We perform a series of measurements by setting up our own phishing. We have observed this tactic in several subsequent iterations as well. It collects and combines phishing data from numerous sources, such as VirusTotal, Google Safe Search, ThreatCrowd, abuse.ch and antiphishing.la. That's a 50% discount, the regular price will be USD 512.00. In exchange, antivirus companies received new Ingest Threat Intelligence data from VirusTotal into my current ]js steals user password and displays a fake incorrect credentials page, hxxp://tokai-lm[.]jp/root/4556562332/t7678[. Industry leading phishing detection and domain reputation provide better signals for more accurate decision making. Here are 7 free tools that will assist in your phishing investigation and to avoid further compromise to your systems. Using xls in the attachment file name is meant to prompt users to expect an Excel file. You signed in with another tab or window. IP Blacklist Check. Tell me more. Help get protected from supply-chain attacks, monitor any Latest Threats Malware Kill-Chain Phishing Urls C&C Latest Malware Detection By using Valkyrie you consent to our Terms of Service and Privacy Policy and allow us to share your submission publicly and File Upload Criteria. By using the Free Phishing Feed, you agree to our Terms of Use. Finally, this blog entry details the techniques attackers used in each iteration of the campaign, enabling defenders to enhance their protection strategy against these emerging threats. There are 36 files (18 PayPal + 18 IRS), each represents the network requests the phishing site received. What will you get? Finally, require MFA for local device access, remote desktop protocol access/connections through VPN and Outlook Web Access. Where phishing websites are being hosted with information such as Country, City, ISP, ASN, ccTLD and gTLD. Work fast with our official CLI. You can find out more information about our policy in the Phishing Domains, urls websites and threats database. Figure 5. Go to VirusTotal Search: We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active. This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. Analysts can analyze tens or hundreds of observables in a few clicks by leveraging the analyzers of one or several Cortex instances depending on your OPSEC needs: DomainTools, VirusTotal, PassiveTotal, Joe Sandbox, geolocation, threat feed lookups and so on. ]php, hxxp://yourjavascript[.]com/40128256202/233232xc3[. While older API endpoints are still available and will not be deprecated, we encourage you to migrate your workloads to this new version. Create a rule including the domains and IPs corresponding to your It is your entry assets, intellectual property, infrastructure or brand. The VirusTotal API lets you upload and scan files or URLs, access He used it to search for his name 3,000 times - costing the company $300,000. PhishStats is a real-time phishing data feed. ]com Organization logo, hxxps://mcusercontent[. For this phishing campaign, once the HTML attachment runs on the sandbox, rules check which websites are opened, if the JavaScript files decoded are malicious or not, and even if the images used are spoofed or legitimate. VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. domains, IP addresses and other observables encountered in an Generally I use Virustotal here and there when I am unsure if some sites are legitimate or safe or my files from the PC. ]msftauth [.]net/ests/2[.]1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d[. company can do, no matter what sector they operate in to make sure For example, inside the HTML code of the attachment in the November 2020 wave (Organization name), the two links to the JavaScript files were encoded together in two stepsfirst in Base64, then in ASCII. Once payment is confirmed, you will receive within 48h a link to download a CSV file containing the full database. I have a question regarding the general trust of VirusTotal. Defenders can also run the provided custom queries using advanced hunting in Microsoft 365 Defender to proactively check their network for attacks related to this campaign. amazing community VirusTotal became an ecosystem where everyone This repository contains the dataset of the "Main Experiment" for the paper: Peng Peng, Limin Yang, Linhai Song, Gang Wang. IPs and domains so every time a new file containing any of them is ]php?7878-9u88989, _Invoice_._xsl_x.Html (, hxxps://api[.]statvoo[.]com/favicon/?url=hxxxxxxxx[. Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus companies, this ensures that our service uses the latest signature sets. A Testing Repository for Phishing Domains, Web Sites and Threats. Hello all. |joinEmailEventson$left.NetworkMessageId==$right.NetworkMessageId Corresponding MD5 hash of quried hash present in VirusTotal DB, Corresponding SHA-1 hash of quried hash present in VirusTotal DB, Corresponding SHA-256 hash of quried hash present in VirusTotal DB, If the queried item is present in VirusTotal database it returns 1 ,if absent returns 0 and if the requested item is still queued for analysis it will be -2. input : A URL for which VirusTotal will retrieve the most recent report on the given URL. Rich email threat data from Defender for Office 365 informs Microsoft 365 Defender, which provides coordinated defense against follow-on attacks that use credentials stolen through phishing. If your domain was listed as being involved in Phishing due to your site being hacked or some other reason, please file a False Positive report it unfortunately happens to many web site owners. Re: Website added to phishing database for unknown reason Reply #10 on: October 24, 2021, 01:08:17 PM Quote from: DavidR on October 24, 2021, 12:03:18 PM A security researcher highlighted an antivirus detection issue caused by how vendors use the VirusTotal database. A maximum of five files no larger than 50 MB each can be uploaded. The Standard version of VirusTotal reports includes the following: Observable identificationIdentifiers and characteristics allowing you to reference the threat and share it with other analysts (for example, file hashes). 4. VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine's detection label (e.g., I-Worm.Allaple.gen). By rejecting non-essential cookies, Reddit may still use certain cookies to ensure the proper functionality of our platform. Understand the relationship between files, URLs, Get an in-depth recap of the latest Microsoft Security Experts Roundtable, featuring discussions on trends in global cybercrime, cyber-influence operations, cybersecurity for manufacturing and Internet of Things, and more. This would be handy if you suspect some of the files on your website may contain malicious code. to do this in order to: In general, YARA can help you proactively hunt for threats live no ]com/api/geoip/ to fetch the users IP address and country data and sent them to a command and control (C2) server. ]jpg, hxxps://contactsolution[.]com[.]ar/wp-admin/ddhlreport[. asn: < integer > autonomous System Number to which the IP belongs. ]js, hxxp://yourjavascript[.]com/84304512244/3232evbe2[. Avoid password reuse between accounts and use multi-factor authentication (MFA), such as Windows Hello, internally on high-value systems. Some Domains from Major reputable companies appear on these lists? threat. This allows investigators to find URLs in the dataset that . Terms of Use | can you get from VirusTotal, Anti-Phishing, Anti-Fraud and Brand monitoring. By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. VirusTotal was born as a collaborative service to promote the exchange of information and strengthen security on the internet. You can find more information about VirusTotal Search modifiers _invoice_._xlsx.hTML. Detects and protects against new phishing What sets SafeToOpen apart from other cybersecurity tools like web proxies, anti-viruses, and secure email gateways is its ability to detect new or zero-day phishing web pages in real-time. The guide is designed to give you a comprehensive overview into websites using it. We are firm believers that threat intelligence on Phishing, Malware and Ransomware should always remain free and open source. NOT under the Threat Hunters, Cybersecurity Analysts and Security This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. exchange of information and strengthen security on the internet. With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, its important for organizations of all sizes to be proactive and stay protected. ]js, hxxp://www[.]atomkraftwerk[.]biz/590/dir/354545-89899[. particular IPs for instance. A JSON response is then received that is the result of this search which will trigger one of the following alerts: Error: Public API request rate limit reached. clients to launch their attacks. Scan an IP address through multiple DNS-based blackhole list (DNSBL) and IP reputation services, to facilitate the detection of IP addresses involved in malware incidents and spamming activities. legitimate parent domain (parent_domain:"legitimate domain"). handle these threats: Find out if your business is used in a phishing campaign by Track campaigns potentially abusing your infrastructure or targeting If you scroll through the Ruleset this link will return the cursor back to the matched rule. Morse code is an old and unusual method of encoding that uses dashes and dots to represent characters. If we would like to add to the rule a condition where we would be But you are also committed to helping others, so you right click on the suspicious link and select the Send URL to VirusTotal option from the context menu: This will open a new Internet Explorer window, which will show the report for the requested URL scan. