E-mail

Spam e-mail is blasted from statement-ozrfpsqaktfvrovzk-update-pabpvigkontkymrezgjw-ys@wordsofzye.org.

image870×629 75.9 KB

Some e-mail headers

Phishing page

Hyperlink in e-mail:

• https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=FhAIfHDsUG3hSvrDXUeaPIKcsBoJXhaW
• https://lnkd.in/gUtuT_Tu?signature=newsletter&trackingid=yy97JIBHBln5DkdvdktyfEFrIHTzc5yD

Yesterday leads to domain https://us-itsign.news-updateaps-amzn-xbejoz.com.
Today the shortened link leads to https://sign.confirm-newspaypl-ksvel.top/.
(I didn’t keep the full URL in my records)

Phishing page screenshot

image964×588 44.2 KB

Admin panel

image1036×562 21.8 KB

image1074×630 48.1 KB

Configured receiving e-mail

image1024×501 34.5 KB

[email protected]

Protection

image1024×629 51 KB

Attacker e-mail

E-mail password is the same as admin dashboard password 4 months ago, but now it is changed. I will not disclose the password as the admin dashboard contains sensitive info.

Attacker’s received e-mails sample

image1019×593 51.2 KB

Other details

Some configurations have been changed to prevent the phishing page from currently working.

Hi , I’m getting Spam emails , every day … as i’m had subscribed to them.

The appropriate actions have been taken and the website has been reported the providers for investigations

Message ID: 606AABA5 - FBB3860F