Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add 87.228.9.175 to IP blocklists #450

Conversation

g0d33p3rsec
Copy link
Contributor

@g0d33p3rsec g0d33p3rsec commented Jul 12, 2024

Phishing Domain/URL/IP(s):

87.228.9.175
agenttres.cc
nebulaquestcorporation.cc
mail.clukoutlet.com
lajollaautorepairs.com
scratchedcards.com
srekmmail.scratchedcards.com
useohbaby.com
cpcontacts.yourshowproductions.com
https://agenttres.cc/
https://nebulaquestcorporation.cc/cdnusa/invoiceupsstage
http://mail.clukoutlet.com/
https://lajollaautorepairs.com/cart/VBDVMGWB.exe
https://scratchedcards.com/update/invoice_past
https://scratchedcards.com/can/IHBHXXQF.exe
https://scratchedcards.com/can/cantruck
https://scratchedcards.com/binary/scrscrscr
https://scratchedcards.com/binary/wizardWatcher.exe
https://useohbaby.com/ 
http://cpcontacts.yourshowproductions.com/ 

Impersonated domain

Describe the issue

This IP address and its associated domains are being used to distribute Lumma Stealer.

Related external source

https://urlscan.io/search/#page.ip:%2287.228.9.175%22
https://app.any.run/tasks/82700ba4-69b0-4479-8148-71ce74324606/
https://any.run/report/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34/82700ba4-69b0-4479-8148-71ce74324606
https://any.run/report/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e/639b23af-a076-4563-8889-b8f0895f11a3
https://tria.ge/240712-yyrq8sybrp/behavioral1
https://urlscan.io/result/e79640b4-6ca8-4bc9-b08e-b3b5955947b6/
https://www.virustotal.com/gui/file/9d9cfd342000ad5655052b050abd59afd502e4e570335c5922da03c117ec2749
https://urlscan.io/result/247adbd8-60ed-4887-96dc-c0751332892c/
https://www.virustotal.com/gui/file/ee4a9350d2f86473b8bee1aaea30d427ac97d9e83f8b5379dfa966bf6080e3ab
https://urlscan.io/result/1bcaff89-5bcd-459a-8a37-c4694551dcf7/
https://www.virustotal.com/gui/file/b67dd604d01052c74a4f37160a7595d513c47f4974ccd4a35bdaecdaa38aeb34
https://urlscan.io/result/d7d70aa7-eb5b-457d-bc1d-7225b5ca4fc8/
https://www.virustotal.com/gui/file/59d2c2ca389ab1ba1fefa4a06b14ae18a8f5b70644158d5ec4fb7a7eac4c0a08
https://urlscan.io/result/3b6ed669-431f-4663-abdb-0ecbc662c2a2/
https://www.virustotal.com/gui/file/c6ddf38097bdc8e2f9830c87e7574d48fdd2c95cf799307b1a32a1c2ceadbc70
https://urlscan.io/result/a80c0c90-4a25-422c-b580-738f1f6b01fa/
https://www.virustotal.com/gui/file/756f2e371907a0da90e5b73f4c61060d0884e56bd20990928ce18c9604c5283e
https://urlscan.io/result/3ce821f5-7811-44c2-ad5c-c3fccc73e7f1/
https://urlscan.io/result/ef983f61-edc6-4a31-99e6-6ebbeab7d9bf/
https://www.virustotal.com/gui/file/584945fbd2076bc151184065a72373f87405136be7b0131d36ded7d986b968fc

Screenshot

Click to expand

image
image
image
image

spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Fix #681

Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Fix #682

Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Fix #683

Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 13, 2024
Fix #684

Rel Phishing-Database/phishing#450

Credit @g0d33p3rsec

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
@g0d33p3rsec g0d33p3rsec closed this Sep 5, 2024
@spirillen
Copy link
Contributor

@g0d33p3rsec Why did you close this one? I don't even see why I haven't merged it 😒

@g0d33p3rsec
Copy link
Contributor Author

@g0d33p3rsec Why did you close this one? I don't even see why I haven't merged it 😒

The indicator has lost its tactical value, so I was just trying to take care of some housekeeping. No use in leaving a PR for a two month old stale indicator hanging around. I'll need to dig into it a little more but it seems the domains that were previously hosted at this IP are now at 45.142.44.107

@spirillen
Copy link
Contributor

Thanks for being my memory 😉

@g0d33p3rsec g0d33p3rsec deleted the add-87.228.9.175-to-IP-blocklists branch November 28, 2024 19:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants