Phishing.Database icon indicating copy to clipboard operation
Phishing.Database copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

Question:where do theses fresh phishing domains come from?

Open completelyboofyblitzed opened this issue 4 years ago • 2 comments

Thank you for the tool!

Could you please specify where does "fresh Phishing DB" come from? How is it updated? How is it decided whether the domain is phishing?

completelyboofyblitzed avatar Sep 29 '20 13:09 completelyboofyblitzed

Maybe with something like passivedns https://github.com/PolishFiltersTeam/KAD/issues/1241#issuecomment-645287499

krystian3w avatar Oct 01 '20 08:10 krystian3w

Hey there, I know a little about your Q, so let me reply with what I know.

@mitchellkrogza have a number of servers with traps, these traps are then run true a several 1000's line long regex based bash scripts, saw it a couple of years ago..... trust me, it's complexes and takes several hours to decode all the regex.

Hope it give you some answers.

spirillen avatar Jan 07 '21 02:01 spirillen

Correct. Closing.

funilrys avatar Aug 13 '22 13:08 funilrys