add englishplusmore.com to add-wildcard-domain

[g0d33p3rsec]

Phishing Domain/URL/IP(s):

https://englishplusmore.com/Mmo3STNoMlMzcDRYN3c=
https://englishplusmore.com/M2EzcTVYN0gyVDQzMHg=
https://englishplusmore.com/MzMzaTNhNkkwUjdROWc=
https://englishplusmore.com/M0QyNjZKMk84dTVwNzY=
https://englishplusmore.com/M2cxQTg3NDc5MjVHM00= 
https://englishplusmore.com/MzYxZjhpNE85dTVuM3M= 
https://englishplusmore.com/M0szMzVUNlQ0NDBkNkE=
https://englishplusmore.com/M1QzczVuNjIyMjd1NWU=
https://englishplusmore.com/MzkyTzlSOWszQzRZOFk=
https://englishplusmore.com/M0YzaDVqNlE1ODB4M1o=
https://englishplusmore.com/MzMwZDJ6N3kxVjVKOUk=
https://englishplusmore.com/M0QzcDUwN1MxUzBxNVk=
https://englishplusmore.com/M1kzbzVyMFQzMTJmMFg=
https://englishplusmore.com/MzgyUjlMN0Q0UjhpODA=
https://englishplusmore.com/M0QzMDF5MVo0VDNLNW8=
https://englishplusmore.com/M2gzVTE4OXM3YTNGMlU=
https://englishplusmore.com/M0YzaDVqNlE1ODB4M1o=
https://englishplusmore.com/M0MzbTNEOWoxMDg4MDg=
https://englishplusmore.com/M2gybjZrMHY5MjRaNmc=
https://englishplusmore.com/M0YzZTN6NXk5ZDRrOUc=
https://englishplusmore.com/M1MyQzZrMGY5ZTRyNjk=
https://englishplusmore.com/MzYzWTVkNFY2bjk5OVk=
https://englishplusmore.com/MzgzNDU4NlI0YTl2NkM=
https://englishplusmore.com/M2MzMDBMMks0cjJsNms=
https://englishplusmore.com/MzUyNDh0OVgyODR2MTk=
https://englishplusmore.com/M0MzdTVyNm0zbjRuMmo=
https://englishplusmore.com/M0YxQTNXMkwwdjJlMTY=
https://englishplusmore.com/MzIyQjNzOHY5aTZ2OHg=
https://englishplusmore.com/M2gzSTVSNlY4dTk1MjU=
https://englishplusmore.com/M3UzZzR2OFM3dzRUNng=
https://englishplusmore.com/M2ozVDNPOVM2YTRDMEg=
https://englishplusmore.com/M0MzSDRyNG45UTZHNDk=
https://englishplusmore.com/M3oxczlaNkk5eDZaNXg=

Impersonated domain

https://www.betway.co.za
https://ff.garena.com
https://aviatorgame.net/
https://www.1voucher.co.za/
https://www.tut.ac.za/
https://www.ufs.ac.za/
https://ww1.ukzn.ac.za/
https://www.uwc.ac.za/
https://www.sars.gov.za/

Describe the issue

This domain is now hosting the phishing kit that was previously at carnesboinobre[.]com[.]br(#398), technowide[.]com[.]tr(#396), jestertunes[.]com (#393), safecartusa[.]com (#391), foreverfarley[.]com (#387), azezieldraconous[.]com (#381), westernautomobileassembly[.]com (#376) , littleswanaircon[.]com[.]sg (#372), iwan2travel[.]com(#370 ), applesforfred[.]com (#369), theaerie[.]ca (#367), nico[.]sa (#366), ajstelecom[.]com[.]mx (#362), and many others (approximately 120 domains since 2021).

Related external source

Screenshot

Click to expand

[g0d33p3rsec]

@spirillen since we're trying to work through the issues with entries failing to make it upstream, I figured I would follow up on this entry to note the observation that the scans that I have attempted against the domain today have all returned a 503 response. A report was filed with the host yesterday. Like many of the domains that this group has used, it was under a company within the umbrella of Newfold Digital, Inc. For those who may be interested, this is the common abuse form that can be used for any of the companies in their portfolio. Considering the reuse of previous domains observed last week, I'm hesitant to rush to any conclusions until I receive a confirmation from the host but feel it is worth mentioning.

[spirillen]

@g0d33p3rsec This is exactly such info you should add to mypdns/matrix, that is the idea with the domain index

[g0d33p3rsec]

@g0d33p3rsec This is exactly such info you should add to mypdns/matrix, that is the idea with the domain index

where should I add the information? Do I just update the issue comment or is there somewhere else that you would like me to list it at?

[spirillen]

where should I add the information? Do I just update the issue comment or is there somewhere else that you would like me to list it at?

You can edit original issue or just drop it as a comment. The idea is to build a knowledge library for why a domain was added to an blacklist, simply to help other to know if they would dare to whitelist it, if they into masochism... 😏