Looking at my favorite pet peeves, IDN homoglyph domains, it appears actors are targeting procurement SaaS procurify[.]com from Russian IPs, example:
xn--procurfy-h2a[.]com
which in most contexts displays as:
procurífy[.]com
(note the diacritical mark over the i)
Interestingly, the IP hosts several other sites targeting Brunei and Dubai.
#threatintel
Ian Campbell /
npub155…dnysn
2024-04-29 15:18:01
in reply to nevent1q…nmpc
Author Public Key
npub155t0ydv2yz5sc4sta5jmxnannmjm6y48rpur0huvj6seuqrseekszdnysnSeen on
wss://relay.noswhere.comPublished at
2024-04-29 15:18:01Event JSON
{
"id": "2fde107e424cd3e9d028430a6c7224eb17cb891979fdc6e7a97700fb78e9d070",
"pubkey": "a516f2358a20a90c560bed25b34fb39ee5bd12a7187837df8c96a19e0070ce6d",
"created_at": 1714403881,
"kind": 1,
"tags": [
[
"e",
"0c46303f8ea1daecee52a8d6158b3417dcac92a065b63172a93f5ac2833eedcf",
"wss://relay.mostr.pub",
"reply"
],
[
"t",
"threatintel"
],
[
"proxy",
"https://masto.deoan.org/users/neurovagrant/statuses/112355172773974765",
"activitypub"
]
],
"content": "Looking at my favorite pet peeves, IDN homoglyph domains, it appears actors are targeting procurement SaaS procurify[.]com from Russian IPs, example:\n\nxn--procurfy-h2a[.]com\n\nwhich in most contexts displays as:\n\nprocurífy[.]com\n\n(note the diacritical mark over the i)\n\nInterestingly, the IP hosts several other sites targeting Brunei and Dubai.\n\n#threatintel",
"sig": "ffa2b6504f60060d4cea69c7512cc61890a8e8d35f1c487757bc1284a3dfbcc2754e583589937b9085b64986e42d8567c3ef79151f4c1226e4a55403a89c6c70"
}