Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update add-domain #544

Closed
wants to merge 1 commit into from
Closed

Update add-domain #544

wants to merge 1 commit into from

Conversation

AnthonyJoh586
Copy link
Contributor

@AnthonyJoh586 AnthonyJoh586 commented Dec 24, 2024
edited
Loading

Phishing Domain/URL/IP(s):

https://bitflyerjajplogin.sviluppo.host/
https://bitflyerjp.mtl2k23.workers.dev/
149.62.185.88

Impersonated domain

bitflyer.com

Describe the issue

Phishing site impersonating bitFlyer, Inc which is Japanese crypto currency exchange company.
The site tries to the customer's login info and currency.

bitflyerjp.mtl2k23.workers.dev is just used as redirector . This domain may be distributed on email or sms to lead customers to this phishing domain.

Related external source

[URL scan] https://urlscan.io/result/61691f9d-40b5-4b57-a688-be849427a040/

There was phishing site similar to this. Look like same phisher.
https://urlscan.io/result/379957ed-5c3b-4fdf-9961-971b2358c184/

Screenshot

Click to expand Screenshot 2024-12-24 at 12 55 27 Screenshot 2024-12-23 at 10 16 49

@AnthonyJoh586
Update add-domain
6de93b2 
Signed-off-by: AnthonyJoh586 <[email protected]>
@AnthonyJoh586
Copy link
Contributor Author

Add request of phishing domain

@spirillen
Copy link
Contributor

screenshot is required as it is a non public site

image

@g0d33p3rsec
Copy link
Contributor

for https://bitflyerjajplogin.sviluppo.host/, it looks like it's been removed by the subdomain host.
Before: https://urlscan.io/result/2790f591-3588-440f-9aee-318c182a4e73/
Current: https://urlscan.io/result/3ee5c92f-fff1-49d8-9528-06530e4f56f6/

more info on the host: https://host.it/servizi/staging-e-sviluppo
https://urlscan.io/search/#sviluppo.host
cloudlfare workers: https://developers.cloudflare.com/workers/configuration/routing/workers-dev/
https://urlscan.io/search/#workers.dev

an argument could be made for blocking either of the two hosts, but they do seem to be responsive to abuse reports.

@g0d33p3rsec
Copy link
Contributor

g0d33p3rsec commented Dec 25, 2024
edited
Loading

looking into https://bitflyer.jp.net/, which redirects to the domain you listed. That may be the more worthwhile block.
https://app.any.run/tasks/f46a041e-378c-457c-b54a-f040d0d7fc55
image
image

@spirillen
Copy link
Contributor

Crimeflare are miraculous enough marking bitflyerjp.mtl2k23.workers.dev as suspected phishing...

What is it with the IP?, I don't see any reason to this project for blacklisting it

@spirillen spirillen deleted the branch Phishing-Database:main December 25, 2024 16:55
@spirillen spirillen closed this Dec 25, 2024
@AnthonyJoh586
Copy link
Contributor Author

Hi
Sorry for confusing. the IP adress was typo and I fixed it.
As you guys mentioned, The concerned domains are restricted by the provider.

Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AnthonyJoh586 @spirillen @g0d33p3rsec