#phishing

Possible Phishing
on: hxxps[:]//reliable-tomato-p36t1t[.]mystrikingly[.]com
Analysis at: https://urldna.io/scan/680525853b7750000adb7b1b
#cybersecurity #phishing #infosec #urldna #scam #infosec

**⠠⠵ avuko** @avuko@infosec.exchange · 1 h

⠠⠵ avuko @avuko@infosec.exchange

#Phishing tests as a security awareness measure...

Yes, great idea
Hell no
Wait, we in '00?
See the results (using a phishy link)

#PhishingAwarenessMonday #PhishingAwareness

**urlDNA.io** @urldna@infosec.exchange · 1 h

Possible Phishing
on: hxxps[:]//vxasoilixullingqsestqrqe[.]s3[.]us-west-004[.]backblazeb2[.]com/bell-webmail[.]html
Analysis at: https://urldna.io/scan/68067dab3b7750000a2f9508
#cybersecurity #phishing #infosec #urldna #scam #infosec

**Pyrzout** @jos1264@social.skynetcloud.site · 1 h

Pyrzout @jos1264@social.skynetcloud.site

Native Language Phishing Spreads ResolverRAT to Healthcare https://hackread.com/native-language-phishing-resolverrat-healthcare/ #Cybersecurity #CyberAttacks #PhishingScam #CyberAttack #ResolverRAT #Healthcare #Phishing #Malware #Fraud #Scam

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · 6 hNative Language Phishing Spreads ResolverRAT to HealthcareFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

**urlDNA.io** @urldna@infosec.exchange · 1 h

Possible Phishing
on: hxxps[:]//instagram-clone-deep512[.]vercel[.]app/
Analysis at: https://urldna.io/scan/68052dcd3b7750000adb7bbd
#cybersecurity #phishing #infosec #urldna #scam #infosec

**Brad** @malware_traffic@infosec.exchange · 2 h

Brad @malware_traffic@infosec.exchange

2025-04-21 (Monday): #Phishing email with both an HTML attachment and a link to a phishing page.

Both methods send login credentials to Telegram.

Phishing page URL: hxxps[:]//iipg[.]it/mail2/login-Inbox.html

Screenshot of the phishing email from 2025-04-21 with both an attached HTML file for a phishing page and a link to a phishing page.

Screenshot of phishing page from link in the email.

Script from the HTML attachment showing login credentials are sent to Telegram account.

Network traffic from the phishing site filtered in Wireshark showing traffic to api[.]telegram[.]org, indicating login credentials were sent to a Telegram account.

**urlDNA.io** @urldna@infosec.exchange · 2 h

Possible Phishing
on: hxxps[:]//netzerolinkwebcommunicationservice[.]weebly[.]com/
Analysis at: https://urldna.io/scan/68052d2b3b7750000d57c623
#cybersecurity #phishing #infosec #urldna #scam #infosec

**Efani** @Efani@infosec.exchange · 2 h

#Cybersecurity #Phishing #Google

Efani @Efani@infosec.exchange

Phishers have found a clever way to spoof Google — and their emails pass all security checks.

A new DKIM replay phishing attack abuses Google’s own OAuth infrastructure to send fake messages that look 100% legitimate, including passing DKIM authentication.

What happened:
- A phishing email was sent from “no-reply@google.com”
- It appeared in the user’s inbox alongside real Google security alerts
- The message linked to a fake support portal hosted on sites[dot]google[dot]com — a Google-owned domain
- The attacker used Google OAuth to trigger a real security alert to their inbox, then forwarded it to victims

Why this matters:
- DKIM only verifies the headers, not the envelope — allowing this spoof to work
- The phishing site was nearly indistinguishable from Google’s actual login portal
- Because the message was signed by Google and hosted on a Google domain, it bypassed most users’ suspicions
- Similar tricks have been used with PayPal and other platforms, raising broader concerns

Google has since acknowledged the issue and is working on a fix. But this attack is a reminder:

Even the most secure-looking emails can be fraudulent.
Even Google-signed emails can be weaponized.

At @Efani, we advocate for layered defense — because no one layer is ever enough.

**urlDNA.io** @urldna@infosec.exchange · 2 h

Possible Phishing
on: hxxps[:]//sharedocsfilesdocument[.]weebly[.]com
Analysis at: https://urldna.io/scan/6805331a3b7750000d57c670
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 3 h

3 h

Possible Phishing
on: hxxps[:]//auth-logoon-sso-ttror[.]webflow[.]io/
Analysis at: https://urldna.io/scan/6805290e3b7750000b085a30
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 3 h

3 h

Possible Phishing
on: hxxps[:]//cncintels[.]dev
Analysis at: https://urldna.io/scan/680527163b7750000ed5cea2
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 4 h

4 h

Possible Phishing
on: hxxps[:]//kucoinlluogin[.]webflow[.]io
Analysis at: https://urldna.io/scan/680531d23b7750000b085a3c
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 4 h

4 h

Possible Phishing
on: hxxps[:]//kucoinsigjlogin[.]webflow[.]io
Analysis at: https://urldna.io/scan/680531db3b7750000adb7c1f
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 5 h

5 h

Possible Phishing
on: hxxps[:]//currently85437384[.]weebly[.]com
Analysis at: https://urldna.io/scan/680531523b7750000d57c65d
#cybersecurity #phishing #infosec #urldna #scam #infosec

**urlDNA.io** @urldna@infosec.exchange · 5 h

5 h