spirillen
commented
1 month ago Closed g0d33p3rsec closed 2 weeks ago
spirillen
commented
1 month ago 
g0d33p3rsec
commented
1 month ago 🎁
ariamanonux03p.pages.dev|malicious|phishing
att-mail.pages.dev|phishing
begincellcdn.pages.dev|phishing
blurverse.pages.dev|phishing
cfgxgfxf.pages.dev|phishing
chainsrectify.pages.dev|phishing
claim-pork.pages.dev|phishing
clfpages2.pages.dev|phishing
dappsyncrectify.pages.dev|phishing
debanksdefi.pages.dev|phishing
decentralizedappauth.pages.dev|phishing
decentrausdchartfil.pages.dev|phishing
diamond-hands-halo.pages.dev|phishing
doctored.pages.dev|phishing
dogecoin20-st.web.app|phishing
fq703w52zt.pages.dev|malicious|phishing
ixs.pages.dev|malicious|phishing
jgeb6c8queuspv.pages.dev|phishing
livedappsrestore.pages.dev|phishing
looksrare-d1x.pages.dev|phishing
lourdesthompsonnf1r6.pages.dev|malicious|phishing
mykeruais-assets-cubu45.pages.dev|phishing
newwork-6oy.pages.dev|phishing
nodesappfix-io.pages.dev|phishing
oscarcampbellb1eoi.pages.dev|malicious|phishing
pandoraprejeangw6.pages.dev|phishing
paperhander.pages.dev|phishing
paperhands-portfoliotracker-wallet.pages.dev|phishing
pooh-moneydapps.pages.dev|phishing
portal-platform.pages.dev|phishing
proxysync.pages.dev|phishing
rpcrecoveryhub.pages.dev|phishing
sontungmtpmaidinhnhe.pages.dev|phishing
spacexlaunch.pages.dev|phishing
swiftblockresolve.pages.dev|phishing
sync-7xr.pages.dev|phishing
syncblockrectification.pages.dev|phishing
tesla-2ju.pages.dev|phishing
tl-4-vente-privee-b1j.pages.dev|phishing
uni-swap-protocols.pages.dev|phishing
verifyandfixdapp.pages.dev|phishing
webaqunarmail.pages.dev|phishing
webmial.pages.dev|phishing
woow-seguro-de-viajes.pages.dev|phishingphishing
AT&T
att-mail.pages.dev
https://urlscan.io/result/d615b2d0-43f1-42a2-a11b-60b8907e7e2b/Meta
mykeruais-assets-cubu45.pages.dev
https://urlscan.io/result/cb040354-1989-4654-89f4-2e0ae7dbe9be/
https://www.virustotal.com/gui/url/135686e64c763a7a0eb2205c23cbfc0a19c892dc74d83e330944deb3b7509343sontungmtpmaidinhnhe.pages.dev
https://urlscan.io/result/df66aff3-74dd-4371-95eb-42b7469c68c2/
https://www.virustotal.com/gui/url/ff5ca477e72a054425a5132ac632add81ed0edfa5f544f72b3c49fff00dff8a0Tesla
tesla-2ju.pages.dev
https://urlscan.io/result/5a4269b8-cd11-4abb-baa1-d1d50225ae00
https://www.virustotal.com/gui/url/b88fff1fc519aaa55f6009bc2922beeee95b837772cab16ddc838b6b3c176e48tech support
jgeb6c8queuspv.pages.dev
https://urlscan.io/result/2f70736e-7e4a-49e7-8704-11ffd8fc1de4/
https://www.virustotal.com/gui/url/17b4de4d2c6538870e16a977f67c9d3b2740bea6c3a85aa3c8a6008d982f8066generic email
webmial.pages.dev
https://urlscan.io/result/2b60f931-7d5e-476f-ba67-12fdb97ff981/
https://www.virustotal.com/gui/url/e107cea2f0afa4b5ac5dc83472491a36575f704ced22f9da809a07c208e990b6webaqunarmail.pages.dev
https://urlscan.io/result/5e4dec72-99ea-4281-b322-6df0d69cd693/
https://www.virustotal.com/gui/url/0e295bec5ae81c2eef90fb8cd0ead98c74e78968cb7513e7d3b3f3068a81feeddoctored.pages.dev
https://urlscan.io/result/0229a8aa-4125-4de4-aba0-6e6d4737461c/
https://www.virustotal.com/gui/url/c402e758cc9d7af5fd3c4f63cfbf5fc4a7834f45329387d7d63224519fea0777Woow
woow-seguro-de-viajes.pages.dev
https://urlscan.io/result/3ed4662e-0740-4472-b6f3-7de634efe959/
https://www.virustotal.com/gui/url/0c5b8e119591008089d3839b532ba19ac87c65029abb400074879010b1025f47uncategorized
clfpages2.pages.dev
https://urlscan.io/result/aac74b14-30dd-4005-951e-ac4155daa40e/
https://www.virustotal.com/gui/url/6bef4eea4690abab3561e1eb558d3aa4ef1f4c1c1cbb6662658ed71320377a94Crypto related
Wallet Connect
sync-7xr.pages.dev
https://urlscan.io/result/4d94034d-69a0-4cf1-a1c8-652dcd1f9d4d/
https://www.virustotal.com/gui/url/256e07e80262b9757e1cfc4da95d8dbf97161ca1812af37f0c5495b3571c1c59"Decentralized Platform Wallet"
livedappsrestore.pages.dev
https://urlscan.io/result/d2217ccb-955e-4248-8deb-7295ca0ba0cf/
https://www.virustotal.com/gui/url/724643f8e5f502985349da3ef927a9dfb74e44bd3404bc74be96e59bec46a515"Blockchain Rectification"
chainsrectify.pages.dev
https://urlscan.io/result/3ecaee3c-34b4-4ab6-82f4-730d96881def/dappsyncrectify.pages.dev https://urlscan.io/result/940e9791-fdef-4818-b632-f676ebce9b10/ https://www.virustotal.com/gui/url/c5b704b6ca640b4bc736ba88debcc3db5290b9d028bcd64bed4d6746e6dcdd2e
pooh-moneydapps.pages.dev https://urlscan.io/result/53eb94fb-941d-49f5-8e96-0834db2fc865/ https://www.virustotal.com/gui/url/53a50a533e7e9f91c4ca32c63e9cf810f2f361ee966371afe93bf3f150f6e24e
proxysync.pages.dev https://urlscan.io/result/63fa3398-b515-4594-9c24-1a96f726653a/ https://www.virustotal.com/gui/url/8fad3f5416cea32173c2f28f39097cf7e8a0374baaa9e09cb97f54817ca11f5f
syncblockrectification.pages.dev https://urlscan.io/result/246a246e-8bbd-436b-96e9-086ef38d5430/ https://www.virustotal.com/gui/url/b755fbd9848495699a18afda3aae184bbe5a9c3d8786e56f86516f5421128253
swiftblockresolve.pages.dev https://urlscan.io/result/806f0491-79d7-4c75-b944-63c20be6dab0/ https://www.virustotal.com/gui/url/cecd5a08ab4106b490ef950e3e917cff9bfbbd89b49de2aa5b1aa5e8f081d570
verifyandfixdapp.pages.dev https://urlscan.io/result/aa624915-3e17-48d9-a0e3-776fda6b554b/ https://www.virustotal.com/gui/url/a9ba3696b5dcae92465d43724d88f9417cfc8351bd3d5a6288e1346af64ff70e
- DeBankdebanksdefi.pages.dev https://urlscan.io/result/268aa7dd-7d1e-44c2-a6d7-013680a4b60c/ https://www.virustotal.com/gui/url/210bcca2f1a4536caca4c27064494f5353e1b1bd02cb35dc7853f97d36ee15e1
- Halo Portfolio Trackerdiamond-hands-halo.pages.dev https://urlscan.io/result/275b7f3e-009a-447d-91fc-0f780e9e625b/ https://www.virustotal.com/gui/url/a0c498002eb088d628919f5757da0792be7d02b4866c14eef4b6921502a85687
paperhander.pages.dev https://urlscan.io/result/d15a3efc-5a32-4b6d-b39b-9467b4c1004b/ https://www.virustotal.com/gui/url/d3f49a8195a9456ce5bf999a2f7d2a7a6200714587d72f4b6f97a2fc3d72a51c
paperhands-portfoliotracker-wallet.pages.dev https://urlscan.io/result/5584aac9-4b53-4fe0-96ad-ebebaaf8936a/ https://www.virustotal.com/gui/url/a99509d9624abe20feebbc1ff8624e9a145e3665118fa40ff4d32a287635e390
- RPC Recovery Hubrpcrecoveryhub.pages.dev https://urlscan.io/result/d7f7ec59-1d00-4ce1-98da-b81bfa9c13f2/ https://www.virustotal.com/gui/url/362d253eb83fdfb3a6ed0c80fcc010a8869d34d8ed92cf868574ee94e0601680
- LooksRare Tokenlooksrare-d1x.pages.dev https://urlscan.io/result/9389eab8-d9ac-4543-9d3e-4f79aaf4f19f/ https://www.virustotal.com/gui/url/4d7bc6d41c4f6800f773c1ae557b6e95b26cb668d4dd5d9b1e292a61b5fac630
- Decentralized Dappsdecentrausdchartfil.pages.dev https://urlscan.io/result/d0133e91-0a1e-4644-89d1-02642b543ddc/ https://www.virustotal.com/gui/url/252a81a52ae1578d75b4afc7a4e24e436b24d231adf9aebebf9be52463429521
- dappnodesappfix-io.pages.dev https://urlscan.io/result/7a881cb2-049c-4f63-8bc2-5d4b7da00c67/ https://www.virustotal.com/gui/url/15b5d987901cb96d2f6345a83e73b4b13e3dc4f56fc3fa3711d69658d4ed9506
- portalportal-platform.pages.dev https://urlscan.io/result/fd5b95a5-f541-4ab7-83db-c25967453253/
- Blurhttps://blurverse.pages.dev/ https://urlscan.io/result/fd5b95a5-f541-4ab7-83db-c25967453253/ https://www.virustotal.com/gui/url/e26243422920aee3f097299fb2e5f5c07a87bae05b96b7c9631363fda37c9c5e
- Connecting web3cfgxgfxf.pages.dev https://urlscan.io/result/c6869052-2425-48c3-845b-c28dece7ebaa/ https://www.virustotal.com/gui/url/5c475e42649d65253541987de3b03b944da79cdb2bac4fbbfafd6d75d8f42c1c
- V4 Liquidity Waitlistuni-swap-protocols.pages.dev https://urlscan.io/result/89763817-d03e-438b-b9fa-b55464ca11e4/ https://www.virustotal.com/gui/domain/uni-swap-protocols.pages.dev
- Elon Musk BTC/ ETH Giveawayspacexlaunch.pages.dev https://urlscan.io/result/32cbfad7-a7d8-4a1f-a76d-3b43984dd712/
- Porkclaim-pork.pages.dev https://urlscan.io/result/cda81e53-0680-4782-84cf-d7055d9923f9/ https://www.virustotal.com/gui/url/b8864f424430781d4e1063ff29a3ff976a534974c0bd0e52e1006f7b653d2391
- Dogecoin20dogecoin20-st.web.app https://urlscan.io/result/ef91a3af-96d7-43d4-a53e-917252d776d0/ https://www.virustotal.com/gui/url/21d8cc313edb1d299bec019e224ab9ad74fd995485eac7c65993693765cc33fc
- Kavanewwork-6oy.pages.dev https://urlscan.io/result/ce324404-8548-428e-9df7-d58eaaed4083/ https://www.virustotal.com/gui/url/692fdfb00a39e9ce3108684858436426dfd2a8bf65c287973501e5df4627467a
- Connect Walletdecentralizedappauth.pages.dev https://urlscan.io/result/30abd33c-53df-4e7a-bfad-a70d55cd865a/ https://www.virustotal.com/gui/url/40ffa1d9a523dd4434f62d43dcc7c4a7c6298ce19c578fc61157dca265c61d77
misc infra
begincellcdn.pages.dev
https://urlscan.io/domain/begincellcdn.pages.dev
https://urlscan.io/result/d3c01e77-ce24-434c-acbd-7b7ffcb8ffe3/#transactions
-> https://begincellcdn.pages.dev/ahvtdfid.js
https://urlscan.io/result/197ddcbf-4ac2-4776-b14c-f3b4c2d8c157#transactions
-> https://begincellcdn.pages.dev/ahvtdfid.js
https://urlscan.io/result/0382cbb6-6408-437f-968e-acdf1a0bf4bf/#transactions
-> https://begincellcdn.pages.dev/ahvtdfid.js
https://www.virustotal.com/gui/url/dbbad45bed519c6693bf224cef1f70e69d73636c0993606741d74d89e0a1d2b6tl-4-vente-privee-b1j.pages.dev
https://urlscan.io/result/e46144ae-a95d-4321-902b-a6d254932678/#transactions
-> https://www.vouuaon.icu/v1/site/config
-> https://www.bookingn.top/#/R2YZCTMMuRGFCyGVYqT2fRNcu2vYYfv3?n=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmcm9tX3VybCI6Imh0dHBzOlwvXC90bC00LXZlbnRlLXByaXZlZS1iMWoucGFnZXMuZGV2XC8iLCJsaW5rIjoiUjJZWkNUTU11UkdGQ3lHVllxVDJmUk5jdTJ2WVlmdjMifQ.4jLFwzb3a1XxFzF4gd6kIXrMK4wWj0f-Q3eE_FwAw_8
https://www.virustotal.com/gui/url/c2dac3dc9d072445be845ed580a2d8fefca333d7d59d5fae6b2d0f181da8e00amalicious
Download button with outgoing link to https://horizontallypolluteembroider.com/dzbj2n8zr?key=c65004e591cd7a354c8c27ae0cbe9588
https://www.virustotal.com/gui/url/b3732da1565f04dba02451fdf413504939871edd989465980df929af499af5fa
https://www.virustotal.com/gui/ip-address/192.243.59.20
https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/ariamanonux03p.pages.dev
https://urlscan.io/result/56bc21ff-2b56-4dc0-9530-d615680d7a5elourdesthompsonnf1r6.pages.dev
https://urlscan.io/result/9fc1d4ad-8d37-4bee-8eef-74aca2da1e6c/oscarcampbellb1eoi.pages.dev
https://urlscan.io/result/ab852bdd-aa1c-48aa-b773-cf9462c65639shortened outgoing link -> https://www.highrevenuenetwork.com/tdifibxpx8?key=e94f51c88aa68f241073c19d95c5cb03
pandoraprejeangw6.pages.dev
https://urlscan.io/result/fe12c0e2-aa52-4153-9f80-4eecb7ba88a1
-> https://urlscan.io/result/679a41db-9c72-48ad-9113-b36448ca6e7b/
https://www.virustotal.com/gui/url/733032263f31cc7b6e3ceae6ac31b2c96aa927d85287b728201604cb1ec9e84bImmortal
ixs.pages.dev
https://urlscan.io/result/706082b2-a6bd-4207-8d98-9c42cf56e8b5/
https://www.virustotal.com/gui/url/7b1e193e632bdb8df75edc2e9699d97c4da11161a2dbf3adc6b212f06cf6cc3bgeneric
fq703w52zt.pages.dev
https://www.virustotal.com/gui/url/b6483c96ef42f6f4fdef6876c0b1de06f88e52c8fc87ac86e682193895d6beddThis one do not Belong here :smirk:
pub-fa147a3cddd04e9588b0d0a71d6d87fb.r2.dev|phishing84918e83348-reviewpage.pages.dev|phishing
84913240098-reviewpage.pages.dev|phishing
83910840-reviewpages.pages.dev|phishing
24715454098-reviewpages.pages.dev|phishing
738592845-review-pages.pages.dev|phishing
admin-ery.pages.dev|phishing
adobe-jkwefnewkjnfkjewnfkejwnfkjew.pages.dev|phishing
api-webchainfix.pages.dev|phishing
app-dappfix.pages.dev|phishing
decentralizationserver.pages.dev|phishing
defi-encrypt.pages.dev|phishing
diamondschoolss.pages.dev|phishing
g98765xfghjk654wrt.pages.dev|phishing
harambe-claim.pages.dev|phishing
multichaindexauth.pages.dev|phishing
multichainsolutionsfix.pages.dev|phishing
myid-cubu75674.pages.dev|phishing
onedrive-19e.pages.dev|phishing
page-time0t1frr13.pages.dev|phishing
page-time65463fdhsr.pages.dev|phishing
page-timehfy63535.pages.dev|phishing
page-timereyrgebrg.pages.dev|phishing
resdgsbvcfghgt67uhj89ikjnhgvcxcfghttyu3wsgzfc3bhytfcvvcfhz.pages.dev|phishing
steam-trader-tool.pages.dev|phishing
syncfulldap.pages.dev|phishing
update345.pages.dev|phishing
ww-wellsfargo.pages.dev|phishinghttps://urlscan.io/result/9e52e82d-c324-4468-afe4-3790f93b2967/
https://urlscan.io/result/6a13f579-b7ba-4f56-b762-676359c84fea/
https://www.virustotal.com/gui/url/fda6b313eac6fa58ec064accf2f428a41b48259e27c09191e656afe197ad4915
https://urlscan.io/result/83ea0cdd-bb53-4349-ae2d-0db918605d7c/
https://www.virustotal.com/gui/url/7cdb0aa7b26bec35f94178982f79e04272e58e23e3ce05b829c675ce3689bfe4
https://urlscan.io/result/45a67c49-5ec9-474f-9806-3c0c9a0062a9/
https://www.virustotal.com/gui/url/8e3d6310afd0d21548d66b2e83b1d6225d57b2edad9781c61afa934e45988eca
https://urlscan.io/result/237f9116-c645-42e5-8b02-0430b47e3efc/
https://www.virustotal.com/gui/url/8e620774c6952cac83d9b81655088f7078c22bab75a88b932f4dd2a0c7979ff4
https://urlscan.io/result/90945e9c-35f7-4a40-912f-e39feae0a2ba/
https://www.virustotal.com/gui/url/3f061345e63b46a4d1207b35b5790a56088ebf718e333cc949a6cc824b1aa0a4
https://urlscan.io/result/dd437647-63a3-4417-8a37-1bc80b181f76/
https://www.virustotal.com/gui/url/77304ced249eedfe82f2e227af1e6465fc7b06c7a56f4652edbe605ea40758ec
https://urlscan.io/result/3835eb6c-0e18-44ae-b181-6cfa2058cae3/
https://www.virustotal.com/gui/url/326066aa9960401efbe7d20df557c7e546576ac25ad4bbe4dcb78113619355e8
https://urlscan.io/result/36a03552-6ffe-4399-b852-0fc16d320ab9/
https://urlscan.io/result/299cd0dd-5855-4d96-8247-44ce3ef67e2e/
https://www.virustotal.com/gui/url/2181c5f83d23706b9223b2bb394ceee68de357b4756a02c09eed61c43e3cb944
https://urlscan.io/result/21fbc6ec-9cfc-4049-89e0-96d4a3b13bd7/
https://www.virustotal.com/gui/url/49f9e5b92158a39302f9f763fa6e6f4aa2d4f841194ebcc6fa5495fe5004b858
https://urlscan.io/result/3c7ede2d-f909-4245-b3be-5713758006c9/
https://www.virustotal.com/gui/url/58b0319ee0fb0ae79f4a55b6877d85f57b375daa3cb2b8066700d2de0d44a288
https://urlscan.io/result/e8df736d-225d-45ea-b323-649768989874/
https://www.virustotal.com/gui/url/5ebc9658f4f3c39f94b8c27cae96b9f9cbbfc9e0ee8d0c86a59542e0d36e4d48
https://urlscan.io/result/5edffa13-4846-49c1-bc4d-5e70b74b9a24/
https://www.virustotal.com/gui/url/ddeaf01d4a369fa0300d8b8ea5198b966cf7f0aec29b4e1c3120d784716b66b4
https://urlscan.io/result/2b584eb1-8f44-47e7-936d-8442b12e2178/
https://www.virustotal.com/gui/url/9ed57a6f7c955a52415076cd936e42ff4ebfc8fd1cadc5db709d319cd4692e0f
https://urlscan.io/result/61e4ad2e-89bd-4d8e-ac7c-ce8b4e173fab/
https://www.virustotal.com/gui/url/c61e2aaa5eec746e82747e5d82cad9e27ebf209e0798ed2153a8dd9affc95933
https://urlscan.io/result/c07ec522-d63c-4203-866a-f6918fb2bcf3/
https://www.virustotal.com/gui/url/e0c5a4ccebe42265a22b742b77b4ca1bd432226cfd68fdc452cfb2d9a8da3f12
https://urlscan.io/result/7c94b522-f284-4ad3-9411-c4d974b0e95f/
https://www.virustotal.com/gui/url/3783e297ad4fb43af77a1e422c43cc20399fa6fdebc097a31c0b1094f143d19a
https://urlscan.io/result/b1baa499-dbe4-4d99-a185-6704ea8b9edc/
https://www.virustotal.com/gui/url/465418d7cca9235217deffeec33629d7262b68668ad22e38ffcc75c8942cf5b5
https://urlscan.io/result/d092fe81-71eb-40b6-b5b1-d378e3940146/
https://www.virustotal.com/gui/url/1b51f305b5952ec2bf2cc103e7f04a037f8e93ab5db14ae0710d60c5940e74cd
https://urlscan.io/result/51f1da20-7c5c-4b0c-9b33-a6cab4d8b6b2/
https://www.virustotal.com/gui/url/4a583a3d24915c29c4ccdf1b0bb5588afb903423444dd43716c263af4b3b2c3d
https://urlscan.io/result/bbe0c172-e7e8-40da-9503-21bf1a61c729/
https://www.virustotal.com/gui/url/71907f83dca9b4f379f58c9042349075f40d62473f49e7fed2af68a8b9aa257f
https://urlscan.io/result/5fbe6560-c476-4756-911b-1cc02158e863/
https://urlscan.io/result/649576ac-178e-4dcc-bd36-361476eb0696/
https://www.virustotal.com/gui/url/b0b791d5741b3cee3d9cf4d873f4952ab4857420b2531a436c1145fbd85d8417
https://urlscan.io/result/0c571018-98a9-4af8-97d4-aa701c568e08/
https://www.virustotal.com/gui/url/8752165cba3af5133d349f97f4661eb17b4e2671ac8173ab1908543f924838c2
https://urlscan.io/result/7dee5822-6e5b-4ea6-b054-60c2a28ce4ac/
https://www.virustotal.com/gui/url/ea089b08151d8be8a2808b3a24c8a0141a1f39057285890e4bc4e764f4dd4dd1
https://urlscan.io/result/2193e742-d9bd-4ddc-819c-1d9b69178cb0/
https://www.virustotal.com/gui/url/7d6a08e4828868ab57fa9a7f7347726d7e7d8b6aef07036b3c35575e3b45c5a5See also: https://github.com/mitchellkrogza/phishing/pull/442
spirillen
commented
3 weeks ago Any particular reason for why we haven't called for Mjølner yet?
g0d33p3rsec
commented
3 weeks ago Any particular reason for why we haven't called for Mjølner yet?
It's not quite time for the hammer yet but I did break out the e-crime fighting version of programming socks
spirillen
commented
3 weeks ago Yeah I mean it doesn't looks to much that they are ready to handle the wheel:whells yet, maybe if we could find there account here we could help them by drawing there attention towards these lists..
g0d33p3rsec
commented
2 weeks ago See also: https://github.com/mitchellkrogza/phishing/pull/448
1-67c.pages.dev|malicious
2-3a2.pages.dev|malicious
accept-altlayer.pages.dev|malicious
airdropsaltlayer.pages.dev|malicious
allocation-satoshivm.pages.dev|malicious
alpha-satoshvmio.pages.dev|malicious
alt-e7v.pages.dev|malicious
altlayer.pages.dev|malicious
altlayer-ejy.pages.dev|malicious
altltlsadlfasdasdf.pages.dev|malicious
bonus-8u0.pages.dev|malicious
claim-altlayer.pages.dev|malicious
claim-starknet.pages.dev|malicious
claima.pages.dev|malicious
coins-satoshivm.pages.dev|malicious
create-dymensionxyz.pages.dev|malicious
defi-starkne.pages.dev|malicious
discover-manta.pages.dev|malicious
diving-mantanetwork.pages.dev|malicious
dym-ehu.pages.dev|malicious
dymension.pages.dev|malicious
enlist-altlayer.pages.dev|malicious
exploremanta.pages.dev|malicious
frame-6i5.pages.dev|malicious
framecom.pages.dev|malicious
framezap.pages.dev|malicious
getmanta.pages.dev|malicious
governance-mantanetwork.pages.dev|malicious
gratitude-satoshivm.pages.dev|malicious
kri90r23rk2ikr32.pages.dev|malicious
linea-mirrorxyz.pages.dev|malicious
linealxp.pages.dev|malicious
mainnet-lineabuild.pages.dev|malicious
mainnet-satoshivmio.pages.dev|malicious
mainnet-satoshivmio-1cp.pages.dev|malicious
manta-1c8.pages.dev|malicious
manta-network.pages.dev|malicious
mantanetwork-8tn.pages.dev|malicious
mantax.pages.dev|malicious
maxethxyz.pages.dev|malicious
mine-framexyz.pages.dev|malicious
mine-mantanetwork.pages.dev|malicious
new-framexyz.pages.dev|malicious
new-lineabuild.pages.dev|malicious
new-manta.pages.dev|malicious
obtain-manta.pages.dev|malicious
obtainmanta.pages.dev|malicious
qualifymanta.pages.dev|malicious
receive-altlayerio.pages.dev|malicious
registry-linea.pages.dev|malicious
registryzetachain.pages.dev|malicious
satoshi-364.pages.dev|malicious
stake1.pages.dev|malicious
support-manta.pages.dev|malicious
take-satoshivm.pages.dev|malicious
visit-dymension.pages.dev|malicious
visit-lineabuild.pages.dev|malicious
web-fix.pages.dev|malicious
web3-manta.pages.dev|malicious
whitelist-altlayerom.pages.dev|malicious
whitelistalt.pages.dev|malicious
zk-manta-airdrop.pages.dev|maliciousFixing some stale IOCs from Cisco's reporting.
This morning, Cisco's Talos Intelligence Group released a report How do cryptocurrency drainer phishing scams work? which included a list of Indicators of Compromise (IOCs). Unfortunately, most of the IOCs listed are no longer active and of little tactical value. Fortunately, searching for the indicators on URLscan.io and then viewing the "similar" results yields many related active sites.
hxxps://visit-dymension[.]pages[.]dev/
https://urlscan.io/result/3bec9fea-aac7-4a01-8608-7283040d2838/1-67c.pages.dev
https://urlscan.io/result/a1a348ed-1d36-41b2-b02e-f8e15a4187b9/
dymension.pages.dev
https://urlscan.io/result/39a986a1-e5e0-4277-9a49-22ddc30b86ea/
dym-ehu.pages.dev
https://urlscan.io/result/c3d386e2-fe1b-49e8-8806-97ba4799de67/hxxps://governance-mantanetwork[.]pages[.]dev/
https://urlscan.io/result/7ff0d4e0-2b7b-4bb2-a61a-cdbc5b450c84/hxxps://123-bti[.]pages[.]dev/ -> dead for at least two months
hxxps://enrol-manta[.]network/ -> last confirmed active January 18, 2024
hxxp://nfts-manta[.]network/ -> last confirmed active April 29, 2024
hxxps://sea-manta[.]network/ -> last confirmed active January 17, 2024
hxxps://gain-manta[.]pages[.]dev/ -> last confirmed alive February 8, 2024
hxxps://reveal-manta[.]pages[.]dev/ -> last confirmed active March 26, 2024
discover-manta.pages.dev
https://urlscan.io/result/cc666a9e-f5bf-415b-ae36-9c5711114d26/
exploremanta.pages.dev
https://urlscan.io/result/60799b1c-7149-4c9e-9d45-cccfb254ca5a/
getmanta.pages.dev
https://urlscan.io/result/9e3cfd66-7344-4cc0-9faa-e2e8e14c0da3/
manta-network.pages.dev
https://urlscan.io/result/a725c80c-47af-4b29-a968-d8b628574d00/
mantanetwork-8tn.pages.dev
https://urlscan.io/result/12c869e2-9f72-4ee4-92b5-245c7f321c83/
manta-1c8.pages.dev
https://urlscan.io/result/a9e1fa6c-1465-495b-8e33-f4f24b991924/
mantax.pages.dev
https://urlscan.io/result/bfd243b6-e87f-45cb-8af1-60a5ff9ba4dc/
mine-mantanetwork.pages.dev
https://urlscan.io/result/9c2e2b46-06e1-44b7-8e6b-da9ccce717d6/
new-manta.pages.dev
https://urlscan.io/result/412f93a0-a105-414a-af9b-30ed433686f4/
obtain-manta.pages.dev
https://urlscan.io/result/44277f0d-0f77-4d66-ab45-8a439cb77a99/
obtainmanta.pages.dev
https://urlscan.io/result/fe0acfe8-d592-49ba-905d-1e755b381149/
qualifymanta.pages.dev
https://urlscan.io/result/8d685e95-2b76-4d8b-ac2d-933627f419c4/
support-manta.pages.dev
https://urlscan.io/result/d9eb17ae-3080-4849-b23e-5a102b35d42f/
web3-manta.pages.dev
https://urlscan.io/result/3728679b-669b-4b69-afe0-c71412f572ed/
zk-manta-airdrop.pages.dev
https://urlscan.io/result/6d6720f7-f97e-4428-982a-0daa132c5cec/hxxps://receive-altlayerio[.]pages[.]dev/
https://urlscan.io/result/5a034939-7762-4b97-8e58-5375b4e2d3e1/accept-altlayer.pages.dev
https://urlscan.io/result/65d73b73-155c-4739-9335-c392fea0c5c7/
airdropsaltlayer.pages.dev
https://urlscan.io/result/9827d668-7f54-4298-82cd-87d329f00106/
alt-e7v.pages.dev
https://urlscan.io/result/3d9d9344-94e1-4365-9633-1e6088d74293/
altlayer.pages.dev
https://urlscan.io/result/2c00d70d-cd86-4f22-8199-d212da600a77/
altltlsadlfasdasdf.pages.dev
https://urlscan.io/result/a2ecf5b6-8b77-4871-a584-8c9037969d6d/
claim-altlayer.pages.dev
https://urlscan.io/result/f05a43d9-b3aa-4a72-bdb3-bf8c9a2b380c/
claima.pages.dev
https://urlscan.io/result/02a86881-cd75-4c32-93fc-253d7b88cdf3/
enlist-altlayer.pages.dev
https://urlscan.io/result/aa4f3507-78df-453d-a342-ad4a62a94198/
kri90r23rk2ikr32.pages.dev
https://urlscan.io/result/d79bb04a-36c0-48c4-8108-a91d42f6389d/
reg-altlayerio.pages.dev
https://urlscan.io/result/00f7453b-ca0c-44eb-8701-d448d9c514f6/
stake1.pages.dev
https://urlscan.io/result/73ea756f-5fc0-435d-aa61-7fe4d6750483/
whitelist-altlayerom.pages.dev
https://urlscan.io/result/6edc57a1-8ce1-4e13-934e-37084fe0aa4a/
whitelistalt.pages.dev
https://urlscan.io/result/3fb10703-9b23-47a4-89ab-89748347b5ea/hxxps://bonus-8u0[.]pages[.]dev/
https://urlscan.io/result/e8866235-81f9-424c-ad45-ce667f51254c/hxxps://visit-lineabuild[.]pages[.]dev/
mainnet-lineabuild.pages.dev
https://urlscan.io/result/33cf87e9-e69a-4d2a-bcc5-d3585675d553/
new-lineabuild.pages.dev
https://urlscan.io/result/fdc1f1b0-9d0d-4d71-932c-57d26b97e38e/
registry-linea.pages.dev
https://urlscan.io/result/3a9235ec-83d5-4db8-980c-4391361c6dfa/hxxps://registryzetachain[.]pages[.]dev/
https://urlscan.io/result/d690f927-4394-409b-9fb6-4e820fe74b20/hxxps://gratitude-satoshivm[.]pages[.]dev/
hxxps://gainsatoshi[.]pages[.]dev/ -> last confirmed alive January 22, 2024
hxxps://explore-satoshi[.]pages[.]dev/ -> last confirmed alive January 23, 2024
hxxps://accept-satoshivmio[.]pages[.]dev/ -> last confirmed active January 21, 2024
hxxps://preregistration-satoshivmio[.]pages[.]dev/ -> last confirmed active January 21, 2024
hxxp://acquire-satoshivm[.]io/ -> last confirmed active January 23, 2024
related active domains
alpha-satoshvmio.pages.dev
https://urlscan.io/result/305deb6f-bae6-4522-95d1-46d0081d24e1/
allocation-satoshivm.pages.dev
https://urlscan.io/result/7c774a6a-92df-44d9-9d1f-e2a8790e9d38/
coins-satoshivm.pages.dev
https://urlscan.io/result/c9835312-8d08-49ac-8e8b-d93259ab95de/
mainnet-satoshivmio.pages.dev
https://urlscan.io/result/42b3652d-c02e-44c6-b940-d248633bcefc/
mainnet-satoshivmio-1cp.pages.dev
https://urlscan.io/result/5ce25376-a841-4819-b33d-f6482fe5bc97/related inactive IOCs
2-3a2.pages.dev
https://urlscan.io/result/77f59c2d-afe1-4fc0-81ba-212ae718fe6c/hxxps://enlist-jup[.]app/ -> last confirmed active January 22, 2024
hxxps://whitelist-woo[.]pages[.]dev/ -> last confirmed active January 27, 2024
hxxps://join-jupapp[.]pages[.]dev/ -> last confirmed active January 27, 2024
https://blog.talosintelligence.com/how-do-cryptocurrency-drainer-phishing-scams-work/This is insane... they seems to do nothing like in nada, zip, zero, null to protect the domain, this makes it a risky to keep it open to my POV, would you like to reconsider the hammer?
g0d33p3rsec
commented
2 weeks ago This is insane... they seems to do nothing like in nada, zip, zero, null to protect the domain, this makes it a risky to keep it open to my POV, would you like to reconsider the hammer?
It is getting to that point. I hate to slam a site that offers free hosting but at this point the threat outweighs any benefit. On the other hand, they seem to police their platform better than Cloudfare.
spirillen
commented
2 weeks ago ok, but next time I believe this is going to be changed into a wildcard blocking, as CF are well known to hosts and protect scam/spam/phishing/malicious/POP and so on. So if you find something on worker.dev... add them as wildcard. anything else would requires automatisation code, which we do not have for know.
Comments
While following up on the subdomains mentioned in https://github.com/mitchellkrogza/phishing/pull/422, I discovered additional malicious subdomains that were being primarily hosted at pages[.]dev along with additional related sites with the same signature.
more details are available at https://github.com/mitchellkrogza/phishing/pull/423
Wildcard domain records
Sub-Domain records
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
    Links to external sources
No response
logs from uBlock Origin
N/A