2017-10-11 - PHISHING WEBSITE TRAFFIC

NOTICE:

ASSOCIATED FILES:

NOTES:

 

EMAIL


Shown above:  Screenshot of the email.

 

EMAIL HEADERS:

 


Shown above:  Initial phishing page.

 


Shown above:  Fake gmail login (one of many different login options).

 


Shown above:  Fake recovery email and phone.

 


Shown above:  Phishing kit zip archive from the compromised website.

 

TRAFFIC


Shown above:  Traffic in Wireshark shows Bit[.]ly link going to HTTPS URL.

 


Shown above:  HTTPS URLs as recorded in Fiddler.

 

ASSOCIATED URLS:

 

MALWARE

PHISHING KIT FROM COMPROMISED SITE:


Shown above:  Contents of the phishing kit.

 

Click here to return to the main page.