search

mitchellkrogza / phishing

Central Repository for Adding Domains / Links to the Phishing.Database project - https://github.com/mitchellkrogza/Phishing.Database/
46 stars 205 forks source link

Update add-wildcard-domain #488

Closed g0d33p3rsec closed 6 days ago

g0d33p3rsec commented 6 days ago

add draschool[.]org to wildcard list

Phishing Domain/URL/IP(s):

https://draschool.org/M0YzWDRTNjM3VTMwN3M=
https://draschool.org/M2g1TjF0Mm0wbDNaMW8=

Impersonated domain

Describe the issue

This domain is now hosting the phishing kit that previously at craigbrimm[.]com(#480), albapietra[.]com[.]br(https://github.com/mitchellkrogza/phishing/pull/479), yanisac[.]com(https://github.com/mitchellkrogza/phishing/pull/478), sbic[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/477), squad[.]cl(https://github.com/mitchellkrogza/phishing/pull/473), benyex[.]cl (https://github.com/mitchellkrogza/phishing/pull/468), lebomashilo[.]co[.]za (https://github.com/mitchellkrogza/phishing/pull/462), havenhills[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/459), intrinsicisle[.]za[.]com (https://github.com/mitchellkrogza/phishing/pull/452), reluzformaturas[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/435), abcmueblesbogota[.]com (https://github.com/mitchellkrogza/phishing/pull/432), ergoterapiacaribu[.]ch (https://github.com/mitchellkrogza/phishing/pull/426), ijconnects[.]com (https://github.com/mitchellkrogza/phishing/pull/421), cbcaps[.]shop (https://github.com/mitchellkrogza/phishing/pull/417), bersowir[.]org (https://github.com/mitchellkrogza/phishing/pull/416), brunotasso[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/413), wisbechguide[.]uk (https://github.com/mitchellkrogza/phishing/pull/408), pescacancun[.]com (https://github.com/mitchellkrogza/phishing/pull/406), bkengineersindia[.]com (https://github.com/mitchellkrogza/phishing/pull/405), englishplusmore[.]com (https://github.com/mitchellkrogza/phishing/pull/404), carnesboinobre[.]com[.]br (https://github.com/mitchellkrogza/phishing/pull/398), technowide[.]com[.]tr (https://github.com/mitchellkrogza/phishing/pull/396), jestertunes[.]com (https://github.com/mitchellkrogza/phishing/pull/393), safecartusa[.]com (https://github.com/mitchellkrogza/phishing/pull/391), foreverfarley[.]com (https://github.com/mitchellkrogza/phishing/pull/387), azezieldraconous[.]com (https://github.com/mitchellkrogza/phishing/pull/381), westernautomobileassembly[.]com (https://github.com/mitchellkrogza/phishing/pull/376) , littleswanaircon[.]com[.]sg (https://github.com/mitchellkrogza/phishing/pull/372), iwan2travel[.]com (https://github.com/mitchellkrogza/phishing/pull/370), applesforfred[.]com (https://github.com/mitchellkrogza/phishing/pull/369), theaerie[.]ca (https://github.com/mitchellkrogza/phishing/pull/367), nico[.]sa (https://github.com/mitchellkrogza/phishing/pull/366), ajstelecom[.]com[.]mx (https://github.com/mitchellkrogza/phishing/pull/362), and many others.

I don't have screenshots for this one, but it has the same common indicator, uses Nuxt.js just like the others listed, and has the same pattern of HTTP requests.

Related external source

Screenshot

Click to expand ![image](https://github.com/user-attachments/assets/18f507fc-f616-42e5-95bf-20bcaef11eb4) ![image](https://github.com/user-attachments/assets/f8685f44-1850-476d-8c6e-861908d05aae) ![image](https://github.com/user-attachments/assets/ade43091-739c-426e-9d87-0748b3f7a28c)