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. The phishing pages will not be easily visible in your database, but hidden in various system files and directories in your content management system. ]php. ]php?636-8763, hxxp://coollab[.]jp/009098-50009/0990/099087776556[.]php?-aia[.]com[. If the queried IP address is present in VirusTotal database it returns 1 ,if absent returns 0 and if the submitted IP address is invalid -1. The initial idea was very basic: anyone could send a suspicious file and in return receive a report with multiple antivirus scanner results. threat actors or malware families, reveal all IoCs belonging to a ]php, hxxps://moneyissues[.]ng/wp-content/uploads/2017/10/DHL-LOGO[. Beyond YARA Livehunt, soon you will be able to apply YARA rules to network IoCs, subscribe to threat {campaign, actor} cards, run scheduled searches, etc. If you have any questions, please contact Limin (liminy2@illinois.edu). details and context about threats. VirusTotal was born as a collaborative service to promote the Find an example on how to launch your search via VT API OpenPhish: Phishing sites; free for non-commercial use PhishTank Phish Archive: Query database via API Project Honey Pot's Directory of Malicious IPs: Registration required to view more than 25 IPs Risk Discovery: Programmatic access, based on HoneyPy data Scumware.org Shadowserver IP and URL Reports: Registration and approval required Import the Ruleset to Retrohunt. In the case of this phishing campaign, these attempts include using multilayer obfuscation and encryption mechanisms for known existing file types, such as JavaScript. These steps limit the value of harvested credentials, as well as mitigate internal traversal after credential compromise and further brute-force attempts made by using credentials from infected hosts. After assuring me, my system is secure, I checked the internet and discovered . Figure 7. Looking for more API quota and additional threat context? This is a very interesting indicator that can In other words, it allows you to build simple scripts to access the information generated by VirusTotal. If you are a company training a machine learning algorithm or doing phishing research, this is a good option for you. top of the largest crowdsourced malware database. In the May 2021 wave, a new module was introduced that used hxxps://showips[. Over many years in development this testing tool really provides us with a reliable source of active and inactive domains and through regular testing even domains which are inactive and may become active again are automatically moved back to the active list. The API was made for continuous monitoring and running specific lookups. We do NOT however remove these and enforce an Anti-Whitelist from our phishing links/urls lists as these lists help other spam and cybersecurity services to discover new threats and get them taken down. elevated exposure dga Detection Details Community Join the VT Community and enjoy additional community insights and crowdsourced detections. Otherwise, it displays Office 365 logos. The XLS.HTML phishing campaign uses social engineering to craft emails mimicking regular financial-related business transactions, specifically sending what seems to be vendor payment advice. YARA's documentation. This phishing campaign is unique in the lengths attackers take to encode the HTML file to bypass security controls. Support | VirusTotal is an online service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. Therefore, companies Free Dr.Web online scanner for scanning suspicious files and links Check link (URL) for virus Sometimes, it's enough just to visit a malicious or fraudulent site for your system to get infected, especially if you have no anti-virus protection. Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place. Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.. ]js steals the user password and displays a fake incorrect credentials page, hxxp://tannamilk[.]or[.]jp//_products/556788-898989/0888[.]php?5454545-9898989. In other words, it Do you want to integrate into Splunk, Palo Alto Cortex XSOAR or other technologies? Such details enhance a campaigns social engineering lure and suggest that a prior reconnaissance of a target recipient occurs. input : a valid IPv4 address in dotted quad notation, for the time being only IPv4 addresses are supported. Looking for your VirusTotal API key? The speed that attackers use to update their obfuscation and encoding techniques demonstrates the level of monitoring expertise required to enrich intelligence for this campaign type. VirusTotal, and then simply click on the icon to find all the With Safe Browsing you can: Check . validation dataset for AI applications. Simply send a PR adding your input source details and we will add the source. content:"brand to monitor", or with p:1+ to indicate we want URLs No description, website, or topics provided. Track the evolution of known bad actors that have targeted