Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add workshopauthor.com to add-wildcard-domain #455

Conversation

g0d33p3rsec
Copy link
Contributor

@g0d33p3rsec g0d33p3rsec commented Jul 15, 2024

Phishing Domain/URL/IP(s):

45.137.190.202
steam.workshopauthor.com
steam.workshopstyle.com
steam.workshopsmaker.com
steam.workshopusers.com
https://steam.workshopauthor.com/sharedfiles/filedetails/ak47_hyperbeast2/
https://steam.workshopauthor.com/sharedfiles/filedetails/Merciless_Reaper/
https://steam.workshopstyle.com/sharedfiles/filedetails/ak47_hyperbeast/
https://steam.workshopstyle.com/sharedfiles/filedetails/ak47_blazedemon/
https://steam.workshopsmaker.com/sharedfiles/filedetails/ak47_hyperbeast2/
http://steam.workshopusers.com/sharedfile/filedetails/ak47-GoldenHour

Impersonated domain

https://store.steampowered.com/

Describe the issue

This domain is hosting multiple Steam lure pages on the steam subdomain. Additionally, the IP address 45.137.190.202 can be seen to be hosting multiple additional staged Steam related domains.

Related external source

https://urlscan.io/result/e0dec782-b483-4f58-a568-24f8830c34c8/
https://urlscan.io/result/88fb4a58-cc4e-465a-bd82-2b36d2f19fcb
https://urlscan.io/result/002b38b2-435e-49b7-8449-4996db507171
https://urlscan.io/result/9a13f144-da4a-4eed-9afe-5bd3de2b4166/
https://urlscan.io/result/2be5dbd0-01cd-4718-ba1c-fcba70f319cf/

Screenshot

Click to expand

e0dec782-b483-4f58-a568-24f8830c34c8
screenshot

Copy link
Contributor

@spirillen spirillen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@spirillen spirillen merged commit 0cd8706 into Phishing-Database:main Jul 15, 2024
1 check passed
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 15, 2024
Domain and IPs
- 45.137.190.202
- workshopauthor.com
- workshopsmaker.com
- workshopstyle.com
- workshopusers.com
- steamcommunity.com.es
- communitybrowserpowered.com

Fix #728
Fix #729
Fix #730
Fix #731
Fix #732
Fix #733
Fix #734

Rel Phishing-Database/phishing#455

All credit to Scott @g0d33p3rsec
----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
@g0d33p3rsec g0d33p3rsec deleted the add-workshopauthor.com-to-wildcard-list branch November 28, 2024 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants