I notified the sender that they had an issue. I then decided to use Web-Sniffer to attempt to visit the link and do a quick investigation.
When visiting via the web proxy, I observed the following:
The web server was up and running, serving content but threw a code 302. It also may have attempted to redirect to hxxp://uvuhjomuph.com (I obfuscated the link). Clicking that URL takes me to an ED page (erectile dysfunction):
Googling that domain, I got at least one good hit:
So, my friend more than likely got phished and her e-mail account is now throwing out spam for penile meds. :(
No comments:
Post a Comment