Open DarkDiabolos opened 2 months ago
First, I did not inspect your attachment, posts the contents of it in the issue as code using back tics. secondly, use https://github.com/mitchellkrogza/Phishing for add remove requests, and you should use @mypdns to add the knowledge of why you believe any of the IP should be added
GitHubCentral Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/ - mitchellkrogza/phishing
List contents at this moment:
https://nicolascoolman.com/es/download/kmspico/
https://www.sosvirus.net/es/descargar/kmspico/
https://cresca.faa.unicen.edu.ar/2024/02/27/kmspico-windows-10/
https://officialkmspico.info
https://www.kmsauto.info
https://windowsactivator.org
https://officialactivate.com
https://balneariodelugo.com/kmspico-download/
https://kmspico.guru
https://kmspico.top
https://descargarkmspico.org/
https://ccm.net/downloads/tools/9327-kmspico/
https://www.kmspicoofficial.com
https://www.getkmspico.com
https://kmsofficial.org
https://kms-full.com
https://www.officialkmspico.com
https://www.probacons.com/kmspico/
https://kmspi.co
https://www.kmspico.ws/
https://kmspico.io/
https://kmspico-oficial.com
Every one is serving some microsoft kms activator. Not phishing but "Lumma Stealer" malware campaign. See https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff
If you want them to be taken down quickly, you need to report them to domain registrar/hosting providers and file sharing services yourself. If it has a direct download URL or additional malware is downloaded from some URL on these domains (eg. : hxxps://kms-actiw.xyz/abc.exe), please also report here: https://urlhaus.abuse.ch/
please also report here: https://urlhaus.abuse.ch/
Not a bad idea 👍🏻
https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff?__cf_chl_rt_tk=WoocwUG7BF3QDxm._hNn9seAWk4rYDPebgKD.hkqb.4-1725545711-0.0.1.1-4137
is insecure PII data harvester phishing / Scam domain, by the MITM network Cloudflare
The rest we can work with.
URLhaus is a project operated by abuse.ch with the purpose of sharing malicious URLs that are being used for malware distribution
kmspico.top
are taken down
drill -T kmspico.top
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
top. 172800 IN NS a.zdnscloud.com.
top. 172800 IN NS b.zdnscloud.com.
top. 172800 IN NS c.zdnscloud.com.
top. 172800 IN NS d.zdnscloud.com.
top. 172800 IN NS f.zdnscloud.com.
top. 172800 IN NS g.zdnscloud.com.
top. 172800 IN NS i.zdnscloud.com.
top. 172800 IN NS j.zdnscloud.com.
top. 3600 IN SOA a.zdnscloud.com. td_dns_gtld.knet.cn. 1390647111 600 3600 1209600 3600
All the active domains should be added by now
Ref https://kb.mypdns.org/issue/MTX-794 Ref https://kb.mypdns.org/issue/MTX-795 Ref https://kb.mypdns.org/issue/MTX-796 Ref https://kb.mypdns.org/issue/MTX-797 Ref https://kb.mypdns.org/issue/MTX-798 Ref https://kb.mypdns.org/issue/MTX-799 Ref https://kb.mypdns.org/issue/MTX-800 Ref https://kb.mypdns.org/issue/MTX-801 Ref https://kb.mypdns.org/issue/MTX-802 Ref https://kb.mypdns.org/issue/MTX-803 Ref https://kb.mypdns.org/issue/MTX-804 Ref https://kb.mypdns.org/issue/MTX-805 Ref https://kb.mypdns.org/issue/MTX-806 Ref https://kb.mypdns.org/issue/MTX-807 Ref https://kb.mypdns.org/issue/MTX-808 Ref https://kb.mypdns.org/issue/MTX-809 Ref https://kb.mypdns.org/issue/MTX-810 Ref https://kb.mypdns.org/issue/MTX-811 Ref https://kb.mypdns.org/issue/MTX-812 Ref https://kb.mypdns.org/issue/MTX-813 Ref https://kb.mypdns.org/issue/MTX-814 Ref https://kb.mypdns.org/issue/MTX-815
Hi! I have a list of dangerous domains/urls. Can I give it to you to check? All of them distribute phishing files. List.txt