Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sysoieaosgwoeesa.xyz #73570

Open
g0d33p3rsec opened this issue Feb 1, 2025 · 0 comments
Open

sysoieaosgwoeesa.xyz #73570

g0d33p3rsec opened this issue Feb 1, 2025 · 0 comments
Labels
Malicious Domains used for Malicious software Phishing Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passw

Comments

@g0d33p3rsec
Copy link
Collaborator

Comments

When exploring AS215540 earlier, I came across http://5.181.3.225:8080/ which is an open directory for guardianviewer.com. The site hosts an attack chain for an info stealer http://guardianviewer.com/html/dl/Form%20I-19.pdf.url -> https://guardianviewer.com/docu/Form%20I-19.pdf.lnk -> http://guardianviewer.com/box/setup.msi -> stolen information exfiltrated to sysoieaosgwoeesa.xyz. See also: Phishing-Database/phishing#734

Wildcard domain records

sysoieaosgwoeesa.xyz|malicious,phishing

Sub-Domain records

Hosts (RFC:952) specific records, not used by DNS RPZ firewalls

Safe Search records

Screenshots

Screenshot, click to expand

image
image
image
image
image
image
image
image

Links to external sources

http://guardianviewer.com/box/setup.msi
http://guardianviewer.com/html/dl/Form%20I-19.pdf.url
https://guardianviewer.com/docu/Form%20I-19.pdf.lnk

Name servers

dns1.registrar-servers.com.
dns2.registrar-servers.com.

logs from uBlock Origin

N/A
@g0d33p3rsec g0d33p3rsec added Malicious Domains used for Malicious software Phishing Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passw labels Feb 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Malicious Domains used for Malicious software Phishing Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passw
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@g0d33p3rsec