[GTER] Phishing oriundos de domínios de prefeituras

Leandro leandro at spfbl.net
Fri Jan 3 16:56:01 -03 2020


> On Fri, 3 Jan 2020, Leandro wrote:
>
> > Tomemos como exemplo esse caso do domínio "feliz.rs.gov.br", cuja
consulta
> > retorna isso:
> >
> > domínio:       rs.gov.br
> > titular:       PROCERGS - Cia de Processamento de Dados do RGS
> > documento:     87.124.582/0001-04
> > responsável:   GIPRO - Gerência Internet PROCERGS
>
> ok, note que é uma prefeitura mas hospeda em uma empresa:
> danton at zaphod:~$ host feliz.rs.gov.br
> feliz.rs.gov.br has address 191.6.198.189
> feliz.rs.gov.br has IPv6 address 2804:10:4062::198:189
> feliz.rs.gov.br mail is handled by 10 webmail.feliz.rs.gov.br.
> danton at zaphod:~$ whois 2804:10:4062::198:189
>
> % Joint Whois - whois.lacnic.net
> %  This server accepts single ASN, IPv4 or IPv6 queries
>
> % Brazilian resource: whois.registro.br
>
>
> % Copyright (c) Nic.br
> %  The use of the data below is only permitted as described in
> %  full by the terms of use at https://registro.br/termo/en.html ,
> %  being prohibited its distribution, commercialization or
> %  reproduction, in particular, to use it for advertising or
> %  any similar purpose.
> %  2020-01-03T15:46:58-03:00
>
> inetnum:     2804:10::/32
> aut-num:     AS28299
> abuse-c:     COABU
> ...
> nic-hdl-br:  COABU
> person:      Contato de Abuse
> e-mail:      abuse at hospedagem.net
> country:     BR
> created:     20080919
> changed:     20180417
>
>
> que tal contactar esse cara?
>
> note que o email é gerido por outra entidade!
>
> danton at zaphod:~$ host webmail.feliz.rs.gov.br.
> webmail.feliz.rs.gov.br has address 187.84.56.67
> danton at zaphod:~$ whois 187.84.56.67
>
> % Joint Whois - whois.lacnic.net
> %  This server accepts single ASN, IPv4 or IPv6 queries
>
> % Brazilian resource: whois.registro.br
>
>
> % Copyright (c) Nic.br
> %  The use of the data below is only permitted as described in
> %  full by the terms of use at https://registro.br/termo/en.html ,
> %  being prohibited its distribution, commercialization or
> %  reproduction, in particular, to use it for advertising or
> %  any similar purpose.
> %  2020-01-03T15:50:37-03:00
>
> inetnum:     187.84.56.64/30
> aut-num:     AS53053
> abuse-c:     NOBIN2
> owner:       Bom Tempo Informática Ltda
> ownerid:     02.591.052/0001-05
> responsible: José Freiberger

Hum. Entendi como você faz. Vou fazer umas pesquisas mais complexas aqui.
Valeu!


More information about the gter mailing list