I just received this SMS
​
https://preview.redd.it/1dcw155v9mq91.jpg?width=324&format=pjpg&auto=webp&s=5305a6bfcd12e2f7c19d5d72ab1f67614269230f
There are at least three suspicious aspects about it:
1) I didn’t order anything 🙂
2) The phone number is not Slovak
3) The web site (URL) is not of Slovak post (look closely at it, it even has typos)
I used [checkip](https://github.com/jreisinger/checkip) to find information about the IP address behind the URL:
$ dig sloveskposta.com +short | checkip -a
checkip: ThreadCrowd: Get “https://www.threatcrowd.org/searchApi/v2/ip/report?ip=5.42.199.52”: x509: “*.otxb.io” certificate name does not match input
— 5.42.199.52 —
abuseipdb.com domain: hostway.ru, usage type: Data Center/Web Hosting/Transit
db-ip.com St Petersburg, Russia
dns mx hostway.ru: mx.yandex.net
iptoasn.com ITRESHENIYA-AS
maxmind.com Russia
phishstats.info https://netfbe.com
ping 100% packet loss (5/0), avg round-trip 0 ms
shodan.io OS: n/a, open: tcp/21, tcp/22 (OpenSSH, 7.4), tcp/25 (Postfix smtpd), tcp/53, udp/53, tcp/80 (nginx), tcp/110, tcp/443 (nginx), tcp/465 (Postfix smtpd), tcp/8443, tcp/8880, vulns: CVE-2018-20685, CVE-2017-15906, CVE-2021-36368, CVE-2020-14145, CVE-2018-15473, CVE-2020-15778, CVE-2021-41617, CVE-2018-15919, CVE-2016-20012, CVE-2019-6110, CVE-2019-6111, CVE-2019-6109
tls TLS 1.3, exp. 2022/12/19, sweet-heisenberg.5-42-199-52.plesk.page
urlscan.io 22 related URLs: https://magyarpposta.com/, https://postqatr.com/, https://pocztapsk.com/, https://pocztaplska.com/, https://correos-costarica.com/index.php?success=validatedok, https://posts-chile.com/index.php?success=validatedok, https://panamacorreos.com/, https://romanapost.com/index.php?success=validatedok, https://ntfclient.com/index.php?success=validatedok, https://ntfclient.com/, https://correospost.com/, https://slovenposta.com/, https://netflspan.com/, https://postaamagyar.com/, https://netfbe.com/, https://magyar-post.com/, https://malayspos.com/login_up.php?success_redirect_url=%2F, https://kunde-post.com/, https://romanapost.com/, https://ntfclient.com/*%C2%A70, https://correos-costarica.com/, https://magyarpostva.com/
virustotal.com network: 5.42.199.0/24, SAN: sweet-heisenberg.5-42-199-52.plesk.page
malicious 36% (4/11) 🤏
5 comments
Jasný scam podľa .com ale aj tak na to veľké množstvo ľudí naletí.
Ako v minulosti chodili podvodní predavači tak teraz to chodí cez email, SMS ale telefón.
abuseipdb.com domain: hostway.ru
V poslednej dobe je toho vela, zrovna dneska som dostal podobnu sms od odosielatela “4ka”
Som zvedavy co budu robit banky ked im ludia bud prestanu brat telefony alebo im hadzat maily do spamu. Lebo budu v tom, ze je to zasa takyto spam.
Thanks for showing me that checkip exists.