More fake Amazon domains identified

X-Force has identified a new squatting campaign used by threat actors to target the media sector. The campaign has a global scope assumingly luring users into giving away their login credentials.

16 new squatting domain registrations related to a victim in the media sector have been identified. The campaign was identified starting with the registration on 2020-08-17 12:59:46 up to the latest registration on 2020-08-21 12:30:10.

For all registered domains we could identify Wild West Domains, LLC as the registrar based in the United States. The email address used for registering the domains was anonymized.

In addition we were also able to resolve the following IPs as well as the ASNs to the registered domains:

Domain: amazon-account-app-services.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazon-account-service-recovery.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-account-service-support.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-account-service-supports.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-account-services-support.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-account-store.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-account-support-app.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazon-app-account-service.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazon-recovery-accounts.com
Resolved IP: 13.90.62.126
ASN: AS8075
ASN country: United States

Domain: amazon-recovery-service.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazon-recovery-services.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazon-supports-recovery.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

Domain: amazongroundmember.com
Resolved IP: 23.96.58.114
ASN: AS8075
ASN country: United States

Domain: amazonverifyallert.com
Resolved IP: 13.92.194.158
ASN: AS8075
ASN country: United States

Domain: apps-amazon-recovery.com
Resolved IP: 159.203.24.126
ASN: AS14061
ASN country: United States

However the registrar Wild West Domains, Llc covers a pool of 12.465.218 domains where at least 0.03% can be considered as potentially malicious.The following list shows the nameserver that are configured as authoritative nameservers for the domain and their malicious score which is the percentage of malicious domains with the same nameserver.

Domain: amazon-account-app-services.com
Name server: ns1-07.azure-dns.com
Name server malicious score: 0.42%

Domain: amazon-account-app-services.com
Name server: ns2-07.azure-dns.net
Name server malicious score: 0.42%

Domain: amazon-account-app-services.com
Name server: ns3-07.azure-dns.org
Name server malicious score: 0.43%

Domain: amazon-account-app-services.com
Name server: ns4-07.azure-dns.info
Name server malicious score: 0.44%

Domain: amazon-account-service-recovery.com
Name server: ns1-06.azure-dns.com
Name server malicious score: 0.51%

Domain: amazon-account-service-recovery.com
Name server: ns2-06.azure-dns.net
Name server malicious score: 0.51%

Domain: amazon-account-service-recovery.com
Name server: ns3-06.azure-dns.org
Name server malicious score: 0.51%

Domain: amazon-account-service-recovery.com
Name server: ns4-06.azure-dns.info
Name server malicious score: 0.52%

Domain: amazon-account-service-support.com
Name server: ns1-07.azure-dns.com
Name server malicious score: 0.42%

Domain: amazon-account-service-support.com
Name server: ns2-07.azure-dns.net
Name server malicious score: 0.42%

Domain: amazon-account-service-support.com
Name server: ns3-07.azure-dns.org
Name server malicious score: 0.43%

Domain: amazon-account-service-support.com
Name server: ns4-07.azure-dns.info
Name server malicious score: 0.44%

Domain: amazon-account-service-supports.com
Name server: ns1-01.azure-dns.com
Name server malicious score: 0.40%

Domain: amazon-account-service-supports.com
Name server: ns2-01.azure-dns.net
Name server malicious score: 0.40%

Domain: amazon-account-service-supports.com
Name server: ns3-01.azure-dns.org
Name server malicious score: 0.41%

Domain: amazon-account-service-supports.com
Name server: ns4-01.azure-dns.info
Name server malicious score: 0.41%

Domain: amazon-account-services-support.com
Name server: ns1-01.azure-dns.com
Name server malicious score: 0.40

Domain: amazon-account-services-support.com
Name server: ns2-01.azure-dns.net
Name server malicious score: 0.40%

Domain: amazon-account-services-support.com
Name server: ns3-01.azure-dns.org
Name server malicious score: 0.41%

Domain: amazon-account-services-support.com
Name server: ns4-01.azure-dns.info
Name server malicious score: 0.41%

Domain: amazon-account-store.com
Name server: ns1-06.azure-dns.com
Name server malicious score: 0.51%

Domain: amazon-account-store.com
Name server: ns2-06.azure-dns.net
Name server malicious score: 0.51%

Domain: amazon-account-store.com
Name server: ns3-06.azure-dns.org
Name server malicious score: 0.51%

Domain: amazon-account-store.com
Name server: ns4-06.azure-dns.info
Name server malicious score: 0.52%

Domain: amazon-account-support-app.com
Name server: ns1-08.azure-dns.com
Name server malicious score: 0.46%

Domain: amazon-account-support-app.com
Name server: ns2-08.azure-dns.net
Name server malicious score: 0.45%

Domain: amazon-account-support-app.com
Name server: ns3-08.azure-dns.org
Name server malicious score: 0.46%

Domain: amazon-account-support-app.com
Name server: ns4-08.azure-dns.info
Name server malicious score: 0.47%

