| Kit | Domain | Threat Actor Emails |
|---|---|---|
| 16Shop | account-security.ideeprince.com | wayokklaawayokk@yandex.com, admindilan@16shop.us |
| 16Shop | amaz0n.develop01managing-6540982nc.com | woiyadong@yandex.com, rez@angel.id |
| 16Shop | amaz0n.openaccesslogin.com | woiyadong@yandex.com, rez@angel.id |
| 16Shop | amazon-s.xyz | pfnid67615@yahoo.co.jp, admin@16shop.us |
| 16Shop | appaypal-accountloginverification.gleeze.com | resultbby7@gmail.com, admin@16shop.co |
| 16Shop | appaypal-accountloginverificationreq.gleeze.com | bbyresult@gmail.com, admin@16shop.co |
| 16Shop | appaypal-accountloginverify.gleeze.com | resultbby7@gmail.com, admin@16shop.co |
| 16Shop | appaypal-accountverificationreq.gleeze.com |
sysgoblin
/ commercial_phishing_kits-2020-04-30.csv
Created
April 30, 2020 12:00
Commercial Phishing Kits - 2020-04-30 (detected/generated by @PhishingReel)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kit | domain | emails | |
|---|---|---|---|
| 16Shop | amazon.co.jp.cc3be9d70d0fc9851b588b1d6.net | pbhtt32350@yahoo.co.jp youtugo@guaoz.jp | |
| 16Shop | paypalidsecurity.ga | None | |
| 16Shop | secure.verification-account-center.apps-accountupdate.com | rezult.buka@gmail.com admin@16digit.shop | |
| 16Shop | authorized-access-account-signin.camdvr.org | None | |
| 16Shop | ecs-service.accountfeedback.callpans.com | resultpancabruhan01@yandex.com noreply@amz2020.com | |
| 16Shop | tru2vrfy-acc1es-forthelog-ins-phaypals.buktidomain2.com | spamppbersama@yandex.com suralam@16shop.com | |
| 16Shop | tru2vrfy-acc2ess-the-forsign-ins-phaypalls.buktidomain9.com | spamppbersama@yandex.com suralam@16shop.com | |
| 16Shop | appaypal-loginaccountverifications.gleeze.com | None | |
| 16Shop | amzn-baokbaokbatanangsanak-asek21.com | None |
sysgoblin
/ commercial_phishing_kits-2020-04-29.csv
Created
April 29, 2020 12:00
Commercial Phishing Kits - 2020-04-29 (detected/generated by @PhishingReel)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kit | domain | emails | |
|---|---|---|---|
| 16Shop | ys2dk.informationwdj-updatesk2.xk8skvswav.com | supermoto87@yandex.com account@amazon.com | |
| 16Shop | mail-secure.information-dataaccount.casvasjnd.com | m4aliing@yandex.com admin@16shop.us | |
| 16Shop | mail-helpdesk-updateaccount.kauharraku.com | mael.mail@yandex.com admin@16shop.us | |
| 16Shop | web.amazon.aws.services-auth-follow.moreactions.org | None | |
| 16Shop | webamazon.services-auth-follows.secure-navi-info.com | None | |
| 16Shop | web.amazon.aws.services-auth-follow.action-secure.com | None | |
| 16Shop | suspicious-login-managepaypal.com | garrythesnail85@gmail.com admin@16shop.us | |
| 16Shop | suspicious-login-managepaypal.com | garrythesnail85@gmail.com admin@16shop.us | |
| 16Shop | web.amazon.aws-services-auth-follow.yenibarunih.net | jolk.gjl@yandex.com admin@16shop.us |
sysgoblin
/ commercial_phishing_kits-2020-04-28.csv
Created
April 28, 2020 12:38
Commercial Phishing Kits - 2020-04-28 (detected/generated by @PhishingReel)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kit | domain | emails | |
|---|---|---|---|
| 16Shop | login.paypal.support.payment-verify404.mailconfirmation-page.com | semogalurus@yandex.com admin@16toko.net | |
| 16Shop | appstore.apple.appleid.stevewas.com | resultmantanus@yandex.com mazino17@16shop.co | |
| 16Shop | web.page.amazon.security.clients-verification.page | result.pusing@gmail.com admin@16shop.us | |
| 16Shop | amazon-secure-signed-in-uknown-access-from-unauthorise-device.mueiuk1.com | ribpom2@ribpom2.com admin@silentisgold | |
| 16Shop | web-intlpaypal.com.dwarmek.com | tigahati69@yandex.com ys@youngsister.com | |
| 16Shop | sign-ins-theacc-tru2vrf-lognsapple.grupphy-dragons1.com | applenew.potong@yandex.com suralam@viclates.shop | |
| 16Shop | paypal.verification.account.erdosjobs.com | semogalurus@yandex.com admin@16toko.net | |
| 16Shop | my-last-day-activity-and-changed-password-today.wanguk13.com | peradaban.feast2020@gmail.com admin@16shop.us | |
| 16Shop | managesaccounts.paypall.com.srvcelive.com | resultkontolasw1@gmail.com admin@16shop.us |
sysgoblin
/ commercial_phishing_kits-2020-04-27.csv
Created
April 27, 2020 12:33
Commercial Phishing Kits - 2020-04-27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kit | domain | emails | |
|---|---|---|---|
| 16Shop | appstore-noticeaccount.appsteasm-32.com | nindaxkikiversi4@yandex.com admin@16digit.us | |
| 16Shop | manage-appidaccount.informationupdate.srxxxsrvce.com | tampungansementara@yandex.com ys@youngsister.com | |
| 16Shop | amaz0n.develop01managing-6540982nc.com | woiyadong@yandex.com rez@angel.id | |
| 16Shop | amaz0n.openaccesslogin.com | woiyadong@yandex.com rez@angel.id | |
| 16Shop | webaccess-secure-service.webaccountmanagement-amazon.com | insomnnia-amazon8064@yandex.com amazon@16shop.us | |
| 16Shop | verification.account-system.paypal.dhrgagov.com | timothy.resultpepeh51@yandex.com whm@timothytamvan.com | |
| 16Shop | verification.account-system.paypal.dgrxx.com | timothy.resultpepeh51@yandex.com whm@timothytamvan.com | |
| 16Shop | verification.account-system.paypal.downloadxch.com | timothy.resultpepeh51@yandex.com whm@timothytamvan.com | |
| 16Shop | verification.account-system.paypal.drenorge.com | timothy.resultpepeh51@yandex.com whm@timothytamvan.com |
sysgoblin
/ commercial phishing kits 2020-04-26.md
Created
April 26, 2020 17:17
sysgoblin
/ gist:7bc6fc9d1c151f7215e576fab09cebc4
Created
April 24, 2020 21:19
commercial phishing panels 2020-04-24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [16Shop] 104.248.55.11 web.verify-acc.amz2020.app-lockedaccesverifed000.com susuayahtegantung@yandex.com, teguh@ganteng.cokkk | |
| [16Shop] 104.31.64.248 appleupdates-verificationrequired.com markpope90@gmail.com, admin@16shop.us | |
| [16Shop] 134.122.1.92 web.amazon.aws.services-auth-follow.loginsupport.org vrt.dsf@yandex.com, admin@16shop.us | |
| [16Shop] 157.230.126.157 billingsecure.amazon.com.dsabekogia.com titiw.kriket@yandex.com, aws_amazon@berbies2019.com | |
| [16Shop] 161.117.250.188 auth-verify.paypal.idwebscr.webapps23687618.tempekjaran1.com parahyangancrew@gmail.com, ace@ace.com | |
| [16Shop] 162.144.98.230 manage-secure.information-paypal.gaspolinaja.com bpentol@yandex.com, aws_paypal@berbies2019.com | |
| [16Shop] 162.144.98.230 secure-paypal.bangetdivorce.com doubleantbot@yandex.com, dino@dbsg.us | |
| [16Shop] 162.214.49.197 authorized2-signin-amazon.camdvr.org | |
| [16Shop] 162.214.50.13 signin-webrecovery-br8eapple.serveuser.com ghanbakeloer@gmail.com, resultmrsukarelap |
sysgoblin
/ gist:4363d475f4cf077a37172bff9d3f6fe8
Created
April 23, 2020 21:02
commercial phish kit domains 2020-04-23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 16Shop | |
| account-securityid-accesslmted.cafieajf.com gajesoempah@yandex.com, admin.16shop.co | |
| amazon.co.jp.1ad6332e10f94e94ca940de69248.info pbhtt32350@yahoo.co.jp, youtugo@guaoz.jp | |
| amazonalert.ddns.net | |
| amazonsecurityaccount.mailservactiongolf2.com resultbaru.result@yandex.com, thr.lebaran@16shop.org | |
| amznupdates-verificationrequired.com markpope90@gmail.com, admin@16shop.us | |
| app.sign.in.amazon.jp.langf-jp.3ov.b.cusnevama.com inidiaadalah@yandex.com, indahjp@gaskun.com | |
| appaypal-accountverification.gleeze.com punyamegaputra@gmail.com, admin@16shop.co | |
| apple-accountsignin-verification.com unkn0wn.legend@yandex.com, unknown@newbie.com | |
| appledetailsinformation.attachementmeappconfirm.com |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # for PoSh v7+ | |
| # requires appropriate privileges and network access | |
| # change "1..250" and "10.0.0." to scan the range you want | |
| 1..250 | ForEach-Object -Parallel { | |
| try { | |
| $h = (Resolve-DnsName "10.0.0.$_" -ErrorAction Break).NameHost | |
| $os = Get-CimInstance -computername $h -Query "Select CSName, BuildNumber from Win32_OperatingSystem" -ErrorAction Break | |
| if ([int]$os.BuildNumber -ge 18362) { # 18362 = 1903, 18363 = 1909 | |
| dir "\\$($h)\c$" | out-null # open smb connection to remote host |
sysgoblin
/ keybase.md
Created
February 19, 2020 10:58
I hereby claim:
- I am sysgoblin on github.
- I am sysg0blin (https://keybase.io/sysg0blin) on keybase.
- I have a public key ASD0Jhe7R2wvFlYnh2DdVeCKo38UaLEnjQYYVmIhnv3ZpAo
To claim this, I am signing this object:
NewerOlder