Le but est de récupérer des informations bancaires.
L'adresse émettrice est "OVH" <[email protected]>
Ici le prétexte est un remboursement d'une dette de 1 euro suite à une erreur de facture.
Le lien mène vers un site bidon : ovh-frsecure-payment.newsforarun.com (192.249.127.125)
Le site est hébergé aux USA.
Code : Tout sélectionner
NetRange: 192.249.112.0 - 192.249.127.255
CIDR: 192.249.112.0/20
NetName: IMH-LAX
NetHandle: NET-192-249-112-0-2
Parent: IMH-LAX (NET-192-249-112-0-1)
NetType: Reallocated
OriginAS: AS54641
Organization: InMotion Hosting, Inc. (INMOT-1)
RegDate: 2013-08-20
Updated: 2013-11-01
Ref: https://whois.arin.net/rest/net/NET-192-249-112-0-2
OrgName: InMotion Hosting, Inc.
OrgId: INMOT-1
Address: 6100 Center Drive
Address: Suite 1190
City: Los Angeles
StateProv: CA
PostalCode: 90045
Country: US
RegDate: 2008-06-03
Updated: 2017-01-28
Ref: https://whois.arin.net/rest/org/INMOT-1Code : Tout sélectionner
Domain Name: NEWSFORARUN.COM
Registry Domain ID: 2116891831_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-04-27T13:17:57Z
Creation Date: 2017-04-22T19:09:22Z
Registry Expiry Date: 2018-04-22T19:09:22Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS1.INMOTIONHOSTING.COM
Name Server: NS2.INMOTIONHOSTING.COM
DNSSEC: unsignedOn notera que le site de phishing tente de simuler un vrai paiement en demandant de saisir le code SMS.