Email: documentos@relatorios07g.sterracotacolor.cfd
pgdas@relatorios07g.sterracotacolor.cfd
contato@relatorios07g.sterracotacolor.cfd
Link do phishing:https://13.49.167.72.host.secureserver.net/L105qsdMN6.qa.6q6D5NM4qsq/hN2qqJ5q9J4M6R2/ycldhia3C/31307033/yaNHOdvWXiOnKDVkhNqvNi/83500941043
Estrutura do phishing:
HTTP/1.1 302 Found
Date: Mon, 27 Apr 2026 00:09:15 GMT
Server: Apache/2.4.58 (Ubuntu)
Set-Cookie: PHPSESSID=m5p50pllkq5gj6u5s0bark76sa; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://redirector.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip
Content-Type: text/html; charset=UTF-8
HTTP/2 302
date: Mon, 27 Apr 2026 00:09:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
location: https://r4---sn-8xa2gvcg-cnce.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?cms_redirect=yes&met=1777248561,&mh=vq&mip=192.145.214.0&mm=28&mn=sn-8xa2gvcg-cnce&ms=nvh&mt=1777248150&mv=u&mvi=4&pl=24&rms=nvh,nvh&shardbypass=sd
content-type: text/html; charset=UTF-8
server: ClientMapServer
content-length: 513
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
HTTP/1.1 302 Found
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Mon, 27 Apr 2026 00:09:26 GMT
Expires: Mon, 27 Apr 2026 00:24:26 GMT
Cache-Control: public, max-age=900
Location: https://r5---sn-2obg05-ja.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248566,&mh=vq&pl=24&rms=onc,onc&shardbypass=sd&redirect_counter=1&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80&req_id=8dea52e8d443f611&cms_redirect=yes&mip=192.145.214.0&mm=42&mn=sn-2obg05-ja&ms=onc&mt=1777248274&mv=m&mvi=5&rmhost=r1---sn-2obg05-ja.gvt1.com&smhost=r3---sn-bg0s7n7l.gvt1.com
Content-Length: 0
Connection: close
Vary: Origin
X-Content-Type-Options: nosniff
Content-Type: text/html
Server: gvs 1.0
HTTP/1.1 302 Found
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Mon, 27 Apr 2026 00:09:31 GMT
Expires: Mon, 27 Apr 2026 00:24:31 GMT
Cache-Control: public, max-age=900
Location: https://r1---sn-bg0e6nls.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248571,&mh=vq&pl=47&rms=onc,onc&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104&req_id=8dea52e8d443f611&redirect_counter=2&rm=sn-bg0e6676&cms_redirect=yes&ipbypass=yes&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=42&mn=sn-bg0e6nls&ms=onc&mt=1777248254&mv=u&mvi=1&rmhost=r5---sn-bg0e6nls.gvt1.com&smhost=r3---sn-bg0e6nle.gvt1.com
Content-Length: 0
Connection: close
Vary: Origin
X-Content-Type-Options: nosniff
Content-Type: text/html
Server: gvs 1.0
HTTP/1.1 302 Found
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Date: Mon, 27 Apr 2026 00:09:37 GMT
Expires: Mon, 27 Apr 2026 00:24:37 GMT
Cache-Control: public, max-age=900
Location: https://r4---sn-vgqsknld.gvt1.com/edgedl/android/studio/ide-zips/2024.1.2.12/android-studio-2024.1.2.12-windows.zip?met=1777248577,&mh=vq&pl=47&rms=ltu,ltu&shardbypass=sd&cm2rm=sn-8xa2gvcg-cnce7z&rrc=80,104,40&req_id=8dea52e8d443f611&rm=sn-bg0e6676,sn-bg0ezs7e&ipbypass=yes&redirect_counter=3&cms_redirect=yes&cmsv=e&mip=2804:3cd0:c4:d53c:5241:53b9:9cdb:a98b&mm=39&mn=sn-vgqsknld&ms=ltr&mt=1777248255&mv=m&mvi=4&rmhost=r2---sn-vgqsknld.gvt1.com&smhost=r3---sn-ojvgq5-cv.gvt1.com
Content-Length: 0
Connection: close
Vary: Origin
X-Content-Type-Options: nosniff
Content-Type: text/html
Server: gvs 1.0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=86400
Content-Disposition: attachment
Content-Length: 1211065826
Content-Security-Policy: default-src 'none'
Content-Type: application/zip
Etag: "30cc26a"
Server: downloads
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Identity-Content-Length: 1211065826
X-Xss-Protection: 0
Date: Mon, 27 Apr 2026 00:09:42 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Last-Modified: Thu, 29 Aug 2024 16:57:46 GMT
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Whois:
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4515
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sterracotacolor.cfd. IN A
;; ANSWER SECTION:
sterracotacolor.cfd. 300 IN A 104.21.11.24
sterracotacolor.cfd. 300 IN A 172.67.165.18
"domain": "sterracotacolor.cfd",
"base_domain": "sterracotacolor.cfd",
"dnssec": false,
"soa": {
"record": "athena.ns.cloudflare.com. dns.cloudflare.com. 2402526591 10000 2400 604800 1800",
"values": {
"primary_nameserver": "athena.ns.cloudflare.com",
"rname_email_address": "dns@cloudflare.com",
"serial": 2402526591,
"refresh": 10000,
"retry": 2400,
"expire": 604800,
"minimum": 1800
}
},
"ns": {
"hostnames": [
"athena.ns.cloudflare.com",
"grant.ns.cloudflare.com"
],
"warnings": []
},
"mx": {
"hosts": [],
"warnings": []
},
"mta_sts": {
"valid": false,
"error": "An MTA-STS DNS record does not exist."
},
"spf": {
"record": null,
"valid": false,
"void_dns_lookups": null,
"error": "An SPF record does not exist."
},
"dmarc": {
"record": null,
"location": null,
"valid": false,
"error": "A DMARC record does not exist."
},
"smtp_tls_reporting": {
"valid": false,
"error": "An SMTP TLS Reporting record does not exist."
},
"bimi": {
"record": null,
"valid": false,
"selector": "default",
"error": "A BIMI record does not exist at the default selector."
}
}
Nenhum comentário:
Postar um comentário