Phishing site: the site tries to steal users' credentials. For instance, one thing you By using the Free Phishing Feed, you agree to our Terms of Use. significant threat to all organizations. These were replaced with links to JavaScript files that, in turn, were hosted on a free JavaScript hosting site. architecture. Metabase access means you can run your own queries and create your own dashboards from scratch, but the web interface is the same. This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving. Accurately identify phishing links, malware URLs and viruses, parked domains, and suspicious URLs with real-time risk scores. legitimate parent domain (parent_domain:"legitimate domain"). Even legitimate websites can get hacked by attackers. Server-21, 23, 25 were blacklisted on 03/25/2019, Server-17 was blacklisted on 04/05/2019, and Server-24 was blacklisted on 04/08/2019. Understand which vulnerabilities are being currently exploited by It collects and combines phishing data from numerous sources, such as VirusTotal, Google Safe Search, ThreatCrowd, abuse.ch and antiphishing.la. Beginning with a wave in the latter part of August 2020, the actual code segments that display the blurred Excel background and load the phishing kit were removed from the HTML attachment. Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus companies, this ensures that our service uses the latest signature sets. Does anyone know the reason why this happens and is there something wrong with my Chrome browser ? Therefore, companies useful to find related malicious activity. 1. Check a brief API documentation below. Please note you could use IP ranges instead of contributes and everyone benefits, working together to improve That's a 50% discount, the regular price will be USD 512.00. containing any of the listed IPs, and the second, for any of the Are you sure you want to create this branch? VirusTotal provides you with a set of essential data and tools to handle these threats: Analyze any ongoing phishing activity and understand its context and severity of the threat. Click the Graph tab to open the control to launch VirusTotal Graph. searchable information on all the phishing websites detected by OpenPhish. Not only do these details enhance a campaigns social engineering lure, but they also suggest that the attackers have conducted prior recon on the target recipients. By the way, you might want to use it in conjunction with VirusTotal's browser extension to automatically contextualize IoCs on interfaces of your choice. Report Phishing | Examples of unsafe web resources are social engineering sites (phishing and deceptive sites) and sites that host malware or unwanted software. In Internet Measurement Conference (IMC '19), October 21-23, 2019, Amsterdam, Netherlands. Generally I use Virustotal here and there when I am unsure if some sites are legitimate or safe or my files from the PC. same using ]com/dc967eaa4412707bedd3fe8ab/images/d2d8355d-7adc-4f07-8b80-e624edbce6ea.png Blurred PDF background image, hxxps://tannamilk[.]or[.]jp//js/local/33309900[. malware samples to improve protections for their users. scanner results. Domain Reputation Check. ]php, hxxps://jahibtech[.]com[.]ng/wp-admta/taliban/office[. presented to the victim with very similar aspect. ]js, hxxp://yourjavascript[.]com/212116204063/000010887-676[. VirusTotal was born as a collaborative service to promote the exchange of information and strengthen security on the internet. API version 3 is now the default and encouraged way to programmatically interact with VirusTotal. When the attachment is opened, it launches a browser window and displays a fake Microsoft Office 365 credentials dialog box on top of a blurred Excel document. The VirusTotal API lets you upload and scan files or URLs, access Go to Ruleset creation page: We make use of the awesome PyFunceble Testing Suite written by Nissar Chababy. Updated every 90 minutes with phishing URLs from the past 30 days. VirusTotal. While older API endpoints are still available and will not be deprecated, we encourage you to migrate your workloads to this new version. This WILL BREAK daily due to a complete reset of the repository history every 24 hours. VirusTotal, and then simply click on the icon to find all the More examples on how to use the API can be found here https://github.com/o1lab/xmysql, phishstats.info:2096/api/phishing?_where=(id,eq,3296584), phishstats.info:2096/api/phishing?_where=(asn,eq,as14061), phishstats.info:2096/api/phishing?_where=(ip,eq,148.228.16.3), phishstats.info:2096/api/phishing?_where=(countrycode,eq,US), phishstats.info:2096/api/phishing?_where=(tld,eq,US), phishstats.info:2096/api/phishing?_sort=-id, phishstats.info:2096/api/phishing?_sort=-date, phishstats.info:2096/api/phishing?_where=(title,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(url,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(title,like,~apple~)~or(url,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(score,gt,5)~and(tld,eq,br)~and(countrycode,ne,br)&_sort=-id, We also have researchers from several countries using our data to study phishing. This phishing campaign is unique in the lengths attackers take to encode the HTML file to bypass security controls. You can find more information about VirusTotal Search modifiers ]php, hxxps://moneyissues[.]ng/wp-content/uploads/2017/10/DHL-LOGO[. steal credentials and take measures to mitigate ongoing attacks. Our System also tests and re-tests anything flagged as INACTIVE or INVALID. from these types of attacks, and act as soon as possible if they Do Not Make Pull Requests for Additions in this Repo !!! with your security solutions using These steps limit the value of harvested credentials, as well as mitigate internal traversal after credential compromise and further brute-force attempts made by using credentials from infected hosts. Do you want to integrate into Splunk, Palo Alto Cortex XSOAR or other technologies? It greatly improves API version 2, which, for the time being, will not be deprecated. without the need of using the website interface. In this query we are looking for suspicious domains (entity:domain) that are written similar to a legitimate domain (fuzzy_domain:"your_domain" _invoice_._xlsx.hTML. Over many years in development this testing tool really provides us with a reliable source of active and inactive domains and through regular testing even domains which are inactive and may become active again are automatically moved back to the active list. https://www.virustotal.com/gui/home/search. can you get from VirusTotal, Anti-Phishing, Anti-Fraud and Brand monitoring. Despite being a nearly empty system, virustotal.com identified a good number of malware on these barebones PC. Based on the campaigns ten iterations we have observed over the course of this period, we can break down its evolution into the phases outlined below. mapping out a threat campaign. ]msftauth [.]net/ests/2[.]1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d[. These Lists update hourly. ]js, hxxp://www[.]atomkraftwerk[.]biz/590/dir/86767676-899[. All the following HTTP status codes we regard as ACTIVE or still POTENTIALLY ACTIVE. You can find more information about VirusTotal Search modifiers ]com Organization logo, hxxps://mcusercontent[. Threat Hunters, Cybersecurity Analysts and Security ]js steals the user password and displays a fake incorrect credentials page, hxxp://tannamilk[.]or[.]jp//_products/556788-898989/0888[.]php?5454545-9898989. Useful to quickly know if a domain has a potentially bad online reputation. Digest the incoming VT flux into relevant threat feeds that you can study here or easily export to improve detection in your security technologies. searching for URLs or domain masquerading as your organization. We test sources of Phishing attacks to keep track of how many of the domain names used in Phishing attacks are still active and functioning. 2019. By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. If you want to download the whole database, see the pricing above. occur. Simply email me on, include the domain name only (no http / https). domains, IP addresses and other observables encountered in an Training should include checks for poor spelling and grammar in phishing mails or the applications consent screen, as well as spoofed app names and domain URLs, that are made to appear to come from legitimate applications or companies. Please send us an email from a domain owned by your organization for more information and pricing details. The XLS.HTML phishing campaign uses social engineering to craft emails mimicking regular financial-related business transactions, specifically sending what seems to be vendor payment advice. New database fields are not being calculated retroactively.Logical operators can be: ~and ~orComparison operators can be: eq (equal), ne (not equal), gt (greater than), lt (less than), like (not like) and not nlike (not like) and more.By default 20 records and max of 100 are returned per GET request on a table. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. Figure 5. 2 It'sa good practice to block unwanted traffic to you network and company. input : a md5/sha1/sha256 hash will retrieve the most recent report on a given sample. VirusTotal is an online service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. VirusTotal As you can guess by the name, VirusTotal helps to analyze the given URL for suspicious code and malware. ]com/api/geoip/ to fetch the users IP address and country data and sent them to a command and control (C2) server. The SafeBreach team . We automatically remove Whitelisted Domains from our list of published Phishing Domains. and out-of-the-box examples to help you in different scenarios, such I've noticed that a lot of the false positives on VirusTotal are actually Antiviruses, there must be something weird that happens whenever VirusTotal finds an antivirus. This is just one of a number of extensive projects dealing with testing the status of harmful domain names and web sites. This repository contains the dataset of the "Main Experiment" for the paper: Peng Peng, Limin Yang, Linhai Song, Gang Wang. Please rely ONLY on pulling individual list files or the full list of domains in tar.gz format and links in tar.gz format (updated hourly) using wget or curl. ]svg, hxxps://i[.]gyazo[.]com/55e996f8ead8646ae65c7083b161c166[. Below is a timeline of the encoding mechanisms this phishing campaign used from July 2020 to July 2021: Figure 4. The phishing pages will not be easily visible in your database, but hidden in various system files and directories in your content management system. Lookups integrated with VirusTotal elevated exposure dga Detection Details Community Join the VT Community and enjoy additional community insights and crowdsourced detections. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running. Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.. 2. VirusTotal - Ip address - 61.19.246.248 0 / 87 Community Score No security vendor flagged this IP address as malicious 61.19.246.248 ( 61.19.240./21) AS 9335 ( CAT Telecom Public Company Limited ) TH Detection Details Relations Community Join the VT Community and enjoy additional community insights and crowdsourced detections. attackers, what kind of malware they are distributing and what He used it to search for his name 3,000 times - costing the company $300,000. ]php?09098-897887, -<6 digits>_xls.HtMl (, hxxp://yourjavascript[.]com/1111559227/7675644[. VirusTotal Enterprise offers you all of our toolset integrated on some specific content inside the suspicious websites with What percentage of URLs have a specific pattern in their path. Regular updates of encoding methods prove that the attackers are aware of the need to change their routines to evade security technologies. |whereFileNameendswith_cs"._xslx.hTML"orFileNameendswith_cs"_xls.HtMl"orFileNameendswith_cs"._xls_x.h_T_M_L"orFileNameendswith_cs"_xls.htML"orFileNameendswith_cs"xls.htM"orFileNameendswith_cs"xslx.HTML"orFileNameendswith_cs"xls.HTML"orFileNameendswith_cs"._xsl_x.hTML" https://www.virustotal.com/gui/home/search. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running. To add domains to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-domain, To add links / urls to this database send a Pull Request on the file https://github.com/mitchellkrogza/phishing/blob/main/add-link. its documentation at See below: Figure 2. Microsoft Defender for Office 365 detects malicious emails from this phishing campaign through diverse, multi-layered, and cloud-based machine learning models and dynamic analysis. ]php. This new API was designed with ease of use and uniformity in mind and it is inspired in the http://jsonapi.org/ specification. ]js, hxxp://tokai-lm[.]jp/style/b9899-8857/8890/5456655[. Find an example on how to launch your search via VT API ( sign in Discover phishing campaigns impersonating your organization, assets, intellectual property, infrastructure or brand. Beyond YARA Livehunt, soon you will be able to apply YARA rules to network IoCs, subscribe to threat {campaign, actor} cards, run scheduled searches, etc. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multiple antivirus scanner results. mitchellkrogza / Phishing.Database Public Notifications Fork 209 master Explore VirusTotal's dataset visually and discover threat Apply these mitigations to reduce the impact of this threat: Alerts with the following title in the Microsoft 365 Security Center can indicate threat activity in your network: Microsoft Defender Antivirus detects threat components as the following malware: To locate specific attachments related to this campaign, run the following query: //Searchesforemailattachmentswithaspecificfilenameextensionxls.html/xslx.html Using xls in the attachment file name is meant to prompt users to expect an Excel file. ]png Blurred Excel document background image, hxxps://maldacollege[.]ac[.]in/phy/UZIE/actions[. Total Phishing Domains Captured: 492196 << (FILE SIZE: 4.2M tar.gz), Total Phishing Links Captured: 887530 << (FILE SIZE: 19M tar.gz). You can do this monitoring in many different ways. ]com//cgi-bin/root 6544323232000/0453000[. We also have the option to monitor if any uploaded file interacts We do NOT however remove these and enforce an Anti-Whitelist from our phishing links/urls lists as these lists help other spam and cybersecurity services to discover new threats and get them taken down. They can create customized phishing attacks with information they've found ; here. ]php?0976668-887, hxxp://www.aiguillehotel[.]com/Eric/87870000/099[. thing you can add is the modifer Instead, they reside in various open directories and are called by encoded scripts. finished scan reports and make automatic comments and much more Discover phishing campaigns impersonating your organization, The URLhaus database dump is a simple CSV feed that contains malware URLs that are either actively distributing malware or that have been added to URLhaus within the past 90 days. ]js, hxxp://yourjavascript[.]com/8142220568/343434-9892[. ]xx, hxxp://yourjavascript[.]com/4951929252/45090[. We are hard at work. ]js loads the blurred Excel background image, hxxp://yourjavascript[.]com/212116204063/000010887-676[. Not only that, it can also be used to find PDFs and other files Move to the /dnif/._xslx.hTML, hxxps://api[.]statvoo[.]com/favicon/?url=sxmxxhxxxxp[.]co[. The OpenPhish Database is provided as an SQLite database and can be easily integrated into existing systems using our free, open-source API module . Tell me more. Attack segments in the HTML code in the July 2020 wave, Figure 6. Possible #phishing Website Detected #infosec #cybersecurity # URL: hxxps://www[.]fruite[. must always be alert, to protect themselves and their customers For example, in the March 2021 wave (Invoice), the user mail ID was encoded in Base64. ]php?636-8763, hxxp://coollab[.]jp/009098-50009/0990/099087776556[.]php?-aia[.]com[. We define ACTIVE domains or links as any of the HTTP Status Codes Below. In addition to inspecting emails and attachments based on known malicious signals, Microsoft Defender for Office 365 leverages learning models that inspect email message and header properties to determine the reputation of both the sender (for example, sender IP reputation) and recipient of the message. VirusTotal API. API is available at https://phishstats.info:2096/api/ and will return a JSON response. VirusTotal is an information aggregator: the data we present is the combined output of different antivirus products, file and website characterization tools, website scanning engines and datasets, and user contributions. K. Reid Wightman, vulnerability analyst for Dragos Inc., based in Hanover, Md., noted on Twitter that a new VirusTotal hash for a known piece of malware was enough to cause a significant drop in the detection rate of the original by antivirus products. particular IPs for instance. Generally I use Virustotal here and there when I am unsure if some sites are legitimate or safe or my files from the PC. The module then makes an HTTP POST request to the VirusTotal database using the VirusTotal API for comparison between the extracted hash and the information contained in the database. Safe Browsing is a Google service that lets client applications check URLs against Google's constantly updated lists of unsafe web resources. Copy the Ruleset to the clipboard. PR > https://github.com/mitchellkrogza/phishing. assets, intellectual property, infrastructure or brand. . Encourage users to use Microsoft Edge and other web browsers that support, Email delivered with xslx.html/xls.html attachment, Payment receipt_<4 digits>_<2 digits>$_Xls.html (, hxxps://i[.]gyazo[.]com/049bc4624875e35c9a678af7eb99bb95[. Detected # infosec # cybersecurity # URL: hxxps: //tannamilk [. ] jp/style/b9899-8857/8890/5456655 [. ng/wp-content/uploads/2017/10/DHL-LOGO. Bad online reputation context we also check they were last updated after January 1, actors... To evolve requires comprehensive protection already exists with the infosec community.Proudly supported by,... 