DHL – FAKE & Unsafe Email links to China

Scammer Security Spammer

Here is an email that can look completely legitimate, However this actually comes from Vietnam with links to China

Below is the email that is UNSAFE and Considered Very Dangerous.

RED FLAGS: Now lets take a look at what these Evil Scum are doing to fool people…

Although this email looks legit and says its from DHL. It definitely is not.

  1. HTML Attachment: RED FLAG – DHL and Many Shipping carriers DO NOT SEND HTML Attachments, you should NEVER open a HTML file attachment in email. This is a way hackers, botnets, and thieves use to propagate viruses, malware, botnet software, gain control over systems and networks. In dissecting the HTML file I find that it is a JavaScript and appears encoded. When I decode the Script I find that they want to force you to visit their website at shared86.accountservergroup.com:2096, NOTICE that a specific port is configured to 2096 and not the standard port 443(HTTPS) or port 80(HTTP). RED FLAG I have seen this with Servers and Virtual Machines that have been compromised and running BotNet apps. Some botnet software will install a Application/Web Server onto the compromised machine.This also appears to be a shared hosting server. With this being a Shared Hosting Server and a Specific port being used to route traffic too makes me think this server may have been compromised.
  2. Email Header:
    Return-Path: dispatch@dhl.com
    Received: from mail.vanphongpham24h.vn ([222.255.239.10])
    Reply-To: kangili_sales@163.com
    Notice that the email is coming from a host not associated with DHL. It is actually coming from somewhere in Vietnam. RED FLAG, now look at the Reply-To: Not a DHL email address and the email address has nothing to do with a DHL Domain. Just some erounous domain name. RED FLAG. 163.com IP address goes back to a Chinese Technology Company, and also traces back to being a FREE email addresses. RED FLAG.

Leave a Reply