Update add-domain habitatbroward.org

[WebworkrNet]

Domain/URL/IP(s) where you have found the Phishing:

Email spam

Impersonated domain

Probably kaufland.de (German supermarket) - I did not call any of the links for security reasons.

Related external source

https://www.virustotal.com/gui/url/f04c0c760ae219a0a06df084988615ffc907e542985da9ae07ec665d19ca72c7?nocache=1

Describe the issue

https://habitatbroward.org/imaglinks/redirect22.html

Subject
🧺🧺Holen Sie sich IHR kostenloses iPhone 15 Pro#94599🧺🧺

Body

[Anlässlich des Kaufland-Jubiläums erhalten Sie das](https://habitatbroward.org/imaglinks/redirect22.html)


[iPhone 15 Pro](https://habitatbroward.org/imaglinks/redirect22.html)[ #311696](https://habitatbroward.org/imaglinks/redirect22.html)







[[t-online]](https://dl.asnapieu.com/binary/public/IMvSoQVITKCaCmEUJTnfgQ/b977fe6e-d3bc-46df-8156-9ec99e2edf4a)


[[Bild-Link]](https://habitatbroward.org/imaglinks/Kaufland%2015-%20.png)



[[t-online]](https://dl.asnapieu.com/binary/public/IMvSoQVITKCaCmEUJTnfgQ/b977fe6e-d3bc-46df-8156-9ec99e2edf4a)





























=============== ===============758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ
758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ

 

<ApplEt> <p><span style="color: #ECECEC; background-color: #F2F2F2;"><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong></span></p> <p> </p> <oBjeCt> <TitLe> <ApplEt> <p><span style="color: #ECECEC; background-color: #F2F2F2;"><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong><br /><strong>758SijH2fX24IokXWJyHCmF2lOX4GhW8NkI MRhMJ</strong></span></p> <p> </p>

Screenshot

Click to expand

[spirillen]

@WebworkrNet

A couple of tricks or tools to work with these dubious things is curl, drill, lynx, pyfunceble and virtual machines. I do know @iam-py-test have the knowledge for an online service you can use, he might be better to write a simple guide for how to do this.

Maybe he will post to matrix.rocks or a gist here on GH

---

https://habitatbroward.org/imaglinks/redirect22.html redirects to REFRESH(0 sec): https://directorystir.com/0/0/0/2f188ddceac09a6e15293303495552c6/1234567 (lynx)

The target url is dead

However the domain it self seems dubious, so I agree to add it as phishing by domain, but your are missing a couple of involved phishing domains to this MR

asnapieu.com
directorystir.com

---

Please @rebase

[iam-py-test]

habitatbroward.org

Seems (superficially) to be the legitimate Habitat For Humanity of Broward website. Maybe they were hacked (or I'm wrong about them being legitimate).
Thanks

[spirillen]

habitatbroward.org

Seems (superficially) to be the legitimate Habitat For Humanity of Broward website. Maybe they were hacked (or I'm wrong about them being legitimate). Thanks

If you take a peak at the first screendump vs the last one with only to lines of text and a "newsletter" sing up, there are something that seems to match, when you see the site through lynx.

Could you share a alternative dump please

[iam-py-test]

I don't have a screenshot, I just looked them up.
Thanks

[WebworkrNet]

@spirillen It's not entirely clear to me what you want from me.
Should I open a new pull request with the two missing domains?

[spirillen]

Should I open a new pull request with the two missing domains?

From a lazy hand... yes, that is faster and quicker than rebasing 😏

[spirillen]

Closed for inactivity