The Milo x Ramadhan Phishing Campaign
Ramadan Mubarak y'all
All Praise to Allah S.W.T that give us the opportunity to celebrate Ramadhan this year. It's the time to do a gap analysis, check your spiritual state and realise in the end that food is just a fuel for the body.
The Devil in the Hidden World might be tied up for upcoming days, but the mischievous manifest phishers ain't gonna stop.
Earlier this morning my wife forwarded me a whatsapp post that goes like this :
The redflag is obvious right:
- The domain in the link is www.milo.com.ph
- But the URL given is cabbageivory.cn
So let's start our analysis. Taking from curl, as usual bad actors also hide behind WAF/CDN protections such as cloudflare
If someone clicks on the link there will be redirecte to the following URL. I suspect the URL is randomly generated and registered on the fly :
In some other instance the doomain is 7zoyco.cn
The issuer for the SSL certifcate is form Google .
In any case further investigation the phishing page is will be randomly generated with 8 characters. The target for this campaign is for mobile users as it won't render correctly on normal web browser.
You can answer how you like at some point you will always win.
After all the fun parts , come the evil
The money image sadly comes from a blogspot pic.
AS for the rest of the fake testimonial, the profile pictures are stored at :
Further download or clicking would be pointless as this is really a scam after all.