12-24-2022, 12:08 AM
Dosta loše urađen phishing, ali ipak se prilično širi.
Link iz maila vodi na: hxxps[:]//wrongtostrong[.]fitproautomation[.]com/wp-admin/HLOO/
Sveže detekcije na VT: https://www.virustotal.com/gui/url/d7c09...e7850b073a
Deo headera:
Received..............................................from smtp-8fb4.mail.infomaniak.ch (83.166.143.180) by
HE1EUR04FT038.mail.protection.outlook.com (*) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5944.13 via Frontend Transport; Fri, 23 Dec 2022 08:55:55 +0000
Received..............................................from h2web92.infomaniak.ch (unknown [83.166.138.40])
by smtp-3-1000.mail.infomaniak.ch (Postfix) with ESMTP id 4Ndgy22W1zzMwD3h
From..................................................=?utf-8?B?UtCw0ZZmZmXRlnNlbiw=?= <[email protected]>
authentication-results................................spf=softfail (sender IP is 83.166.143.180)
smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none
Link iz maila vodi na: hxxps[:]//wrongtostrong[.]fitproautomation[.]com/wp-admin/HLOO/
Sveže detekcije na VT: https://www.virustotal.com/gui/url/d7c09...e7850b073a
Deo headera:
Received..............................................from smtp-8fb4.mail.infomaniak.ch (83.166.143.180) by
HE1EUR04FT038.mail.protection.outlook.com (*) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5944.13 via Frontend Transport; Fri, 23 Dec 2022 08:55:55 +0000
Received..............................................from h2web92.infomaniak.ch (unknown [83.166.138.40])
by smtp-3-1000.mail.infomaniak.ch (Postfix) with ESMTP id 4Ndgy22W1zzMwD3h
From..................................................=?utf-8?B?UtCw0ZZmZmXRlnNlbiw=?= <[email protected]>
authentication-results................................spf=softfail (sender IP is 83.166.143.180)
smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none
#BudimoSajberSvesni