Alan Neilan's blog of random stuff™

Project maintained by ANeilan Hosted on GitHub Pages — Theme by mattgraham

Crap I Found On The Internet (2025/03/22)

Hey folks, it’s been quite a while since I’ve put up a blog post about random stuff I found on the internet (phishing kits and the like), figured I may as well start putting stuff out. Here’s a table of phishing kits I came across while scraping certificate transparency logs for sketchy domains.

Phishing Kits

URL	IP	Exfil
`mail[.]coi3456[.]duckdns[.]org/d/coinspot[.]zip`	`138[.]197[.]46[.]101`	`Telegram channel`
`coi3456[.]duckdns[.]org/d/coinspot[.]zip`	`138[.]197[.]46[.]101`	`Telegram channel`
`www[.]coi3456[.]duckdns[.]org/d/coinspot[.]zip`	`138[.]197[.]46[.]101`	`Telegram channel`
`mail[.]tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip`	`152[.]42[.]240[.]196`	`Telegram channel`
`www[.]tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip`	`152[.]42[.]240[.]196`	`Telegram channel`
`tukar-poin-bri[.]duckdns[.]org/BRI%20kupon[.]zip`	`152[.]42[.]240[.]196`	`Telegram channel`
`bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`mail[.]bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`mail[.]ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`mail[.]trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`www[.]bbidtarif-brl-layanan[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`www[.]ibbb-brl-ib[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`www[.]trf-brlm0-online[.]duckdns[.]org/5_6253793315817264535[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`dana-app[.]duckdns[.]org/danalogin[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`mail[.]dana-app[.]duckdns[.]org/danalogin[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`www[.]dana-app[.]duckdns[.]org/danalogin[.]zip`	`178[.]128[.]96[.]198`	`Telegram channel`
`ser205[.]zzux[.]com/New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip`	`216[.]194[.]169[.]152`	`sahil[.]ahmef[@]yandex[.]com`
`www[.]ser205[.]zzux[.]com/New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip`	`216[.]194[.]169[.]152`	`sahil[.]ahmef[@]yandex[.]com`

SHA-256 Hashes

Phishing Kit	SHA-256 Hash
`coinspot[.]zip`	`4214d5d3f9358450f9880ba053dab77bf0f840cf3360201ca56fa7c514e20be2`
`BRI%20kupon[.]zip`	`aab2e4bafe2468a9c0ffbd6b2b90f8fdcc0671f38ffe5e344774c8b51ec55f4f`
`5_6253793315817264535[.]zip`	`1429d71d75ad48c551911f6c05fca124dd1d755809c74950b0ed8014a98d3358`
`danalogin[.]zip`	`12efcff8e16cc51d2080ba732e9dc88412e47e8f2d2976bac47e2aa4e95b7720`
`New%202022%20Office%20Scama%20(%20Leaked%20CodeFam)[.]zip`	`259741cbcccd6cac6e8d96ad74af04d55ff43dc42c1dc38537c3cf92189fb502`

So, in closing, I’m hoping to start doing these more often. Also, if there’s any company wanting to hire me, I’m currently unemployed at the moment. Resume is available over here.

Return to index