Add weebly subdomains to domain blocklist

[g0d33p3rsec]

Phishing Domain/URL/IP(s):

1anddomailef.weebly.com
276793063274096995.weebly.com
attconsultant.weebly.com
daxugukixirujin.weebly.com
eur02-db5-obe.weebly.com
fexaxotira.weebly.com
fitokuzigijot.weebly.com
fomunova.weebly.com
fovokutiro.weebly.com
fozaronu.weebly.com
frugihb5rfvnjced0e9uhbfndxws.weebly.com
fupexojor.weebly.com
fuwurukuzubefek.weebly.com
gilanevevo.weebly.com
gonupedifi.weebly.com
gufakapefevem.weebly.com
jemogofeti.weebly.com
jeziwirumefije.weebly.com
jhdv15jd95.weebly.com
jigaxokere.weebly.com
kenufipafalenar.weebly.com
kkkdocument.weebly.com
kufidadifijerid.weebly.com
l0ginboxmail.weebly.com
ladupizisegi.weebly.com
ledajesaler.weebly.com
lejonajij.weebly.com
lemorixumo.weebly.com
lfjgljflgjd.weebly.com
lifezubolafa.weebly.com
lomobesozav.weebly.com
lonerunit.weebly.com
lotufepipum.weebly.com
lovarewido.weebly.com
luselovuxetox.weebly.com
luvodufugatese.weebly.com
luxufaxunixepu.weebly.com
masenajeronuzes.weebly.com
megogira.weebly.com
meruxanige.weebly.com
metonokosaza.weebly.com
mevimozow.weebly.com
mijuzitomos.weebly.com
mikatafa.weebly.com
mivezosikobo.weebly.com
moxalabukeziro.weebly.com
munuteme.weebly.com
nikonewakudofu.weebly.com
nivirijimukavut.weebly.com
nufivinob.weebly.com
nukevokisoget.weebly.com
nukivobiwej.weebly.com
nulupuro.weebly.com
owansuemo.weebly.com
pamuvomamutafa.weebly.com
patawera.weebly.com
patt1min1stud07bst.weebly.com
penopetidurip.weebly.com
pozefixinez.weebly.com
puneliten.weebly.com
punuvenow.weebly.com
purusoze.weebly.com
putoluxadap.weebly.com
puxokobipo.weebly.com
puzerufatuv.weebly.com
puzubogo.weebly.com
redunexodozik.weebly.com
rejafolurolege.weebly.com
rejowuboxobe.weebly.com
renunuvejo.weebly.com
rerijore.weebly.com
rifusefabizavi.weebly.com
rijopadanag.weebly.com
rijujofa.weebly.com
riluvozig.weebly.com
rimofunoduw.weebly.com
rinizazekuke.weebly.com
rizimajapalikum.weebly.com
rizomoxus.weebly.com
robevumike.weebly.com
rofipufexorijol.weebly.com
rofubedojatedo.weebly.com
roguxewotare.weebly.com
rojumiladikeju.weebly.com
rokojilezel.weebly.com
roluwisotem.weebly.com
romitigab.weebly.com
ronabamipiboti.weebly.com
ronizizuvuf.weebly.com
roxabagoxe.weebly.com
rubosesizip.weebly.com
rugisuvo.weebly.com
rujuzodojavumip.weebly.com
subogepaweb.weebly.com
sufifova.weebly.com
sumozizadux.weebly.com
toromadon.weebly.com

Impersonated domain

https://www.att.com/
https://www.dropbox.com/
https://login.ionos.com/
https://uw.co.uk/
https://www.office.com/

Describe the issue

These are some recently active malicious subdomains that are being hosted at weebly.com. Most are to PDF's that VirusTotal labels as "phishing.gen2/phishingx". There are also lure login pages for AT&T, Office, Dropbox, Ionos, and a few others.

