draschool.org #1154
Description
Comments
This domain is now hosting the phishing kit that previously albapietra[.]com[.]br, yanisac[.]com, atsbic[.]com[.]br, squad[.]cl, benyex[.]cl, lebomashilo[.]co[.]za, intrinsicisle[.]za[.]com, reluzformaturas[.]com[.]br, abcmueblesbogota[.]com, ergoterapiacaribu[.]ch, ijconnects[.]com, cbcaps[.]shop), bersowir[.]org, brunotasso[.]com[.]br, wisbechguide[.]uk, pescacancun[.]com, bkengineersindia[.]com, englishplusmore[.]com, carnesboinobre[.]com[.]br, technowide[.]com[.]tr, jestertunes[.]com, safecartusa[.]com, foreverfarley[.]com, azezieldraconous[.]com, westernautomobileassembly[.]com, littleswanaircon[.]com[.]sg, iwan2travel[.]com, applesforfred[.]com, theaerie[.]ca, nico[.]sa, ajstelecom[.]com[.]mx, and others.
I don't have screenshots for this one, but it has the same common indicator, uses Nuxt.js just like the others listed, and has the same pattern of HTTP requests.
Wildcard domain records
draschool.org|phishing
Sub-Domain records
No response
Hosts (RFC:953) specific records, not used by DNS RPZ firewalls
No response
SeafeSearch records
No response
Screenshots
Screenshot
Links to external sources
see also: https://github.com/mitchellkrogza/phishing/pull/488
https://draschool.org/M0YzWDRTNjM3VTMwN3M=
https://draschool.org/M2g1TjF0Mm0wbDNaMW8=logs from uBlock Origin
N/A