[GTER] Phishing oriundos de domínios de prefeituras
Danton Nunes
danton.nunes at inexo.com.br
Fri Jan 3 15:52:23 -03 2020
On Fri, 3 Jan 2020, Leandro wrote:
> Tomemos como exemplo esse caso do domínio "feliz.rs.gov.br", cuja consulta
> retorna isso:
>
> domínio: rs.gov.br
> titular: PROCERGS - Cia de Processamento de Dados do RGS
> documento: 87.124.582/0001-04
> responsável: GIPRO - Gerência Internet PROCERGS
ok, note que é uma prefeitura mas hospeda em uma empresa:
danton at zaphod:~$ host feliz.rs.gov.br
feliz.rs.gov.br has address 191.6.198.189
feliz.rs.gov.br has IPv6 address 2804:10:4062::198:189
feliz.rs.gov.br mail is handled by 10 webmail.feliz.rs.gov.br.
danton at zaphod:~$ whois 2804:10:4062::198:189
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use at https://registro.br/termo/en.html ,
% being prohibited its distribution, commercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2020-01-03T15:46:58-03:00
inetnum: 2804:10::/32
aut-num: AS28299
abuse-c: COABU
...
nic-hdl-br: COABU
person: Contato de Abuse
e-mail: abuse at hospedagem.net
country: BR
created: 20080919
changed: 20180417
que tal contactar esse cara?
note que o email é gerido por outra entidade!
danton at zaphod:~$ host webmail.feliz.rs.gov.br.
webmail.feliz.rs.gov.br has address 187.84.56.67
danton at zaphod:~$ whois 187.84.56.67
% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries
% Brazilian resource: whois.registro.br
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use at https://registro.br/termo/en.html ,
% being prohibited its distribution, commercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2020-01-03T15:50:37-03:00
inetnum: 187.84.56.64/30
aut-num: AS53053
abuse-c: NOBIN2
owner: Bom Tempo Informática Ltda
ownerid: 02.591.052/0001-05
responsible: José Freiberger
-- Danton.
More information about the gter
mailing list