XAVIER Mertens reported on a phishing email targeting a major Belgian bank, utilizing an interesting technique by embedding an IPv4-mapped IPv6 address within a URL. The phishing link is disguised as 'hxxp://[::ffff:5511:74be]/kWC5PHA1', which can be expanded to its true IPv4 format 'hxxp://85.17.116.190/kWC5PHA1'. This address has no DNS record and redirects users to another phishing kit location. The report highlights both the phishing strategy and the potential security implications.
Belgian bank targeted by phishing using IPv4 mapped IPv6 trick
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT