[nsp-sec] Google maps used as a phishing redirect to somewhere in AS4134
Alfredo Sola
alfredo at solucionesdinamicas.net
Tue Nov 15 06:36:10 EST 2011
Hi,
I don't think this is news but I don't recall it being discussed here. I was amused to find a phishing e-mail this morning, purporting to be from Spain's BBVA bank. What catched my attention is that it tries to drive innocents to:
hxxp://maps.google.com/m/preferences?pref=s&bl=//60.190.35.98/icons/.webps/index.html
What that URL returns is:
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://60.190.35.98/icons/.webps/index.html">here</A>.
</BODY>
</HTML>
Which in this case, goes to:
AS | IP | AS Name
4134 | 60.190.35.98 | CHINANET-BACKBONE No.31,Jin-rong Street
Best,
--
Alfredo Sola
ASP5-RIPE
http://www.solucionesdinamicas.net/
More information about the nsp-security
mailing list