Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add subdomains of r2.dev #441

Merged
merged 3 commits into from
Jul 4, 2024
Merged

Add subdomains of r2.dev #441

merged 3 commits into from
Jul 4, 2024

Conversation

g0d33p3rsec
Copy link
Contributor

Phishing Domain/URL/IP(s):

pub-023f4dfccb2f41bfa571925f96e1ffaa.r2.dev 
pub-0259917d32254fe8ad9ed6707a70637d.r2.dev
pub-0334284d22f84d10b2472fd742667ba8.r2.dev
pub-09629487ba124d788b241976d2fe86cf.r2.dev 
pub-0cfe3415fa8c4bf1a3062aea01c52f88.r2.dev
pub-0f4d3c793e8a478ea29a9906fd715070.r2.dev 
pub-12593f612a3248be91e520847ebf8634.r2.dev
pub-147549d3891840ab821de31d767c6c84.r2.dev
pub-187b2d91c0494f3ba5ec3b326cc8fed8.r2.dev
pub-1c861328e4394134a30770372c6b7a26.r2.dev 
pub-1df06f7132484c6b9502522b54e36ba7.r2.dev 
pub-1eaf8d9fdf504256ad21005c83cb81f5.r2.dev
pub-2072f07f599f497c92468dc206ee86cf.r2.dev 
pub-2202f5760eea4f5eba334684a3d617f9.r2.dev  
pub-221ef61f179e48f79f931e1342529256.r2.dev
pub-2383eec70aab4ed3a49d29e42dc41b72.r2.dev 
pub-28dfeb6275f8415ba3e6b97dfff9ccfc.r2.dev  
pub-2af9861a7e9e48a3b45c657d7f829fad.r2.dev
pub-2edc56a957da4485a7e513f8b429d183.r2.dev 
pub-2f99ca1602494489a730146d1445354a.r2.dev 
pub-30781165e10b47b6b8f68fdf836b82ba.r2.dev
pub-323694060f084296849c23a93ca80681.r2.dev 
pub-339ed1e572c44e38b332b62b38f3360c.r2.dev 
pub-34529312c5dd453986b0d61ff76b5372.r2.dev
pub-35aaf76b847448e4bac44c015fe1e7df.r2.dev
pub-384819f358494f06b5be0b5af5226eb1.r2.dev 
pub-3a226c66bcda41e4bbeec4790c71c89c.r2.dev 
pub-3cdaaa1882ee49b9b86c737c7a415673.r2.dev
pub-3db84b77bcfa4a4ba70ea134e6534162.r2.dev
pub-40c506cd57fe4835b8cb3b993bbf4db2.r2.dev
pub-4c2a13d01dab4ade9268be6759a387c8.r2.dev
pub-4d7d8582319341bab4de01da24967d41.r2.dev 
pub-4d97631662434b85845e7be2b52b6e61.r2.dev
pub-4e9d559e11c54314b7639d20c3d13682.r2.dev
pub-52f45a7ed2554e079cb905f0c23e9b8d.r2.dev 
pub-68edf352d5f54adf86c1b1191639904b.r2.dev 
pub-6d663fb85dd14d5eb780578314065a6f.r2.dev
pub-8119568960374eaf95754898eb47073c.r2.dev 
pub-8157f386fb5147f89167cfced15f1d55.r2.dev
pub-8334a0b1a0324fdd9222e4b2545d374b.r2.dev  
pub-8bbbc30421814f1bac74c610fb3d9bf5.r2.dev
pub-928ffaf37dd04d12b4e22eab0dc5391f.r2.dev
pub-950afa4f5cd84f7ca09011c3d6e7f1eb.r2.dev 
pub-96fed86dbb194ac88e9e3c705f9e5649.r2.dev
pub-976621225a0a41a99730fd00df2f79f7.r2.dev 
pub-9d425aa9335c4307a502c0721d499bdd.r2.dev 
pub-a7aa109e9db04b97ba2fc89747a05209.r2.dev
pub-aa456431547a4e28948699d7c6a22006.r2.dev
pub-b3fdefdd677647fe8069fd5c0cf6c412.r2.dev
pub-b558c1ae85844c4f90468f05ab9dc09a.r2.dev 
pub-b6b9f0a2f10b4886a26f1094028c95ec.r2.dev
pub-b808d49393464900ab418430c76582aa.r2.dev
pub-c89637694ef84619b8853f66dc50ce61.r2.dev 
pub-c8ae5924edd84c49b96912a5a66b9423.r2.dev 
pub-cdf13789ac034ca29ab43424244b494a.r2.dev 
pub-d150cc0edea74105806ff1de75075324.r2.dev 
pub-d69751ce7c104b1a8abc630d80ac130c.r2.dev 
pub-d8e68521c76b4ecd816eb306fc057a59.r2.dev 
pub-d9d21bff96fe4c7c808353a8e3cd886e.r2.dev 
pub-e13c11a0d7e84db8b9c7e7f4b9dc3ad9.r2.dev 
pub-e4b13c28b9ef4867a84f0a61d1d81aef.r2.dev 
pub-efe8c223714242868bdd2fa750e67f77.r2.dev
pub-f18c3d444059460880d86ed436e28dd3.r2.dev 
pub-fc37d2d339714056b7f16368b49ae532.r2.dev 
pub-f6db2c0ee1c0404e886e1c7bbc03c06c.r2.dev

Impersonated domain

https://www.adobe.com/acrobat/online.html
https://www.adobe.com/documentcloud.html
https://www.docusign.com/
https://login.microsoftonline.com
https://outlook.office.com/
https://www.linkedin.com/
https://www.capitalone.com/
https://www.intuit.com/
https://www.truist.com/
https://metamask.io/
https://www.fnb.co.za/
https://www.zimbra.com/

Describe the issue

I'm following up on a host I noticed a few days ago that appeared to be hosting multiple malicious subdomains. The subdomains listed were found by searching for r2.dev on urlscan.io https://urlscan.io/search/#r2.dev and reviewing the past three hours of history, looking for live pages.

Related external source

https://urlscan.io/result/c2d5990a-dab0-462b-a151-ed04725f709c/
https://www.virustotal.com/gui/url/1d82c9d2a830cbdd03ffd2c103103c3a991f9ace85665bbad6706987212acfd5
https://urlscan.io/result/40630d23-29b2-412e-9a8b-50ed5ec9880e/
https://www.virustotal.com/gui/url/de8a147036a6780d6e8c3f002e81e8a280d3ecd8fa41932f312418a7b77ed8ee
https://urlscan.io/result/546603e8-3e87-40a5-9876-c99875ba04c7/
https://www.virustotal.com/gui/url/6b041f98ee4d108d18abc3556da0e228ed265b932000368c3218b70049e8fb28
https://urlscan.io/result/7cc1c164-3d92-48b7-b3ed-934ff1facc48/
https://www.virustotal.com/gui/url/04120412f304230c10d5546dd5cabc34c3e84f8172b0c842e32470439d36b23f
https://urlscan.io/result/a05ea633-f5a1-472e-813f-d89c9fa7c750/
https://www.virustotal.com/gui/url/f70189d79293ce79512bb8bef1592467998d0e216ff2d70fb5eac9caa4c44ab6
https://urlscan.io/result/8ada7f0d-4a5f-47d0-b20f-be32eb6aede0/
https://www.virustotal.com/gui/url/43637e70321157d83562295d1ac0f2184d6b72f2ac81da0ee3f1d03c0626ddeb
https://urlscan.io/result/6f8d1e07-d4c3-4ca4-9d56-1c28c6158a4b/
https://www.virustotal.com/gui/url/4c46f1418fdfb6997d66059d7ceac18def6f0f89dfa2c807fa83ecd89f08956d
https://urlscan.io/result/c1eaeefc-3592-407a-aaa8-1d05069a3f43/
https://www.virustotal.com/gui/url/6677c46173c93991955050cf870ac8e1f167655866096338128692765d8f7fd4
https://urlscan.io/result/880e6cda-0d7a-4580-ae3b-5aa1c4203e51/
https://www.virustotal.com/gui/url/5fda680a208a83038603670f6548c88ecc116da007521445370ce481a549bec7
https://urlscan.io/result/0e75d5b3-b04a-472c-92dd-99dc79522e6c/
https://www.virustotal.com/gui/url/2c1d5b93a92371e7ce6d4915ae92b23586cdd955db442ba574221cde76405bd5
https://urlscan.io/result/de611051-e77e-4ae0-ab38-15ebdb843781/
https://www.virustotal.com/gui/url/56ee4883830b7d3446e243a704dcbd43d69cd12086bb8929aa200a4c934fea37
https://urlscan.io/result/a173de53-39d9-4c01-93db-185b74738488/
https://www.virustotal.com/gui/url/e020d70295230f9dae0f6e528a4cb654273582770ccf28e6bd918c2266953f76
https://urlscan.io/result/39c85b7d-f7e4-48e8-abbb-3debe9e36066/
https://www.virustotal.com/gui/url/5c954165990c9cb1d1bbe36dc241a8e52c2e58c29a651edd961a5219d4aa62ff
https://urlscan.io/result/e1923816-3579-41e3-b461-b5a07d77e5bb/
https://www.virustotal.com/gui/url/18278ee2d105896c4be16c63bec6d7d73b8d37797021220f143f8e16d366919c
https://urlscan.io/result/6e9d5cbd-14fd-44b4-bc2f-e291a2df408f/
https://www.virustotal.com/gui/url/87a7a2184e091df0577c85c84141c188f4c75204cd6c8372280c2ba5141ebfc0
https://urlscan.io/result/0d4cacca-642a-4728-a065-345f08a82a6e/
https://www.virustotal.com/gui/url/647f72d61b994c0545b98eb193789e67155dab8749826170cd5076fc7bba63c4
https://urlscan.io/result/3972114e-e2f9-44a0-8093-8008d413526f/
https://www.virustotal.com/gui/url/8df66d8abf0f3b0726b53c8f71aab9d9835fe7bf19fdbe6bcecf8c6363515fc3
https://urlscan.io/result/03e4528e-50c1-4a4e-a0f4-7d36768e05ae/
https://www.virustotal.com/gui/url/81641ae7f38d930a517eb9e53e43debe97656bb1dd8d6a86e19a8de032c58c50
https://urlscan.io/result/aecede64-b849-4075-807b-afd2dbcbd1b9/
https://www.virustotal.com/gui/url/0a13f84d79234816cdc5b921ab10213799d607a9b6a8af4d420dbab135666f12
https://urlscan.io/result/4fe65486-8fa8-47fc-940c-a6237afffc93/
https://www.virustotal.com/gui/url/f96b7c12fd5ef3d67c41c827603782afdaecea77436f84bddab32aa5216b0c39
https://urlscan.io/result/3510d2bd-8664-45b8-8321-f476486b8d12/
https://www.virustotal.com/gui/url/2d788a81341332d45ecf972eda49bc2b789fddf9558a2aeaa794547f9a5230b1
https://urlscan.io/result/341042de-36e5-4895-8b80-ef41e15b8c5b/
https://www.virustotal.com/gui/url/65e21cd07994e4f33baf84e6081aa59379690118ed6a76a4f69abd488d6f253e
https://urlscan.io/result/bff624c7-513a-41fc-be13-bcbcc7b91cbd/
https://www.virustotal.com/gui/url/03eefe066325aac68756e95e5e580a15fe5b7fb3ede9f541cffe612826b71abe
https://urlscan.io/result/dba62bcf-1b5e-4776-9f7d-82ab7c3e667b/
https://www.virustotal.com/gui/url/f32e9db15c6c3137ca9f0d15239e82a60e9fb09f1f5f51ab355b3e180235e62a
https://urlscan.io/result/6d552684-0130-4368-be6d-90029f25c6a0/
https://www.virustotal.com/gui/url/b4c1bb33ace633d0e4f233938409a60d3f5c8ada43aa47ae9f9bd6444ece1fa2
https://urlscan.io/result/060103d4-8e56-4389-b9a0-2fed63157bb8/
https://www.virustotal.com/gui/url/05bcddfeba319c18e8d6a58e7169177ed137145edbf146a544d21cd9112488fb
https://urlscan.io/result/3a9d0c61-b3c4-4847-8818-a7d68c05b127/
https://www.virustotal.com/gui/url/833cdfdcd4069a02621eb2b52b4b4f89041771c3bde9bf20ae0d4d18984a4a55
https://urlscan.io/result/5c2d06a8-b939-4bd2-8ff6-d6c0df706398/
https://www.virustotal.com/gui/url/9d24d859c7cd073aeca4aab8d7ce4cc34814f24af581f2140ab04411d99add47
https://urlscan.io/result/5a09848a-5075-4fa5-8ba4-fa3b7c219fd9/
https://www.virustotal.com/gui/url/f308847d1f996be31c7f18ff59b9c1653a37f87537ec691039935f59af2daaad
https://urlscan.io/result/d5e1bbb8-e7cf-49a6-b7aa-ae6ca0684d38/
https://www.virustotal.com/gui/url/098458e744ff395d2e8ccac7fcbc93441ae7bac4323170dc6f760c742cce606b
https://urlscan.io/result/649b0352-24f5-41f7-a91b-09598ab85dd2/
https://www.virustotal.com/gui/url/a96ff6e20720fc8a3c7c8bbd62d88ddab4721514610f5a296acc55814e899bdf
https://urlscan.io/result/7c63618d-2db6-484d-ad4b-e8b5dc6e712e/
