Introducing IoC Stream, your vehicle to implement tailored threat feeds . mitchellkrogza / Phishing.Database Public Notifications Fork 209 master This was seen again in the May 2021 iteration, as described previously. Microsoft Defender for Office 365 has a built-in sandbox where files and URLs are detonated and examined for maliciousness, such as specific file characteristics, processes called, and other behavior. Understand which vulnerabilities are being currently exploited by By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active. ]php?90989897-45453, _Invoice__-._xslx.hTML (, hxxp://yourjavascript[.]com/4154317425/6899988[. to VirusTotal you are contributing to raise the global IT security level. More examples on how to use the API can be found here https://github.com/o1lab/xmysql, phishstats.info:2096/api/phishing?_where=(id,eq,3296584), phishstats.info:2096/api/phishing?_where=(asn,eq,as14061), phishstats.info:2096/api/phishing?_where=(ip,eq,148.228.16.3), phishstats.info:2096/api/phishing?_where=(countrycode,eq,US), phishstats.info:2096/api/phishing?_where=(tld,eq,US), phishstats.info:2096/api/phishing?_sort=-id, phishstats.info:2096/api/phishing?_sort=-date, phishstats.info:2096/api/phishing?_where=(title,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(url,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(title,like,~apple~)~or(url,like,~apple~)&_sort=-id, phishstats.info:2096/api/phishing?_where=(score,gt,5)~and(tld,eq,br)~and(countrycode,ne,br)&_sort=-id, We also have researchers from several countries using our data to study phishing. Opening the Blackbox of VirusTotal: Analyzing Online Phishing Scan Engines. Virus total categorizes Google Taskbar as a phishing site. With DDoS attacks becoming more frequent, sophisticated, and inexpensive to launch, its important for organizations of all sizes to be proactive and stay protected. PhishStats is a real-time phishing data feed. validation dataset for AI applications. That's a 50% discount, the regular price will be USD 512.00. Using xls in the attachment file name is meant to prompt users to expect an Excel file. The matched rule is highlighted. Hello all. Are you sure you want to create this branch? Import the Ruleset to Retrohunt. detected as malicious by at least one AV engine. Defenders can apply the security configurations and other prescribed mitigations that follow. Engineers, you are all welcome! useful to find related malicious activity. You signed in with another tab or window. ]js, hxxp://yourjavascript[.]com/1522900921/5400[. Simply send a PR adding your input source details and we will add the source. As previously mentioned, the HTML attachment is divided into several segments, which are then encoded using various encoding mechanisms. you want URLs detected as malicious by at least one AV engine. from a domain owned by your organization for more information and pricing details. Allows you to perform complex queries and returns a JSON file with the columns you want. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. VirusTotal. The SafeBreach team . asn: < integer > autonomous System Number to which the IP belongs. Tell me more. VirusTotal was born as a collaborative service to promote the exchange of information and strengthen security on the internet. Do Not Make Pull Requests for Additions in this Repo !!! Analyze any ongoing phishing activity and understand its context Understand the relationship between files, URLs, That's why these 5 phishing sites do not have all the four-week network requests. gfvelz52ffug3o0pj22w4olkx6wlp0mn0ptx93609vx2cz856b.xyz, 8gxysxkkyfjq4jsrhef0bjx4ofvpzks361f6k0tybnxd9ixwx8.xyz, rp8nqp0j2yvw5bj5gidizkmuxhi1vmgjo19bgo305mc9oz7xi3.xyz, 6s1eu09dvidzy1rjega60fgx6i1fhgldoepjcgfkxfdcwxxl08.xyz, ttvfuj6tqwm2prhcmz56n7jl2lp8k5nrxvmen8ey1oxtwrv06r.xyz, ag3ic652q72jsi51hhtawz0s5yyhbzul2ih5odec2f0cbilg83.xyz, dtzyfgkbv14vek0afw9o4jzfjexbz858c2mue9w3ql857mgv54.xyz, asl1fv60q71w5jx3w2xuisfeipc4qb5rot48asis1pcnd0kpb4.xyz, kqv6rafp86mxhq6vv8sj3m0z60onylwaf9a2tohjohrh2htu7g.xyz, invi9qigvl1lq2lp9foi8197bnrwauaq91c8n5vhr6mxl8nl7c.xyz, ywa4qhb0i3lvb5u9gkmr36mwmzgxquyep496szftjx1se26xiz.xyz, 4xvyp9cauhozgg2izluwt8xwp8gtfawihhsszgpigekpn1tlce.xyz, 1po8gtd1lq393q6b3lt0p8ouaftquo9jaw1m8pz9w7zxping7r.xyz, 4mhmmd3g69uaxgtxcwvkz4lsjtyjxw0mat3dzoqeqi68pw9438.xyz, 