | |
ip52.58.64.31 | — | |
ip44.200.31.79 | — | |
ip3.71.1.255 | — | |
ip44.200.31.79 | — | |
ip54.155.71.44 | — | |
ip18.197.141.155 | — | |
ip3.64.63.56 | — | |
ip50.112.61.79 | — | |
ip13.60.60.38 | — | |
ip13.60.60.3 | — | |
ip3.79.3.191 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainccss-public.com | — | |
domaincns-lu.com | — | |
domainluxtrust.support | — | |
domainluxtrust.help | — | |
domainwww-cns-lu.com | — | |
domainwww-cns.com | — | |
domainluxtrust-cancel.com | — | |
domainluxtrust-unlock.com | — | |
domainccss-sante-lu.com | — | |
domainccss.support | — | |
domaincfl-lu.com | — | |
domainccss.support | — | |
domaincfl-lu.com | — | |
domain3-71-1-255.plesk.page | — | |
domainquizzical-feistel.3-71-1-255.plesk.page | — | |
domainec2-3-71-1-255.eu-central-1.compute.amazonaws.com | — | |
domainsante-lu.com | — | |
domain13.48.203.238 | — | |
domainluxtrust-help.com | — | |
domainluxtrust-help.com | — | |
domainpublic-ccss.com | — | |
domainpublic-ccss.com | — | |
domainhelp-luxtrust.lu | — | |
domainhelp-luxtrust.lu | — | |
domain3.82.24.34 | — | |
domaininfoluxtrust.com | — | |
domainluxtrust.help | — | |
domain3.82.24.34 | — | |
domain3.82.24.34 | — | |
domainorder-public.com | — | |
domainsupport-luxtrust.com | — | |
domainguichet.me | — | |
domaincfl-lu.com | — | |
domaincfl-lu.com | — | |
domaincard-order.lu | — | |
domaincard-order.lu | — | |
domainpayconiq.direct | — | |
domainpayconiq.direct | — | |
domainpayconiq.tel | — | |
domain18.197.141.155 | — | |
domainpayconiq.support | — | |
domainapp-luxtrust.com | — | |
domainpayconiq-blocage.com | — | |
domainpayconiq-suspension.net | — | |
domainupdate-lu.com | — | |
domainluxtrust-support.com | — | |
domainluxtrust-support.com | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://public-ccss.com/index.php | — | |
urlhttps://sante-lu.com/index.php | — | |
urlhttps://sante-lu.com/ | — | |
urlhttps://public-ccss.com/index.php | — | |
urlhttps://help-luxtrust.lu/index.php?success=validatedok | — | |
urlhttps://carte-sante-lu.com/index.php?success=validatedok | — | |
urlhttps://cns-order.com/ | — | |
urlhttps://infoluxtrust.com/steps/luxtrust/ | — | |
urlhttps://luxtrust.help/ | — | |
urlhttps://ccss.digital/ | — | |
urlhttps://etat-public.lu | — | |
urlhttps://public-order.lu/ | — | |
urlhttps://c0nbrjdy.r.us-east-1.awstrack.me/L0/https:%2F%2Fpublic-order.lu/1/0100018ef98d16dd-9631e726-429b-4ad6-90a9-e25371506197-000000/7x9NDhmFipPjGlHSTAfnvM2JBjw=370 | — | |
urlhttps://order-public.com/ | — | |
urlhttps://support-luxtrust.com/ | — | |
urlhttps://guichet.me/login_up.php | — | |
urlhttps://support-luxtrust.lu/ | — | |
urlpayconiq.support | — | |
urlhttps://app-luxtrust.com/LUXTRUST/ | — | |
urlhttp://payconiq-blocage.com/ | — | |
urlhttp://update-lu.com | — | |
urlhttps://luxtrust-support.com/Luxtrust/ | — | |
urlhttps://luxtrust-support.com/Luxtrust/ | — |
Counter
| Value | Description | Copy |
|---|---|---|
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter6 | — | |
counter2 | — | |
counter5 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter3 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter2 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter3 | — | |
counter6 | — |
Text
| Value | Description | Copy |
|---|---|---|
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textluxtrust.help | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-137.awsdns-17.com | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1028.awsdns-00.org | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1684.awsdns-18.co.uk | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-566.awsdns-06.net | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-566.awsdns-06.net awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-417.awsdns-52.com | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1004.awsdns-61.net | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1064.awsdns-05.org | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1932.awsdns-49.co.uk | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-1064.awsdns-05.org awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.211.144.11 | — | |
textccss-public.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textccss-public.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1809.awsdns-34.co.uk | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-800.awsdns-36.net | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1377.awsdns-44.org | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-185.awsdns-23.com | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textluxtrust.co | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
texttango-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textluxtrust.co | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textcns-public.eu | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textccss-lu.eu | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textwww-cns-lu.com | — | |
textHTTPS | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text13.48.203.238 | — | |
