Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

List of dangerous urls #908

Open
DarkDiabolos opened this issue Sep 3, 2024 · 5 comments
Open

List of dangerous urls #908

DarkDiabolos opened this issue Sep 3, 2024 · 5 comments

Comments

@DarkDiabolos
Copy link

Hi! I have a list of dangerous domains/urls. Can I give it to you to check?
All of them distribute phishing files.
List.txt
@spirillen
Copy link
Contributor

spirillen commented Sep 4, 2024
edited by unfurl-links bot
Loading

First, I did not inspect your attachment, posts the contents of it in the issue as code using back tics. secondly, use https://github.com/mitchellkrogza/Phishing for add remove requests, and you should use @mypdns to add the knowledge of why you believe any of the IP should be added

GitHub
Central Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/ - mitchellkrogza/phishing

@emidaniel
Copy link

emidaniel commented Sep 5, 2024
edited
Loading

List contents at this moment:

https://nicolascoolman.com/es/download/kmspico/
https://www.sosvirus.net/es/descargar/kmspico/
https://cresca.faa.unicen.edu.ar/2024/02/27/kmspico-windows-10/
https://officialkmspico.info
https://www.kmsauto.info
https://windowsactivator.org
https://officialactivate.com
https://balneariodelugo.com/kmspico-download/
https://kmspico.guru
https://kmspico.top
https://descargarkmspico.org/
https://ccm.net/downloads/tools/9327-kmspico/
https://www.kmspicoofficial.com
https://www.getkmspico.com
https://kmsofficial.org
https://kms-full.com
https://www.officialkmspico.com
https://www.probacons.com/kmspico/
https://kmspi.co
https://www.kmspico.ws/
https://kmspico.io/
https://kmspico-oficial.com

Every one is serving some microsoft kms activator. Not phishing but "Lumma Stealer" malware campaign. See https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff

If you want them to be taken down quickly, you need to report them to domain registrar/hosting providers and file sharing services yourself. If it has a direct download URL or additional malware is downloaded from some URL on these domains (eg. : hxxps://kms-actiw.xyz/abc.exe), please also report here: https://urlhaus.abuse.ch/

@spirillen
Copy link
Contributor

spirillen commented Sep 5, 2024
edited by unfurl-links bot
Loading

please also report here: https://urlhaus.abuse.ch/

Not a bad idea 👍🏻

https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff?__cf_chl_rt_tk=WoocwUG7BF3QDxm._hNn9seAWk4rYDPebgKD.hkqb.4-1725545711-0.0.1.1-4137

is insecure PII data harvester phishing / Scam domain, by the MITM network Cloudflare

image

The rest we can work with.

URLhaus is a project operated by abuse.ch with the purpose of sharing malicious URLs that are being used for malware distribution

@spirillen
Copy link
Contributor

kmspico.top are taken down

drill -T kmspico.top
.       518400  IN      NS      a.root-servers.net.
.       518400  IN      NS      b.root-servers.net.
.       518400  IN      NS      c.root-servers.net.
.       518400  IN      NS      d.root-servers.net.
.       518400  IN      NS      e.root-servers.net.
.       518400  IN      NS      f.root-servers.net.
.       518400  IN      NS      g.root-servers.net.
.       518400  IN      NS      h.root-servers.net.
.       518400  IN      NS      i.root-servers.net.
.       518400  IN      NS      j.root-servers.net.
.       518400  IN      NS      k.root-servers.net.
.       518400  IN      NS      l.root-servers.net.
.       518400  IN      NS      m.root-servers.net.
top.    172800  IN      NS      a.zdnscloud.com.
top.    172800  IN      NS      b.zdnscloud.com.
top.    172800  IN      NS      c.zdnscloud.com.
top.    172800  IN      NS      d.zdnscloud.com.
top.    172800  IN      NS      f.zdnscloud.com.
top.    172800  IN      NS      g.zdnscloud.com.
top.    172800  IN      NS      i.zdnscloud.com.
top.    172800  IN      NS      j.zdnscloud.com.
top.    3600    IN      SOA     a.zdnscloud.com. td_dns_gtld.knet.cn. 1390647111 600 3600 1209600 3600

