[HacktionLab] mark up + template -> html (was Drupocalypse v3 Can it ever stop)

bou bou at aktivix.org
Tue Feb 5 18:40:43 UTC 2019


I think so far we know it is/was a phishing attack targeting riseup and
disroot

On 5/2/19 10:00, naomi wrote:
>
> It's odd - I want to see the headers, but all the samples people are
> sending are not working for me, I'm just getting a button saying
> "download trusted message" and then when I click it I get the same
> "advertiser pages" 404 as the screenshot below.
>
> But never mind,  no doubt someone who knows more about it than me is
> already looking into it! I was just curious really
>
> N
>
>
> On 04/02/2019 20:25, mickfuzz at clearerchannel.org wrote:
>>
>> Sure, 
>>
>> I got two very similar ones from different sources.
>>
>> when I reclick them I don't get the original phishing screen which
>> had a colourful rise up logo and an invite to enter password to log in.
>>
>> thanks
>> mick
>>
>> On 02/02/2019 17:17, naomi wrote:
>>>
>>> Mick, can you post the original message with headers etc?
>>>
>>> When I click your link I just get this
>>>
>>> On 02/02/2019 10:18, mickfuzz at clearerchannel.org wrote:
>>>> Ok thanks,
>>>>
>>>> So it does seem to be from compromised accounts not spoofing?
>>>>
>>>> I mean just to clarify, This is a phishing email. Although phishing and
>>>> spam as well it seems.
>>>>
>>>> And clicking on that link for me showed a rise up logo, my email, and
>>>> log back in message.
>>>>
>>>> So clearly directly targeting riseup email users.
>>>>
>>>> That's why I mention it of interest rather than the usual bank type
>>>> phishing emails.
>>>>
>>>> nice one
>>>> Mick
>>>>
>>>>
>>>> On 02/02/2019 10:07, bou wrote:
>>>>> lots of these now.
>>>>>
>>>>> Accounts seem to have been compromised, confirmed by two people from
>>>>> other lists.
>>>>>
>>>>> This is the first time i see it happen to a 'cool' address tho
>>>>>
>>>>> On 1/2/19 8:51, m3shrom wrote:
>>>>>> Hi all
>>>>>>
>>>>>> and sam,
>>>>>>
>>>>>> this seems a very suspicious message - please don't log in till it's
>>>>>> checked
>>>>>>
>>>>>> Anyone come across this before?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Mick
>>>>>>
>>>>>> On 31/01/2019 23:30, samuk at disroot.org wrote:
>>>>>>> Display trusted message
>>>>>>> <http://web.loadingsecure-mail.host/5c5384cfb83a885431fa2a66?bF2MJkw=&eRFgffiJ=L04N3FKaJPg&bF2MJkw=caLbxmWH5Q>
>>>>>>>
>>>>>>>
>>>>>>> Riseup 18:29:19 31-January-2019.
>>>>>>>
>>>>>> _______________________________________________
>>>>>> HacktionLab mailing list
>>>>>> HacktionLab at lists.aktivix.org
>>>>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>>> _______________________________________________
>>>> HacktionLab mailing list
>>>> HacktionLab at lists.aktivix.org
>>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>>
>>> _______________________________________________
>>> HacktionLab mailing list
>>> HacktionLab at lists.aktivix.org
>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>> _______________________________________________
>> HacktionLab mailing list
>> HacktionLab at lists.aktivix.org
>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab

-- 
Better Off Undetected
https:network23.org/bou




More information about the HacktionLab mailing list