Malicious github deployments

[dppf]

Select Topic Area

Question

Body

Hello
I have reported fraudulent users and their github deployments using the appropriate abuse channels.

Each reports looks like this

Hello,

Abuse alert, suspend the user github.com/cloud-ttrezor-app and the repository cloud-ttrezor-app.github.io as well, as they are both deceptive.

Official site: Trezor.io
Dishonest site: cloud-ttrezor-app[.]github[.]io

Bad actors impersonating technical support try to get users to visit the malicious site via social engineering. The scammer's aim is to obtain the secret mnemonic seed phrase and drain assets from the victim's wallet.

Phishfort is officially authorized to represent Trezor via contractual obligation and we request your urgent help in taking the malicious github user and deployment down. 

Please let us know if you require any further information to have the content removed swiftly. We can provide a LoA or other materials as requested.
Reference GGNDwgz2pUrFxpLwNXIJ

Thank you!

However both the abuse profiles nor their deployments / github pages get taken down, despite being in violation of the acceptable usage policy defined by GitHub.
https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies

4OAHxo9A6yJbdVWjTa8q auth-start-trezor.github.io
eKox5F45Hsk0YiResFMV cloud-io-ttrezor.github.io
GGNDwgz2pUrFxpLwNXIJ cloud-ttrezor-app.github.io
h79N8uFYA67y1yvhCCdS cloud-ttrezor-bridge.github.io
Q6zwfkuAU5yLp10MBe1o cloud-ttrezor-hd-wallet.github.io
pzWyrvxkW2oEGbgP2Msf cloud-ttrezor-logln.github.io
OXJcSjrhpb4g3W3bfgDA cloud-ttrezor-wallet.github.io
xmYdMNSCzhhX1KgVGMPa eng-start-trezor.github.io
EDzVGDgcmYfvWykzfE3y en-start-ttrezor.github.io
QekWpSiA9piapSoCyFqL home-start-trezor-io.github.io
HtErRXl6i7XlaaAtaw1s io-start-trezor.github.io
cRPVEuFLz0W103H9I6Af learn-start-trezor.github.io
jQizsUp8oFgSZc10hZlj learn-start-trezorrio.github.io
mUA726jzOE7BhFvAtIkZ m-auth-start-trezor.github.io
eWYrAJaoFx7Q7hmMUmQJ trezorbridge.github.io
PvtZYUqAS9WFtdaJVBt5 trezor-docs-s-start.github.io
2SIGAlzBc5ibXoGG39ZG trezor-start-trezor.github.io
tAPpVRU0T4iZjzNwLQKL trrezor-io-steart.github.io
uPijVMcxelpGrBrkDYrO my-trezor-start.github.io
JV3WMvqw8WzEl36i0RHf trezor-home.github.io
sdHyq3N6HnlFYz1RtY1i start-h-trezor.github.io
ClrL0IU9JQR4dYX6ti2c enio-trezor.github.io
xx9LKcEdlyGuzWYs4jdn us-start-trzor.github.io
S2ybB8YzCkSaRm805WOK eniotrezor.github.io
cOnKA3xTtTKo7RekZ4vt start-docs-trizor.github.io
fpeDGUdQq0yFZA8chWVf start-iotrezor.github.io
F1U7oWLCcVqxPbxQQoe3 start-m-trezor.github.io
a9oXOhz5ufE1LfmGsrNE enstart-trezor.github.io
fGufjqLtHgIk13Ji6EBL web-io-trezor.github.io

The nested subdomains deliberately resemble the main URL and feature keywords like SUITE TREZOR UI IO and so on.
There are many more, those are just pending action.

Thank you

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