Hey folks, it’s been quite a while since I’ve put up a blog post about random stuff I found on the internet (phishing kits and the like), figured I may as well start putting stuff out. Here’s a table of phishing kits I came across while scraping certificate transparency logs for sketchy domains.
URL | IP | Exfil |
---|---|---|
mail[.]coi3456[.]duckdns[.]org/d/coinspot[.]zip |
138[.]197[.]46[.]101 |
Telegram channel |
coi3456[.]duckdns[.]org/d/coinspot[.]zip |
138[.]197[.]46[.]101 |
Telegram channel |
www[.]coi3456[.]duckdns[.]org/d/coinspot[.]zip |
138[.]197[.]46[.]101 |
Telegram channel |
mail[.]tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip |
152[.]42[.]240[.]196 |
Telegram channel |
www[.]tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip |
152[.]42[.]240[.]196 |
Telegram channel |
tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip |
152[.]42[.]240[.]196 |
Telegram channel |
bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
mail[.]bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
mail[.]ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
mail[.]trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
www[.]bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
www[.]ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
www[.]trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
dana-app[.]duckdns[.]org/danalogin[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
mail[.]dana-app[.]duckdns[.]org/danalogin[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
www[.]dana-app[.]duckdns[.]org/danalogin[.]zip |
178[.]128[.]96[.]198 |
Telegram channel |
ser205[.]zzux[.]com/New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip |
216[.]194[.]169[.]152 |
sahil[.]ahmef[@]yandex[.]com |
www[.]ser205[.]zzux[.]com/New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip |
216[.]194[.]169[.]152 |
sahil[.]ahmef[@]yandex[.]com |
Phishing Kit | SHA-256 Hash |
---|---|
coinspot[.]zip |
4214d5d3f9358450f9880ba053dab77bf0f840cf3360201ca56fa7c514e20be2 |
BRI%20kupon[.]zip |
aab2e4bafe2468a9c0ffbd6b2b90f8fdcc0671f38ffe5e344774c8b51ec55f4f |
5_6253793315817264535[.]zip |
1429d71d75ad48c551911f6c05fca124dd1d755809c74950b0ed8014a98d3358 |
danalogin[.]zip |
12efcff8e16cc51d2080ba732e9dc88412e47e8f2d2976bac47e2aa4e95b7720 |
New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip |
259741cbcccd6cac6e8d96ad74af04d55ff43dc42c1dc38537c3cf92189fb502 |
So, in closing, I’m hoping to start doing these more often. Also, if there’s any company wanting to hire me, I’m currently unemployed at the moment. Resume is available over here.