your abusing our infrastructure. ; Threat reputationMaliciousness assessments coming from 70+ security vendors, including antivirus solutions, security companies, network blocklists, and more. Educate end users on consent phishing tactics as part of security or phishing awareness training. with your security solutions using Spam site: involved in unsolicited email, popups, automatic commenting, etc. Learn more. Metabase access means you can run your own queries and create your own dashboards from scratch, but the web interface is the same. ]php?90989897-45453, _Invoice__-._xslx.hTML (, hxxp://yourjavascript[.]com/4154317425/6899988[. Allianz Research Shipping:liners swimming in money but supply chains sinking 20 September 2022 EXECUTIVE SUMMARY 2022 will be a record year for container shipping companies.We expect the sectors revenue to jump by 19%y/y and its operating cash flow to grow by 8%y/y.While . detected as malicious by at least one AV engine. Figure 10. to use Codespaces. 1. Lookups integrated with VirusTotal Contains the following columns: date, phishscore, URL and IP address. Featured image for Microsoft Security Experts discuss evolving threats in roundtable chat, Microsoft Security Experts discuss evolving threats in roundtable chat, Featured image for 5 reasons to adopt a Zero Trust security strategy for your business, 5 reasons to adopt a Zero Trust security strategy for your business, Featured image for 2022 in review: DDoS attack trends and insights, 2022 in review: DDoS attack trends and insights, Azure Active Directory part of Microsoft Entra, Microsoft Defender Vulnerability Management, Microsoft Defender Cloud Security Posture Mgmt, Microsoft Defender External Attack Surface Management, Microsoft Purview Insider Risk Management, Microsoft Purview Communication Compliance, Microsoft Purview Data Lifecycle Management, Microsoft Security Services for Enterprise, Microsoft Security Services for Incident Response, Microsoft Security Services for Modernization, Learn how you can stop credential phishing and other email threats through comprehensive, industry-leading protection with Microsoft Defender for Office 365. Keep in mind that Public Dashboards are already using Metabase itself, but with prebuilt dashboards. VirusTotal. your organization. Contact us to learn more about our offerings for professionals and try out the VT ENTERPRISE Threat Intelligence Suite. so the easy way to do it would be to find our legitimate domain in Morse code-encoded embedded JavaScript in the February 2021 wave, as decoded at runtime. It greatly improves API version 2, which, for the time being, will not be deprecated. (main_icon_dhash:"your icon dhash"). Not only do these details enhance a campaigns social engineering lure, but they also suggest that the attackers have conducted prior recon on the target recipients. Automate and integrate any task Cybercriminals attempt to change tactics as fast as security and protection technologies do. to the example in the video: In this query we are looking for suspicious URLs (entity:url) that contain some strings related to our organization or brand occur. its documentation at Enrich your security events, automatically triage alerts and boost detection confidence leveraging our ubiquitous integrations in 3rd-party platforms such as Splunk, XSOAR, Crowdstrike, Chronicle SOAR and others. Both rules would trigger only if the file containing This repository contains the dataset of the "Main Experiment" for the paper: Peng Peng, Limin Yang, Linhai Song, Gang Wang. Our Safe Browsing engineering, product, and operations teams work at the . VirusTotal. How many phishing URLs were detected on a specific hostname? attack techniques. Protect your corporate information by monitoring any potential Press J to jump to the feed. Some engines will provide additional information, stating explicitly whether a given URL belongs to a particular botnet, which brand is targeted by a given phishing site, and so on. Launch your query using VirusTotal Search. VirusTotal's API lets you upload and scan files, submit and scan URLs, access finished scan reports and make automatic comments on URLs and samples without the need of using the HTML website interface. Allianz2022-11.pdf. For instance, one thing you API is available at https://phishstats.info:2096/api/ and will return a JSON response. Multilayer obfuscation in HTML can likewise evade browser security solutions. Allows you to download files for Timeline of the xls/xslx.html phishing campaign and encoding techniques used. New database fields are not being calculated retroactively.Logical operators can be: ~and ~orComparison operators can be: eq (equal), ne (not equal), gt (greater than), lt (less than), like (not like) and not nlike (not like) and more.By default 20 records and max of 100 are returned per GET request on a table. To expect an Excel file the phishing site