Domain: amazon-app-account-service.com
Name server: ns1-02.azure-dns.com
Name server malicious score: 0.49%

Domain: amazon-app-account-service.com
Name server: ns2-02.azure-dns.net
Name server malicious score: 0.49%

Domain: amazon-app-account-service.com
Name server: ns3-02.azure-dns.org
Name server malicious score: 0.50%

Domain: amazon-app-account-service.com
Name server: ns4-02.azure-dns.info
Name server malicious score: 0.51%

Domain: amazon-recovery-accounts.com
Name server: ns1-08.azure-dns.com
Name server malicious score: 0.46%

Domain: amazon-recovery-accounts.com
Name server: ns2-08.azure-dns.net
Name server malicious score: 0.45%

Domain: amazon-recovery-accounts.com
Name server: ns3-08.azure-dns.org
Name server malicious score: 0.46%

Domain: amazon-recovery-accounts.com
Name server: ns4-08.azure-dns.info
Name server malicious score: 0.47%

Domain: amazon-recovery-service.com
Name server: ns1-07.azure-dns.com
Name server malicious score: 0.42%

Domain: amazon-recovery-service.com
Name server: ns2-07.azure-dns.net
Name server malicious score: 0.42%

Domain: amazon-recovery-service.com
Name server: ns3-07.azure-dns.org
Name server malicious score: 0.43%

Domain: amazon-recovery-service.com
Name server: ns4-07.azure-dns.info
Name server malicious score: 0.44%

Domain: amazon-recovery-services.com
Name server: ns1-06.azure-dns.com
Name server malicious score: 0.51%

Domain: amazon-recovery-services.com
Name server: ns2-06.azure-dns.net
Name server malicious score: 0.51%

Domain: amazon-recovery-services.com
Name server: ns3-06.azure-dns.org
Name server malicious score: 0.51%

Domain: amazon-recovery-services.com
Name server: ns4-06.azure-dns.info
Name server malicious score: 0.52%

Domain: amazon-support-apps.com
Name server: ns1-08.azure-dns.com
Name server malicious score: 0.46%

Domain: amazon-support-apps.com
Name server: ns2-08.azure-dns.net
Name server malicious score: 0.45%

Domain: amazon-support-apps.com
Name server: ns3-08.azure-dns.org
Name server malicious score: 0.46%

Domain: amazon-support-apps.com
Name server: ns4-08.azure-dns.info
Name server malicious score: 0.47%

Domain: amazon-supports-recovery.com
Name server: ns1-06.azure-dns.com
Name server malicious score: 0.51%

Domain: amazon-supports-recovery.com
Name server: ns2-06.azure-dns.net
Name server malicious score: 0.51%

Domain: amazon-supports-recovery.com
Name server: ns3-06.azure-dns.org
Name server malicious score: 0.51%

Domain: amazon-supports-recovery.com
Name server: ns4-06.azure-dns.info
Name server malicious score: 0.52%

Domain: amazongroundmember.com
Name server: ns1-03.azure-dns.com
Name server malicious score: 0.45%

Domain: amazongroundmember.com
Name server: ns2-03.azure-dns.net
Name server malicious score: 0.45%

Domain: amazongroundmember.com
Name server: ns3-03.azure-dns.org
Name server malicious score: 0.47%

Domain: amazongroundmember.com
Name server: ns4-03.azure-dns.info
Name server malicious score: 0.47%

Domain: amazonverifyallert.com
Name server: ns1-05.azure-dns.com
Name server malicious score: 0.48%

Domain: amazonverifyallert.com
Name server: ns2-05.azure-dns.net
Name server malicious score: 0.48%

Domain: amazonverifyallert.com
Name server: ns3-05.azure-dns.org
Name server malicious score: 0.49%

Domain: amazonverifyallert.com
Name server: ns4-05.azure-dns.info
Name server malicious score: 0.49%

Domain: apps-amazon-recovery.com
Name server: ns1-08.azure-dns.com
Name server malicious score: 0.46%

Domain: apps-amazon-recovery.com
Name server: ns2-08.azure-dns.net
Name server malicious score: 0.45%

Domain: apps-amazon-recovery.com
Name server: ns3-08.azure-dns.org
Name server malicious score: 0.46%

Domain: apps-amazon-recovery.com
Name server: ns4-08.azure-dns.info
Name server malicious score: 0.47%

Not forgetting to mention the WhoIs server: X-Force was able to retrieve the WhoIs server information where we were also able to determine the number of domains each WhoIs server manages and as well adding the malicious rating of the domains in the pool.

Domain: amazon-account-app-services.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-service-recovery.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-service-support.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-service-supports.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-services-support.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-store.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-account-support-app.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-app-account-service.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-recovery-accounts.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-recovery-service.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-recovery-services.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-support-apps.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazon-supports-recovery.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazongroundmember.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: amazonverifyallert.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Domain: apps-amazon-recovery.com
Whois server: whois.wildwestdomains.com
Whois server malicious score: 0.08%

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: