PostNL phishing kit (with video tutorial)

Security 2 Minutes

I recently came across this kit that targets PostNL customers.

The kit is currently still online.

Technically it’s not that great, the usual crap written badly in PHP; what I found funny was the “license”.

Пользовательское соглашение:

  • Блокировка на все RU машины (RU header).
  • Продукт поставляется “как есть”, функционал в описании к продукту.
  • Автор не несет ответственности за ваши законные/противозаконные действия, в результате которых был приченен вред какому-либо лицу.
  • Продукт несет в себе исключительно ознакомительный характер и предназначается для изучения и тестирования собственной защиты.
  • Покупатель обязуется не использовать продукт на RU машинах.
  • Покупатель приобретает продукт лично, поддержка оказывается только контакту с которого была оплата.
  • Запрещено выкладывать в публичный доступ файлы продукта и админки, это повлечет блокировку лицензии владельца.

User Agreement:

  • Block on all RU of the machine (RU header).
  • Product is delivered “as is,” the functionality in the product description.
  • Author is not responsible for your lawful/unlawful actions resulting in harm to any person.
  • Product is exclusively exploratory in nature and is intended to study and test its own protection.
  • Buyer undertakes not to use the product on RU machines.
  • Buyer purchases the product in person, which is supported only by the contact from whom the payment was made.
  • It is forbidden to upload product and admin files to public access, this will lead to the blocking of the owner’s license.

The video explaining how to install it is also very useful.

Whois info below

Domain Name: HELPDESK-TEST.ONLINE
Registry Domain ID: D479803092-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2024-08-20T07:52:01.0Z
Creation Date: 2024-08-20T07:51:58.0Z
Registry Expiry Date: 2025-08-20T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
Registrant State/Province: Capital Region
Registrant Country: IS
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
DNSSEC: unsigned
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.9854014545
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2024-08-21T10:14:38.0Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

>>> IMPORTANT INFORMATION ABOUT THE DEPLOYMENT OF RDAP: please visit
https://www.centralnicregistry.com/support/rdap <<<

The Whois and RDAP services are provided by CentralNic, and contain
information pertaining to Internet domain names registered by our
our customers. By using this service you are agreeing (1) not to use any
information presented here for any purpose other than determining
ownership of domain names, (2) not to store or reproduce this data in
any way, (3) not to use any high-volume, automated, electronic processes
to obtain data from this service. Abuse of this service is monitored and
actions in contravention of these terms will result in being permanently
blacklisted. All data is (c) CentralNic Ltd (https://www.centralnicregistry.com)

Access to the Whois and RDAP services is rate limited. For more
information, visit https://registrar-console.centralnicregistry.com/pub/whois_guidance.

The domain was registered a few hours ago at Namecheap and in the tutorial we use Namecheap as the hosting platform for the content.

Unknown's avatar

Published by Emiliano Carlesi

Published

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.