Related external source

https://www.virustotal.com/gui/file/1abf8cfc5ce827912dcf54f3b85d3186309f6ba08cfb12bb7b8c17e079cb1ce4
https://www.virustotal.com/gui/file/ab22f6dd4a14f8e8958a1f5e76d9896319b5b345eec69bccc1a8922ebdc24e9c
https://www.virustotal.com/gui/file/7ead3588a310d339b4868074a25f025f9ce7a5d64f4b5ded13c7beb044002593
https://urlscan.io/result/0b36c380-1e58-4510-a892-9c04d0013b2d/
https://www.virustotal.com/gui/url/b605c87782c750d79b25ccd096bd1138735a22c5b85e9de7ab40015f5414c189
https://urlscan.io/result/7d829fca-f01e-4548-9096-a4b88cb654f4/
https://www.virustotal.com/gui/url/81f062ef999779b3a02a6b90008b5b32cfee0472789b969d0872689e4df0e08a
https://urlscan.io/result/b8ad2ea6-96df-457b-bcaf-3965e81e0243/
https://www.virustotal.com/gui/url/25e5bac4cd8138a321cc9b3347becb26be01438275cfc58bea6aa6d89f48f815
https://urlscan.io/result/de915cbe-1fd3-4664-ad84-2973757c8439/
https://www.virustotal.com/gui/url/625b4a2d32456b9b74b2c4940f9e5bb65acc21454dc770ce817780a363c16473
https://urlscan.io/result/70797b47-ed74-46a0-b8c9-93fc9b0fabc2/
https://www.virustotal.com/gui/url/32645d03e350f591cf81d42e383dafbe809c47a2dd518b49bf5a5d4d8eb84792
https://urlscan.io/result/2468f63d-4827-4c3f-b8b8-07cbaf5c18a0/
https://www.virustotal.com/gui/url/e7130ff4c22f3c5db980ffa05759c8087c515ddf599714e85f541115dedac789
https://urlscan.io/result/4f745826-38ed-47f8-a8c1-fc61dda0090b/
https://www.virustotal.com/gui/url/468cbcf2443d553d0f55c7f746e3e6e0581b7f41be6ceaa92c2c43810b47f9b7
https://urlscan.io/result/57e921c5-90a2-494f-84ce-20b397808992/
https://www.virustotal.com/gui/url/0d43c6ba399068ad369f63ebe89530550e0d0f3b42a3fd8555ea3604bf088eee
https://urlscan.io/result/a447e2ae-0fb7-43d4-b43e-5c23f4117be2/
https://www.virustotal.com/gui/url/da6d44f9fa72fe0b280c82ee38175d96d314a7b2bb6d6bcfd10171b4c47bb1cc
https://urlscan.io/result/1219d34e-51e7-4b54-8fb0-f2328aa25e42/
https://www.virustotal.com/gui/url/5564b443625bb0c4b039a0db74ad6bb5356c2848a6496796b9bcd4a3aa279866
https://urlscan.io/result/5e5a483a-8420-47b3-a4d5-c5f967ea4273/
https://www.virustotal.com/gui/url/fdf6521e8fda7e7212eccca2098fc3eaa4c158bd3212d914aab9ddc77ed70b4f
https://urlscan.io/result/52373eaf-9d4a-4c7d-856a-ffe572d6c8fd/
https://www.virustotal.com/gui/url/131d85b30cc08d5f12376e2628b63471b71b47135515d0e3fb414f66fe693ca8
https://urlscan.io/result/092174db-e064-470e-bc74-2411b7bce2cc/
https://www.virustotal.com/gui/url/60c80e9d9eb7309d3427177e6bc813c1b3561ea24b38efff72c0d38892cc423e
https://urlscan.io/result/a8630355-2fb7-40ef-844a-eb38c7c46112/
https://www.virustotal.com/gui/url/8e3bec53f7be9f2e73dda4e82a9b2e594cb2f9444cf5ac0b5f49ac1b1595cb0c
https://urlscan.io/result/be9a2d69-d6f2-4df3-b48a-1657226e603f/
https://www.virustotal.com/gui/url/6265d4851ef689ac05328fe6c2df079602a74e968b6ce025a18ecca1d3a3afd3
https://urlscan.io/result/0c364d08-2684-4b6e-97fb-4ecaa31a2710/
https://www.virustotal.com/gui/url/4636e48f7843495bfe75da5e0b28bec6df38454add6d5331c356f6da97522744
https://urlscan.io/result/fc0eed34-ecba-4656-b583-e300b01aae7c/
https://www.virustotal.com/gui/url/4a31768b06e16e90f50d1dcfb74e0f79411d610bc414b09ce02333fd673e06f0
https://urlscan.io/result/f713b065-7045-4aad-b662-ffb4d527dcd9/
https://www.virustotal.com/gui/url/687e0b9f245ddeec01e1b9ada820613c6cd10922312565675fcd1e39f698cda5
https://urlscan.io/result/613b0675-a021-4412-973d-967ec0b58647/
https://www.virustotal.com/gui/url/822e2792f084c6aa2c3ceed0ad5a5e4a3ce869c7575b7b6f27973f6b524a7c44
https://urlscan.io/result/68431c62-2f9c-4a8c-ab73-8fa4435bba60/
https://www.virustotal.com/gui/url/f54542a1f0102d00c4b90653985bc1732d34821f01823b05da2c8eb13620b3b3
https://urlscan.io/result/e550d7e6-e5e4-43a2-9ce6-f4002608fb87/
