Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Zip Recruiter Phishing Campaign:
- Return address:
- no-reply@ziprecruter.com
- Subjects:
- ZipRecruiter Critical Security Alert #([0-9]{5})
- ZipRecruiter Check Your Account Activity #([0-9]{5})
- Header origin:
- Received: from wrqvcxfq.outbound-mail.sendgrid.net (unverified
- [149.72.202.244])
- Redirector Pages:
- http://cord.nvfms.org/
- http://mart.fammart.com/
- http://plan.sherrisplants.com/
- http://sub.musizhao.com/
- http://str.ladystrange.com/
- http://tto.bkandgun.com/
- LanderPages:
- https://ziprecrulter.site/login?token=yysndtvrrs9f4amwt7k5m
- Notes: Interesting that the kit seems to have been used before about 20 days ago and the token=yysndtvrrs9f4amwt7k5m then also.
- Going to the https://ziprecrulter.site without the token gets you redirected to the real ZipRecruiter site for your geolocation.
- It also redirects you to the real ZipRecruiter site by geolocation once it collects your credentials.
- I also have noted a lot of the sent messages have broken URLs that are formed with http:/ and not http://. Example: http:/mart.fammart.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement