-
-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move ajstelecom[.]com[.]mx to domain block list #353
Move ajstelecom[.]com[.]mx to domain block list #353
Conversation
Moving this domain to the domain list until the pending abuse ticket can be resolved.
…add-domain list. Housekeeping.
Thanks for your contribution |
It's my pleasure. Thank you for the prompt attention and all of your previous help. |
@spirillen did the commit that was pushed after this 767f5a6 keep this domain from being merged? It looks like this domain disappeared somewhere when the list was sorted. |
@g0d33p3rsec Happy you spotted this... could have been from when I merged a PR from another one, which had a conflict. I add it right up. |
No worries, git can be "fun" sometimes. Many thanks for taking care of that. How long does it usually take that information to propagate to the phishing database? It looks like currently, only a single link is included in the list and most sites when scanned with VT are coming back clean. I will try to file a follow-up abuse report after I catch up on my assignments today. The more detections that I am able to demonstrate, the stronger the case will be that I can make. |
@spirillen after seeing this quickly jump to over 100 URLs, I think I will add the next domain straight to the domain block list if it is related to the same activity group. It was a nice thought, but this group doesn't waste any time, and I'm only seeing the web facing side. I have no visibility into the very likely email campaigns that are also taking place. |
@g0d33p3rsec please do feel free to ad any time to add phishing involved domains as domains vs URI, and I will even encourage you to use the wildcard list. Rationale, if you don't protect your domain... you deserves to be punished. |
Domain/URL/IP(s) where you have found the Phishing:
Impersonated domain
Describe the issue
Moving a domain I began listing by individual links yesterday to the domain list until the host has an opportunity to respond to the abuse ticket that was filed yesterday evening. I began tracking this activity group after receiving a phishing lure at my U.S. .edu email address last August. A Shodan search of the host IP shows ports for email open and I feel it may be better to err on the side of caution given the volume of lures posted from this host to social media watering holes since yesterday.
Related external source
Screenshot
Click to expand