Phishing website – beobank

Another day, another phishing website. This time again a phishing site with directory listing enabled. This phishing websites targets customers of the Belgian bank Beobank. The link to the site gets delivered via e-mail, claiming to come from the webmaster with an important security message.

This is how the phishing website looks like:

Moving up a few directories allows us to download the ZIP file containing the phishing code.

There are 5 files included. The phishing URL in the e-mail points to wess.html. Note that the index.html file mimics a “login” URL, redirecting the user to wess.html. This wess.html page contains a web form pointing to next.php. Nothing is done with the other supplied get-variables.

What’s in wobi.html and quest.php? These files are similar to wess.html and next.php except that the mailer in quest.php does not contain the password variable.

For IOCs, see

One thought on “Phishing website – beobank

  1. Verry good article. Idefinitely appreciate this site.
    FІFA55 # สมัคร ฟีฟ่า55 # bous credіt โบนัส เครดิต
    พนันบอล แทงบอล ออนไลน์ บาคาร่า หวยหุ้น บอลเต็ง

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.