The Latest in IT Security

Several AdWords phishing sites at Prolexic

04
Oct
2011

Prolexic is an anti-DDOS specialist hosting firm with a reputation for being one of the good guys. It’s a bit of a surprise to see Google AdWords phishing sites on a Prolexic server, hopefully they won’t be there for long.

The phishing messages look something like this:

From: Google AdWords
Subject: Google AdWords: You have a new alert.

————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please our Help Center to find answers to
frequently asked questions.
————————

Dear Valued Customer, 

You have a new alert from Google Adwords.

Sign in to your AdWords account at http://www.googlernn.com/Select/login

Yours Sincerely,
The Google AdWords Team

It’s difficult to know just how many phishing sites are on this server, however the following can be identified:

www.adwords-opt.com
www.adworlsmn.com
www.googlcmn.com
www.googlcnm.com
www.google-bnc.com
www.google-etnm.com
www.google-mnt.com
www.google-mnz.com
www.google-nmz.com
www.googlernn.com
www.googlhnxm.com
www.googlhon.com
www.googlmen.com
www.googlm-hmn.com
www.googlmncn.com
www.googlmnc-n.com
www.googlmnx.com
www.googlmp.com
www.googl-pmn.com
www.googl-rpm.com
www.googlthn.com
www.googlzmn.com
www.googmlbe.com

Sites appear to be hosted on 72.52.4.95 along with thousands of legitimate sites. All the domains have been registered in the past few days with hidden domain registrations.

  1. Paul Sop October 8, 2011

    Thanks for the heads-up. BTW, Prolexic does not host any sites. It is a ‘pass-through’ network and some servers use DNS re-direction through a global array of proxy servers.

    So someone on a server in a data center of a Prolexic customer is doing adwords phishing, but it’s not Prolexic.

Leave a reply


Categories

SATURDAY, DECEMBER 16, 2017

Featured

Archives

Latest Comments

Social Networks