https://www.virustotal.com/gui/url/769cdb5a0f31003ef6c78af71c17856798dd8d0d3865876f65dd50d1cb5b9f99
https://urlscan.io/result/e94a8652-4e9b-4908-9e1e-564e6d6cbd71/
https://www.virustotal.com/gui/url/a1c126954a05d0af586b9468f7d7b21ccaaa80adb82c24a56dda51169b4d36ef
https://urlscan.io/result/d5f299ac-d646-43d2-ae7f-7c707e3e9eac/
https://www.virustotal.com/gui/url/1ce632490a1187e97b7e845cf14694da6d644f88c45ee8af57c99aba8df7554c
https://urlscan.io/result/7d711e4c-753f-4dee-b035-97f36a2d1b8e/
https://www.virustotal.com/gui/url/ce0cdaa89602a3dd92a9dd4789f367fe5e61a032c5751ae1b9becfac21cafc1e
https://urlscan.io/result/5ceaa4b2-1914-4a1e-9c1e-5839ab62f872/
https://www.virustotal.com/gui/url/6e916f6a7113650678f3e5ea88cf9b6f3012f0f7c156f90e6d6664a28c21b911
https://urlscan.io/result/85c3beea-0b9e-4a34-9b05-62f100f1f65c/
https://www.virustotal.com/gui/url/a4754bc7a0df4ce862878af6d2c6526f30bb2f0cb7fab881b446bdd7f1e080b5
https://urlscan.io/result/b8e2f753-b59b-4ac6-a77e-768cbdf724b5/
https://www.virustotal.com/gui/url/562698c6fabae2bcbea74c8e58e41e60e6766d01d5475e59a84e508a428b548c
https://urlscan.io/result/5ac81b50-6b6e-4c5d-bd75-8ce3e3b77b18/
https://www.virustotal.com/gui/url/337fcef7222710519ea033ef039ba4f5835faf6b4fba97bdde67616ade87a028
https://urlscan.io/result/58d0c6fa-51f4-4043-b0d1-c9121a32a814/
https://www.virustotal.com/gui/url/3bcc315a33b394c274159fd9f979e681935bc5444eabf3e32d44f4f75fbe16ba
https://urlscan.io/result/e1016990-4c2b-4b27-b305-eb9bb360e496/
https://www.virustotal.com/gui/url/c42f027f46e0503aa819bf999f0b4e9efc22a9351c137a9ee72a1f5a5916e46a
https://urlscan.io/result/93316351-df53-4306-aab2-6997ce9e2e8a/
https://www.virustotal.com/gui/url/100d4c870a48ff125731f59548f0628d7197d7137a4eb3b9f26e9d7fab6f3b4e
https://urlscan.io/result/1db87900-cfcb-47fa-b8e5-07b02022a0a6/
https://www.virustotal.com/gui/url/c9a9eb76964dec02debdbc6c4aa1e20247a99cf2131bb82be894251fc34cdc54
https://urlscan.io/result/0b0c96cd-23f9-41b0-b1c3-c49a948f86d8/
https://www.virustotal.com/gui/url/036ff8eb60bc1d1089e4c4eed1bfa598cb3f0014ab8f961f5af51461ab8d8b25
https://urlscan.io/result/447fb6d8-63f7-41b3-abac-a5ef88802baa/
https://www.virustotal.com/gui/url/cafbb923c5a5c8ca00d8617dd25243a999b1921e4574be43bacd5ec0725cd6b8
https://urlscan.io/result/63abbc7f-a8c3-4e4f-9f15-5831526a0cf9/
https://www.virustotal.com/gui/url/10e8225b647879eb1489e5d885cf9f4f7ac58bb22df8148972be657785e041b3
https://urlscan.io/result/9fb4f4d9-e4d3-4d89-b583-290f7e31d4b1/
https://www.virustotal.com/gui/url/259166e7c9a2be936ef67131259526a7892354941500c014c36ce81af455f56b

Screenshot

Click to expand

[spirillen]

See my comment mypdns/matrix#638 (comment)

[spirillen]

OK, I stay corrected... they have giving The harness to CloudFlare to control there servers, which means nobody can access they domain, nor send any reports...

[g0d33p3rsec]

OK, I stay corrected... they have giving The harness to CloudFlare to control there servers, which means nobody can access they domain, nor send any reports...

No worries, I was initially on the fence myself. What convinced me to take the time to sample the current activity was the observation that many subdomains that were scanned 10-12 months ago were still active. I also think it is useful to sample the various free hosting services from time to time to see how prolific malicious content is on their platforms and how proactive they are about removing it.

[spirillen]

I also think it is useful to sample the various free hosting services from time to time to see how prolific malicious content

Could be a nice handy tool, yes. MR's welcome in @mypdns 😏

[spirillen]

Maybe you'll like to add it the README of tools to make https://github.com/external-sources/domain-hub?tab=readme-ov-file#goals