textluxtrust-cancel.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1194.awsdns-21.org | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1016.awsdns-63.net | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-356.awsdns-44.com | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-2013.awsdns-59.co.uk | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-356.awsdns-44.com awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text13.48.203.238 | — | |
textwww-cns.com | — | |
text3705060 | — | |
textYes | — | |
textCCSS | — | |
textAmazon Technologies Inc. | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.180.136.109 | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1769.awsdns-29.co.uk | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-668.awsdns-19.net | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1148.awsdns-15.org | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-508.awsdns-63.com | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-1769.awsdns-29.co.uk awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-296.awsdns-37.com | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-920.awsdns-51.net | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1790.awsdns-31.co.uk | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1129.awsdns-13.org | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.180.136.109 | — | |
textccss-sante-lu.com | — | |
textcom | — | |
text/index.php | — | |
textpublic-ccss | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text51.20.69.186 | — | |
textpublic-ccss.com | — | |
textlu | — | |
text/index.php | — | |
text?success=validatedok | — | |
texthelp-luxtrust | — | |
text3772453 | — | |
textabuse@amazonaws.com | — | |
textYes | — | |
textCCSS | — | |
textinfoluxtrust | — | |
text/steps/luxtrust/ | — | |
textluxtrust | — | |
textYes | — | |
text3801349 | — | |
textguichet | — | |
texthttps://t.ly/ROJIS | — | |
text% WHOIS card-order.lu
domainname: card-order.lu
domaintype: ACTIVE
nserver: ns1.eurodns.com
nserver: ns2.eurodns.com
nserver: ns3.eurodns.com
nserver: ns4.eurodns.com
ownertype: ORGANISATION
registered: 03/05/2024
org-name: ORANGE Lyon
org-address: 10 Parc de la Tête d'Or
org-zipcode: 69100
org-city: Lyon - 09
org-country: FR
adm-name: duval nico
adm-address: ORANGE Lyon
adm-address: 10 Parc de la Tête d'Or
adm-zipcode: 69100
adm-city: Lyon - 09
adm-country: FR
adm-email: wailbanaid93500@gmail.com
tec-name: Adlani Anouar
tec-address: EuroDNS S.A
tec-address: 2, rue Leon Laval
tec-zipcode: L-3372
tec-city: Leudelange
tec-country: LU
tec-email: hostmaster@eurodns.com | — | |
texthttps://payconiq.direct/index.php | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2023-12-07T13:42:52+00:00 | — | |
datetime2023-12-07T13:42:52+00:00 | — | |
datetime2023-12-15T14:56:56+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T07:21:13+00:00 | — | |
datetime2023-12-19T07:21:32+00:00 | — | |
datetime2023-12-19T07:21:32+00:00 | — | |
datetime2023-12-04T15:07:11+00:00 | — | |
datetime2023-12-06T12:43:27+00:00 | — | |
datetime2023-12-07T09:57:23+00:00 | — | |
datetime2023-12-11T12:51:55+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2023-12-29T12:53:49+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T18:02:49+00:00 | — | |
datetime2023-12-28T07:20:46+00:00 | — | |
datetime2023-12-28T07:20:46+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2023-12-29T12:53:49+00:00 | — | |
datetime2024-01-01T06:20:20+00:00 | — | |
datetime2024-01-01T10:19:23+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T18:02:49+00:00 | — | |
datetime2024-01-02T13:42:31+00:00 | — | |
datetime2024-01-02T13:42:31+00:00 | — | |
datetime2024-01-10T14:00:09+00:00 | — | |
datetime2024-01-10T14:00:09+00:00 | — | |
datetime2024-01-11T09:15:56+00:00 | — | |
datetime2024-01-11T09:15:56+00:00 | — | |
datetime2024-01-09T07:44:24+00:00 | — | |
datetime2024-01-16T15:18:05+00:00 | — | |
datetime2024-01-29T08:16:34+00:00 | — | |
datetime2024-01-29T08:16:34+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-27T06:43:33+00:00 | — | |
datetime2024-01-27T06:43:33+00:00 | — | |
datetime2024-01-26T21:02:34+00:00 | — | |
datetime2024-01-29T08:14:18+00:00 | — | |
datetime2024-02-08T08:49:51+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-07T07:43:10+00:00 | — | |
datetime2024-02-08T09:02:37+00:00 | — | |
datetime2024-03-07T09:27:05+00:00 | — | |
datetime2024-03-13T10:22:44+00:00 | — |
Port
| Value | Description | Copy |
|---|---|---|
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — |
As
| Value | Description | Copy |
|---|---|---|
as16509 | — |
Threat ID: 68359c9f5d5f0974d01fc2ef
Added to database: 5/27/2025, 11:06:07 AM
Last enriched: 7/5/2025, 10:54:42 PM
Last updated: 8/14/2025, 7:02:16 PM
Views: 15
Related Threats
ThreatFox IOCs for 2025-08-18
MediumThreatFox IOCs for 2025-08-17
MediumThreatFox IOCs for 2025-08-16
MediumGmail Phishing Campaign Analysis – “New Voicemail” Email with Dynamics Redirect + Captcha
MediumThreatFox IOCs for 2025-08-15
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.