We are a Cyber Threat Intelligence company based in India with a secret passion for uncovering badness in the DNS. Under this account, we share malicious domain names (phishing, C2, etc.)
All posts are TLP: CLEAR.
| Website | https://shreshtait.com |
| Blog | https://shreshtait.com/blog/ |
| https://www.linkedin.com/company/shreshta/ | |
| Github | https://github.com/shreshta-labs/ |
A new addition to our office #infosec bookshelf.
After going down the rabbit hole and checking our phishing kits database, this is part of an old phishing campaign that we've seen early parts of last year.
Here is what happens after a user enters their credentials,
Phishing website impersonating Australian Taxation Office - online-myau-gov[.]org
The domain name online-myau-gov[.]org was registered on 2024-01-04 and is pointing at AS13335
Phishing domain name and website flipperzero[.]online impersonating Flipper Zero store.
Domain name was registered on 2023-12-26 and is pointing at AS13335
The store is powered by Shopify.
Suspicious domain name github-login[.]com possibly impersonating Github registered on 2021-03-09 is still online.
The website throws a 404 and is pointing at AS13335
Two suspicious domain names possibly impersonating Anydesk anydeskwin[.]info and anydeskdownload[.]info
Both the websites are serving an #opendir at the moment and pointing at AS13335
Today's find - a gold mine (Did you see what we did there?) 😉
Which theme would you like to set before downloading the malware?
Viewing the source code of this malicious website is strictly prohibited!