[GTER] Phishing oriundos de domínios de prefeituras
Leandro
leandro at spfbl.net
Fri Jan 3 16:56:01 -03 2020
> On Fri, 3 Jan 2020, Leandro wrote:
>
> > Tomemos como exemplo esse caso do domínio "feliz.rs.gov.br", cuja
consulta
> > retorna isso:
> >
> > domínio: rs.gov.br
> > titular: PROCERGS - Cia de Processamento de Dados do RGS
> > documento: 87.124.582/0001-04
> > responsável: GIPRO - Gerência Internet PROCERGS
>
> ok, note que é uma prefeitura mas hospeda em uma empresa:
> danton at zaphod:~$ host feliz.rs.gov.br
> feliz.rs.gov.br has address 191.6.198.189
> feliz.rs.gov.br has IPv6 address 2804:10:4062::198:189
> feliz.rs.gov.br mail is handled by 10 webmail.feliz.rs.gov.br.
> danton at zaphod:~$ whois 2804:10:4062::198:189
>
> % Joint Whois - whois.lacnic.net
> % This server accepts single ASN, IPv4 or IPv6 queries
>
> % Brazilian resource: whois.registro.br
>
>
> % Copyright (c) Nic.br
> % The use of the data below is only permitted as described in
> % full by the terms of use at https://registro.br/termo/en.html ,
> % being prohibited its distribution, commercialization or
> % reproduction, in particular, to use it for advertising or
> % any similar purpose.
> % 2020-01-03T15:46:58-03:00
>
> inetnum: 2804:10::/32
> aut-num: AS28299
> abuse-c: COABU
> ...
> nic-hdl-br: COABU
> person: Contato de Abuse
> e-mail: abuse at hospedagem.net
> country: BR
> created: 20080919
> changed: 20180417
>
>
> que tal contactar esse cara?
>
> note que o email é gerido por outra entidade!
>
> danton at zaphod:~$ host webmail.feliz.rs.gov.br.
> webmail.feliz.rs.gov.br has address 187.84.56.67
> danton at zaphod:~$ whois 187.84.56.67
>
> % Joint Whois - whois.lacnic.net
> % This server accepts single ASN, IPv4 or IPv6 queries
>
> % Brazilian resource: whois.registro.br
>
>
> % Copyright (c) Nic.br
> % The use of the data below is only permitted as described in
> % full by the terms of use at https://registro.br/termo/en.html ,
> % being prohibited its distribution, commercialization or
> % reproduction, in particular, to use it for advertising or
> % any similar purpose.
> % 2020-01-03T15:50:37-03:00
>
> inetnum: 187.84.56.64/30
> aut-num: AS53053
> abuse-c: NOBIN2
> owner: Bom Tempo Informática Ltda
> ownerid: 02.591.052/0001-05
> responsible: José Freiberger
Hum. Entendi como você faz. Vou fazer umas pesquisas mais complexas aqui.
Valeu!
More information about the gter
mailing list