New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phishing | googleusercontent.com #693

Open

spirillen opened this issue Jan 18, 2025 · 0 comments

Assignees

Labels

help wanted question

Contributor

spirillen commented Jan 18, 2025

What are the subjects of the phishing (domains, URLs or IPs)?

example.com
sub.example.com
https://example.com/page
https://sub.example.com/page
NSFW example.com
192.168.0.0/16
00f74ba44b80f08e469019d0c9fef3f3e48564247e-apidata.googleusercontent.com|phishing
107.64.70.34.bc.googleusercontent.com|phishing
32.19.192.35.bc.googleusercontent.com|phishing
109.245.225.35.bc.googleusercontent.com|phishing
24.174.232.35.bc.googleusercontent.com|phishing
27.251.247.35.bc.googleusercontent.com|phishing

What are the impersonated domains?

example.org
sub.example.org
https://example.org/page
https://sub.example.org/page
Various

Where or how did you discover this phishing?

I discovered this phishing by...
I was targeted by this phishing by...

I can see in https://kb.mypdns.org/issue/MTX-40416 (mypdns/matrix#40032) that I have marked some subdomains marked for phishing, anyone who would be able to check if these are still active in phishing?

Do you have a screenshot?

Screenshot

nope

Related external source

https://sub.example.co.uk/page

Additional Information or Context

I have also noticed that...

Response Policy Zone - RPZ

Found these RPZ records in My Privacy DNS

Domain records	Type	content
`*.googleusercontent.com.strict.adult.mypdns.cloud`	CNAME	.
`00f74ba44b80f08e469019d0c9fef3f3e48564247e-apidata.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`107.64.70.34.bc.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`109.245.225.35.bc.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`111.91.190.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`119.29.196.104.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`175.220.196.104.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`184.48.190.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`200.94.201.35.bc.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`202.90.190.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`24.174.232.35.bc.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`246.39.190.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`27.251.247.35.bc.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`32.19.192.35.bc.googleusercontent.com.phishing.mypdns.cloud`	CNAME	.
`42.219.186.35.bc.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`42.219.186.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`49.74.190.35.bc.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`49.74.190.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`64.98.201.35.bc.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`64.98.201.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`84.249.186.35.bc.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`84.249.186.35.bc.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`affiliate.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`affiliate.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.
`afs.googleusercontent.com.adware.mypdns.cloud`	CNAME	.
`afs.googleusercontent.com.tracking.mypdns.cloud`	CNAME	.

The text was updated successfully, but these errors were encountered:

spirillen assigned funilrys, g0d33p3rsec, mitchellkrogza and spirillen

spirillen added this to Phishing Database Backlog

github-project-automation bot moved this to 🆕 New in Phishing Database Backlog

spirillen unassigned mitchellkrogza and spirillen

spirillen added help wanted question labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment