Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add domains associated with 45.9.74.32 to wildcard list #454

Merged
merged 1 commit into from
Jul 15, 2024
Merged

add domains associated with 45.9.74.32 to wildcard list #454

merged 1 commit into from
Jul 15, 2024

Conversation

g0d33p3rsec
Copy link
Contributor

Phishing Domain/URL/IP(s):

farpetor.shop
flameshamer.shop
geriguna.shop
gerlia.shop
gloomcutter.shop
grike.shop
gunigunde.shop
haelma.shop
hild.shop
marda.shop
warcracker.shop
wordbracer.shop
wordmover.shop
wordstaker.shop
zinhice.shop

Impersonated domain

Describe the issue

These domains are being used by the IP address added in #453 to distribute Strella Stealer.

Related external source

https://urlscan.io/search/#page.ip:%2245.9.74.32%22

http://45.9.74.32:8888/2405.dll
https://urlscan.io/result/05800de1-cb02-4a66-9b87-cbdd0e51fb7b/
https://www.virustotal.com/gui/file/b45af8c4a6387a11c5b6d08deebd7af7ffa374ef107eb1fd8546bacf6aa0ccd9

http://farpetor.shop:8888/1030.dll
https://urlscan.io/result/db39e980-bea8-4708-9039-496eab8c7b23/
https://www.virustotal.com/gui/file/7b859940a5df8477aaab96a79cf05887c7c0fd2c88849d5ebf4985798defa075

http://flameshamer.shop:8888/3283.dll
https://urlscan.io/result/a2f0242e-0453-4b3f-b1ae-23de8b5f4146/
https://www.virustotal.com/gui/file/0353f13d43ecdf4777b337434d92868cbb63273e09fb6d6ffdf3678aba75c94d

http://geriguna.shop:8888/4196.dll
https://urlscan.io/result/abec7c13-c896-4b66-8969-3e631204ae7d/
https://www.virustotal.com/gui/file/a49724af51022f84f2bd49aca56cacf0580a49aff6ddc35a5932986fe9681b5b

http://gerlia.shop:8888/2491.dll
https://urlscan.io/result/17014f0a-7f96-474c-a0de-8366be4cd5c5/
https://www.virustotal.com/gui/file/b662ec8d2d3176589286a4f980dd9616a125342901026c2d56ac7900f82ac4a7

http://gloomcutter.shop:8888/3603.dll 
https://urlscan.io/result/fafe0f53-d74a-4d39-bf69-2017f5bb3829/
https://www.virustotal.com/gui/file/daeda9d599e130c346666be5a68bae3194f830088600cadb8853aec29e8c14d5

http://grike.shop:8888/4412.dll 
https://urlscan.io/result/44345277-d802-4c82-8be7-86e737797df9/
https://www.virustotal.com/gui/file/fb4244f7687f7ef0888920c063f37d2a9c0c7028c833f90111fff0ae52a3cc85

http://gunigunde.shop:8888/2326.dll
https://urlscan.io/result/13047a36-576b-4fa9-af08-5aaf1c973924/
https://www.virustotal.com/gui/file/287733039611f7c8ec53b7b81f704c95e7ea08cb54127de8e18d41980bca39fe

http://haelma.shop:8888/1577.dll
https://urlscan.io/result/bdd775c8-590c-4696-9d0a-78ec209ec54b/
https://www.virustotal.com/gui/file/a67baad7a621ad55eed7b155882b040782504170615dec888e3912d50e1981d0

http://hild.shop:8888/3700.dll
https://urlscan.io/result/aa13ca1b-e505-4191-8933-bfa9679fbd22/
https://www.virustotal.com/gui/file/8fe4d6a7d3ac4641d2d66eb4432e419e495d8046728a6f7f0d7a2201e1264657

http://marda.shop:8888/3589.dll
https://urlscan.io/result/fe029096-5ca7-4c32-97a7-ba7f34585aa5/
https://www.virustotal.com/gui/file/cfb764d9bbead46d20643794428742b0f46fb1a233a78f5b0407cbdb24e8b785

http://warcracker.shop:8888/4379.dll
https://urlscan.io/result/d03c3695-8ccf-4f68-b8ad-97a9698ec88d/
https://www.virustotal.com/gui/file/080990e9589d71a7858ad50988e8b030c59c057ddef22082a61f053577b8494f

http://wordbracer.shop:8888/1186.dll
https://urlscan.io/result/8e5ae87e-e0a0-4bf3-9c8d-3042e5504de2/
https://www.virustotal.com/gui/file/e24e526e3eceb1dac179e693d868468f3c3c05855a9366a1eb50ff82131957d2

http://wordmover.shop:8888/2913.dll
https://urlscan.io/result/0fde286f-962d-4f19-b1dc-3b256f84a326/
https://www.virustotal.com/gui/file/f4936979df4e31b5c137e579a3fa4c497dd65b88c3d4e2eb5edac146ae45999d

http://wordstaker.shop:8888/4125.dll
https://urlscan.io/result/882998e5-c8a7-44ca-934d-46a95314a1de/
https://www.virustotal.com/gui/file/64654f4b1cc2661cf6a64a0a4d05277bc5cfbd656e7279a448a51e7074a86d23

http://zinhice.shop:8888/812.dll 
https://urlscan.io/result/7bb2ec3e-8f47-4edf-9637-da68141f5949/
https://www.virustotal.com/gui/file/47a6511782220d4b55e0a1d9111162fa05a48a18ce78fe597ae2ae050af7bd54

Screenshot

Click to expand

@spirillen spirillen merged commit dba040d into Phishing-Database:main Jul 15, 2024
1 check passed
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 15, 2024
@spirillen
Mallware covering several domains and IPs
9f3c9b5 
Domain and IPs
- 77.91.77.81
- 77.91.77.80
- 77.91.77.82
- 85.28.47.30
- 85.28.47.31
- farpetor.shop
- flameshamer.shop
- geriguna.shop
- gerlia.shop
- gloomcutter.shop
- grike.shop
- gunigunde.shop
- haelma.shop
- hild.shop
- marda.shop
- warcracker.shop
- wordbracer.shop
- wordmover.shop
- wordstaker.shop
- zinhice.shop

Fix #708
Fix #709
Fix #710
Fix #711
Fix #712
Fix #713
Fix #714
Fix #715
Fix #716
Fix #717
Fix #718
Fix #719
Fix #720
Fix #721
Fix #722
Fix #723
Fix #724
Fix #725
Fix #726
Fix #727

Rel Phishing-Database/phishing#454

All credit to Scott @g0d33p3rsec
----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
@g0d33p3rsec g0d33p3rsec deleted the add-45.9.74.32-to-IP-block-lists branch July 30, 2024 02:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@g0d33p3rsec @spirillen