Phishers Go After Potential Car Buyers in Germany | WhoisXML API

Threat Reports

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

Anything sold on the market, especially necessities, are fair game to phishers as campaign hooks. And that’s just what we saw happening with an ongoing phishing campaign targeting German car dealership companies.1

Apart from avoiding 37 domains identified as indicators of compromise (IoCs), blocking access to a couple more artifacts we found through an in-depth analysis may be necessary. We discovered:

  • A couple of unredacted registrant email addresses
  • More than 1,200 possibly connected domains (some registered using the identified unredacted email addresses while others shared the domain IoCs’ IP hosts or contained the same strings)
  • Several IP address resolutions of the domain IoCs
  • A dozen possibly connected domains dubbed “malicious” by various malware engines

Download a sample of the threat research materials now or contact us for accessing the complete research materials.

---

  • [1] https://blog.checkpoint.com/2022/05/10/a-german-car-attack-on-german-vehicle-businesses/
  • [2] https://otx.alienvault.com/pulse/628310c8bc783c2680c6ea60
Try our WhoisXML API for free
Get started