search

hagezi / dns-blocklists

DNS-Blocklists: For a better internet - keep the internet clean!
GNU General Public License v3.0
6.52k stars 217 forks source link

aksu.edu.ng #509

Closed sr093906 closed 1 year ago

sr093906 commented 1 year ago

Akwa Ibom State University – AKSU

https://aksu.edu.ng/newsite/

https://rethinkdns.com/search?q=aksu.edu.ng https://www.virustotal.com/gui/url/3d2357c98a7d658ba383bccfcb8952bd0741aee29d4b8698bde722842db05b37/detection

hagezi commented 1 year ago

Blocked by phishing.army and https://gitlab.com/malware-filter/phishing-filter (curated from PhishTank, OpenPhish, phishunt.io)

ping @drego85: false positve?

Domain:
 - aksu.edu.ng

Malware/Phishing/Scam:
 - Malicous?       LIKELY (2)

Top 1M rank:
 - Umbrella:       -/-
 - Tranco:         -/-
 - Chrome:         693562/-

Nofilter DNS:
 - Google          OK

Secure DNS:
 - CleanBrowsing   BLOCKED
 - Cloudflare      OK
 - CONTROLD.TIF    BLOCKED
 - DNS0.eu         OK
 - DNS0.eu.ZERO    OK
 - NextDNS.TIF_AI  OK
 - NRD.DGA.IDN     OK
 - OpenDNS         OK
 - Quad101         OK
 - Quad9           OK
 - SafeDNS         OK
 - UltraDNS        OK
 - Yandex          OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - AhaDNS          BLOCKED
 - CONTROLD        BLOCKED
 - DNSforge.de     BLOCKED
 - EasyList        OK
 - HaGeZi.LIGHT    BLOCKED
 - HaGeZi.NORMAL   BLOCKED
 - HaGeZi.PERSONAL BLOCKED
 - HaGeZi.PRO      BLOCKED
 - HaGeZi.PRO.PLUS BLOCKED
 - HaGeZi.ULTIMATE BLOCKED
 - hBlock          OK
 - Lightswitch05   OK
 - NextDNS         OK
 - NoTracking      BLOCKED
 - OISD            BLOCKED
 - OVPN            OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK
 - Tiarap          BLOCKED

Intels:
 - Google          https://transparencyreport.google.com/safe-browsing/search?url=aksu.edu.ng
 - VirusTotal      https://www.virustotal.com/en/domain/aksu.edu.ng/information/
 - AlienVault      https://otx.alienvault.com/indicator/domain/aksu.edu.ng
 - Bitdefender     https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Faksu.edu.ng
 - FortiGuard      https://www.fortiguard.com/webfilter?q=aksu.edu.ng
 - Kaspersky       https://opentip.kaspersky.com/aksu.edu.ng?tab=web
 - McAfee          https://siteadvisor.com/sitereport.html?url=aksu.edu.ng
 - Norton          https://safeweb.norton.com/report/show?url=aksu.edu.ng
 - OpenDNS         https://domain.opendns.com/aksu.edu.ng
 - URLVoid         https://www.urlvoid.com/scan/aksu.edu.ng/
 - Yandex          https://yandex.com/safety/?l10n=en&url=aksu.edu.ng
drego85 commented 1 year ago

This website is probably compromised, still functioning as a redirect for a phishing campaign. The destination is disabled, but the redirect works.

http://www.aksu[.]edu[.]ng/resultsheet/includes/Online.html

It has been compromised since at least October 3: https://urlscan.io/result/f9d6dc99-f522-4a6d-93c7-ff115da2cdec/

Also in January it was hosting a phishing site:

http://www.aksu[.]edu[.]ng/resultsheet/includes/NavyFederalCredit.Union.HTML

Source:

If @sr093906 manage this website he can fix the problems and then we can request PhishTank and other lists to remove such urls from the blocking lists.

sr093906 commented 1 year ago

Please keep the issue open in case the issue is fixed one day.

hagezi commented 1 year ago

Many thanks @drego85

ghost commented 1 year ago

aksu.edu.ng/resultsheet/includes/Online.html redirected to bevel-invincible-pocket.glitch.me/NavyFederalCreditUnion-Logon.HTML

ghost commented 1 year ago

bevel-invincible-pocket.glitch.me/NavyFederalCreditUnion-Logon.HTML got suspended by "Glitch" for violation of terms of service aksu.edu.ng is likely to be still compromised

hagezi commented 1 year ago

Not necessary to keep the issue open, if the domain is removed from the phishing lists, it will be removed from my lists as well.