Phishing targeting Luxembourg services (hosted and served on/from AWS)
Phishing targeting Luxembourg services (hosted and served on/from AWS)
AI Analysis
Technical Summary
This threat describes a phishing campaign targeting services related to Luxembourg, with the phishing infrastructure hosted and served from Amazon Web Services (AWS). The campaign employs fake websites designed to impersonate legitimate Luxembourg services, leveraging psychological acceptability to increase the likelihood of victim interaction. The attack technique aligns with the MITRE ATT&CK pattern T1566, which involves phishing as a vector to gain unauthorized access or steal sensitive information. The campaign is characterized by its use of convincing fake websites, which may deceive users into divulging credentials or other sensitive data. The hosting on AWS suggests attackers are leveraging cloud infrastructure to rapidly deploy and scale their phishing sites, potentially evading some traditional detection methods due to the legitimate nature of AWS IP ranges. No specific affected software versions or patches are noted, indicating this is a social engineering threat rather than a software vulnerability. The campaign is ongoing and considered to have a medium severity level by the source, CIRCL. There are no known exploits in the wild beyond the phishing campaign itself, and no direct technical vulnerabilities are exploited, but the risk lies in user deception and credential compromise.
Potential Impact
For European organizations, particularly those operating in or with Luxembourg, this phishing campaign poses a significant risk to confidentiality and integrity of sensitive information. Successful phishing attacks can lead to credential theft, unauthorized access to internal systems, financial fraud, and potential lateral movement within networks. Luxembourg is a major financial and administrative hub in Europe, so compromised credentials could facilitate attacks on critical financial institutions, government services, and multinational corporations headquartered or operating there. The use of AWS-hosted phishing sites may complicate detection and takedown efforts, prolonging exposure. Additionally, the psychological acceptability of the phishing approach increases the likelihood of user interaction, potentially leading to data breaches or ransomware infections if attackers use stolen credentials to deploy malware. The campaign could also erode trust in digital services and complicate compliance with GDPR and other data protection regulations if personal data is compromised.
Mitigation Recommendations
To mitigate this threat, organizations should implement targeted user awareness training focused on recognizing phishing attempts, especially those impersonating Luxembourg services. Deploy advanced email filtering solutions that incorporate URL rewriting and sandboxing to detect and block phishing links hosted on cloud platforms like AWS. Implement multi-factor authentication (MFA) across all critical systems to reduce the impact of credential theft. Regularly monitor for domain spoofing and newly registered domains mimicking legitimate Luxembourg services using threat intelligence feeds. Establish rapid incident response procedures to quickly identify and block phishing sites, including collaboration with AWS abuse teams for takedown requests. Employ browser isolation or endpoint protection solutions that can detect and prevent credential harvesting. Finally, conduct phishing simulation exercises tailored to the specific tactics observed in this campaign to improve user resilience.
Affected Countries
Luxembourg, Belgium, France, Germany, Netherlands
Indicators of Compromise
- ip: 18.117.184.102
- domain: ccss-public.com
- domain: cns-lu.com
- domain: luxtrust.support
- domain: luxtrust.help
- domain: www-cns-lu.com
- ip: 54.93.211.218
- ip: 35.177.103.239
- ip: 3.71.1.255
- domain: www-cns.com
- domain: luxtrust-cancel.com
- domain: luxtrust-unlock.com
- domain: ccss-sante-lu.com
- url: https://public-ccss.com/index.php
- ip: 51.20.69.186
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-07T13:42:52+00:00
- text: A
- text: 18.117.184.102
- text: luxtrust.help
- datetime: 2023-12-07T13:42:52+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-15T14:56:56+00:00
- text: A
- text: 18.117.184.102
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-137.awsdns-17.com
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-1028.awsdns-00.org
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-1684.awsdns-18.co.uk
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: NS
- text: ns-566.awsdns-06.net
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:22:05+00:00
- text: SOA
- text: ns-566.awsdns-06.net awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: luxtrust.support
- datetime: 2023-12-19T07:22:05+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-417.awsdns-52.com
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1004.awsdns-61.net
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1064.awsdns-05.org
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: NS
- text: ns-1932.awsdns-49.co.uk
- text: cns-lu.com
- datetime: 2023-12-19T06:09:53+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T06:09:53+00:00
- text: A
- text: 18.117.184.102
- text: cns-lu.com
- datetime: 2023-12-19T07:21:13+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-19T07:21:32+00:00
- text: SOA
- text: ns-1064.awsdns-05.org awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: cns-lu.com
- datetime: 2023-12-19T07:21:32+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-04T15:07:11+00:00
- text: A
- text: 54.211.144.11
- text: ccss-public.com
- datetime: 2023-12-06T12:43:27+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-07T09:57:23+00:00
- text: A
- text: 18.117.184.102
- text: ccss-public.com
- datetime: 2023-12-11T12:51:55+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: A
- text: 54.93.211.218
- text: www-cns-lu.com
- datetime: 2023-12-29T12:53:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-1809.awsdns-34.co.uk
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-800.awsdns-36.net
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-1377.awsdns-44.org
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: NS
- text: ns-185.awsdns-23.com
- text: www-cns-lu.com
- datetime: 2024-01-01T10:11:18+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T10:11:18+00:00
- text: A
- text: 35.177.103.239
- text: www-cns-lu.com
- datetime: 2024-01-01T18:02:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-28T07:20:46+00:00
- text: A
- text: 54.93.211.218
- text: luxtrust.co
- datetime: 2023-12-28T07:20:46+00:00
- counter: 6
- text: https://www.circl.lu/pdns/
- datetime: 2023-12-24T15:17:57+00:00
- text: A
- text: 54.93.211.218
- text: www-cns-lu.com
- datetime: 2023-12-29T12:53:49+00:00
- counter: 2
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T06:20:20+00:00
- text: A
- text: 35.177.103.239
- text: tango-lu.com
- datetime: 2024-01-01T10:19:23+00:00
- counter: 5
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-01T10:11:18+00:00
- text: A
- text: 35.177.103.239
- text: www-cns-lu.com
- datetime: 2024-01-01T18:02:49+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-02T13:42:31+00:00
- text: A
- text: 35.177.103.239
- text: luxtrust.co
- datetime: 2024-01-02T13:42:31+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-10T14:00:09+00:00
- text: A
- text: 3.71.1.255
- text: cns-public.eu
- datetime: 2024-01-10T14:00:09+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-11T09:15:56+00:00
- text: A
- text: 3.71.1.255
- text: ccss-lu.eu
- datetime: 2024-01-11T09:15:56+00:00
- counter: 3
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-09T07:44:24+00:00
- text: A
- text: 3.71.1.255
- text: www-cns-lu.com
- datetime: 2024-01-16T15:18:05+00:00
- domain: ccss.support
- domain: cfl-lu.com
- port: 443
- domain: ccss.support
- domain: cfl-lu.com
- domain: 3-71-1-255.plesk.page
- domain: quizzical-feistel.3-71-1-255.plesk.page
- domain: ec2-3-71-1-255.eu-central-1.compute.amazonaws.com
- ip: 3.71.1.255
- ip: 3.71.1.255
- as: 16509
- text: HTTPS
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-29T08:16:34+00:00
- text: A
- text: 13.48.203.238
- text: luxtrust-cancel.com
- datetime: 2024-01-29T08:16:34+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-1194.awsdns-21.org
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-1016.awsdns-63.net
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-356.awsdns-44.com
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T22:38:10+00:00
- text: NS
- text: ns-2013.awsdns-59.co.uk
- text: www-cns.com
- datetime: 2024-01-26T22:38:10+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-27T06:43:33+00:00
- text: SOA
- text: ns-356.awsdns-44.com awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: www-cns.com
- datetime: 2024-01-27T06:43:33+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-01-26T21:02:34+00:00
- text: A
- text: 13.48.203.238
- text: www-cns.com
- datetime: 2024-01-29T08:14:18+00:00
- domain: sante-lu.com
- domain: 13.48.203.238
- text: 3705060
- url: https://sante-lu.com/index.php
- url: https://sante-lu.com/
- text: Yes
- text: CCSS
- domain: luxtrust-help.com
- domain: luxtrust-help.com
- ip: 54.170.251.238
- port: 443
- text: Amazon Technologies Inc.
- counter: 2
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:49:51+00:00
- text: A
- text: 35.180.136.109
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-1769.awsdns-29.co.uk
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-668.awsdns-19.net
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-1148.awsdns-15.org
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: NS
- text: ns-508.awsdns-63.com
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:55:26+00:00
- text: SOA
- text: ns-1769.awsdns-29.co.uk awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400
- text: luxtrust-unlock.com
- datetime: 2024-02-08T08:55:26+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-296.awsdns-37.com
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-920.awsdns-51.net
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-1790.awsdns-31.co.uk
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 1
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-08T08:58:25+00:00
- text: NS
- text: ns-1129.awsdns-13.org
- text: ccss-sante-lu.com
- datetime: 2024-02-08T08:58:25+00:00
- counter: 3
- text: https://www.circl.lu/pdns/
- datetime: 2024-02-07T07:43:10+00:00
- text: A
- text: 35.180.136.109
- text: ccss-sante-lu.com
- datetime: 2024-02-08T09:02:37+00:00
- url: https://public-ccss.com/index.php
- text: com
- text: /index.php
- domain: public-ccss.com
- text: public-ccss
- domain: public-ccss.com
- counter: 6
- text: https://www.circl.lu/pdns/
- datetime: 2024-03-07T09:27:05+00:00
- text: A
- text: 51.20.69.186
- text: public-ccss.com
- datetime: 2024-03-13T10:22:44+00:00
- url: https://help-luxtrust.lu/index.php?success=validatedok
- text: lu
- text: /index.php
- text: ?success=validatedok
- domain: help-luxtrust.lu
- text: help-luxtrust
- domain: help-luxtrust.lu
- domain: 3.82.24.34
- text: 3772453
- text: abuse@amazonaws.com
- url: https://carte-sante-lu.com/index.php?success=validatedok
- url: https://cns-order.com/
- text: Yes
- text: CCSS
- url: https://infoluxtrust.com/steps/luxtrust/
- domain: infoluxtrust.com
- text: infoluxtrust
- ip: 3.79.236.229
- port: 443
- text: /steps/luxtrust/
- url: https://luxtrust.help/
- domain: luxtrust.help
- text: luxtrust
- ip: 52.59.212.17
- port: 443
- domain: 3.82.24.34
- url: https://ccss.digital/
- url: https://etat-public.lu
- text: Yes
- domain: 3.82.24.34
- text: 3801349
- url: https://public-order.lu/
- url: https://c0nbrjdy.r.us-east-1.awstrack.me/L0/https:%2F%2Fpublic-order.lu/1/0100018ef98d16dd-9631e726-429b-4ad6-90a9-e25371506197-000000/7x9NDhmFipPjGlHSTAfnvM2JBjw=370
- url: https://order-public.com/
- domain: order-public.com
- ip: 16.171.58.164
- port: 443
- url: https://support-luxtrust.com/
- domain: support-luxtrust.com
- ip: 52.58.64.31
- port: 443
- url: https://guichet.me/login_up.php
- domain: guichet.me
- text: guichet
- ip: 44.200.31.79
- port: 443
- text: https://t.ly/ROJIS
- domain: cfl-lu.com
- domain: cfl-lu.com
- ip: 3.71.1.255
- port: 443
- domain: card-order.lu
- domain: card-order.lu
- ip: 44.200.31.79
- port: 443
- text: % WHOIS card-order.lu domainname: card-order.lu domaintype: ACTIVE nserver: ns1.eurodns.com nserver: ns2.eurodns.com nserver: ns3.eurodns.com nserver: ns4.eurodns.com ownertype: ORGANISATION registered: 03/05/2024 org-name: ORANGE Lyon org-address: 10 Parc de la Tête d'Or org-zipcode: 69100 org-city: Lyon - 09 org-country: FR adm-name: duval nico adm-address: ORANGE Lyon adm-address: 10 Parc de la Tête d'Or adm-zipcode: 69100 adm-city: Lyon - 09 adm-country: FR adm-email: wailbanaid93500@gmail.com tec-name: Adlani Anouar tec-address: EuroDNS S.A tec-address: 2, rue Leon Laval tec-zipcode: L-3372 tec-city: Leudelange tec-country: LU tec-email: hostmaster@eurodns.com
- domain: payconiq.direct
- domain: payconiq.direct
- ip: 54.155.71.44
- text: https://payconiq.direct/index.php
- domain: payconiq.tel
- domain: 18.197.141.155
- url: https://support-luxtrust.lu/
- text: Yes
- domain: payconiq.support
- ip: 18.197.141.155
- url: payconiq.support
- text: Yes
- text: Yes
- domain: app-luxtrust.com
- ip: 3.64.63.56
- url: https://app-luxtrust.com/LUXTRUST/
- text: Yes
- domain: payconiq-blocage.com
- ip: 50.112.61.79
- url: http://payconiq-blocage.com/
- text: Yes
- domain: payconiq-suspension.net
- domain: update-lu.com
- ip: 13.60.60.38
- url: http://update-lu.com
- text: Yes
- domain: luxtrust-support.com
- ip: 13.60.60.3
- url: https://luxtrust-support.com/Luxtrust/
- text: Yes
- domain: luxtrust-support.com
- ip: 3.79.3.191
- url: https://luxtrust-support.com/Luxtrust/
- text: Yes
- text: Yes
Phishing targeting Luxembourg services (hosted and served on/from AWS)
Description
Phishing targeting Luxembourg services (hosted and served on/from AWS)
AI-Powered Analysis
Technical Analysis
This threat describes a phishing campaign targeting services related to Luxembourg, with the phishing infrastructure hosted and served from Amazon Web Services (AWS). The campaign employs fake websites designed to impersonate legitimate Luxembourg services, leveraging psychological acceptability to increase the likelihood of victim interaction. The attack technique aligns with the MITRE ATT&CK pattern T1566, which involves phishing as a vector to gain unauthorized access or steal sensitive information. The campaign is characterized by its use of convincing fake websites, which may deceive users into divulging credentials or other sensitive data. The hosting on AWS suggests attackers are leveraging cloud infrastructure to rapidly deploy and scale their phishing sites, potentially evading some traditional detection methods due to the legitimate nature of AWS IP ranges. No specific affected software versions or patches are noted, indicating this is a social engineering threat rather than a software vulnerability. The campaign is ongoing and considered to have a medium severity level by the source, CIRCL. There are no known exploits in the wild beyond the phishing campaign itself, and no direct technical vulnerabilities are exploited, but the risk lies in user deception and credential compromise.
Potential Impact
For European organizations, particularly those operating in or with Luxembourg, this phishing campaign poses a significant risk to confidentiality and integrity of sensitive information. Successful phishing attacks can lead to credential theft, unauthorized access to internal systems, financial fraud, and potential lateral movement within networks. Luxembourg is a major financial and administrative hub in Europe, so compromised credentials could facilitate attacks on critical financial institutions, government services, and multinational corporations headquartered or operating there. The use of AWS-hosted phishing sites may complicate detection and takedown efforts, prolonging exposure. Additionally, the psychological acceptability of the phishing approach increases the likelihood of user interaction, potentially leading to data breaches or ransomware infections if attackers use stolen credentials to deploy malware. The campaign could also erode trust in digital services and complicate compliance with GDPR and other data protection regulations if personal data is compromised.
Mitigation Recommendations
To mitigate this threat, organizations should implement targeted user awareness training focused on recognizing phishing attempts, especially those impersonating Luxembourg services. Deploy advanced email filtering solutions that incorporate URL rewriting and sandboxing to detect and block phishing links hosted on cloud platforms like AWS. Implement multi-factor authentication (MFA) across all critical systems to reduce the impact of credential theft. Regularly monitor for domain spoofing and newly registered domains mimicking legitimate Luxembourg services using threat intelligence feeds. Establish rapid incident response procedures to quickly identify and block phishing sites, including collaboration with AWS abuse teams for takedown requests. Employ browser isolation or endpoint protection solutions that can detect and prevent credential harvesting. Finally, conduct phishing simulation exercises tailored to the specific tactics observed in this campaign to improve user resilience.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Threat Level
- 2
- Analysis
- 2
- Uuid
- f3290493-8f74-4220-aa04-b83408e37a0c
- Original Timestamp
- 1721049635
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip18.117.184.102 | — | |
ip54.93.211.218 | — | |
ip35.177.103.239 | — | |
ip3.71.1.255 | — | |
ip51.20.69.186 | — | |
ip3.71.1.255 | — | |
ip3.71.1.255 | — | |
ip54.170.251.238 | — | |
ip3.79.236.229 | — | |
ip52.59.212.17 | — | |
ip16.171.58.164 | — | |
ip52.58.64.31 | — | |
ip44.200.31.79 | — | |
ip3.71.1.255 | — | |
ip44.200.31.79 | — | |
ip54.155.71.44 | — | |
ip18.197.141.155 | — | |
ip3.64.63.56 | — | |
ip50.112.61.79 | — | |
ip13.60.60.38 | — | |
ip13.60.60.3 | — | |
ip3.79.3.191 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainccss-public.com | — | |
domaincns-lu.com | — | |
domainluxtrust.support | — | |
domainluxtrust.help | — | |
domainwww-cns-lu.com | — | |
domainwww-cns.com | — | |
domainluxtrust-cancel.com | — | |
domainluxtrust-unlock.com | — | |
domainccss-sante-lu.com | — | |
domainccss.support | — | |
domaincfl-lu.com | — | |
domainccss.support | — | |
domaincfl-lu.com | — | |
domain3-71-1-255.plesk.page | — | |
domainquizzical-feistel.3-71-1-255.plesk.page | — | |
domainec2-3-71-1-255.eu-central-1.compute.amazonaws.com | — | |
domainsante-lu.com | — | |
domain13.48.203.238 | — | |
domainluxtrust-help.com | — | |
domainluxtrust-help.com | — | |
domainpublic-ccss.com | — | |
domainpublic-ccss.com | — | |
domainhelp-luxtrust.lu | — | |
domainhelp-luxtrust.lu | — | |
domain3.82.24.34 | — | |
domaininfoluxtrust.com | — | |
domainluxtrust.help | — | |
domain3.82.24.34 | — | |
domain3.82.24.34 | — | |
domainorder-public.com | — | |
domainsupport-luxtrust.com | — | |
domainguichet.me | — | |
domaincfl-lu.com | — | |
domaincfl-lu.com | — | |
domaincard-order.lu | — | |
domaincard-order.lu | — | |
domainpayconiq.direct | — | |
domainpayconiq.direct | — | |
domainpayconiq.tel | — | |
domain18.197.141.155 | — | |
domainpayconiq.support | — | |
domainapp-luxtrust.com | — | |
domainpayconiq-blocage.com | — | |
domainpayconiq-suspension.net | — | |
domainupdate-lu.com | — | |
domainluxtrust-support.com | — | |
domainluxtrust-support.com | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://public-ccss.com/index.php | — | |
urlhttps://sante-lu.com/index.php | — | |
urlhttps://sante-lu.com/ | — | |
urlhttps://public-ccss.com/index.php | — | |
urlhttps://help-luxtrust.lu/index.php?success=validatedok | — | |
urlhttps://carte-sante-lu.com/index.php?success=validatedok | — | |
urlhttps://cns-order.com/ | — | |
urlhttps://infoluxtrust.com/steps/luxtrust/ | — | |
urlhttps://luxtrust.help/ | — | |
urlhttps://ccss.digital/ | — | |
urlhttps://etat-public.lu | — | |
urlhttps://public-order.lu/ | — | |
urlhttps://c0nbrjdy.r.us-east-1.awstrack.me/L0/https:%2F%2Fpublic-order.lu/1/0100018ef98d16dd-9631e726-429b-4ad6-90a9-e25371506197-000000/7x9NDhmFipPjGlHSTAfnvM2JBjw=370 | — | |
urlhttps://order-public.com/ | — | |
urlhttps://support-luxtrust.com/ | — | |
urlhttps://guichet.me/login_up.php | — | |
urlhttps://support-luxtrust.lu/ | — | |
urlpayconiq.support | — | |
urlhttps://app-luxtrust.com/LUXTRUST/ | — | |
