L
L
Loki30002017-02-01 11:33:18
Information Security
Loki3000, 2017-02-01 11:33:18

Where do the left subdomains of the public services website come from?

About a year ago I received a phishing email - somewhere they asked me to follow a link and do something. The link caught my attention:

http://sv.link.subscribe.gosuslugi.ru/gosuslugi/4702,9T8T_oTW2icNtjGeI9....

That is, this is a real subdomain of the public services website.
nslookup sv.link.subscribe.gosuslugi.ru

Non-authoritative answer:
sv.link.subscribe.gosuslugi.ru  canonical name = link.sendsay.ru.
Name:   link.sendsay.ru
Address: 81.9.46.246
Name:   link.sendsay.ru
Address: 185.76.234.246
Name:   link.sendsay.ru
Address: 81.9.34.246
Name:   link.sendsay.ru
Address: 185.76.232.246

When you try to access this domain, a redirect to the mailing service occurs.
Then I wrote a letter to the public services support service, and a year later I came across my appeal again and realized that nothing had changed: the site, which is used for authorization on all other government sites, somehow distributes subdomains to no one.
Actually, the questions are: is this a normal situation when subdomains of such a site are distributed to anyone? Maybe I panic in vain and this is considered normal and safe? By the way, the ssl public services website has a *.gosuslugi.ru certificate. Does this mean that a similar subdomain can cling to it?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir Dubrovin, 2017-02-01
@Loki3000

Most likely, this was not a phishing email, the public services portal used the services of a company that provides an email distribution service (ESP).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question