https://www.virustotal.com/gui/url/458222f3910a93ef861d8625b424570684182cad8e2b66d722610858022bced0
https://urlscan.io/result/af4b7571-322a-4582-bbf2-2e7e17fa6806/
https://www.virustotal.com/gui/url/998c1307d0bb41a1f87aa8627ba86e115219bb4eea1770af0ba619a8b8bf130e
https://urlscan.io/result/d12f39c8-8d8d-41ce-9ab4-6e67810da523/
https://www.virustotal.com/gui/url/27cf80c3debc40aa02eb15b01f089d8a1ec7fcce3f574bcc271efd3d42f2ba80
https://urlscan.io/result/38eaafa2-d873-4c27-8b52-d36b51333d84/
https://www.virustotal.com/gui/url/b130943f95afd3afbe542fa6932008a769e16a2df96b93be10914928b287c1ad
https://urlscan.io/result/71482858-e11a-4672-b7e8-7bdbe812446a/
https://www.virustotal.com/gui/url/de9f9c7d6cba9ce4283fc3e37b4ecc70819ce9353c021dcc10bd442c000eb504
https://urlscan.io/result/5337076c-2c91-4ff7-8f0f-d8dddaf8470b/
https://www.virustotal.com/gui/url/dc7213495ede449a12ebd16467492bdfc8cb794991a5d8b409db94bd2b76de58
https://urlscan.io/result/ad3e309b-144f-4615-9f1c-fe945db168ba/
https://www.virustotal.com/gui/url/eded2cdeec4f75a603846afb00c3e30b7aedbc910ee4401b7a6c155510e62872
https://urlscan.io/result/5f59d74b-784d-44a0-8445-10b7d97f04a4/
https://www.virustotal.com/gui/url/a39f0bd7510c291b0014de6bd578bf31511e345b38813337f135865bfac12c2e
https://urlscan.io/result/8db7bdf7-9edf-4306-9455-5f006116d66e/
https://www.virustotal.com/gui/url/82db69b9dc591b19e5d9fb1717ffe2695aac12a8b3ec5cee549d83132a90b5f1
https://urlscan.io/result/ae75a8c1-2fc8-4d56-a63f-ea6a5447f966/
https://www.virustotal.com/gui/url/065d22bf40dac6753ac0691b9c599a3f1d3abd22a3f029b836d84e5d7a5a03aa
https://urlscan.io/result/26f4fc5b-a452-4455-8c1f-84503d97bd7b/
https://www.virustotal.com/gui/url/c4d795ea81fc6df77909ab74c92646868eb12ffab5245efa981efba25bd4a328
https://urlscan.io/result/b6e5df83-52a0-4624-a006-56b11e9cecba/
https://www.virustotal.com/gui/url/bd67605a504be06902fe1e5cef31e39b7e1b08dd2f6a64bb4a9e788bdaf6e298
https://urlscan.io/result/49e83528-085d-4274-913c-98e09a4ee3e7/
https://www.virustotal.com/gui/url/567c9a72a9135bbd12ea64a12c2817883052987a6b354b17fbbb31312d812373
https://urlscan.io/result/97f86dbf-32e7-4bb1-8e08-ae5d7b8cb324/
https://www.virustotal.com/gui/url/a29d42f6743e98f6ad14afd2c0f245e1bcd0e3719c44f64216e8799886969a81
https://urlscan.io/result/9b53e2b6-b61a-499b-8c52-5f5bb078adea/
https://www.virustotal.com/gui/url/a0082d74dbf86c8ca40905721a4f4d5ff422442d65ba15b5fd2e048701b15921
https://urlscan.io/result/0284de8f-4eb4-498f-8bda-03093317967a/
https://www.virustotal.com/gui/url/70af1a705996e3a6f0e93401aae8a29a23bb384433b31ca551f9468933b05135
https://urlscan.io/result/76c61c67-adf2-4bf8-ad2a-673b64eeab4c/
https://www.virustotal.com/gui/url/816670aa0265c0c3a3396feff6e545f606efb735582f680e0ba8ead808a607e1
https://urlscan.io/result/cf374394-5623-47f4-b91f-b8bd592db817/
https://www.virustotal.com/gui/url/1a06fc8b4462f0d004d8dabc0006b893ef97edfd60a5675140a1c790bf1e1308
https://urlscan.io/result/4c7d1721-50e5-4079-93ee-6dcbb1ffcc0f/
https://www.virustotal.com/gui/url/a76fa87b85f1924205d47abeed1498a69156d27fd4c3d7993b89979b806b36e9
https://urlscan.io/result/843e16f0-634d-459b-a29d-3b87723c9da7/
https://www.virustotal.com/gui/url/07452743438d0d2a2103460826bf512a9cf0802721952db86e1d1a9a4e0002f0
https://urlscan.io/result/8a535efe-fa5a-446d-8ca9-201364cc29a8/
https://www.virustotal.com/gui/url/f163f0027dd451a8b50b05328da7c29560b35f0e90555c4e2e022fdfd439c141
https://urlscan.io/result/9f269a5e-f612-49bb-81fb-ffc094f4fda2/
https://www.virustotal.com/gui/url/a868e78bc7c4553446e37415f2f72d7588e9d839625e697357cdc3a7303da83d
https://urlscan.io/result/ef763d42-85ba-42c2-8d85-7f88728ffcb1/
https://www.virustotal.com/gui/url/89c948247763ff634d2da1d527f9b8d8bd6a818d5af118c236c11fa8d56dc3af
https://urlscan.io/result/054f4629-3fea-48eb-8bed-f50cd0e7607f/
https://www.virustotal.com/gui/url/d6ea2962324338c3420a9d580df35c6c39150d05f7fb5c09dad9dd8ac7e780fe
https://urlscan.io/result/a56ee1c9-9553-46df-a582-d66d425c58bb/
https://www.virustotal.com/gui/url/fa279595ad03787969aca33b57d2849118ccf523c5b3ffcadc23d4e18678636f
https://urlscan.io/result/72e1e1d4-c98a-4cf1-8594-7a01700251d7/
https://www.virustotal.com/gui/url/38012d111c161535585eae01a09bdd579ca8d81518616ef34070cd6317da5e5c
https://urlscan.io/result/28e217fa-8880-4959-bb7d-45fc5c52ec52/
https://www.virustotal.com/gui/url/6e92341c24ed731a118d793729a75cbf63722c474f41d54af547102a16f16f50
https://urlscan.io/result/3d73e083-e830-4b3b-a51e-0249bd174e24/
https://www.virustotal.com/gui/url/70d455445bf08138047983251da0819933a566773aee78db7fa06fb742455037
https://urlscan.io/result/de0754b9-a090-460f-89fe-929a68b72cf7/
https://www.virustotal.com/gui/url/d42f1df744cbf566c4ed4f3563f24ab5ed255ae9a8daeba737feb59e465c3c13
https://urlscan.io/result/cd6a2827-fbbb-40a0-bb65-e58e00077a06/
https://www.virustotal.com/gui/url/becda126ccead9f18a90a74f11da45816d593eec2448a3b27a03d54588bd2cb2
https://urlscan.io/result/7f767908-cc1c-4b5e-8cf9-65f35165cd27/
https://www.virustotal.com/gui/url/4789629d27339abda36c553e63043e7b83e1637540a7344b12aacc377ec43488
https://urlscan.io/result/3f43bb9a-c819-4644-8425-d3305fdb3ba8/
https://www.virustotal.com/gui/url/3d82795b2d69a60b2430535de31e573f789707284c86d13452d73de9008bc27f
https://urlscan.io/result/04df2b32-d337-4f5b-b58b-a9af9e9148d3/
https://www.virustotal.com/gui/url/943f9c6901a3fbb6a5c979dae6b1770ee92251f776fb19b431e3d3bb91c958be
https://urlscan.io/result/e9ca55da-4996-4dd7-acf1-06d8915bd283/
https://www.virustotal.com/gui/url/79eac4ea1a59c6002b4a2412578b618419557cbaeba55a8b34c8a08b02f915b3
https://urlscan.io/result/fbe7e071-5374-4c9b-8000-4bbc4dfa2982/
https://www.virustotal.com/gui/url/ad04959a8f731755bb56f4f9e565919fa34be7a7b03adbcc9171ad62046044d9
https://urlscan.io/result/e3aa40d4-7f85-4750-8ca6-4e4a014fb64e/
https://www.virustotal.com/gui/url/aee001b4d91d4c9e98749a7173901fab751b47da65a8931b502f612350d4c685

