Scott Petty
Scott Petty
### Blacklist domain as - [X] Wildcard, The domain should be entirely blacklisted - [ ] Subdomain, We should not blacklist the entire domain, only sub-domains - [ ] Both...
### Blacklist domain as - [X] Wildcard, The domain should be entirely blacklisted - [ ] Subdomain, We should not blacklist the entire domain, only sub-domains - [ ] Both...
### Blacklist domain as - [X] Wildcard, The domain should be entirely blacklisted - [ ] Subdomain, We should not blacklist the entire domain, only sub-domains - [ ] Both...
### Comments This domain is being used to distribute Lumma Stealer. See #681 and https://github.com/mitchellkrogza/phishing/pull/450 ### Wildcard domain records ```CSV scratchedcards.com|malicious ``` ### Sub-Domain records _No response_ ### Hosts (RFC:953)...
### Comments This domain is being used to distribute Lumma Stealer. See #681 and https://github.com/mitchellkrogza/phishing/pull/450 ### Wildcard domain records ```CSV lajollaautorepairs.com|malicious ``` ### Sub-Domain records _No response_ ### Hosts (RFC:953)...
### Comments This domain is being used to distribute Lumma Stealer. See #681 and https://github.com/mitchellkrogza/phishing/pull/450 ### Wildcard domain records ```CSV nebulaquestcorporation.cc|malicious ``` ### Sub-Domain records _No response_ ### Hosts (RFC:953)...
### Comments This IP address and its associated domains are being used to distribute Lumma Stealer. See also: https://github.com/mitchellkrogza/phishing/pull/450 ### Wildcard domain records ```CSV 32.175.9.228.87|malicious ``` ### Sub-Domain records _No...
## Phishing Domain/URL/IP(s): ``` 87.228.9.175 agenttres.cc nebulaquestcorporation.cc mail.clukoutlet.com lajollaautorepairs.com scratchedcards.com srekmmail.scratchedcards.com useohbaby.com cpcontacts.yourshowproductions.com https://agenttres.cc/ https://nebulaquestcorporation.cc/cdnusa/invoiceupsstage http://mail.clukoutlet.com/ https://lajollaautorepairs.com/cart/VBDVMGWB.exe https://scratchedcards.com/update/invoice_past https://scratchedcards.com/can/IHBHXXQF.exe https://scratchedcards.com/can/cantruck https://scratchedcards.com/binary/scrscrscr https://scratchedcards.com/binary/wizardWatcher.exe https://useohbaby.com/ http://cpcontacts.yourshowproductions.com/ ``` ## Impersonated domain ## Describe...
## Phishing Domain/URL/IP(s): ``` 45.89.52.80 shopland.cloud 3to1market.top everythingyouwant.top ozon2mart.top w1shmarket.top wishtochoose.top http://45.89.52.80.sslip.io/WinRing0x64.sys http://ssh.shopland.cloud/WinRing0x64.sys http://3to1market.top/WinRing0x64.sys http://everythingyouwant.top/WindowsUpdate.exe http://everythingyouwant.top/WinRing0x64.sys http://ozon2mart.top/WindowsUpdate.exe http://ozon2mart.top/WinRing0x64.sys http://w1shmarket.top/WindowsUpdate.exe http://w1shmarket.top/WinRing0x64.sys http://www.wishtochoose.top/WindowsUpdate.exe http://wishtochoose.top/WinRing0x64.sys ``` ## Impersonated domain ## Describe the issue...
### Comments Current host of phishing kit. For more information see: https://github.com/Phishing-Database/phishing/pull/869 ### Wildcard domain records ```CSV danmartin.ro|phishing ``` ### Sub-Domain records ```CSV ``` ### Hosts (RFC:952) specific records, not...