Alan Neilan's blog of random stuff™

Project maintained by ANeilan Hosted on GitHub Pages — Theme by mattgraham

Crap I Found On The Internet: (2020/10/19)

Hey folks, here’s another list of phishing kits i came across while combing through certstream data. Uploaded these samples to malshare.com. Will eventually get in some sort of routine as far as posts are concerned.

Phishing Kits

URL IP Exfil Email
amperan[.]cf/BENCET%20WA[.]zip 64[.]20[.]55[.]122 tamadika524@gmail[.]com
bcdgpdfcarter[.]cf/monman321[.]zip 45[.]88[.]3[.]184 samsyleo700@seznam[.]cz
bcdgpdfcarter[.]ga/bcdgpdfcarter[.]cf/monman321[.]zip 45[.]88[.]3[.]184 samsyleo700@seznam[.]cz
buruan-ambil-event[.]tk/Gratis-pulsa[.]zip 5[.]189[.]179[.]20 pengangguranmuda[.]official@gmail[.]com
claimcodaevent[.]eventszs-xyzz[.]my[.]id/coda-level%20by%20hada[.]zip 207[.]180[.]252[.]85 unchekffburik@gmail[.]com
claims[.]event-terbaru3[.]my[.]id/SC_P_New_Obet_Bet[.]zip 161[.]97[.]80[.]98 obetbet@gmail[.]com
claims[.]x-itemgg3[.]my[.]id/SC%20SHOTGUN%20BY%20AWAL[.]zip 161[.]97[.]80[.]98 sadboyawal@gmail[.]com
claims[.]x-itemgg3[.]my[.]id/scnewrizkidwi_incu[.]zip 161[.]97[.]80[.]98 pakeemaillo@gmail[.]com
confirm-account-page-service-support[.]gaspem[.]com/assets[.]zip 101[.]50[.]1[.]26 None [1]
confirm-account-page-service-support[.]my[.]id/assets[.]zip 101[.]50[.]1[.]26 None [1]
dmff[.]free-fire2[.]my[.]id/SCINCU[.]zip 167[.]86[.]114[.]103 uncekinputanff@gmail[.]com
free-bits[.]ml/GR8-Faucet-Script-Lite-v1[.]zip 89[.]163[.]146[.]123 None
getitemfreefireterbaru[.]infoevent-kulgar2020[.]ga/Sc%20Terbaru%20XM8%20Incubator[.]zip 62[.]171[.]153[.]230 ridhoganteng@gmail[.]com
instafoll[.]my[.]id/2/IG%20Script[.]zip 189[.]85[.]36[.]20 None [2]
instafoll[.]my[.]id/257d12f1d33880b28d4cc75730543f4e[.]html[.]zip 189[.]85[.]36[.]20 aulia[.]abdurrahman8899@gmail[.]com
instafoll[.]my[.]id/5/Script%20Phising%20V2[.]zip 189[.]85[.]36[.]20 None [3]
neweventgratisgg[.]gq/Codashop[.]zip 79[.]98[.]30[.]106 jekygradi@gmail[.]com
poeaktr-71[.]gq/TDCC[.]zip 195[.]62[.]32[.]235 mail@gmail[.]com (unconfigured most likely)
poeaktr-71[.]gq/TDNOCC[.]zip 195[.]62[.]32[.]235 mail@gmail[.]com (unconfigured most likely)
police-secure-62787321[.]tk/CC_LOGIN%20(1)[.]zip 101[.]50[.]1[.]53 None [4]
pubgmglobal[.]cf/blackpink%20sc[.]zip 167[.]86[.]114[.]103 taherdablang123@gmail[.]com
pubgmglobal412[.]hansfarhan[.]asia/blackpink%20sc[.]zip 167[.]86[.]114[.]103 taherdablang123@gmail[.]com
roakt-71[.]ml/wp/vraitax%20(2)/interac[.]zip 162[.]241[.]117[.]240 all[.]results13@gmail[.]com
jimmydang3910@gmail[.]com
jjimmydang3910@gmail[.]com
kassimusprimus@gmail[.]com
marcusfield20@gmail[.]com
www[.]bcdgpdfcarter2[.]bcdgpdfcarter[.]ga/monman321[.]zip 45[.]88[.]3[.]184 samsyleo700@seznam[.]cz
www[.]free-bitsml[.]claimbitcoin[.]pt/GR8-Faucet-Script-Lite-v1[.]zip 89[.]163[.]146[.]123 None
xf37yufbewy8r798u4fwuyrjgyi7893fioje4jhvrbyg7898[.]loginhy[.]ga/Comcast20[.]zip 142[.]11[.]232[.]182 None [5]
xm8incubatorgiveawey[.]diamond13[.]cf/INCUBATOR-XM8%20%20%20BANDHEL%20INCU[.]zip 62[.]171[.]153[.]230 bersama[.]1akun@gmail[.]com

[1] writes to rtd.txt

[2] writes to aranankullanicilar.txt or Hasil.txt

[3] writes to IP.txt, mail.sedat or hesap.sedat

[4] writes to two text files: ____________PAYPAL_________.txt and ___________________________C^C________________________.txt

[5] sends to telegram chat: 1211929484; token: 1111796277:AAFxcNgtuKsw4PmEXPfYs---CM8HgjHyCbM

Return to index