Screenshot

Click to expand

image
image
image
image
6f8d1e07-d4c3-4ca4-9d56-1c28c6158a4b
c1eaeefc-3592-407a-aaa8-1d05069a3f43
0e75d5b3-b04a-472c-92dd-99dc79522e6c
843e16f0-634d-459b-a29d-3b87723c9da7
a173de53-39d9-4c01-93db-185b74738488
image
image
image
03e4528e-50c1-4a4e-a0f4-7d36768e05ae
aecede64-b849-4075-807b-afd2dbcbd1b9
3510d2bd-8664-45b8-8321-f476486b8d12
image
3a9d0c61-b3c4-4847-8818-a7d68c05b127
image
af4b7571-322a-4582-bbf2-2e7e17fa6806
5337076c-2c91-4ff7-8f0f-d8dddaf8470b
ad3e309b-144f-4615-9f1c-fe945db168ba
5f59d74b-784d-44a0-8445-10b7d97f04a4
8db7bdf7-9edf-4306-9455-5f006116d66e
ae75a8c1-2fc8-4d56-a63f-ea6a5447f966
b6e5df83-52a0-4624-a006-56b11e9cecba
image
image
76c61c67-adf2-4bf8-ad2a-673b64eeab4c
cf374394-5623-47f4-b91f-b8bd592db817
image
image
image
image
image
image

spirillen added a commit to mypdns/matrix that referenced this pull request Jul 4, 2024
@spirillen
r2.dev
f2a712d 
Closes #632

Rel
- #607
- Phishing-Database/phishing#441
@spirillen spirillen merged commit ec99ce4 into Phishing-Database:main Jul 4, 2024
1 check passed
@g0d33p3rsec g0d33p3rsec deleted the add-subdomains-of-r2.dev branch July 5, 2024 01:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@g0d33p3rsec @spirillen