Add moneybadgers domains to wildcard list #492
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Phishing Domain/URL/IP(s):
Impersonated domain
Describe the issue
A classmate asked me to look into an unexpected domain, himosteg[.]xyz, that she noticed was blocked by her phone. A scan of the domain led to a login page for "Money Badger$" with the remaining text in Cyrillic. A reverse image search of the logo led to this post, which explained that it was related to a traffic distribution system and fake virus pop-up ads. Looking at the hosting IP on URLScan.io led to related inbound fake virus notifications like those mentioned in the post.
Related external source
Screenshot
Click to expand