Popup (down) - https://us.post-abnormal.life
Registered via NameSilo on October 19, 2023 - Whois post-abnormal.life
The website linked was a commonly-used USPS phishing link that has since been taken offline. While most of these sites are registered via Alibaba Singapore on a Tencent-or-Alibaba-owned US IP address, this one uses 49.51.182.41, an American IP operated by CloudRadium, LLC, a California-based DDoS protection service with a disconnected phone number whose IP addresses were used to host WannaMine, an Internet worm based off of WannaCry used to mine the cryptocurrency Monero from victims’ computers.
CloudRadium is a brand of GlobalData Investments, Inc. alongside CeRaNetworks.com, which hosts servers in Los Angeles, Hong Kong and mainland China whilst accepting payment via credit cards and Bitcoin. Their US office, according to Google Maps, is located at 1200 W. 7th Street, Suite L1-150, Los Angeles, California, 90017.
The company, as CeRaNetworks, is listed on TrustPilot as “A Hong Kong datacenter infrastructure service provider is committed to providing high-quality infrastructure services for SMEs.”
The company also appears to be linked to CNServers, LLC, a subsidiary/business name of CyberNet Servers Limited in Hong Kong that is also believed to be hosting these USPS phishing domains.
Associated Telegram Server - Telegram: Contact @daobaniu
Associated Phone Number - (702) 224-2888 (VoIP, ONVOY)
Associated Email Address - [email protected]