urlhttp://payconiq-blocage.com/ | — | |
urlhttp://update-lu.com | — | |
urlhttps://luxtrust-support.com/Luxtrust/ | — | |
urlhttps://luxtrust-support.com/Luxtrust/ | — |
Counter
| Value | Description | Copy |
|---|---|---|
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter6 | — | |
counter2 | — | |
counter5 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter3 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter2 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter1 | — | |
counter3 | — | |
counter6 | — |
Text
| Value | Description | Copy |
|---|---|---|
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textluxtrust.help | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-137.awsdns-17.com | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1028.awsdns-00.org | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1684.awsdns-18.co.uk | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-566.awsdns-06.net | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-566.awsdns-06.net awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textluxtrust.support | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-417.awsdns-52.com | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1004.awsdns-61.net | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1064.awsdns-05.org | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1932.awsdns-49.co.uk | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-1064.awsdns-05.org awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textcns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.211.144.11 | — | |
textccss-public.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text18.117.184.102 | — | |
textccss-public.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1809.awsdns-34.co.uk | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-800.awsdns-36.net | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1377.awsdns-44.org | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-185.awsdns-23.com | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textluxtrust.co | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text54.93.211.218 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
texttango-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textwww-cns-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.177.103.239 | — | |
textluxtrust.co | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textcns-public.eu | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textccss-lu.eu | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text3.71.1.255 | — | |
textwww-cns-lu.com | — | |
textHTTPS | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text13.48.203.238 | — | |
textluxtrust-cancel.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1194.awsdns-21.org | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1016.awsdns-63.net | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-356.awsdns-44.com | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-2013.awsdns-59.co.uk | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-356.awsdns-44.com awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textwww-cns.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text13.48.203.238 | — | |
textwww-cns.com | — | |
text3705060 | — | |
textYes | — | |
textCCSS | — | |
textAmazon Technologies Inc. | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.180.136.109 | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1769.awsdns-29.co.uk | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-668.awsdns-19.net | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1148.awsdns-15.org | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-508.awsdns-63.com | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textSOA | — | |
textns-1769.awsdns-29.co.uk awsdns-hostmaster.amazon.com 1 7200 900 1209600 86400 | — | |
textluxtrust-unlock.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-296.awsdns-37.com | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-920.awsdns-51.net | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1790.awsdns-31.co.uk | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textNS | — | |
textns-1129.awsdns-13.org | — | |
textccss-sante-lu.com | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text35.180.136.109 | — | |
textccss-sante-lu.com | — | |
textcom | — | |
text/index.php | — | |
textpublic-ccss | — | |
texthttps://www.circl.lu/pdns/ | — | |
textA | — | |
text51.20.69.186 | — | |
textpublic-ccss.com | — | |
textlu | — | |
text/index.php | — | |
text?success=validatedok | — | |
texthelp-luxtrust | — | |
text3772453 | — | |
textabuse@amazonaws.com | — | |
textYes | — | |
textCCSS | — | |
textinfoluxtrust | — | |
text/steps/luxtrust/ | — | |
textluxtrust | — | |
textYes | — | |
text3801349 | — | |
textguichet | — | |
texthttps://t.ly/ROJIS | — | |
text% WHOIS card-order.lu
domainname: card-order.lu
domaintype: ACTIVE
nserver: ns1.eurodns.com
nserver: ns2.eurodns.com
nserver: ns3.eurodns.com
nserver: ns4.eurodns.com
ownertype: ORGANISATION
registered: 03/05/2024
org-name: ORANGE Lyon
org-address: 10 Parc de la Tête d'Or
org-zipcode: 69100
org-city: Lyon - 09
org-country: FR
adm-name: duval nico
adm-address: ORANGE Lyon
adm-address: 10 Parc de la Tête d'Or
adm-zipcode: 69100
adm-city: Lyon - 09
adm-country: FR
adm-email: wailbanaid93500@gmail.com
tec-name: Adlani Anouar
tec-address: EuroDNS S.A
tec-address: 2, rue Leon Laval
tec-zipcode: L-3372
tec-city: Leudelange
tec-country: LU
tec-email: hostmaster@eurodns.com | — | |
texthttps://payconiq.direct/index.php | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — | |
textYes | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2023-12-07T13:42:52+00:00 | — | |
datetime2023-12-07T13:42:52+00:00 | — | |
datetime2023-12-15T14:56:56+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T07:22:05+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T06:09:53+00:00 | — | |
datetime2023-12-19T07:21:13+00:00 | — | |
datetime2023-12-19T07:21:32+00:00 | — | |
datetime2023-12-19T07:21:32+00:00 | — | |
datetime2023-12-04T15:07:11+00:00 | — | |
datetime2023-12-06T12:43:27+00:00 | — | |
datetime2023-12-07T09:57:23+00:00 | — | |
datetime2023-12-11T12:51:55+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2023-12-29T12:53:49+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T18:02:49+00:00 | — | |
datetime2023-12-28T07:20:46+00:00 | — | |
datetime2023-12-28T07:20:46+00:00 | — | |
datetime2023-12-24T15:17:57+00:00 | — | |
datetime2023-12-29T12:53:49+00:00 | — | |
datetime2024-01-01T06:20:20+00:00 | — | |
datetime2024-01-01T10:19:23+00:00 | — | |
datetime2024-01-01T10:11:18+00:00 | — | |
datetime2024-01-01T18:02:49+00:00 | — | |
datetime2024-01-02T13:42:31+00:00 | — | |
datetime2024-01-02T13:42:31+00:00 | — | |
datetime2024-01-10T14:00:09+00:00 | — | |
datetime2024-01-10T14:00:09+00:00 | — | |
datetime2024-01-11T09:15:56+00:00 | — | |
datetime2024-01-11T09:15:56+00:00 | — | |
datetime2024-01-09T07:44:24+00:00 | — | |
datetime2024-01-16T15:18:05+00:00 | — | |
datetime2024-01-29T08:16:34+00:00 | — | |
datetime2024-01-29T08:16:34+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-26T22:38:10+00:00 | — | |
datetime2024-01-27T06:43:33+00:00 | — | |
datetime2024-01-27T06:43:33+00:00 | — | |
datetime2024-01-26T21:02:34+00:00 | — | |
datetime2024-01-29T08:14:18+00:00 | — | |
datetime2024-02-08T08:49:51+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:55:26+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-08T08:58:25+00:00 | — | |
datetime2024-02-07T07:43:10+00:00 | — | |
datetime2024-02-08T09:02:37+00:00 | — | |
datetime2024-03-07T09:27:05+00:00 | — | |
datetime2024-03-13T10:22:44+00:00 | — |
Port
| Value | Description | Copy |
|---|---|---|
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — | |
port443 | — |
As
| Value | Description | Copy |
|---|---|---|
as16509 | — |
Threat ID: 682acdbebbaf20d303f0e677
Added to database: 5/19/2025, 6:20:46 AM
Last enriched: 7/2/2025, 7:11:19 AM
Last updated: 7/28/2025, 5:23:53 PM
Views: 11
Related Threats
Coordinated Brute Force Campaign Targets Fortinet SSL VPN
MediumHow "helpful" AI assistants are accidentally destroying production systems - and what we're doing about it.
MediumNew Brute-Force Campaign Hits Fortinet SSL VPN in Coordinated Attack
MediumThreatFox IOCs for 2025-08-12
Medium"Click to Allow" Robot Exposes Online Fraud Empire
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.