spirillen added a commit to mitchellkrogza/phishing that referenced this issue Sep 5, 2024
@spirillen
malicious domains
3ba567b 
Ref https://kb.mypdns.org/issue/MTX-794
Ref https://kb.mypdns.org/issue/MTX-795
Ref https://kb.mypdns.org/issue/MTX-796
Ref https://kb.mypdns.org/issue/MTX-797
Ref https://kb.mypdns.org/issue/MTX-798
Ref https://kb.mypdns.org/issue/MTX-799
Ref https://kb.mypdns.org/issue/MTX-800
Ref https://kb.mypdns.org/issue/MTX-801
Ref https://kb.mypdns.org/issue/MTX-802
Ref https://kb.mypdns.org/issue/MTX-803
Ref https://kb.mypdns.org/issue/MTX-804
Ref https://kb.mypdns.org/issue/MTX-805
Ref https://kb.mypdns.org/issue/MTX-806
Ref https://kb.mypdns.org/issue/MTX-807
Ref https://kb.mypdns.org/issue/MTX-808
Ref https://kb.mypdns.org/issue/MTX-809
Ref https://kb.mypdns.org/issue/MTX-810
Ref https://kb.mypdns.org/issue/MTX-811
Ref https://kb.mypdns.org/issue/MTX-812
Ref https://kb.mypdns.org/issue/MTX-813
Ref https://kb.mypdns.org/issue/MTX-814
Ref https://kb.mypdns.org/issue/MTX-815

Ref: mitchellkrogza/Phishing.Database#908

## Credit
- [@DarkDiabolos](https://github.com/DarkDiabolos)
@spirillen
Copy link
Contributor

All the active domains should be added by now

Ref https://kb.mypdns.org/issue/MTX-794
Ref https://kb.mypdns.org/issue/MTX-795
Ref https://kb.mypdns.org/issue/MTX-796
Ref https://kb.mypdns.org/issue/MTX-797
Ref https://kb.mypdns.org/issue/MTX-798
Ref https://kb.mypdns.org/issue/MTX-799
Ref https://kb.mypdns.org/issue/MTX-800
Ref https://kb.mypdns.org/issue/MTX-801
Ref https://kb.mypdns.org/issue/MTX-802
Ref https://kb.mypdns.org/issue/MTX-803
Ref https://kb.mypdns.org/issue/MTX-804
Ref https://kb.mypdns.org/issue/MTX-805
Ref https://kb.mypdns.org/issue/MTX-806
Ref https://kb.mypdns.org/issue/MTX-807
Ref https://kb.mypdns.org/issue/MTX-808
Ref https://kb.mypdns.org/issue/MTX-809
Ref https://kb.mypdns.org/issue/MTX-810
Ref https://kb.mypdns.org/issue/MTX-811
Ref https://kb.mypdns.org/issue/MTX-812
Ref https://kb.mypdns.org/issue/MTX-813
Ref https://kb.mypdns.org/issue/MTX-814
Ref https://kb.mypdns.org/issue/MTX-815

spirillen added a commit to mypdns/matrix that referenced this issue Sep 5, 2024
@spirillen
malicious domains
2042e8e 
Fix #794
Fix #795
Fix #796
Fix #797
Fix #798
Fix #799
Fix #800
Fix #801
Fix #802
Fix #803
Fix #804
Fix #805
Fix #806
Fix #807
Fix #808
Fix #809
Fix #810
Fix #811
Fix #812
Fix #813
Fix #814
Fix #815

Ref: mitchellkrogza/Phishing.Database#908

## Credit
- [@DarkDiabolos](https://github.com/DarkDiabolos)

---------

Thanks to Jetbrains for Sponsoring My Privacy DNS with their Open Source software licenses.

Their software helps us develop and maintain My Privacy DNS and other project as they made writing code easier.
spirillen added a commit to mypdns/matrix that referenced this issue Sep 5, 2024
@spirillen
malicious domains
96a9de4 
Fix #MTX-794
Fix #MTX-795
Fix #MTX-796
Fix #MTX-797
Fix #MTX-798
Fix #MTX-799
Fix #MTX-800
Fix #MTX-801
Fix #MTX-802
Fix #MTX-803
Fix #MTX-804
Fix #MTX-805
Fix #MTX-806
Fix #MTX-807
Fix #MTX-808
Fix #MTX-809
Fix #MTX-810
Fix #MTX-811
Fix #MTX-812
Fix #MTX-813
Fix #MTX-814
Fix #MTX-815

Ref: mitchellkrogza/Phishing.Database#908

## Credit
- [@DarkDiabolos](https://github.com/DarkDiabolos)

---------

Thanks to Jetbrains for Sponsoring My Privacy DNS with their Open Source software licenses.

Their software helps us develop and maintain My Privacy DNS and other project as they made writing code easier.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spirillen @DarkDiabolos @emidaniel