HelioHost Posted April 10, 2017 Posted April 10, 2017 Thanks,AshoatOn Apr 10, 2017, at 2:16 AM, Certgen <certgen@krcert.or.kr> wrote: West 5F, IT Venture Tower, 135 Jungdaero, Songpa-gu, Seoul, Republic of Korea 138-950Tel: +82 2 405 4916 / Fax: +82 2 405 4931 / E-mail: certgen@krcert.or.krApr 10. 2017Dear whom it may concern, The KrCERT/CC is the incident response and coordination center chartered to handle all Korean related computer security incidents. This message is intended for the person responsible for computer security at your site or your constituency. If this is not the correct address, please forward this message to the appropriate party.The phishing site is targeting - Daum (http://www.daum.net) The Domain and IP exploited as phishing URL is as followshxxp://www.ajeken.heliohost.org/daum/q6yqkuinnmh8cpre7663hj1w.php?rand=13InboxLightaspxn.1774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn.1774256418&fid.1252899642&fid.1&fav.1&email=&emailID=&.rand=13InboxLight.aspx?n=1774256418&fid=4#n=1252899642&fid=1&fav=1 I attach the whois information and screenshot of phishing site for your reference. I believe that you can find the similarity between the original site and phishing site from the screen and URL. I hope you would take a swift action on this phishing site, such as removing phishing site, asap!If you need further clarification, feel free to contact KrCERT/CCLook forward to hearing from you on removing phishing site ASAP!Best regards,KrCERT/CChttp://www.krcert.or.krcertgen@krcert.or.kr<www.ajeken.heliohost.org.png>
Recommended Posts