hosts icon indicating copy to clipboard operation
hosts copied to clipboard
verified publisher icon StevenBlack

[False Negative]: add 10 phishing domains (manta-network-v2.us, tronilnk.com, ...)

Open ninjacatcher opened this issue 7 months ago • 1 comments

Executive Summary

This report documents 10 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 10 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

manta-network-v2.us
tronilnk.com
en-trezor.io
trust.wallet-web3.ing
coinomi.ing
defii-larna.net
app.deflliama.tech
coiincmi.com
trusltwcllet.com
accbing.com

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

  • Use Cloudflare (maybe Pro or Business) accounts
  • Cloacked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www."

Detections

manta-network-v2.us 
https://safeweb.norton.com/report/show?url=manta-network-v2.us
https://www.virustotal.com/gui/domain/manta-network-v2.us?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=manta-network-v2.us
https://urlfiltering.paloaltonetworks.com/single_cr/?url=manta-network-v2.us
https://maltiverse.com/hostname/manta-network-v2.us
https://www.quad9.net/result/?url=manta-network-v2.us
https://check.spamhaus.org/results/?query=manta-network-v2.us
tronilnk.com 
https://safeweb.norton.com/report/show?url=tronilnk.com
      https://www.virustotal.com/gui/domain/tronilnk.com?nocache=1
      https://talosintelligence.com/reputation_center/lookup?search=tronilnk.com
      https://urlfiltering.paloaltonetworks.com/single_cr/?url=tronilnk.com
      https://maltiverse.com/hostname/tronilnk.com
      https://www.quad9.net/result/?url=tronilnk.com
      https://check.spamhaus.org/results/?query=tronilnk.com
en-trezor.io 
https://safeweb.norton.com/report/show?url=en-trezor.io
      https://www.virustotal.com/gui/domain/en-trezor.io?nocache=1
      https://talosintelligence.com/reputation_center/lookup?search=en-trezor.io
      https://urlfiltering.paloaltonetworks.com/single_cr/?url=en-trezor.io
      https://maltiverse.com/hostname/en-trezor.io
      https://www.quad9.net/result/?url=en-trezor.io
      https://check.spamhaus.org/results/?query=en-trezor.io
trust.wallet-web3.ing 
https://safeweb.norton.com/report/show?url=trust.wallet-web3.ing
      https://www.virustotal.com/gui/domain/trust.wallet-web3.ing?nocache=1
      https://talosintelligence.com/reputation_center/lookup?search=trust.wallet-web3.ing
      https://urlfiltering.paloaltonetworks.com/single_cr/?url=trust.wallet-web3.ing
      https://maltiverse.com/hostname/trust.wallet-web3.ing
      https://www.quad9.net/result/?url=trust.wallet-web3.ing
      https://check.spamhaus.org/results/?query=trust.wallet-web3.ing
coinomi.ing 
https://safeweb.norton.com/report/show?url=coinomi.ing
      https://www.virustotal.com/gui/domain/coinomi.ing?nocache=1
      https://talosintelligence.com/reputation_center/lookup?search=coinomi.ing
      https://urlfiltering.paloaltonetworks.com/single_cr/?url=coinomi.ing
      https://maltiverse.com/hostname/coinomi.ing
      https://www.quad9.net/result/?url=coinomi.ing
      https://check.spamhaus.org/results/?query=coinomi.ing
defii-larna.net 
https://safeweb.norton.com/report/show?url=defii-larna.net
      https://www.virustotal.com/gui/domain/defii-larna.net?nocache=1
      https://talosintelligence.com/reputation_center/lookup?search=defii-larna.net
      https://urlfiltering.paloaltonetworks.com/single_cr/?url=defii-larna.net
      https://maltiverse.com/hostname/defii-larna.net
      https://www.quad9.net/result/?url=defii-larna.net
      https://check.spamhaus.org/results/?query=defii-larna.net
coiincmi.com 
https://www.virustotal.com/gui/domain/coiincmi.com/detection
trusltwcllet.com 
https://www.virustotal.com/gui/domain/trusltwcllet.com/detection
accbing.com 
https://www.virustotal.com/gui/domain/accbing.com/detection

Targeted Brands

  • manta-network-v2[.]us - Manta Network (manta.network)
  • tronilnk[.]com - TronLink (tronlink.com)
  • en-trezor[.]io - Trezor Wallet (trezor.io)
  • trust[.]wallet-web3[.]ing, trusltwcllet[.]com - Trust Wallet (trustwallet.com)
  • coinomi[.]ing, coiincmi[.]com - Coinomi Wallet (coinomi.com)
  • defii-larna[.]net, app[.]deflliama[.]tech - DefiLlama (defillama.com)
  • accbing.com - Redirector

Temporal Information

  • Date of Identification and Submission: 2025-04-29
  • Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshot's

Screenshots
Screenshots

Screenshot

Screenshot

Screenshot

Screenshot

ninjacatcher avatar Apr 29 '25 02:04 ninjacatcher

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

welcome[bot] avatar Apr 29 '25 02:04 welcome[bot]