Closed g0d33p3rsec closed 3 months ago
https://squad.cl/M3M0cTZMNmg5RTFuOEE= https://squad.cl/M3g0QjdKMWc0VzdvOVQ= https://squad.cl/M2c0RTYxOE00azlNOEw= https://squad.cl/MzEzbTB5MHQwbTZvMVU= https://squad.cl/M1gySTl0OWQ4cDlDOE8= https://squad.cl/M1AzUjBnMjY1cTcxOUw= https://squad.cl/Mzc0UjN0NG05RDlPM0g= https://squad.cl/Mzk0ajNhMEswQTdtMng=
https://www.tut.ac.za/ https://www.ufh.ac.za/ https://www.ufs.ac.za/ https://www.wsu.ac.za/ https://www.microsoft365.com/ https://www.tiktok.com/
This domain is now hosting the phishing kit that previously at benyex.cl (#468), lebomashilo[.]co[.]za (https://github.com/mitchellkrogza/phishing/pull/462), havenhills[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/459), intrinsicisle[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/452), reluzformaturas[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/435), abcmueblesbogota[.]com (https://github.com/mitchellkrogza/phishing/pull/432), ergoterapiacaribu[.]ch (https://github.com/mitchellkrogza/phishing/pull/426), ijconnects[.]com (https://github.com/mitchellkrogza/phishing/pull/421), cbcaps[.]shop (https://github.com/mitchellkrogza/phishing/pull/417), bersowir[.]org (https://github.com/mitchellkrogza/phishing/pull/416), brunotasso[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/413), wisbechguide[.]uk (https://github.com/mitchellkrogza/phishing/pull/408), pescacancun[.]com (https://github.com/mitchellkrogza/phishing/pull/406), bkengineersindia[.]com (https://github.com/mitchellkrogza/phishing/pull/405), englishplusmore[.]com (https://github.com/mitchellkrogza/phishing/pull/404), carnesboinobre[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/398), technowide[.]com[.]tr (https://github.com/mitchellkrogza/phishing/pull/396), jestertunes[.]com (https://github.com/mitchellkrogza/phishing/pull/393), safecartusa[.]com (https://github.com/mitchellkrogza/phishing/pull/391), foreverfarley[.]com (https://github.com/mitchellkrogza/phishing/pull/387), azezieldraconous[.]com (https://github.com/mitchellkrogza/phishing/pull/381), westernautomobileassembly[.]com (https://github.com/mitchellkrogza/phishing/pull/376) , littleswanaircon[.]com[.]sg (https://github.com/mitchellkrogza/phishing/pull/372), iwan2travel[.]com (https://github.com/mitchellkrogza/phishing/pull/370), applesforfred[.]com (https://github.com/mitchellkrogza/phishing/pull/369), theaerie[.]ca (https://github.com/mitchellkrogza/phishing/pull/367), nico[.]sa (https://github.com/mitchellkrogza/phishing/pull/366), ajstelecom[.]com[.]mx (https://github.com/mitchellkrogza/phishing/pull/362), and others (more than 130 domains since 2021).
Phishing Domain/URL/IP(s):
Impersonated domain
Describe the issue
This domain is now hosting the phishing kit that previously at benyex.cl (#468), lebomashilo[.]co[.]za (https://github.com/mitchellkrogza/phishing/pull/462), havenhills[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/459), intrinsicisle[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/452), reluzformaturas[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/435), abcmueblesbogota[.]com (https://github.com/mitchellkrogza/phishing/pull/432), ergoterapiacaribu[.]ch (https://github.com/mitchellkrogza/phishing/pull/426), ijconnects[.]com (https://github.com/mitchellkrogza/phishing/pull/421), cbcaps[.]shop (https://github.com/mitchellkrogza/phishing/pull/417), bersowir[.]org (https://github.com/mitchellkrogza/phishing/pull/416), brunotasso[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/413), wisbechguide[.]uk (https://github.com/mitchellkrogza/phishing/pull/408), pescacancun[.]com (https://github.com/mitchellkrogza/phishing/pull/406), bkengineersindia[.]com (https://github.com/mitchellkrogza/phishing/pull/405), englishplusmore[.]com (https://github.com/mitchellkrogza/phishing/pull/404), carnesboinobre[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/398), technowide[.]com[.]tr (https://github.com/mitchellkrogza/phishing/pull/396), jestertunes[.]com (https://github.com/mitchellkrogza/phishing/pull/393), safecartusa[.]com (https://github.com/mitchellkrogza/phishing/pull/391), foreverfarley[.]com (https://github.com/mitchellkrogza/phishing/pull/387), azezieldraconous[.]com (https://github.com/mitchellkrogza/phishing/pull/381), westernautomobileassembly[.]com (https://github.com/mitchellkrogza/phishing/pull/376) , littleswanaircon[.]com[.]sg (https://github.com/mitchellkrogza/phishing/pull/372), iwan2travel[.]com (https://github.com/mitchellkrogza/phishing/pull/370), applesforfred[.]com (https://github.com/mitchellkrogza/phishing/pull/369), theaerie[.]ca (https://github.com/mitchellkrogza/phishing/pull/367), nico[.]sa (https://github.com/mitchellkrogza/phishing/pull/366), ajstelecom[.]com[.]mx (https://github.com/mitchellkrogza/phishing/pull/362), and others (more than 130 domains since 2021).
Related external source
Screenshot
Click to expand
       