While investigating the content on a suspicious image host, i.postimg.cc, I came across this set of similarly structured lure pages which all request the use of a Telegram login. See also: https://github.com/mitchellkrogza/phishing/pull/427
Wildcard domain records
confession-best.ru|phishing
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
Comments
While investigating the content on a suspicious image host,
i.postimg.cc
, I came across this set of similarly structured lure pages which all request the use of a Telegram login. See also: https://github.com/mitchellkrogza/phishing/pull/427Wildcard domain records
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
![2c2f4fd0-1f17-46b5-8360-3b99c50506c7](https://github.com/mypdns/matrix/assets/108126637/5c73abec-23da-4511-9ac7-a7585daf25a3)Links to external sources
logs from uBlock Origin
N/A