viernes, 4 de septiembre de 2015

Threat Target: Security Researchers

Several of our researchers received these LinkedIn invitations themselves with a fake recruiter profiles, someone is doing a mapping about Security researchers; I wondered who would want to attack these people, some days ago I received a fake email from fake accounts he pointed to phishing sites, ask me: this will be related, I said sure if someone is mapping overall security researchers accounts then let them phishing, but it is strange this must be analyzed more thoroughly, I did that deep down there is something that smells worse.

Jennifer White Fake Profile

Lea David Fake Invitation

List Fake Profiles

Fake Customer Message

Fake Customer Message for do Phishing

Phishing Site

The WhoIs about this Phishing host:

Registry Domain ID: 1832762529_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Update Date: 2014-10-28T06:56:32Z
Creation Date: 2013-10-28T06:55:31Z
Registrar Registration Expiration Date: 2015-10-28T06:55:31Z
Registrar:, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited

Registry Registrant ID: 
Registrant Name: Mayank Shah
Registrant Street: hemkunt colony
Registrant City: Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 10027
Registrant Country: India
Registrant Phone: 011462011
Registrant Email:

Registry Admin ID: 
Admin Name: Mayank Shah
Admin Street: hemkunt colony
Admin City: Delhi
Admin State/Province: Delhi
Admin Postal Code: 10027
Admin Country: India
Admin Phone: 011462011
Admin Email:

Registry Tech ID: 
Tech Name: Mayank Shah
Tech Street: hemkunt colony
Tech City: Delhi
Tech State/Province: Delhi
Tech Postal Code: 10027
Tech Country: India
Tech Phone: 011462011
Tech Email:

Well ask to Google: 

And google shows an list online pharmacy and Hindu things = Phishing

And do a reverse WhoIs: and this say me, this guy buy other 17 domains, maybe for phishing too.

Google Plus Profile

Facebook Profile

LinkedIn Profile

Phishing Site Scan Report

The next step, puts on contact with Abuse email and catch this stupid guy, good luck idiot ;)

Virus Total Report:

Source Article:

2 comentarios: