PaulDotCom mailing list archives

phishing question

From: mailing at vankets.com (Bert Van Kets)
Date: Fri, 04 Dec 2009 09:16:09 +0100

Isn't is easier to use a proxy or packet trace and see where the
requests go to?
You are not really after the code itself, just the locations in the
requests.

Just my $0.02

Bert

Chris Blazek wrote:

A coworker clicked on a link in an email and was directed to facebook
then redirected to the following site: despatiesmercemerce . blogspot
. com
All of there fb contacts then received the same email. I pulled up the
site in malzilla and noticed a script block in the header that looks
like it's obfuscated.

I was wondering if someone in the group could figure out what the site
was trying to do.

Thanks,
Chris


------------------------------------------------------------------------

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

phishing question, (continued)
- - - phishing question David Auclair (Dec 02)
    - phishing question David Shpritz (Dec 02)
    - phishing question David Auclair (Dec 02)
    - phishing question Chris Blazek (Dec 02)
    - phishing question Chris Blazek (Dec 02)
    - phishing question David Auclair (Dec 03)
- phishing question Matt Erasmus (Dec 01)
- phishing question Robert Portvliet (Dec 03)
  - phishing question Chris Blazek (Dec 03)
  - phishing question Matt Erasmus (Dec 03)
- phishing question Bert Van Kets (Dec 04)
  - phishing question Jim Halfpenny (Dec 04)