Prolexic is an anti-DDOS specialist hosting firm with a reputation for being one of the good guys. It’s a bit of a surprise to see Google AdWords phishing sites on a Prolexic server, hopefully they won’t be there for long.
The phishing messages look something like this:
From: Google AdWords
Subject: Google AdWords: You have a new alert.————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please our Help Center to find answers to
frequently asked questions.
————————Dear Valued Customer,
You have a new alert from Google Adwords.
Sign in to your AdWords account at http://www.googlernn.com/Select/login
Yours Sincerely,
The Google AdWords Team
It’s difficult to know just how many phishing sites are on this server, however the following can be identified:
www.adwords-opt.com
www.adworlsmn.com
www.googlcmn.com
www.googlcnm.com
www.google-bnc.com
www.google-etnm.com
www.google-mnt.com
www.google-mnz.com
www.google-nmz.com
www.googlernn.com
www.googlhnxm.com
www.googlhon.com
www.googlmen.com
www.googlm-hmn.com
www.googlmncn.com
www.googlmnc-n.com
www.googlmnx.com
www.googlmp.com
www.googl-pmn.com
www.googl-rpm.com
www.googlthn.com
www.googlzmn.com
www.googmlbe.com
Sites appear to be hosted on 72.52.4.95 along with thousands of legitimate sites. All the domains have been registered in the past few days with hidden domain registrations.
Leave a reply
Thanks for the heads-up. BTW, Prolexic does not host any sites. It is a ‘pass-through’ network and some servers use DNS re-direction through a global array of proxy servers.
So someone on a server in a data center of a Prolexic customer is doing adwords phishing, but it’s not Prolexic.