Capturing your details
Here's an interesting thing!One of the DotSec crew received the email shown in the following screen-shot. You can click on the image to open it up in a full-sized window.
So why was this email interesting? Well, there are a number of reasons: At first we thought it was just a bit funny: Our victim had been added to so many spam-lists that he was now getting spam warnings! But of course, there is a little hyper-link at the bottom of the email, just begging to be clicked.... I wonder....
A quick look at the whois record for us-nma.com confirms our suspicions. Click on the image to see the full whois output.
The domain, "us-nma.com" appears to have nothing to do with any US government
body; for a start, its registered with a Chinese registrar, to a person with
contact details in Hong Kong!
OK, so now we are pretty certain that this is just more spam. But still, we wonder, what did the spammer want? The answer probably lies in the URL at the bottom of the original email. We cut-and-paste the URL into the address-bar of our browser to have a look. Here is what we saw:
So now we are certain that at least the first HTTP request will go to us-nma.com (who knows where we'll be redirected to after that) but the alpha-numeric string at the end of the URL looks interesting. What do you think that is for? To find out, we cut off the end string, and hit the Enter key; the next page shows the result.
[Continue > ]
[ < Back to Projects]