phishing sa highway.rs - Printable Version

phishing sa highway.rs - Printable Version

+- Bezbedan Balkan (https://bezbedanbalkan.net)
+-- Forum: Bezbednost privatnih resursa (https://bezbedanbalkan.net/forum-12.html)
+--- Forum: Phishing / Scam / Spam kampanje (https://bezbedanbalkan.net/forum-16.html)
+--- Thread: phishing sa highway.rs (/thread-204.html)

phishing sa highway.rs - maxxa - 10-28-2022

Phishing sa sajta instituta za puteve

Filename: highway.rs.png Size: 110.96 KB 10-28-2022, 02:54 PM

link iz maila vodi na: hxxps[:]//ahlmka[.]hamaforton[.]com/?zfjyl=cHVyY2hhc2VvcmRlcnNAYTEucnM=
a odatle redirektuje na: hxxps[:]//sparkriffro[.]shop/kdin4wgqxprinceequiR3g5wTcjY/?NohyO9mXgWY=cHVyY2hhc2VvcmRlcnNAYTEucnM=

Izgleda da je već detektovan, na drugom linku izlazi error 403 forbidden.

Odeljak iz headera:

Code:
authentication-results................................spf=pass (sender IP is 37.48.71.180)

                                                      smtp.mailfrom=highway.rs; dkim=pass (signature was verified)

                                                      header.d=highway.rs;dmarc=pass action=none

                                                      header.from=highway.rs;compauth=pass reason=100

IP: 37.48.71.180, sajt se nalazi na hostingu
name:"LeaseWeb Netherlands B.V."

Na sajtu ostavljen phpinfo.php

RE: phishing sa highway.rs - Dino.Nanic - 10-31-2022

Mi smo takodjer zabiljezili kampanju sa te domene.