Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add havenhills.za.com to add-wildcard-domain #459

Merged
merged 1 commit into from
Jul 20, 2024
Merged

add havenhills.za.com to add-wildcard-domain #459

merged 1 commit into from
Jul 20, 2024

Conversation

g0d33p3rsec
Copy link
Contributor

@g0d33p3rsec g0d33p3rsec commented Jul 20, 2024
edited
Loading

Phishing Domain/URL/IP(s):

https://havenhills.za.com/MlE3ZTdHOTIxYjNHOHo=
https://havenhills.za.com/M0Q0VzRnNkYxZDZxMms=
https://havenhills.za.com/M3k0azJxNFY1aTF5OEg=
https://havenhills.za.com/M3YzejVWOFA1ZDVzMGM=
https://havenhills.za.com/M0Q0QTR3MzE4bzRiM0s=
https://havenhills.za.com/M1Y0RzQ1M0M4TzRMM2E= 
https://havenhills.za.com/M3k0azJxNFY1aTF5OEg=

Impersonated domain

Describe the issue

This domain is now hosting the phishing kit that previously at intrinsicisle[.]za[.]com (#452), reluzformaturas.com.br (#435), abcmueblesbogota[.]com (#432), ergoterapiacaribu[.]ch (#426), ijconnects[.]com (#421), cbcaps[.]shop (#417), bersowir[.]org (#416), brunotasso[.]com[.]br (#413), wisbechguide[.]uk (#408), pescacancun[.]com (#406), bkengineersindia[.]com (#405), englishplusmore[.]com (#404), carnesboinobre[.]com[.]br (#398), technowide[.]com[.]tr (#396), jestertunes[.]com (#393), safecartusa[.]com (#391), foreverfarley[.]com (#387), azezieldraconous[.]com (#381), westernautomobileassembly[.]com (#376) , littleswanaircon[.]com[.]sg (#372), iwan2travel[.]com (#370), applesforfred[.]com (#369), theaerie[.]ca (#367), nico[.]sa (#366), ajstelecom[.]com[.]mx (#362), and others (more than 130 domains since 2021).

Beginning with the previous domain, I have noticed some scans being blocked by Cloudflare. As an example, see https://urlscan.io/result/1f5ad61c-6548-4b30-9838-77bfd8412cc1/. Thus far, all scans seem to be blocked on the current domain. Attempting to access locally returns an error message suggesting a misconfiguration with the .htaccess file. Lacking the screenshots I would normally use to verify a new host for this kit, I have attached some screenshots of recent search results showing attempts to distribute links to the domain via social media watering holes. The site has also been flagged as malicious by Google Safe Browsing.

Related external source

https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fhavenhills.za.com%2FM0Q0VzRnNkYxZDZxMms%3D&hl=en

Screenshot

Click to expand

image
image
image
image
image
image
image
image
image

@g0d33p3rsec g0d33p3rsec mentioned this pull request Jul 20, 2024
Closed
@spirillen spirillen merged commit 590d966 into Phishing-Database:main Jul 20, 2024
1 check passed
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 20, 2024
@spirillen
havenhills.za.com
44a6fdc 
Fix #736

Rel Phishing-Database/phishing#459

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
This was referenced Jul 25, 2024
Merged
Merged
@g0d33p3rsec g0d33p3rsec mentioned this pull request Aug 6, 2024
Merged
This was referenced Sep 3, 2024
Merged
Merged
Merged
@g0d33p3rsec g0d33p3rsec mentioned this pull request Sep 15, 2024
Merged
This was referenced Sep 26, 2024
Merged
Merged
Merged
@g0d33p3rsec g0d33p3rsec mentioned this pull request Oct 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@g0d33p3rsec @spirillen