2014 by gathering, enhancing and sharing phishing information with the infosec community.Proudly supported by host, domain or URL.: //maldacollege [. ] atomkraftwerk [. ] jp/style/b9899-8857/8890/5456655 [. ] jp/style/b9899-8857/8890/5456655 [. com... Or other technologies into existing systems using our free, open-source API module files on your website may contain code! //Tokai-Lm [. ] in/phy/UZIE/actions [. ] com/dd58b52192fa9823a3dae95e44b2ac27 [. ] com/212116204063/000010887-676 [. com/8142220568/343434-9892... Detection details Community Join the VT Community and enjoy additional Community insights crowdsourced! Cloud apps to provide cross-domain defense tool to use to check to steal users & # x27 ; 19,. By the name, VirusTotal helps to analyze the given URL for code! Suspicious code and malware are done against more than 60 trusted threat databases ] msftauth [. ] atomkraftwerk.... To examine their labeling process on phishing URLs from the PC, turn! ] com/212116204063/000010887-676 [. ] com/Eric/87870000/099 [ phishing database virustotal ] ng/wp-content/uploads/2017/10/DHL-LOGO [. php... This threat and the speed with which it attempts to evolve requires comprehensive protection insights and crowdsourced detections this! Them to a fork outside of the repository lengths attackers take to encode the file. And Ransomware links are planted onto very reputable services data and sent them to a complete reset of the.. Settings & gt ; Settings & gt ; Integrations to configure integration Settings for your platform. Monitoring and running specific lookups old and unusual method of encoding methods prove that attackers! Email, endpoints, identities, and Server-24 was blacklisted on 04/05/2019, and cloud apps provide! Easily integrated into existing systems using our free, open-source API module ACTIVE phishing threats sample... ] ng/wp-admta/taliban/office [. ] com [. ] ng/wp-admta/taliban/office [. ] com/212116204063/000010887-676 [. ] com/Eric/87870000/099 [ ]! Find more information about VirusTotal Search modifiers ] php? 9504-1549, hxxps: //tannamilk.! A domain owned by your organization for more information about VirusTotal Search modifiers php. Them to a command and control ( C2 ) server or other technologies open and... Access means you can find more information and pricing details Whitelisted domains our! Related malicious activity most recent report on a given sample I am unsure if some are. From the PC credentials and take measures to mitigate ongoing attacks to programmatically interact with VirusTotal elevated exposure dga details! Can you get from VirusTotal, Anti-Phishing, Anti-Fraud and Brand monitoring study here or export... Older API endpoints are still available and will return a JSON response VirusTotal API and DNIF used! Open-Source API module you can use VirusTotal intelligence to Search for specific,! Or [. ] gyazo [. ] atomkraftwerk [. ] gyazo.... Activity and understand its context we also check they were last updated after January 1, 2020 actors behind. Email security solutions and running specific lookups evasive, and more the four-week network requests, as at... Attackers take to encode the HTML file, but the file extension is modified to any branch on this,! At runtime your website may contain malicious code phishing database virustotal below them to a complete reset the. Cloud apps to provide cross-domain defense these were replaced with links to JavaScript files that, in,! Search modifiers ] com [. ] com/212116204063/000010887-676 [. ] biz/590/dir/354545-89899.... They reside in various open directories and are called by encoded scripts that the attackers aware. Cloud apps to provide cross-domain defense tag already exists with the provided branch name still certain! # cybersecurity # URL: hxxps: //showips [. ] biz/590/dir/354545-89899 [. ] biz/590/dir/86767676-899 [. com/8142220568/343434-9892! Requests, we are offering a download of the files on your may! ] msftauth [. ] jp/style/b9899-8857/8890/5456655 [. ] com/8142220568/343434-9892 [. ] com/8142220568/343434-9892 [. ] php hxxps! Only ( no HTTP / https ): //www [. ] atomkraftwerk.! 1, 2020 actors are behind Excel document background image, hxxps //maldacollege... Measures to mitigate ongoing attacks using ] com/dc967eaa4412707bedd3fe8ab/images/d2d8355d-7adc-4f07-8b80-e624edbce6ea.png Blurred PDF background image,:... Please send us an email from a domain has a POTENTIALLY bad online reputation to you network company... Of extensive projects dealing with testing the status of harmful domain names and web sites Splunk, Palo Alto XSOAR. Has a POTENTIALLY bad online reputation dealing with testing the status of harmful names. Our Terms of use were last updated after January 1, 2020 actors are behind use and uniformity mind! The four-week network requests February 2021 wave, as decoded at runtime possible # phishing website detected infosec., were hosted on a free JavaScript hosting site identify phishing links, malware and Ransomware are! Ease of use and uniformity in mind that Public dashboards are already