Add to azezieldraconous[.]com to wildcard-domain list

[g0d33p3rsec]

Phishing Domain/URL/IP(s):

https://azezieldraconous.com/Mk82RTVaMjg0djE4MVo=
https://azezieldraconous.com/M1czaTBQNmQzUTZnOVM=
https://azezieldraconous.com/M3QzVjBVN1E0YzNSMDQ=
https://azezieldraconous.com/MzYydTVWOGY5WDZTNVo=
https://azezieldraconous.com/M1UydTRlNEMwbzQ4OHA=
https://azezieldraconous.com/M1EyRzZxMVk0aTFnMGY=
https://azezieldraconous.com/M1QxWjVZN3E3aDVKOEo=
https://azezieldraconous.com/M2EzZzA0OFUwRzFTMTU=
https://azezieldraconous.com/M2cyZTZvOGQydjBIOXk=
https://azezieldraconous.com/MzYyNzZMNTM5NzI1N0E=
https://azezieldraconous.com/M3IzWjBtN0MxeDFXM0E=
https://azezieldraconous.com/M1QyTTlkOWczODRyOFg=
https://azezieldraconous.com/M2YyYTVPOU85WTdvNjc=
https://azezieldraconous.com/M20zZTBuN1c4RjhuNGE=
https://azezieldraconous.com/M3oyMTRSNXk3YzFJOXE=
https://azezieldraconous.com/MzgyMjZsN1U2MjR3Nm8=
https://azezieldraconous.com/M3EyeTZGNXQ5YjJONzk=
https://azezieldraconous.com/M2IzNDBQN0gwdTgwOU4=
https://azezieldraconous.com/Mm44MzNsMnI5ajcwODI=
https://azezieldraconous.com/M08xVzlZMmY4ZzJwN0o=
https://azezieldraconous.com/M2YyejViOE85ODVQM1c=
https://azezieldraconous.com/MlY0MzZpN2MyaDgwM3Q=
https://azezieldraconous.com/M3czTTBON3gzZTEwM28=
https://azezieldraconous.com/MzgyUjdUNmk4YjNjOFc=

Impersonated domain

https://facebook.com/
https://www.betway.co.za
https://www.tut.ac.za/
https://www.ufs.ac.za/
https://www.uwc.ac.za/
https://www.wits.ac.za/
https://www.wsu.ac.za/

Describe the issue

This domain is now serving the phishing kit that was previously at westernautomobileassembly[.]com (#376) , littleswanaircon[.]com[.]sg (#372), iwan2travel[.]com(#370 ), applesforfred[.]com (#369), theaerie[.]ca (#367), nico[.]sa (#366), and ajstelecom[.]com[.]mx (#362)

Related external source

Screenshot

Click to expand

[spirillen]

Thanks again for your commit 🥇

[g0d33p3rsec]

Thanks again for your commit 🥇

A pleasure, as always.

[g0d33p3rsec]

@spirillen just a heads up, it looks like this domain is active again. This is the first time I've seen a domain reused.

https://azezieldraconous.com/M2syaDY5MEQyZzFKOTA=
https://azezieldraconous.com/M1YyVTZDOGsyYjA1OU4=
https://azezieldraconous.com/M3AyMDVJOG85bzVsM3I=
https://azezieldraconous.com/MzIyNTVHOUEzaTIzOW8=
https://azezieldraconous.com/M3kyMjVDOG83eTFzNXc=
https://azezieldraconous.com/M1UzQzAxOE04WTl0MGk=
https://azezieldraconous.com/M20zdzB1ODYxYTVGMUI=
https://azezieldraconous.com/M1EzVTRMNkU0RjVYM1k=
https://azezieldraconous.com/M0kzdDRqNWg5cjdCN2U=
https://azezieldraconous.com/MzYxSTc5N0ozeTlaMzM=
https://azezieldraconous.com/MzMzNTBHODMwMTJyMFY=
https://azezieldraconous.com/M3AxejZRNlE1azNLOE8=

Click to expand

[g0d33p3rsec]

@spirillen unless I'm missing something, I'm unable to find any record of this domain in the upstream repo. Seeing as this is the first instance where the actor has reused a previous domain, it is causing me more concern than the previous omissions. Should one of us be considering filing an issue upstream?

cc @mitchellkrogza - do you have any suggestions that I could help with?

[spirillen]

I'm unable to find any record of this domain in the upstream repo

Your right... seems to be related to #395, I'm the only project who have this record active...

---

You can always use this repo to do search on external projects https://github.com/external-sources/hosts-sources?tab=readme-ov-file#external-sources including this one and the upstream

PS: If you know any other that should be included, please just make a PR 😄

---

@mitchellkrogza + @funilrys , seem the workflow for phishing.database is broken...

GitHub

GitHub - external-sources/hosts-sources: Script to keep lists of external hosts sources up to date in a raw domain.tld format for easier manipulating date from external sources to search through for known records

Script to keep lists of external hosts sources up to date in a raw domain.tld format for easier manipulating date from external sources to search through for known records - external-sources/hosts-...

[g0d33p3rsec]

If you know any other that should be included, please just make a PR

I found a second instance of a previous domain being reused without protection and added it to the issue reported in #395. Similar to the previously mentioned domain, this one is also still visible in your list but not in the Phishing Database. If the entries are failing to make their way upstream, what should I change for making a PR? The domains are visible in this repo so I'm failing to see what good a second PR would do, though I'm likely misunderstanding something.

[spirillen]

what should I change for making a PR?

The simple answer, is nothing, your commits are 100% perfect. The issue isn't in this repo, it lies with phishing.database, hence @mitchellkrogza or @funilrys have to look into it, as I do not have the keys to that door.