Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add malicious URIs to link list #420

Merged
merged 2 commits into from
Jun 21, 2024

Conversation

g0d33p3rsec
Copy link
Contributor

Phishing Domain/URL/IP(s):

https://adobepewjgronjgnwkengkjwengrj.pythonanywhere.com/#OMv?cb=5Se1&VfDbGdT4R4ErD54tR1DtR=support&moD=lQB&wE657UyRfVtO=vendor.zohodesk.in&Hy=9rkEH
https://abobelnejgbeghrbghkbshgbshkfb.pythonanywhere.com/#OMv?cb=5Se1&VfDbGdT4R4ErD54tR1DtR=vivek.kumar1&moD=lQB&wE657UyRfVtO=sc.com&Hy=9rkEH
https://adobebeiownwkjngrjwkenfjkewnf.pythonanywhere.com/#OMv?cb=5Se1&VfDbGdT4R4ErD54tR1DtR=adesh.bhatt&moD=lQB&wE657UyRfVtO=hbkworld.com&Hy=9rkEH

Impersonated domain

https://outlook.office.com/

Describe the issue

While investigating a separate domain I came across these malicious URIs, which were hosted at pythonanywhere.com. Virus total reports Zillya results for the related URI's as "Trojan.HEURKryptik.JS.134"

Related external source

https://www.virustotal.com/gui/file/edd12343c19ebacff6cfdc40d55fdc4b3f130a11a640228272af67eb2ff75b02
https://www.virustotal.com/gui/file/916e5ffa2fe9487e7cf6a9b9bede3dab51381b1f7ac39f8783c11db553957a8d
https://www.virustotal.com/gui/file/3f1eb989431e4a3f572584120033521de83abad0614a9960dae76aea3e2ff5f4

Screenshot

Click to expand

image
image

@g0d33p3rsec g0d33p3rsec changed the title Add malicious ur is Add malicious URIs to link list Jun 21, 2024
@g0d33p3rsec
Copy link
Contributor Author

@spirillen I'm not sure how to add this as an issue to your matrix. I don't feel comfortable with wildcarding the domain, only the subdomains, but it looks like the wildcard entry is required. Am I misunderstanding something?
image

@spirillen spirillen merged commit 32115b0 into Phishing-Database:main Jun 21, 2024
@spirillen
Copy link
Contributor

spirillen commented Jun 21, 2024

but it looks like the wildcard entry is required. Am I misunderstanding something?

Just type null as value. It origins from the old template, yet kept to ensure people remember to add domain records 😏

For the subdomains 👍

mypdns/matrix#579

spirillen added a commit to mypdns/matrix that referenced this pull request Jun 21, 2024
@g0d33p3rsec g0d33p3rsec deleted the add-malicious-URIs branch June 21, 2024 20:40
@g0d33p3rsec g0d33p3rsec restored the add-malicious-URIs branch June 21, 2024 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants