Check Website
Inclusion Status
It is currently Tue Aug 22, 2017 5:11 am

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: purchase-cancellation.com - PSH
PostPosted: Sun Jan 01, 2017 8:49 pm 
Offline

Joined: Mon Jul 25, 2016 5:51 pm
Posts: 7
Family member received an Amazon phishing email linking to: http://bit.ly/3j8fk4

Which eventually redirects to: https://www.amazon.com.purchase-cancellation.com/0ccb7/ap/signin?_encoding=UTF8&openid.assoc_handle=usflex

So If we could classify purchase-cancellation.com as PSH; that'd be great.

The domain itself is even in the long path of redirects:

wget http://bit.ly/3j8fk4
--2017-01-01 14:51:59-- http://bit.ly/3j8fk4
Resolving bit.ly (bit.ly)... 67.199.248.10, 67.199.248.11
Connecting to bit.ly (bit.ly)|67.199.248.10|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://tamvan4.com/ [following]
--2017-01-01 14:51:59-- http://tamvan4.com/
Resolving tamvan4.com (tamvan4.com)... 185.28.23.80
Connecting to tamvan4.com (tamvan4.com)|185.28.23.80|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://purchase-cancellation.com/ [following]
--2017-01-01 14:52:00-- https://purchase-cancellation.com/
Resolving purchase-cancellation.com (purchase-cancellation.com)... 213.152.185.117
Connecting to purchase-cancellation.com (purchase-cancellation.com)|213.152.185.117|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://www.amazon.com.purchase-cancellation.com/ [following]
--2017-01-01 14:52:02-- https://www.amazon.com.purchase-cancellation.com/
Resolving http://www.amazon.com.purchase-cancellation.com (http://www.amazon.com.purchase-cancellation.com)... 213.152.185.117
Connecting to http://www.amazon.com.purchase-cancellation.com (http://www.amazon.com.purchase-cancellation.com)|213.152.185.117|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-01-01 14:52:04 ERROR 403: Forbidden.

wget specifically gets a 403 as it goes along; but real clients are served an encoded javascript blob that contains the phishing page contents.



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: purchase-cancellation.com - PSH
PostPosted: Fri Jan 06, 2017 1:46 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 5999
Sorry for missing your post.

The domain has been suspended now it seems (it's no longer resolving).

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group