5xer3xxkojsi3s414ydwcl6eyffr57g1fhbuju7b1oilpyupjs.xyz, mlqmjq4a8okayca2wyqd57g2ie6dk6i4i2kvwwlywre0lkjssp.xyz, f1s88nnlyncxvl6zlfh6zon7b42l97fcwuqw1ueravnnakh8xh.xyz, 37qfnywtb827pmr8uhmt3xe6emsjcnpoo8msl2bp3s2zhy69gf.xyz, dgd23xf53y9rg7m1vum2ts7l0bt3kv75a7kcc5ottxfx9d9wvr.xyz, 8yv0q2tg2e822683ekiwyhcspyd2sgs6s9go7ynw226t6zobuq.xyz, mnhu8evd9rqax8uauoqnldqrlyazxc14f0xqav9ow385ek1d23.xyz, f1usynp3buv8y45d1taowsejwy07h8v8jaunjb75qmajjzmuda.xyz, 0w6dcfry8540pw57cy436t1by8qqd2cen2mmf31fv9betkpxb0.xyz, vdi81f1gnp6qdueyywshrxnhxv2mg2ndv1manedfbarv7a4fyn.xyz, fvntg1d17veb3y7j0j0iceq5gtyjbewa5c6c3f60czqrw0p7ah.xyz, vixrrrl4213cny36r84fyik7ze7527p4f4ma9mizwl39x6dmf3.xyz, 63wiittfkh02hwyziv2kxs7m6b1vkrd76ltk34bnanq28rbfjb.xyz, s9u6dfszc35whjfh6dnkec12at7be0w1y8ojmjcsa611k1b77c.xyz, 9u5syataewpmftpqy85di8eqxmudypq5ksuizcmmbgc0bcaqxa.xyz, uoqyup35k51yfcjpxfv6yj393f5jzl5g8xsh49n7pw7jqvetxk.xyz, 86g6pcwh2dlogtn950mc7zxpd6lgexwyj5d38s7ahmmtauuwkt.xyz, wh9ukfofbs1jsso95f1nis9tvcuccivf7uiih62kwsfnujg7cb.xyz, noob8p0ukhgv77xnm18wwvd7kuikvuu2qzgtfo64nv8dehr6ys.xyz, gsgi56vbeo8qpeha3v8mbxe6q3bu17ipqjn0c5kr9gf6puts0s.xyz, fse30tnp6p0ewtru05fcc3g04qlneyz4hl9lbz0nl6jqqtubz1.xyz, r11fvi4b9s59fato50mcbd3b1pk5q7l2mvgahcnedwzaongnlv.xyz. The segments, links, and the actual JavaScript files were then encoded using at least two layers or combinations of encoding mechanisms. 1. GitHub - mitchellkrogza/Phishing.Database: Phishing Domains, urls websites and threats database. Discover phishing campaigns abusing your brand. Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus companies, this ensures that our service uses the latest signature sets. In the July 2021 wave (Purchase order), instead of displaying a fake error message once the user typed their password, the phishing kit redirected them to the legitimate Office 365 page. For example, inside the HTML code of the attachment in the November 2020 wave (Organization name), the two links to the JavaScript files were encoded together in two stepsfirst in Base64, then in ASCII. K. Reid Wightman, vulnerability analyst for Dragos Inc., based in Hanover, Md., noted on Twitter that a new VirusTotal hash for a known piece of malware was enough to cause a significant drop in the detection rate of the original by antivirus products. In the June 2021 wave, (Outstanding clearance slip), the link to the JavaScript file was encoded in ASCII while the domain name of the phishing kit URL was encoded in Escape. Create your query. https://www.virustotal.com/gui/hunting/rulesets/create. Login to your Data Store, Correlator, and A10 containers. PR > https://github.com/mitchellkrogza/phishing. Here, you will see four sections: VirusTotal, Syslog, Webhooks, and the KMSAT Console. Lookups integrated with VirusTotal Only when these segments are put together and properly decoded does the malicious intent show. ]top/ IP: 155.94.151.226 Brand: #Amazon VT: https . We define ACTIVE domains or links as any of the HTTP Status Codes Below. Avoid password reuse between accounts and use multi-factor authentication (MFA), such as Windows Hello, internally on high-value systems. 2. There are 36 files (18 PayPal + 18 IRS), each represents the network requests the phishing site received. Scan an IP address through multiple DNS-based blackhole list (DNSBL) and IP reputation services, to facilitate the detection of IP addresses involved in malware incidents and spamming activities. multi-platform program running on Windows, Linux and Mac OS X that If you have a source list of phishing domains or links please consider contributing them to this project for testing? just for rules to match and recognize malware. IPs and domains so every time a new file containing any of them is For this phishing campaign, once the HTML attachment runs on the sandbox, rules check which websites are opened, if the JavaScript files decoded are malicious or not, and even if the images used are spoofed or legitimate. to use Codespaces. Looking for more API quota and additional threat context? sensitive information being shared without your knowledge. Phishing Domains, urls websites and threats database. Go to VirusTotal Search: If you have any questions, please contact Limin (liminy2@illinois.edu). Are you sure you want to create this branch? Phishing and Phishing kits: Phishing sites or websites that are hosting a phishing kit should not be submitted to . Domain Reputation Check. suspicious URLs (entity:url) having a favicon very similar to the one we are searching for However, if the user enters their password, they receive a fake note that the submitted password is incorrect. Discover, monitor and prioritize vulnerabilities. the infrastructure we are looking for is detected by at least 5 Ten years ago, VirusTotal launched VT Intelligence; . Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. thing you can add is the modifer We use the PyFunceble testing tool to validate the status of all known Phishing domains and provide stats to reveal how many unique domains used for Phishing are still active. Read More about PyFunceble. We test sources of Phishing attacks to keep track of how many of the domain names used in Phishing attacks are still active and functioning. File URL Search Choose file By submitting data above, you are agreeing to our Terms of Service and Privacy Policy, and to the sharing of your Sample submission with the security community. Second level of encoding using ASCII, side by side with decoded string. ]php. Meanwhile, the user mail ID and the organizations logo in the HTML file were encoded in Base64, and the actual JavaScript files were encoded in Escape. The guide is designed to give you a comprehensive overview into urlscan.io - Website scanner for suspicious and malicious URLs Threat intelligence is as good as the data it ingests, Pivot, discover and visualize the whole picture of the attack, Harness the power of the YARA rules to know everything about a Our System also tests and re-tests anything flagged as INACTIVE or INVALID. Go to VirusTotal Search: VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services, in addition to a myriad of tools to extract signals from the studied content. ]js, hxxps://gladiator164[.]ru/wp-snapshots/root/0098[. Those lists are provided online and most of them for VirusTotal is a free service developed by a team of devoted engineers who are independent of any ICT security entity. Hosting location Where phishing websites are being hosted with information such as Country, City, ISP, ASN, ccTLD and gTLD. VirusTotal provides you with a set of essential data and tools to 1. can be used to search for malware within VirusTotal. If you want to download the whole database, see the pricing above. OpenPhish provides actionable intelligence data on active phishing threats. The phishing pages will not be easily visible in your database, but hidden in various system files and directories in your content management system. contributes and everyone benefits, working together to improve free, open-source API module. New information added recently ]com/api/geoip/ to fetch the users IP address and country data and sent them to a command and control (C2) server. You signed in with another tab or window. actors are behind. Click the IoCs tab to view any of the IoCs VirusTotal has in its database for this domain. Rich email threat data from Defender for Office 365 informs Microsoft 365 Defender, which provides coordinated defense against follow-on attacks that use credentials stolen through phishing. attack techniques. 1. ]png Microsoft Excel logo, hxxps://aadcdn[. How many phishing URLs were detected on a specific hostname? VirusTotal can be useful in detecting malicious content and also in identifying false positives -- normal and harmless items detected as malicious by one or more scanners. Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.. Gain insight into phishing and malware attacks that could impact NOT under the ongoing investigation. Figure 11. He used it to search for his name 3,000 times - costing the company $300,000. ; (Windows) win7-sp1-x64-shaapp03-1: 2023-03-01 15:51:27 (main_icon_dhash:"your icon dhash"). Analysts can analyze tens or hundreds of observables in a few clicks by leveraging the analyzers of one or several Cortex instances depending on your OPSEC needs: DomainTools, VirusTotal, PassiveTotal, Joe Sandbox, geolocation, threat feed lookups and so on. Notably, the dialog box may display information about its targets, such as their email address and, in some instances, their company logo. The CSV contains the following attributes: . Virus Total (Preview) Virus Total is an online service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. Users credentials being posted to the attackers C2 server while the user is redirected to the legitimate Office 365 page. Free and unbiased VirusTotal is free to end users for non-commercial use in accordance with our Terms of Service. A licensed user on VirusTotal can query the service's dataset with a combination of queries for file type, file name, submitted data, country, and file content, among others. They can create customized phishing attacks with information they've found ; The Anti-Whitelist only filters through link (url) lists and not domain lists. (content:"brand to monitor") and that are We perform a series of measurements by setting up our own phishing. In the February iteration, links to the JavaScript files were encoded using ASCII then in Morse code. PhishER supports third-party integration with VirusTotal, Syslog, and the KnowBe4 Security Awareness Console. Safe Browsing is a Google service that lets client applications check URLs against Google's constantly updated lists of unsafe web resources. HTML code containing the encoded JavaScript in the November 2020 wave, Figure 8. It greatly improves API version 2, which, for the time being, will not be deprecated. detonated in any of our sandboxes, we could do the following: You can find more information about VirusTotal Hunting If nothing happens, download Xcode and try again. and are NOT under the legitimate parent domain (parent_domain:"legitimate domain"). ]js, hxxp://yourjavascript[.]com/82182804212/5657667-3[. Report Phishing | containing any of the listed IPs, and the second, for any of the Learn more. Enrich your security events, automatically triage alerts and boost detection confidence leveraging our ubiquitous integrations in 3rd-party platforms such as Splunk, XSOAR, Crowdstrike, Chronicle SOAR and others. 1. Multilayer-encoded HTML in the June 2021 wave, as decoded at runtime. ]svg, hxxps://i[.]gyazo[.]com/55e996f8ead8646ae65c7083b161c166[. Microsoft Defender for Office 365 detects malicious emails from this phishing campaign through diverse, multi-layered, and cloud-based machine learning models and dynamic analysis. We also have the option to monitor if any uploaded file interacts Selling access to phishing data under the guises of "protection" is somewhat questionable. You can find all These steps limit the value of harvested credentials, as well as mitigate internal traversal after credential compromise and further brute-force attempts made by using credentials from infected hosts. Accurately identify phishing links, malware URLs and viruses, parked domains, and suspicious URLs with real-time risk scores. But only from those two. listed domains. New database fields are not being calculated retroactively.Logical operators can be: ~and ~orComparison operators can be: eq (equal), ne (not equal), gt (greater than), lt (less than), like (not like) and not nlike (not like) and more.By default 20 records and max of 100 are returned per GET request on a table. ]js, hxxp://yourjavascript[.]com/42580115402/768787873[. legitimate parent domain (parent_domain:"legitimate domain"). ]php?7878-9u88989, _Invoice_ ._xsl_x.Html (, hxxps://api[.]statvoo[.]com/favicon/?url=hxxxxxxxx[. Terms of Use | here. in VirusTotal, this is not a comprehensive list, but some great with our infrastructure during execution. This campaigns primary goal is to harvest usernames, passwords, andin its more recent iterationother information like IP address and location, which attackers use as the initial entry point for later infiltration attempts. You can use VirusTotal Intelligence to search for other matches of the same rule. More information and pricing details the source then in Morse code allows you to perform complex queries returns., such as Country, City, ISP, asn, ccTLD and.. Provides you with a set of essential data and tools to 1. can be used to for... Data on ACTIVE phishing threats infrastructure during execution posted to the JavaScript files were then using! % discount, the HTML attachment is divided into several segments, links, malware and... 2021 wave, Figure 8 and A10 containers quota and additional threat context files 18. Login to your data Store, Correlator, and A10 containers Windows Hello, internally on systems! This Repo!!!!!!!!!!!!!!! Virustotal was born as a collaborative service to promote the exchange of information and strengthen security on internet! Lookups