Mr.Trunk · @mrtrunk
7 followers · 12361 posts · Server dromedary.seedoubleyou.meHackRead: EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy https://www.hackread.com/evilproxy-phishing-bypass-mfa-reverse-proxy/ #Vulnerability #PhishingScam #CyberCrime #EvilProxy #Security #Phishing #security #Scam
#vulnerability #phishingscam #cybercrime #evilproxy #security #phishing #scam
Taylor Parizo · @taylorparizo
160 followers · 179 posts · Server infosec.exchangeFrom the #EvilProxy Telegram channel:
It appears they're using https://auth.acme-dns.io/ as their way of generating subdomains.
"Hi friends, we have problem with add new domains in system bcs 3party website is down (https://auth.acme-dns.io) if some one has info what's wrong with it share pls. we are looking for tmp solution."
As of now the site is still down. Returning 404. @DomainTools shows a pDNS record from the acme resolved IP that uses the same subdomain pattern seen in EvilProxy phishing campaigns.
#evilproxy #threatintel #threathunting #dns #osint
Malwar3Ninja | Threatview.io · @Malwar3Ninja
141 followers · 44 posts · Server infosec.exchange[Threatview.io] ⚡ Latest collection of #evilproxy domains on #virustotal as seen from our proactive hunter domain telemetry 👇
virustotal.com/gui/collection/1906094a8c4a7a9e55b5fecaecda9c68b2f7a2986db9d04c60236a0de92f8099
#evilproxy #virustotal #threatintel #cti #phishing #dfir #cybersecurity