API tools faq
paste
VRad

#ukrposhta_fraud_051220

VRad
Dec 7th, 2020 (edited)
444
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.73 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #fraud #phishing #ukrposhta
  2.  
  3. https://pastebin.com/AqQEjNTg
  4.  
  5. attack_vector
  6. --------------
  7. email URL > redirect > fake ukrposhta page > get credit card data
  8.  
  9. email_headers
  10. --------------
  11. Return-Path: <ukrposhta@ukrposhta.ua>
  12. Received: from ukrposhta.ua ([46.173.210.44])
  13. Received: from ukrposhta.ua ([46.173.210.44] RDNS failed) by ukrposhta.ua
  14. From: Укрпошта Експрес <ukrposhta@ukrposhta.ua>
  15. Subject: Ваш пакет не може бути доставлений 05.12.2020
  16. To: victim@company.org
  17. Date: Sat, 5 Dec 2020 16:29:19 -0800
  18. X-Mailer: Microsoft Outlook, Build 11.5608.5606
  19. X-OriginalArrivalTime: 06 Dec 2020 00:29:19.0116 (UTC) FILETIME=[D5FBCCC0:01D6CB66]
  20. X-FEAS-SURL: https://inc-ukraine-redirect.com/ukraine/info.html
  21. X-FEAS-CLIENT-IP: 46.173.210.44
  22.  
  23. URL`s
  24. --------------
  25. https://inc-ukraine-redirect.com/ukraine/info.html >> redirect >> https://ukrposhta-ua.com/ua/877317730/1605824564/381a5/
  26.  
  27. Domain
  28. --------------
  29. https://urlscan.io/result/13f97ef6-9da4-49a1-b187-b125b0cc1c35/
  30. https://urlscan.io/domain/ukrposhta-ua.com
  31.  
  32. SSL Cert
  33. --------------
  34. Let's Encrypt
  35.  
  36. Validity
  37. Not Before: Dec 5 13:33:34 2020 GMT
  38. Not After : Mar 5 13:33:34 2021 GMT
  39. Subject:
  40. commonName = webdisk.inc-ukraine-redirect.com
  41.  
  42. X509v3 Subject Alternative Name:
  43. DNS:autodiscover.inc-ukraine-redirect.com
  44. DNS:autodiscover.ukrposhta-ua.com
  45. DNS:cpanel.inc-ukraine-redirect.com
  46. DNS:cpanel.ukrposhta-ua.com
  47. DNS:cpcalendars.inc-ukraine-redirect.com
  48. DNS:cpcalendars.ukrposhta-ua.com
  49. DNS:cpcontacts.inc-ukraine-redirect.com
  50. DNS:cpcontacts.ukrposhta-ua.com
  51. DNS:inc-ukraine-redirect.com
  52. DNS:inc-ukraine-redirect.ouidadkaramace.com
  53. DNS:mail.inc-ukraine-redirect.com
  54. DNS:mail.ukrposhta-ua.com
  55. DNS:ukrposhta-ua.com
  56. DNS:ukrposhta-ua.ouidadkaramace.com
  57. DNS:webdisk.inc-ukraine-redirect.com
  58. DNS:webdisk.ukrposhta-ua.com
  59. DNS:webmail.inc-ukraine-redirect.com
  60. DNS:webmail.ukrposhta-ua.com
  61. DNS:www.inc-ukraine-redirect.com
  62. DNS:www.inc-ukraine-redirect.ouidadkaramace.com
  63. DNS:www.ukrposhta-ua.com
  64. DNS:www.ukrposhta-ua.ouidadkaramace.com
  65.  
  66.  
  67. https://crt.sh/?q=ukrposhta-ua.com
  68. https://www.ssllabs.com/ssltest/analyze.html?d=ukrposhta-ua.com
  69.  
  70. MX
  71. --------------
  72. 46.173.210.44
  73. https://urlscan.io/ip/46.173.210.44
  74. https://www.virustotal.com/gui/ip-address/46.173.210.44/details
  75.  
  76. # # #
  77.  
  78.  
  79. VR
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!