Last week, I received a spam mail in my Gmail account. It gives
me the message as: to view the doc, please click here and login!
I viewed this link in the dedicated environment (for
analysis). The link is hxxp://spirtbaza.com/bggle.doc/index.htm
In order view this doc, need to login using any of the
following account.
I just use some random user id and some random password. It
accepts those non existing id and redirected to Google doc page - https://productforums.google.com/forum/#!category-topic/docs/documents
I also captured the packets:
Domain Name:
SPIRTBAZA.COM
Registrar: LLC "REGISTRAR OF DOMAIN
NAMES REG.RU"
Whois Server: whois.reg.ru
Referral URL: http://www.reg.ru
Name Server: NS23.RUWEB.NET
Name Server: NS45.RUWEB.NET
Status: clientTransferProhibited
Regards,
No comments:
Post a Comment