search

mitchellkrogza / Phishing.Database

Phishing Domains, urls websites and threats database. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active.
MIT License
1.14k stars 257 forks source link

List of dangerous urls #908

Open DarkDiabolos opened 2 months ago

DarkDiabolos commented 2 months ago

Hi! I have a list of dangerous domains/urls. Can I give it to you to check? All of them distribute phishing files. List.txt

spirillen commented 2 months ago

First, I did not inspect your attachment, posts the contents of it in the issue as code using back tics. secondly, use https://github.com/mitchellkrogza/Phishing for add remove requests, and you should use @mypdns to add the knowledge of why you believe any of the IP should be added

GitHub
GitHub - mitchellkrogza/phishing: Central Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/
Central Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/ - mitchellkrogza/phishing
emidaniel commented 2 months ago

List contents at this moment:

https://nicolascoolman.com/es/download/kmspico/
https://www.sosvirus.net/es/descargar/kmspico/
https://cresca.faa.unicen.edu.ar/2024/02/27/kmspico-windows-10/
https://officialkmspico.info
https://www.kmsauto.info
https://windowsactivator.org
https://officialactivate.com
https://balneariodelugo.com/kmspico-download/
https://kmspico.guru
https://kmspico.top
https://descargarkmspico.org/
https://ccm.net/downloads/tools/9327-kmspico/
https://www.kmspicoofficial.com
https://www.getkmspico.com
https://kmsofficial.org
https://kms-full.com
https://www.officialkmspico.com
https://www.probacons.com/kmspico/
https://kmspi.co
https://www.kmspico.ws/
https://kmspico.io/
https://kmspico-oficial.com

Every one is serving some microsoft kms activator. Not phishing but "Lumma Stealer" malware campaign. See https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff

If you want them to be taken down quickly, you need to report them to domain registrar/hosting providers and file sharing services yourself. If it has a direct download URL or additional malware is downloaded from some URL on these domains (eg. : hxxps://kms-actiw.xyz/abc.exe), please also report here: https://urlhaus.abuse.ch/

spirillen commented 2 months ago

please also report here: https://urlhaus.abuse.ch/

Not a bad idea 👍🏻

https://app.any.run/tasks/2c0fdd8a-b4a4-451f-ad67-50b598ffa7ff?__cf_chl_rt_tk=WoocwUG7BF3QDxm._hNn9seAWk4rYDPebgKD.hkqb.4-1725545711-0.0.1.1-4137

is insecure PII data harvester phishing / Scam domain, by the MITM network Cloudflare

image

The rest we can work with.

URLhaus | Malware URL exchange
URLhaus is a project operated by abuse.ch with the purpose of sharing malicious URLs that are being used for malware distribution
spirillen commented 2 months ago

kmspico.top are taken down

drill -T kmspico.top
.       518400  IN      NS      a.root-servers.net.
.       518400  IN      NS      b.root-servers.net.
.       518400  IN      NS      c.root-servers.net.
.       518400  IN      NS      d.root-servers.net.
.       518400  IN      NS      e.root-servers.net.
.       518400  IN      NS      f.root-servers.net.
.       518400  IN      NS      g.root-servers.net.
.       518400  IN      NS      h.root-servers.net.
.       518400  IN      NS      i.root-servers.net.
.       518400  IN      NS      j.root-servers.net.
.       518400  IN      NS      k.root-servers.net.
.       518400  IN      NS      l.root-servers.net.
.       518400  IN      NS      m.root-servers.net.
top.    172800  IN      NS      a.zdnscloud.com.
top.    172800  IN      NS      b.zdnscloud.com.
top.    172800  IN      NS      c.zdnscloud.com.
top.    172800  IN      NS      d.zdnscloud.com.
top.    172800  IN      NS      f.zdnscloud.com.
top.    172800  IN      NS      g.zdnscloud.com.
top.    172800  IN      NS      i.zdnscloud.com.
top.    172800  IN      NS      j.zdnscloud.com.
top.    3600    IN      SOA     a.zdnscloud.com. td_dns_gtld.knet.cn. 1390647111 600 3600 1209600 3600
spirillen commented 2 months ago

All the active domains should be added by now

Ref https://kb.mypdns.org/issue/MTX-794 Ref https://kb.mypdns.org/issue/MTX-795 Ref https://kb.mypdns.org/issue/MTX-796 Ref https://kb.mypdns.org/issue/MTX-797 Ref https://kb.mypdns.org/issue/MTX-798 Ref https://kb.mypdns.org/issue/MTX-799 Ref https://kb.mypdns.org/issue/MTX-800 Ref https://kb.mypdns.org/issue/MTX-801 Ref https://kb.mypdns.org/issue/MTX-802 Ref https://kb.mypdns.org/issue/MTX-803 Ref https://kb.mypdns.org/issue/MTX-804 Ref https://kb.mypdns.org/issue/MTX-805 Ref https://kb.mypdns.org/issue/MTX-806 Ref https://kb.mypdns.org/issue/MTX-807 Ref https://kb.mypdns.org/issue/MTX-808 Ref https://kb.mypdns.org/issue/MTX-809 Ref https://kb.mypdns.org/issue/MTX-810 Ref https://kb.mypdns.org/issue/MTX-811 Ref https://kb.mypdns.org/issue/MTX-812 Ref https://kb.mypdns.org/issue/MTX-813 Ref https://kb.mypdns.org/issue/MTX-814 Ref https://kb.mypdns.org/issue/MTX-815