I received a strange e-mail today, looking at it sounds usual spam trying to steal data, but something told me is a specific target attack.
I took a look at the header of the e-mail and run some crosscheck:
This two elements from the e-mail were loading from this strange site inquesbreda.com, trying access it reports the domain as reserved:
Running a virustotal for that domain, left me with a strange sensation: that site has multiple domains for multiple types of scam they perform: credit cards, financial services, insurances... But, they seems to target business mail of Ericsson employes:
s1opj1wng6.inquesbreda.com domain information - VirusTotal
Right now only ESET has flagged it as phising, but maybe there is more behind this scheme? Not sure...
I took a look at the header of the e-mail and run some crosscheck:
hxxp://zXhIAh.inquesbreda.com/.intesa418/?id=zXhIAh?
hxxp://GzwrkF.finquesbreda.com/img/intesalogo194.png?
hxxp://GzwrkF.finquesbreda.com/img/intesalogo194.png?
This two elements from the e-mail were loading from this strange site inquesbreda.com, trying access it reports the domain as reserved:
Running a virustotal for that domain, left me with a strange sensation: that site has multiple domains for multiple types of scam they perform: credit cards, financial services, insurances... But, they seems to target business mail of Ericsson employes:
s1opj1wng6.inquesbreda.com domain information - VirusTotal
Right now only ESET has flagged it as phising, but maybe there is more behind this scheme? Not sure...
