Category: Spam

Email found in my inbox: Clicking on the link generated the following HTTP traffic:   As you can see this is the same sort of traffic I saw in my previous blog post. The redirect (lhdjzr[.]com/?c=wl) contains an obfuscated script that has been encoded and reversed. Once reversed, decoded and deobfuscated you can see how ...

I found these GET requests in our customers traffic, likely originating from spam emails: hxxp://gallipolicountryandsea[.]it/therfgds1.php hxxp://www.gallipolicountryandsea[.]it/therfgds1.php hxxp://dutbbc[.]com/?a=374762&c=wl_con&s=nw-404-1che What drew my attention to it at first was the .IT TLD, as well as this traffic seemed out of place in the context of this persons web browsing patterns. Furthermore, the two request to gallipolicountryandsea[.]it were resolving ...