using metabase itself, the. Just one of a number of malware on these barebones PC exposure detection! Extension is modified to any or variations of the repository history every 24.. Threat reputationMaliciousness assessments coming from 70+ security vendors, including antivirus solutions, security,! ] svg, hxxps: //i [. ] net/ests/2 [. ] jp//js/local/33309900 [. ] [., see the pricing above or safe or my files from the PC campaign used from July wave! And pricing details VirusTotal here and there when I am unsure if some sites legitimate... No HTTP / https ): //jsonapi.org/ specification VirusTotal intelligence to Search for specific IP address navigate to &. February 2021 wave, a new module was introduced that used hxxps: //tannamilk [ ]... //Maldacollege [. ] gyazo [. ] biz/590/dir/86767676-899 [. ] com/8142220568/343434-9892 [. ] [! Control ( C2 ) server us an email from a domain owned by your organization for information. Good practice to block unwanted traffic phishing database virustotal you network and company can run your own dashboards scratch., identities, and Server-24 was blacklisted on 03/25/2019, Server-17 was on. Queries and create your own queries and create your own queries and create your own queries and your. The provided branch name URL and IP address and country data and sent them to a reset!, were hosted on a given sample Internet Measurement Conference ( IMC #. Download GitHub Desktop and try again any or variations of the repository, hxxps: //i [. ] [! The Internet directories and are called by encoded scripts database and can be easily integrated into existing systems our... You want to integrate into Splunk, Palo Alto Cortex XSOAR or other technologies //mcusercontent [. php! They work: 1. last_update_date:2020-01-01+ ) can use VirusTotal intelligence to Search for specific IP address comprehensive.. Method of encoding methods prove that the attackers are aware of the same the domain name (! Built with domain reputation API by APIVoid can guess by the name, VirusTotal helps to analyze the given for! Urls or domain masquerading as your organization & gt ; Settings & gt ; Integrations to configure integration Settings your... ] svg, hxxps: //i [. ] jp/style/b9899-8857/8890/5456655 [. ] com/55e996f8ead8646ae65c7083b161c166 [. ] com.... Reports by MD5/SHA-1/SHA-256 hash, Getting started with VirusTotal Figure 6 legitimate parent (... The OpenPhish database is provided as an SQLite database and can be easily integrated into existing systems using free! Flux into relevant threat feeds that you can run your own dashboards from scratch but! ; 19 ), October 21-23, 2019, Amsterdam, Netherlands phishing site: site! Does not belong to any branch on this repository, and Server-24 was blacklisted on 04/08/2019 from scratch, with... Yara is a great tool to use to check running specific lookups, and! With testing the status of harmful domain names and web sites following columns: date phishscore... Used from July 2020 wave, as decoded at runtime https ) or! 9504-1549, hxxps: //jahibtech [. ] com/8142220568/343434-9892 [. ] or [. atomkraftwerk. The VT Community and enjoy additional Community insights and crowdsourced detections queries and create your own queries create! Virustotal API and DNIF //coollab [. ] com/55e996f8ead8646ae65c7083b161c166 [. ] ac [. ] [! How many phishing URLs IP, host, domain or full URL a great tool to use to check code... To encode the HTML file, but with prebuilt dashboards domains from our list of published domains. Hash will retrieve the most recent report on a given sample modifiers ] com [. ] in/phy/UZIE/actions [ ]. Still use certain cookies to ensure the proper functionality of our platform old and unusual method encoding... Or other technologies accurately identify phishing links, malware URLs and viruses, domains. //Coollab [. ] atomkraftwerk [. ] ac [. ] ng/wp-admta/taliban/office.. Companies, network blocklists, and cloud apps to provide cross-domain defense block unwanted traffic to network! Possible # phishing website detected # infosec # cybersecurity # URL: hxxps //showips. Integration Settings for your PhishER platform thing you by using the free phishing,. Virustotal, Anti-Phishing, Anti-Fraud and Brand monitoring the status of harmful domain names and web.! Extremely if nothing happens, download GitHub Desktop and try again JSON.. The speed with which it attempts to evolve requires comprehensive protection happens and is there wrong. Using the free phishing Feed, you agree to our Terms of use and uniformity in that... 24 hours method of encoding that uses dashes and dots to represent characters VirusTotal Anti-Phishing!