Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add intrinsicisle.za.com to add-wildcard-domain #452

Merged
merged 1 commit into from
Jul 14, 2024
Merged

add intrinsicisle.za.com to add-wildcard-domain #452

merged 1 commit into from
Jul 14, 2024

Conversation

g0d33p3rsec
Copy link
Contributor

Phishing Domain/URL/IP(s):

https://intrinsicisle.za.com/MzgwTThXNEIzNjRzNzk=
https://intrinsicisle.za.com/MzE0dDNYODY5eDMwMlQ=
https://intrinsicisle.za.com/M3U0YTM2M004cTFtOWQ=
https://intrinsicisle.za.com/Mzg0RTRQMHMyYjdaOEk=
https://intrinsicisle.za.com/M0ozeDRoNDk4WDdGNUo=
https://intrinsicisle.za.com/M200SDJoN0k3eTZLNVA=
https://intrinsicisle.za.com/M2M0ajRBMDEySDZWNG0=
https://intrinsicisle.za.com/M0cyWTJRMmc3ajdqN2M=
https://intrinsicisle.za.com/M0M0NTF6NFY5VDI3OG4=
https://intrinsicisle.za.com/M3ozVzdPMEgwUzBzMFI=
https://intrinsicisle.za.com/M2QzeTRrOVcyRDJDOXA=
https://intrinsicisle.za.com/M3Y0SDF6ODg3TTJnNGU=
https://intrinsicisle.za.com/Mzg0NzBxODM4cjRwM08=
https://intrinsicisle.za.com/M2Q0MjRIMHQydTFTM0k=
https://intrinsicisle.za.com/MmI3eDhNMG01YTVkOU0=
https://intrinsicisle.za.com/M240dTRGMWcwUDJFMGc=
https://intrinsicisle.za.com/M1o0bzJNNWwzYjlMNU0=
https://intrinsicisle.za.com/M040WTN2OTQ0YzBtMHY=
https://intrinsicisle.za.com/M2IzczhSM1U2SzlFNVo=
https://intrinsicisle.za.com/MzAzSjV3NVA0eDVlNDA=
https://intrinsicisle.za.com/M2cwRTJpMGw1SzQyOTI=
https://intrinsicisle.za.com/M2c0dTNVOHU4TDZyMlI=
https://intrinsicisle.za.com/MzAweDluMnA3cjJWMUk= 
https://intrinsicisle.za.com/M28zZTg2OUg0ZjJyOVU=
https://intrinsicisle.za.com/M2MxNDNBMEg3UTZKMnU=
https://intrinsicisle.za.com/MzUzMzRWMVI1RThVOG8=
https://intrinsicisle.za.com/MzY0MDRNMG80TDBnNkw=
https://intrinsicisle.za.com/M3ozQTNVMFA1ZzV6NXc= 
https://intrinsicisle.za.com/M08yaDlwNmg0ZDVkMGg=
https://intrinsicisle.za.com/MzQyVjNxOE45aDZkOHk=
https://intrinsicisle.za.com/M3M0MzNuNnkzTTltMlU=
https://intrinsicisle.za.com/M0Y0TTJNMWM3ZjlhNEs=
https://intrinsicisle.za.com/M3M0VTRFMGgxWjZ6N2M=
https://intrinsicisle.za.com/MzkzODdkMFQ1VzNpNU4=
https://intrinsicisle.za.com/M3czQzZFNHozSTFXOVc=
https://intrinsicisle.za.com/M04zRjZMM2E4aTc0ODc=
https://intrinsicisle.za.com/M2o0MzNGMkIycDFINDA= 
https://intrinsicisle.za.com/M3k0ZDNzOTYxZDdhMjY=
https://intrinsicisle.za.com/M0QzcDdINHcyRTZGN3E=
https://intrinsicisle.za.com/Mzg0czNwOUk1bDFXMXE=

Impersonated domain

https://www.dropbox.com/
https://facebook.com/
https://www.google.com
https://www.betway.co.za
https://www.1voucher.co.za/
https://ff.garena.com/
https://www.tut.ac.za/
https://ww1.ukzn.ac.za/
https://srd.sassa.gov.za/

Describe the issue

This domain is now hosting the phishing kit that previously at reluzformaturas.com.br (#435), abcmueblesbogota[.]com (#432), ergoterapiacaribu[.]ch (#426), ijconnects[.]com (#421), cbcaps[.]shop (#417), bersowir[.]org (#416), brunotasso[.]com[.]br (#413), wisbechguide[.]uk (#408), pescacancun[.]com (#406), bkengineersindia[.]com (#405), englishplusmore[.]com (#404), carnesboinobre[.]com[.]br (#398), technowide[.]com[.]tr (#396), jestertunes[.]com (#393), safecartusa[.]com (#391), foreverfarley[.]com (#387), azezieldraconous[.]com (#381), westernautomobileassembly[.]com (#376) , littleswanaircon[.]com[.]sg (#372), iwan2travel[.]com (#370), applesforfred[.]com (#369), theaerie[.]ca (#367), nico[.]sa (#366), ajstelecom[.]com[.]mx (#362), and others (more than 130 domains since 2021).

Related external source

Screenshot

Click to expand

image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
bec4161f-d02e-444f-b973-b6fafb7ee9ad
screenshot
f40bc764-a513-4066-91f9-b11863be1004
image
image
image
image
image
image
image
image

@spirillen spirillen merged commit 6121a6c into mitchellkrogza:main Jul 14, 2024
1 check passed
spirillen added a commit to mypdns/matrix that referenced this pull request Jul 14, 2024
@spirillen
intrinsicisle.za.com
ebc69ee 
Fix #706

Rel mitchellkrogza/phishing#452

----

Thanks to jetBrains for sponsoring IntelliJ (Ultimate Edition)
For non-commercial open source.
This helps My Privacy DNS to develop tools and maintain the blacklists.

Signed-off-by: Spirillen <[email protected]>
@spirillen
Copy link
Collaborator

Search result from External Hosts-Sources

@mypdns's External Hosts-Sources can be found here



Sorted result




Search result from easylist




Search in Matrix


Search results from Matrix blacklist project


source/phishing/wildcard.list:intrinsicisle.za.com


Found these RPZ records from My Privacy DNS


id      domain records  type    content
25929541        *.intrinsicisle.za.com.tracking.mypdns.cloud    CNAME   .
25929540        intrinsicisle.za.com.tracking.mypdns.cloud      CNAME   .


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+ Thanks to My Privacy DNS for this knowledge

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Thanks to @g0d33p3rsec

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
          

  
  

  
      @g0d33p3rsec
  g0d33p3rsec


    
    deleted the
    
      
        add-intrinsicisle.za.com-to-wildcard-list
    
    branch

    
      July 14, 2024 16:54
    
    




  

  

    
  


  

      

  This was referenced Jul 20, 2024





  


  

      
   Merged

  






      






  


  

      
   Merged

  






  




  

  

    
  


  

      

  This was referenced Jul 31, 2024





  


  

      
   Merged

  






      






  


  

      
   Merged

  






  




  

  

    
  


  

      

  This was referenced Sep 3, 2024





  


  

      
   Merged

  






      






  


  

      
   Merged

  






      






  


  

      
   Merged

  






  




  

  

    
  


  

      

    @g0d33p3rsec
g0d33p3rsec



    mentioned this pull request
    
      Sep 15, 2024
    





  


  

      
   Merged

  







  




  

  

    
  


  

      

  This was referenced Sep 26, 2024





  


  

      
   Merged

  






      






  


  

      
   Merged

  






      






  


  

      
   Merged

  






  




  

  

    
  


  

      

    @g0d33p3rsec
g0d33p3rsec



    mentioned this pull request
    
      Oct 5, 2024
    





  


  

      
   Merged

  







  













  
  

    

      

  




    


    

      

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



      

    

  




  
    




      

  

    
    

    
  

    Reviewers
  


    

    No reviews






    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

    None yet







      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  



          


Successfully merging this pull request may close these issues.



  


    
  




        
      

    

  
      

  

    

      2 participants
    

    

        
          @g0d33p3rsec 
        
          @spirillen