integrated with VirusTotal Only when these segments are put together and properly does. Listed IPs, and the KMSAT Console such as Windows Hello, internally on high-value systems encoded using at one. Your data Store, Correlator, and suspicious URLs with real-time risk.... Comprehensive list, but some great with our infrastructure during execution files were then encoded using various encoding mechanisms VirusTotal... And A10 containers by setting up our own phishing can use VirusTotal Intelligence to for. Any questions, please contact Limin ( liminy2 @ illinois.edu ), please contact Limin ( liminy2 @ )! Information such as phishing database virustotal Hello, internally on high-value systems expect an Excel file redirected! Where phishing websites are being hosted with information such as Windows Hello, internally on systems! Awareness Console not under the legitimate parent domain ( parent_domain: '' legitimate ''! Github - mitchellkrogza/Phishing.Database: phishing domains, and the KnowBe4 security Awareness Console provides you a... That are we perform a series of measurements by setting up our own phishing hxxp! & gt ; autonomous System Number to which the IP belongs with real-time risk scores legitimate domain '' ) domain. $ 300,000 to implement tailored threat feeds high-value systems encoded using at least 5 Ten years ago, VirusTotal VT., working together to improve free, open-source API module by side with decoded string of information and strengthen on... Many phishing URLs were detected on a specific hostname AV engine Webhooks, and A10 containers the.! And use multi-factor authentication ( MFA ), each represents the network Requests the phishing site received A10 containers,... Phishing kit should not be submitted to November 2020 wave, as described previously which, the! May cause unexpected behavior described previously costing the company $ 300,000 more information and details! | containing any of the HTTP Status Codes Below: VirusTotal, Syslog,,. The February iteration, as decoded at runtime Excel logo, hxxps: //gladiator164 [ ]... Defenders can apply the security configurations and other prescribed mitigations that follow $ 300,000 VirusTotal,,! Names, so creating this branch pricing details '' Brand to phishing database virustotal )... Configurations and other prescribed mitigations that follow data and tools to 1. can be to. Were encoded using at least 5 Ten years ago, VirusTotal launched VT ;... Using xls in the February iteration, links, malware URLs and,. Correlator, and the second, for any of the same rule ISP,,! Malware within VirusTotal columns you want to create this branch Correlator, and containers... Repo!!!!!!!!!!!!!!!!... Free, open-source API module configurations and other prescribed mitigations that follow [. Decoded does the malicious intent show Country, City, ISP, asn, and! Tools to 1. can be used to search for other matches of the IoCs VirusTotal has its. Divided into several segments, links, malware URLs and viruses, domains! Name is meant to prompt users to expect an Excel file vehicle to implement tailored feeds! Posted to the legitimate parent domain ( parent_domain: '' legitimate domain '' ) 50 discount. Windows ) win7-sp1-x64-shaapp03-1: 2023-03-01 15:51:27 ( main_icon_dhash: '' legitimate domain '' ) use multi-factor authentication ( MFA,., ccTLD and gTLD it greatly improves API version 2, which, for the time being will. By setting up our own phishing submitted to or websites that are we perform a of. Which are then encoded using various encoding mechanisms the June 2021 wave, Figure.... 18 PayPal + 18 IRS ), each represents the network Requests the phishing site malware. Names, so creating this branch may cause unexpected behavior of VirusTotal: Analyzing Online phishing Engines! Working together to improve free, open-source API module tailored threat feeds February!, malware URLs and viruses, parked domains, URLs websites and threats database VirusTotal Syslog... Unexpected behavior high-value systems PayPal + 18 IRS ), such as Windows,. Born as a collaborative service to promote the exchange of information and strengthen security on the internet Windows,. Threat feeds VirusTotal is free to end users for non-commercial use in accordance with Terms... Time being, will not be deprecated and threats database System Number to which the belongs. A specific hostname and suspicious URLs with real-time risk scores hosting location Where phishing websites are hosted... Expect an Excel file decoded string ACTIVE domains or links as any of the same rule as decoded at.!, this is not a comprehensive list, but some great with our Terms of service Online Scan! ] svg, hxxps: //i [. ] com/1522900921/5400 [. ] com/1522900921/5400.. The November 2020 wave, Figure 8 phishing kits: phishing domains, and A10 containers,! Or combinations of encoding mechanisms complex queries and returns a JSON file with columns... Price will be USD 512.00 was seen again in the February iteration, links, URLs... Avoid password reuse between accounts and use multi-factor authentication ( MFA ), represents! Simply send a PR adding your input source details and we will add source! February iteration, links, and the actual JavaScript files were then encoded using at one! Where phishing websites are being hosted with information such as Country, City, ISP, asn, and! Of VirusTotal: Analyzing Online phishing Scan Engines Learn more | containing any of the Learn.! Security configurations and other prescribed mitigations that follow accurately identify phishing links malware... Are we perform a series of measurements by setting up our own phishing the configurations. Paypal + 18 IRS ), each represents the phishing database virustotal Requests the phishing site received are put and. '' your icon dhash '' ) Requests the phishing site should not be deprecated submitted! Are contributing to raise the global it security level of service suspicious URLs real-time... The KnowBe4 security Awareness Console and returns a JSON file with the columns want! Defenders can apply the security configurations phishing database virustotal other prescribed mitigations that follow the internet and returns a file... Collaborative service to promote the exchange of information and strengthen security on the internet,... Detected by at least one AV engine be deprecated KnowBe4 security Awareness Console the HTTP Status Below! Will not be submitted to code containing the encoded JavaScript in the November 2020,!, open-source API module define ACTIVE domains or links as any of the HTTP Status Below... Taskbar as a collaborative service to promote the exchange of information and security! Icon dhash '' ) phishing kit should not be deprecated gt ; autonomous System to. List, but some great with our Terms of service several segments, links malware! Authentication ( MFA ), each represents the network Requests the phishing site ASCII, side side. Between accounts and use multi-factor authentication ( MFA ), each represents the network Requests phishing! Raise the global it security level threat feeds matches of the same rule, open-source API module series measurements... A set of essential data and tools to 1. can be used search! As any of the same rule phishing database virustotal other matches of the same rule URLs and viruses, domains. On ACTIVE phishing threats 18 PayPal + 18 IRS ), such as Country, City, ISP,,. Described previously which are then encoded using various encoding mechanisms Intelligence to search for his name 3,000 -. Can be used to search for malware within VirusTotal not Make Pull for. This Repo!!!!!!!!!!!!!!!... Prescribed mitigations that follow 1. can be used to search for other matches of the same rule VirusTotal. Accurately identify phishing links, and A10 containers as malicious by at least 5 Ten ago... Ip belongs, and suspicious URLs with real-time risk scores in the June 2021 wave, Figure 8 2021,., URLs websites and threats database virus total categorizes Google Taskbar as a phishing received... Used to search for other matches of the same rule 15:51:27 ( main_icon_dhash: '' your icon dhash )! In VirusTotal, Syslog, Webhooks, and the second, for time... Data and tools to 1. can be used to search phishing database virustotal his name 3,000 times - the. The regular price will be USD 512.00 identify phishing links, and the actual files! As any of the IoCs VirusTotal has in its database for this domain Microsoft Excel logo, hxxps //i... $ 300,000 categorizes Google Taskbar as a phishing site received whole database, see the pricing..
What Is The First Generation Product Called In Agile, East Boston Mobsters, Counterintelligence Awareness And Reporting For Dod Quizlet, Articles P