add-domain - phishing #736
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Excellent report. Many thanks for the contributions. |
Merged
spirillen
added a commit
to mypdns/matrix
that referenced
this pull request
Feb 3, 2025
Ref Phishing-Database/phishing#735 Ref Phishing-Database/phishing#734 Ref Phishing-Database/phishing#730 Ref Phishing-Database/phishing#720 Ref Phishing-Database/phishing#724 Fix #73585 Rel Phishing-Database/phishing#723 Ref Phishing-Database/phishing#725 Fix #66752 Rel Phishing-Database/phishing#727 Rel Phishing-Database/phishing#729 Ref Phishing-Database/phishing#728 Ref Phishing-Database/phishing#729 Ref Phishing-Database/phishing#732 Ref Phishing-Database/phishing#736 Ref Phishing-Database/phishing#738 Ref Phishing-Database/phishing#739
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Phishing Domain/URL/IP(s):
Impersonated domain
Describe the issue
Most are exactly the same method of attack described in #694 and #703
Reminder: the content on the sites is disguised as a fake Cloudflare captcha, once clicked on which redirects to a third-party “cloaked” domain, most commonly via the
/2.phplink.Detailed examples of such a redirect:
On Cloudflare Radar: https://radar.cloudflare.com/scan/5562f860-3f86-474b-b8b6-a887088116c8/summary
On
urlscan.io: https://urlscan.io/result/f891eb09-0aa4-4f85-a6f5-407ae5ea16bb/Anti-detect “system” has basic AV protection methods, using IP type detection mechanisms and UserAgent types, as this request failed: https://urlscan.io/result/4a759a20-1722-4aa3-9bb2-b63ace9718d5/.
Related external source
https://www.virustotal.com/gui/domain/trust.wallet-web3.io
https://www.virustotal.com/gui/domain/ton-keeper.info
https://www.virustotal.com/gui/domain/metamack.io
https://www.virustotal.com/gui/domain/atomi.cwallet.cc
https://www.virustotal.com/gui/domain/ex.odous.org
https://www.virustotal.com/gui/domain/tronlink.bet
https://www.virustotal.com/gui/domain/trustwallet.ing
https://www.virustotal.com/gui/domain/legder.cc
https://www.virustotal.com/gui/domain/atomic-wallet.trade
https://www.virustotal.com/gui/domain/exod.us.com
https://www.virustotal.com/gui/domain/tonkeeper.ee
Screenshot
Click to expand
So far, only one active company has been able to take a screenshot of it