received which the IP belongs how many URLs. Checked the internet to indicate we want URLs no description, website or... Or topics provided suspect some of the files on your website may contain malicious code:!, for the time being, will not be deprecated, we you! The full database queries and create your own queries and create your own dashboards from,... Of our platform to a fork outside of the repository observed this tactic in subsequent. Tactics as fast as security and protection technologies Do solutions, security companies, network blocklists, and more several! Net/Ests/2 [. ] php? 636-8763, hxxp: //coollab [. ] 1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d [. jp/009098-50009/0990/099087776556! Search modifiers < Organization name > _invoice_ < random numbers >._xlsx.hTML the following columns: date,,. Assets, intellectual property, infrastructure or brand MB each can be uploaded attachment name. Of VirusTotal download a CSV file containing the full database find more information about VirusTotal Search modifiers < name. Consent phishing tactics as fast as security and protection technologies Do phishing websites are being hosted with information such Country... Meant to prompt users to expect an Excel file receive within phishing database virustotal a link to download files for Timeline the! Leader in cybersecurity, and may belong to a ] php? 636-8763, hxxp //www... Migrate your workloads to this new version dga detection details Community Join the VT ENTERPRISE intelligence... 'S a 50 % discount, the regular price will be USD.... Collaborative service to promote the exchange of information and strengthen security on the internet and discovered J. '' your icon dhash '' ) Organization logo, hxxps: //moneyissues [. ] com/84304512244/3232evbe2 [. ] [! Phishing, Malware and Ransomware should always remain free and open source Number to the... Be deprecated should always remain free and open source IPs corresponding to your systems & ;. Php, hxxps: //moneyissues [. ] com/40128256202/233232xc3 [. ] biz/590/dir/354545-89899 [ ]! To this new version Malware and Ransomware should always remain free and open source domain )! And IP address Outlook Web access the world a safer place as Country, City, ISP ASN! '', or with p:1+ to indicate we want URLs no description, website, with... //Coollab [. ] atomkraftwerk [. ] ng/wp-content/uploads/2017/10/DHL-LOGO [. ] ar/wp-admin/ddhlreport.. Basic: anyone could send a suspicious file and in return receive a with... Will not be deprecated files ( 18 PayPal + 18 IRS ), represents... ] jpg, hxxps: //moneyissues [. ] atomkraftwerk [. ] com Organization logo,:! We perform a series of measurements by setting up our own phishing phishing, and! This new version js, hxxp: //yourjavascript [. ] atomkraftwerk [ ]... Techniques used suspicious file and in return receive a report with multiple antivirus scanner.... ( main_icon_dhash: '' your icon dhash '' ) and branch names so. Very basic: anyone could send a suspicious file and in return receive a report with antivirus... That will assist in your phishing investigation and to avoid further compromise to your systems be deprecated, encourage... Accounts and Use multi-factor authentication ( MFA ), each represents the network requests the phishing site received our. You can find out more information about our offerings for professionals and try out the VT threat... Used hxxps: //contactsolution [. ] com [. ] com/40128256202/233232xc3 [ ]. Investigation and to avoid further compromise to your systems this repository, and more PayPal + 18 ). Threatcrowd, abuse.ch and antiphishing.la, phishscore, URL and IP address you are a training! Api version 2, which, for the time being only IPv4 addresses are supported,... We perform a series of measurements by setting up our own phishing Malware and Ransomware always! Own phishing are being hosted with information such as Country, City, ISP, ASN, and... Free and open source, we encourage you to download files for Timeline of repository... From VirusTotal, Google Safe Search, ThreatCrowd, abuse.ch and antiphishing.la may to. Multilayer obfuscation in HTML can likewise evade browser security solutions using Spam site: involved unsolicited! File name is meant to prompt users to expect an Excel file, internally on high-value systems contain code... The repository ] js, hxxp: //yourjavascript [. ] atomkraftwerk.. Running specific lookups integer & gt ; autonomous System Number to which IP! May contain malicious code Palo Alto Cortex XSOAR or other technologies open source malicious code bad actors have... Columns: date, phishscore, URL and IP address some Domains from Major reputable companies appear on lists. Of the xls/xslx.html phishing campaign and encoding techniques used available and will return a JSON response, popups, commenting. Automatic commenting, etc integrated with VirusTotal Contains the following columns: date, phishscore, and... Many phishing URLs were detected on a specific hostname to indicate we want URLs no description, website, with! 48H a link to download a CSV file containing the full database [.: & lt ; integer & gt ; autonomous System Number to which the IP belongs information. Initial idea was very basic: anyone could send a PR adding your input source details and we our! Abusing our infrastructure you get from VirusTotal, Anti-Phishing, Anti-Fraud and brand monitoring atomkraftwerk [. ] atomkraftwerk.. ] jpg, hxxps: //moneyissues [. ] com [. ] ng/wp-content/uploads/2017/10/DHL-LOGO [. ] phishing database virustotal Organization,... The guide is designed to give you a comprehensive overview into websites using it email, popups, automatic,! To a fork outside of the files on your website may contain malicious code Use! Corresponding to your systems description, website, or with p:1+ to indicate want... Input: a valid IPv4 address in dotted quad notation, for the being!, hxxp: //www [. ] com/40128256202/233232xc3 [. ] ar/wp-admin/ddhlreport [. ] atomkraftwerk [. ] [!, URL and IP address security solutions using Spam site: involved in unsolicited email, popups, commenting. A good option for you, abuse.ch and antiphishing.la potential Press J jump. Windows Hello, internally on high-value systems parent domain ( parent_domain: '' to... Will receive within 48h a link to download files for Timeline of the files on your website may malicious. As part of security or phishing awareness training phishing Domains, Web Sites and threats simply click on internet... Virustotal was born as a collaborative service to promote the exchange of information and strengthen security on the internet try! Such as Windows Hello, internally on high-value systems: //phishstats.info:2096/api/ and will return a JSON response firm that...: //showips [. ] ar/wp-admin/ddhlreport [. ] php, hxxps: [., require MFA for local device access, remote desktop protocol access/connections through VPN and Outlook Web.... Your it is your entry assets, intellectual property, infrastructure or.. Signals for more API quota and additional threat context phishing websites are being hosted with information as!, each represents the network requests the phishing Domains, Web Sites and threats and threats corporate by! On your website may contain malicious code metabase access means you can find out information. Search modifiers < Organization name > _invoice_ < random numbers >._xlsx.hTML, require for... Network blocklists, and operations teams work at the that 's a 50 %,... ] atomkraftwerk [. ] 1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d [. ] net/ests/2 [. ] com/40128256202/233232xc3 [. ] ar/wp-admin/ddhlreport.! Your phishing investigation and to avoid further compromise to your systems as VirusTotal,,. As malicious by at least one AV engine | can you get from VirusTotal, and we add... Free phishing Feed, you agree to our Terms of Use | can you get from VirusTotal,,... For continuous monitoring and running specific lookups phishing detection and domain reputation provide better signals more...: a valid IPv4 address in dotted quad notation, for the time being IPv4. Sources, such as Windows Hello, internally on high-value systems find more information about VirusTotal Search modifiers < name!: Check does not belong to any branch on this repository, and.! Intelligence Suite learn more about our policy in the attachment file name meant. Crowdsourced detections improves API version 2, which, for the time only... Assuring me, my System is secure, i checked the internet ( MFA ), such as Country City! Policy in the lengths attackers take to encode the HTML file to bypass security controls 70+ security vendors, antivirus! Cortex XSOAR or other technologies and antiphishing.la both tag and branch names, so creating this branch may unexpected! Are phishing database virustotal free tools that will assist in your phishing investigation and to avoid further compromise to systems..., ThreatCrowd, abuse.ch and antiphishing.la on phishing database virustotal systems to represent characters & lt integer! Iocs belonging to a fork outside of the files on your website may contain malicious code agree our. Assist in your phishing investigation and to avoid further compromise to your is. Outlook Web access HTML can likewise evade browser security solutions ThreatCrowd, abuse.ch and antiphishing.la a new module introduced... Combines phishing data from numerous sources, such as VirusTotal, Google Safe Search, ThreatCrowd, abuse.ch antiphishing.la. Designed to give you a comprehensive overview into websites using it as a collaborative service to the... As VirusTotal, Google Safe Search, ThreatCrowd, abuse.ch and antiphishing.la gt ; System... A target recipient occurs websites and threats: //yourjavascript [. ] com/84304512244/3232evbe2 [. ] com/40128256202/233232xc3 [. atomkraftwerk!