Last active
September 24, 2016 20:33
-
-
Save xxdesmus/93f5813ae11b90014dd4b4ee09a3304b to your computer and use it in GitHub Desktop.
producteev{.}io phishing email
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| producteev{.}com is the real domain. This email references producteev{.}io | |
| Domain Name: PRODUCTEEV{.}COM | |
| Registrar: DOMAIN.COM, LLC | |
| Sponsoring Registrar IANA ID: 886 | |
| Whois Server: whois.domain.com | |
| Referral URL: http://www.domain.com | |
| Name Server: NS-1234.AWSDNS-26.ORG | |
| Name Server: NS-1604.AWSDNS-08.CO.UK | |
| Name Server: NS-473.AWSDNS-59.COM | |
| Name Server: NS-892.AWSDNS-47.NET | |
| Status: clientTransferProhibited | |
| https://icann.org/epp#clientTransferProhibited | |
| Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited | |
| Updated Date: 24-sep-2016 | |
| Creation Date: 05-mar-2008 | |
| Expiration Date: 05-mar-2018 | |
| ==== | |
| VS. | |
| ==== | |
| Domain : producteev{.}io | |
| Status : Live | |
| Expiry : 2017-09-19 | |
| NS 1 : ns1.dotster{.}com | |
| NS 2 : ns2.dotster{.}com | |
| Owner Name : Michael Westlund | |
| Owner OrgName : Michael Westlund | |
| Owner Addr : 915 SW Stark St. | |
| Owner Addr : Portland | |
| Owner Addr : OR | |
| Owner Addr : US | |
| https://investigate.opendns.com/domain-view/name/producteev.io/view | |
| has .io flagged as suspicious. | |
| Also, note the spike out of nowhere for DNS requests to .io .... sketchy. | |
| https://www.passivetotal.org/passive/producteev.io shows the same | |
| story. .io came out of nowhere, never seen before 2016-09-23 | |
| https://www.virustotal.com/en/ip-address/66.96.161.144/information/ | |
| says the origin IP is pretty darn sketchy also. | |
| Regarding email -- also a red flag. | |
| dig +short MX producteev{.}com | |
| 10 ec2-54-84-40-25{.}compute-1.amazonaws{.}com. | |
| 20 ec2-54-86-229-165{.}compute-1.amazonaws{.}com. | |
| ==== | |
| VS. | |
| ==== | |
| dig +short MX producteev{.}io | |
| 30 mx{.}producteev{.}io. | |
| dig +short mx{.}producteev{.}io | |
| 66.96.140.165 | |
| 66.96.140.164 | |
| AS | IP | BGP Prefix | CC | Registry | | |
| Allocated | AS Name | |
| 29873 | 66.96.140.165 | 66.96.128.0/18 | US | arin | | |
| 2001-04-03 | BIZLAND-SD - The Endurance International Group, Inc., US | |
| AS | IP | BGP Prefix | CC | Registry | | |
| Allocated | AS Name | |
| 29873 | 66.96.140.164 | 66.96.128.0/18 | US | arin | | |
| 2001-04-03 | BIZLAND-SD - The Endurance International Group, Inc., US |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment