[GTER] Phishing oriundos de domínios de prefeituras

Danton Nunes danton.nunes at inexo.com.br
Fri Jan 3 15:52:23 -03 2020


On Fri, 3 Jan 2020, Leandro wrote:

> Tomemos como exemplo esse caso do domínio "feliz.rs.gov.br", cuja consulta
> retorna isso:
> 
> domínio:       rs.gov.br
> titular:       PROCERGS - Cia de Processamento de Dados do RGS
> documento:     87.124.582/0001-04
> responsável:   GIPRO - Gerência Internet PROCERGS

ok, note que é uma prefeitura mas hospeda em uma empresa:
danton at zaphod:~$ host feliz.rs.gov.br
feliz.rs.gov.br has address 191.6.198.189
feliz.rs.gov.br has IPv6 address 2804:10:4062::198:189
feliz.rs.gov.br mail is handled by 10 webmail.feliz.rs.gov.br.
danton at zaphod:~$ whois 2804:10:4062::198:189

% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries

% Brazilian resource: whois.registro.br


% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the terms of use at https://registro.br/termo/en.html ,
%  being prohibited its distribution, commercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2020-01-03T15:46:58-03:00

inetnum:     2804:10::/32
aut-num:     AS28299
abuse-c:     COABU
...
nic-hdl-br:  COABU
person:      Contato de Abuse
e-mail:      abuse at hospedagem.net
country:     BR
created:     20080919
changed:     20180417


que tal contactar esse cara?

note que o email é gerido por outra entidade!

danton at zaphod:~$ host webmail.feliz.rs.gov.br.
webmail.feliz.rs.gov.br has address 187.84.56.67
danton at zaphod:~$ whois 187.84.56.67

% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries

% Brazilian resource: whois.registro.br


% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the terms of use at https://registro.br/termo/en.html ,
%  being prohibited its distribution, commercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2020-01-03T15:50:37-03:00

inetnum:     187.84.56.64/30
aut-num:     AS53053
abuse-c:     NOBIN2
owner:       Bom Tempo Informática Ltda
ownerid:     02.591.052/0001-05
responsible: José Freiberger


-- Danton.


More information about the gter mailing list