Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add englishplusmore.com to add-wildcard-domain #404

Conversation

g0d33p3rsec
Copy link
Contributor

Phishing Domain/URL/IP(s):

https://englishplusmore.com/Mmo3STNoMlMzcDRYN3c=
https://englishplusmore.com/M2EzcTVYN0gyVDQzMHg=
https://englishplusmore.com/MzMzaTNhNkkwUjdROWc=
https://englishplusmore.com/M0QyNjZKMk84dTVwNzY=
https://englishplusmore.com/M2cxQTg3NDc5MjVHM00= 
https://englishplusmore.com/MzYxZjhpNE85dTVuM3M= 
https://englishplusmore.com/M0szMzVUNlQ0NDBkNkE=
https://englishplusmore.com/M1QzczVuNjIyMjd1NWU=
https://englishplusmore.com/MzkyTzlSOWszQzRZOFk=
https://englishplusmore.com/M0YzaDVqNlE1ODB4M1o=
https://englishplusmore.com/MzMwZDJ6N3kxVjVKOUk=
https://englishplusmore.com/M0QzcDUwN1MxUzBxNVk=
https://englishplusmore.com/M1kzbzVyMFQzMTJmMFg=
https://englishplusmore.com/MzgyUjlMN0Q0UjhpODA=
https://englishplusmore.com/M0QzMDF5MVo0VDNLNW8=
https://englishplusmore.com/M2gzVTE4OXM3YTNGMlU=
https://englishplusmore.com/M0YzaDVqNlE1ODB4M1o=
https://englishplusmore.com/M0MzbTNEOWoxMDg4MDg=
https://englishplusmore.com/M2gybjZrMHY5MjRaNmc=
https://englishplusmore.com/M0YzZTN6NXk5ZDRrOUc=
https://englishplusmore.com/M1MyQzZrMGY5ZTRyNjk=
https://englishplusmore.com/MzYzWTVkNFY2bjk5OVk=
https://englishplusmore.com/MzgzNDU4NlI0YTl2NkM=
https://englishplusmore.com/M2MzMDBMMks0cjJsNms=
https://englishplusmore.com/MzUyNDh0OVgyODR2MTk=
https://englishplusmore.com/M0MzdTVyNm0zbjRuMmo=
https://englishplusmore.com/M0YxQTNXMkwwdjJlMTY=
https://englishplusmore.com/MzIyQjNzOHY5aTZ2OHg=
https://englishplusmore.com/M2gzSTVSNlY4dTk1MjU=
https://englishplusmore.com/M3UzZzR2OFM3dzRUNng=
https://englishplusmore.com/M2ozVDNPOVM2YTRDMEg=
https://englishplusmore.com/M0MzSDRyNG45UTZHNDk=
https://englishplusmore.com/M3oxczlaNkk5eDZaNXg=

Impersonated domain

https://www.betway.co.za
https://ff.garena.com
https://aviatorgame.net/
https://www.1voucher.co.za/
https://www.tut.ac.za/
https://www.ufs.ac.za/
https://ww1.ukzn.ac.za/
https://www.uwc.ac.za/
https://www.sars.gov.za/

Describe the issue

This domain is now hosting the phishing kit that was previously at carnesboinobre[.]com[.]br(#398), technowide[.]com[.]tr(#396), jestertunes[.]com (#393), safecartusa[.]com (#391), foreverfarley[.]com (#387), azezieldraconous[.]com (#381), westernautomobileassembly[.]com (#376) , littleswanaircon[.]com[.]sg (#372), iwan2travel[.]com(#370 ), applesforfred[.]com (#369), theaerie[.]ca (#367), nico[.]sa (#366), ajstelecom[.]com[.]mx (#362), and many others (approximately 120 domains since 2021).

Related external source

Screenshot

Click to expand

image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

@spirillen spirillen merged commit 2d3584b into mitchellkrogza:main May 29, 2024
spirillen added a commit to mypdns/matrix that referenced this pull request May 29, 2024
@g0d33p3rsec
Copy link
Contributor Author

@spirillen since we're trying to work through the issues with entries failing to make it upstream, I figured I would follow up on this entry to note the observation that the scans that I have attempted against the domain today have all returned a 503 response. A report was filed with the host yesterday. Like many of the domains that this group has used, it was under a company within the umbrella of Newfold Digital, Inc. For those who may be interested, this is the common abuse form that can be used for any of the companies in their portfolio. Considering the reuse of previous domains observed last week, I'm hesitant to rush to any conclusions until I receive a confirmation from the host but feel it is worth mentioning.

image
image
image

@spirillen
Copy link
Collaborator

@g0d33p3rsec This is exactly such info you should add to mypdns/matrix, that is the idea with the domain index

@g0d33p3rsec
Copy link
Contributor Author

@g0d33p3rsec This is exactly such info you should add to mypdns/matrix, that is the idea with the domain index

where should I add the information? Do I just update the issue comment or is there somewhere else that you would like me to list it at?

@g0d33p3rsec g0d33p3rsec deleted the add-englishplusmore.com-to-wildcard-domain-list branch May 29, 2024 22:42
@spirillen
Copy link
Collaborator

where should I add the information? Do I just update the issue comment or is there somewhere else that you would like me to list it at?

You can edit original issue or just drop it as a comment. The idea is to build a knowledge library for why a domain was added to an blacklist, simply to help other to know if they would dare to whitelist it, if they into masochism... 😏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants