subdomains of weebly.com

[g0d33p3rsec]

Comments

These are some recently active malicious subdomains that are being hosted at weebly.com. Most are to PDF's that VirusTotal labels as "phishing.gen2/phishingx". There are also lure login pages for AT&T, Office, Dropbox, Ionos, and a few others.

See also: https://github.com/mitchellkrogza/phishing/pull/443

Wildcard domain records

null

Sub-Domain records

1anddomailef.weebly.com|phishing
276793063274096995.weebly.com|phishing
attconsultant.weebly.com|phishing
daxugukixirujin.weebly.com|phishing
eur02-db5-obe.weebly.com|phishing
fexaxotira.weebly.com|phishing
fitokuzigijot.weebly.com|phishing
fomunova.weebly.com|phishing
fovokutiro.weebly.com|phishing
fozaronu.weebly.com|phishing
frugihb5rfvnjced0e9uhbfndxws.weebly.com|phishing
fupexojor.weebly.com|phishing
fuwurukuzubefek.weebly.com|phishing
gilanevevo.weebly.com|phishing
gonupedifi.weebly.com|phishing
gufakapefevem.weebly.com|phishing
jemogofeti.weebly.com|phishing
jeziwirumefije.weebly.com|phishing
jhdv15jd95.weebly.com|phishing
jigaxokere.weebly.com|phishing
kenufipafalenar.weebly.com|phishing
kkkdocument.weebly.com|phishing
kufidadifijerid.weebly.com|phishing
l0ginboxmail.weebly.com|phishing
ladupizisegi.weebly.com|phishing
ledajesaler.weebly.com|phishing
lejonajij.weebly.com|phishing
lemorixumo.weebly.com|phishing
lfjgljflgjd.weebly.com|phishing
lifezubolafa.weebly.com|phishing
lomobesozav.weebly.com|phishing
lonerunit.weebly.com|phishing
lotufepipum.weebly.com|phishing
lovarewido.weebly.com|phishing
luselovuxetox.weebly.com|phishing
luvodufugatese.weebly.com|phishing
luxufaxunixepu.weebly.com|phishing
masenajeronuzes.weebly.com|phishing
megogira.weebly.com|phishing
meruxanige.weebly.com|phishing
metonokosaza.weebly.com|phishing
mevimozow.weebly.com|phishing
mijuzitomos.weebly.com|phishing
mikatafa.weebly.com|phishing
mivezosikobo.weebly.com|phishing
moxalabukeziro.weebly.com|phishing
munuteme.weebly.com|phishing
nikonewakudofu.weebly.com|phishing
nivirijimukavut.weebly.com|phishing
nufivinob.weebly.com|phishing
nukevokisoget.weebly.com|phishing
nukivobiwej.weebly.com|phishing
nulupuro.weebly.com|phishing
owansuemo.weebly.com|phishing
pamuvomamutafa.weebly.com|phishing
patawera.weebly.com|phishing
patt1min1stud07bst.weebly.com|phishing
penopetidurip.weebly.com|phishing
pozefixinez.weebly.com|phishing
puneliten.weebly.com|phishing
punuvenow.weebly.com|phishing
purusoze.weebly.com|phishing
putoluxadap.weebly.com|phishing
puxokobipo.weebly.com|phishing
puzerufatuv.weebly.com|phishing
puzubogo.weebly.com|phishing
redunexodozik.weebly.com|phishing
rejafolurolege.weebly.com|phishing
rejowuboxobe.weebly.com|phishing
renunuvejo.weebly.com|phishing
rerijore.weebly.com|phishing
rifusefabizavi.weebly.com|phishing
rijopadanag.weebly.com|phishing
rijujofa.weebly.com|phishing
riluvozig.weebly.com|phishing
rimofunoduw.weebly.com|phishing
rinizazekuke.weebly.com|phishing
rizimajapalikum.weebly.com|phishing
rizomoxus.weebly.com|phishing
robevumike.weebly.com|phishing
rofipufexorijol.weebly.com|phishing
rofubedojatedo.weebly.com|phishing
roguxewotare.weebly.com|phishing
rojumiladikeju.weebly.com|phishing
rokojilezel.weebly.com|phishing
roluwisotem.weebly.com|phishing
romitigab.weebly.com|phishing
ronabamipiboti.weebly.com|phishing
ronizizuvuf.weebly.com|phishing
roxabagoxe.weebly.com|phishing
rubosesizip.weebly.com|phishing
rugisuvo.weebly.com|phishing
rujuzodojavumip.weebly.com|phishing
subogepaweb.weebly.com|phishing
sufifova.weebly.com|phishing
sumozizadux.weebly.com|phishing
toromadon.weebly.com|phishing|phishing

Hosts (RFC:953) specific records, not used by DNS RPZ firewalls

No response

SeafeSearch records

No response

Screenshots

Screenshot

         

Links to external sources

https://www.virustotal.com/gui/file/1abf8cfc5ce827912dcf54f3b85d3186309f6ba08cfb12bb7b8c17e079cb1ce4
https://www.virustotal.com/gui/file/ab22f6dd4a14f8e8958a1f5e76d9896319b5b345eec69bccc1a8922ebdc24e9c
https://www.virustotal.com/gui/file/7ead3588a310d339b4868074a25f025f9ce7a5d64f4b5ded13c7beb044002593
https://urlscan.io/result/0b36c380-1e58-4510-a892-9c04d0013b2d/
https://www.virustotal.com/gui/url/b605c87782c750d79b25ccd096bd1138735a22c5b85e9de7ab40015f5414c189
https://urlscan.io/result/7d829fca-f01e-4548-9096-a4b88cb654f4/
https://www.virustotal.com/gui/url/81f062ef999779b3a02a6b90008b5b32cfee0472789b969d0872689e4df0e08a
https://urlscan.io/result/b8ad2ea6-96df-457b-bcaf-3965e81e0243/
https://www.virustotal.com/gui/url/25e5bac4cd8138a321cc9b3347becb26be01438275cfc58bea6aa6d89f48f815
https://urlscan.io/result/de915cbe-1fd3-4664-ad84-2973757c8439/
https://www.virustotal.com/gui/url/625b4a2d32456b9b74b2c4940f9e5bb65acc21454dc770ce817780a363c16473
https://urlscan.io/result/70797b47-ed74-46a0-b8c9-93fc9b0fabc2/
https://www.virustotal.com/gui/url/32645d03e350f591cf81d42e383dafbe809c47a2dd518b49bf5a5d4d8eb84792
https://urlscan.io/result/2468f63d-4827-4c3f-b8b8-07cbaf5c18a0/
https://www.virustotal.com/gui/url/e7130ff4c22f3c5db980ffa05759c8087c515ddf599714e85f541115dedac789
https://urlscan.io/result/4f745826-38ed-47f8-a8c1-fc61dda0090b/
https://www.virustotal.com/gui/url/468cbcf2443d553d0f55c7f746e3e6e0581b7f41be6ceaa92c2c43810b47f9b7
https://urlscan.io/result/57e921c5-90a2-494f-84ce-20b397808992/
https://www.virustotal.com/gui/url/0d43c6ba399068ad369f63ebe89530550e0d0f3b42a3fd8555ea3604bf088eee
https://urlscan.io/result/a447e2ae-0fb7-43d4-b43e-5c23f4117be2/
https://www.virustotal.com/gui/url/da6d44f9fa72fe0b280c82ee38175d96d314a7b2bb6d6bcfd10171b4c47bb1cc
https://urlscan.io/result/1219d34e-51e7-4b54-8fb0-f2328aa25e42/
https://www.virustotal.com/gui/url/5564b443625bb0c4b039a0db74ad6bb5356c2848a6496796b9bcd4a3aa279866
https://urlscan.io/result/5e5a483a-8420-47b3-a4d5-c5f967ea4273/
https://www.virustotal.com/gui/url/fdf6521e8fda7e7212eccca2098fc3eaa4c158bd3212d914aab9ddc77ed70b4f
https://urlscan.io/result/52373eaf-9d4a-4c7d-856a-ffe572d6c8fd/
https://www.virustotal.com/gui/url/131d85b30cc08d5f12376e2628b63471b71b47135515d0e3fb414f66fe693ca8
https://urlscan.io/result/092174db-e064-470e-bc74-2411b7bce2cc/
https://www.virustotal.com/gui/url/60c80e9d9eb7309d3427177e6bc813c1b3561ea24b38efff72c0d38892cc423e
https://urlscan.io/result/a8630355-2fb7-40ef-844a-eb38c7c46112/
https://www.virustotal.com/gui/url/8e3bec53f7be9f2e73dda4e82a9b2e594cb2f9444cf5ac0b5f49ac1b1595cb0c
https://urlscan.io/result/be9a2d69-d6f2-4df3-b48a-1657226e603f/
https://www.virustotal.com/gui/url/6265d4851ef689ac05328fe6c2df079602a74e968b6ce025a18ecca1d3a3afd3
https://urlscan.io/result/0c364d08-2684-4b6e-97fb-4ecaa31a2710/
https://www.virustotal.com/gui/url/4636e48f7843495bfe75da5e0b28bec6df38454add6d5331c356f6da97522744
https://urlscan.io/result/fc0eed34-ecba-4656-b583-e300b01aae7c/
https://www.virustotal.com/gui/url/4a31768b06e16e90f50d1dcfb74e0f79411d610bc414b09ce02333fd673e06f0
https://urlscan.io/result/f713b065-7045-4aad-b662-ffb4d527dcd9/
https://www.virustotal.com/gui/url/687e0b9f245ddeec01e1b9ada820613c6cd10922312565675fcd1e39f698cda5
https://urlscan.io/result/613b0675-a021-4412-973d-967ec0b58647/
https://www.virustotal.com/gui/url/822e2792f084c6aa2c3ceed0ad5a5e4a3ce869c7575b7b6f27973f6b524a7c44
https://urlscan.io/result/68431c62-2f9c-4a8c-ab73-8fa4435bba60/
https://www.virustotal.com/gui/url/f54542a1f0102d00c4b90653985bc1732d34821f01823b05da2c8eb13620b3b3
https://urlscan.io/result/e550d7e6-e5e4-43a2-9ce6-f4002608fb87/
https://www.virustotal.com/gui/url/769cdb5a0f31003ef6c78af71c17856798dd8d0d3865876f65dd50d1cb5b9f99
https://urlscan.io/result/e94a8652-4e9b-4908-9e1e-564e6d6cbd71/
https://www.virustotal.com/gui/url/a1c126954a05d0af586b9468f7d7b21ccaaa80adb82c24a56dda51169b4d36ef
https://urlscan.io/result/d5f299ac-d646-43d2-ae7f-7c707e3e9eac/
https://www.virustotal.com/gui/url/1ce632490a1187e97b7e845cf14694da6d644f88c45ee8af57c99aba8df7554c
https://urlscan.io/result/7d711e4c-753f-4dee-b035-97f36a2d1b8e/
https://www.virustotal.com/gui/url/ce0cdaa89602a3dd92a9dd4789f367fe5e61a032c5751ae1b9becfac21cafc1e
https://urlscan.io/result/5ceaa4b2-1914-4a1e-9c1e-5839ab62f872/
https://www.virustotal.com/gui/url/6e916f6a7113650678f3e5ea88cf9b6f3012f0f7c156f90e6d6664a28c21b911
https://urlscan.io/result/85c3beea-0b9e-4a34-9b05-62f100f1f65c/
https://www.virustotal.com/gui/url/a4754bc7a0df4ce862878af6d2c6526f30bb2f0cb7fab881b446bdd7f1e080b5
https://urlscan.io/result/b8e2f753-b59b-4ac6-a77e-768cbdf724b5/
https://www.virustotal.com/gui/url/562698c6fabae2bcbea74c8e58e41e60e6766d01d5475e59a84e508a428b548c
https://urlscan.io/result/5ac81b50-6b6e-4c5d-bd75-8ce3e3b77b18/
https://www.virustotal.com/gui/url/337fcef7222710519ea033ef039ba4f5835faf6b4fba97bdde67616ade87a028
https://urlscan.io/result/58d0c6fa-51f4-4043-b0d1-c9121a32a814/
https://www.virustotal.com/gui/url/3bcc315a33b394c274159fd9f979e681935bc5444eabf3e32d44f4f75fbe16ba
https://urlscan.io/result/e1016990-4c2b-4b27-b305-eb9bb360e496/
https://www.virustotal.com/gui/url/c42f027f46e0503aa819bf999f0b4e9efc22a9351c137a9ee72a1f5a5916e46a
https://urlscan.io/result/93316351-df53-4306-aab2-6997ce9e2e8a/
https://www.virustotal.com/gui/url/100d4c870a48ff125731f59548f0628d7197d7137a4eb3b9f26e9d7fab6f3b4e
https://urlscan.io/result/1db87900-cfcb-47fa-b8e5-07b02022a0a6/
https://www.virustotal.com/gui/url/c9a9eb76964dec02debdbc6c4aa1e20247a99cf2131bb82be894251fc34cdc54
https://urlscan.io/result/0b0c96cd-23f9-41b0-b1c3-c49a948f86d8/
https://www.virustotal.com/gui/url/036ff8eb60bc1d1089e4c4eed1bfa598cb3f0014ab8f961f5af51461ab8d8b25
https://urlscan.io/result/447fb6d8-63f7-41b3-abac-a5ef88802baa/
https://www.virustotal.com/gui/url/cafbb923c5a5c8ca00d8617dd25243a999b1921e4574be43bacd5ec0725cd6b8
https://urlscan.io/result/63abbc7f-a8c3-4e4f-9f15-5831526a0cf9/
https://www.virustotal.com/gui/url/10e8225b647879eb1489e5d885cf9f4f7ac58bb22df8148972be657785e041b3
https://urlscan.io/result/9fb4f4d9-e4d3-4d89-b583-290f7e31d4b1/
https://www.virustotal.com/gui/url/259166e7c9a2be936ef67131259526a7892354941500c014c36ce81af455f56b

logs from uBlock Origin

N/A

[spirillen]

Hi @g0d33p3rsec don't waist your time reporting webly here or in @mittchells phishing project, send the report straight to webly, and the domains are taken down within hours.

They are very keen on these matters so they are acting swiftly, and they usual have a online report/email you can use.

[spirillen]

OK, I stay corrected... they have giving The harness to CloudFlare to control there servers, which means nobody can access they domain, nor send any reports...