Several of our users got two strange spams (differing only in starting link, one below). The first part is the link. The extra . in front of the domain makes it an invalid name that won't resolve. A mistake???
If you remove the period, and I use my real user-agent string, I get a 404. But if I change it to IE on Win8, I get what looks like fake pharmacy news. But if that's all it is, a pill pushing site, why the user-agent filtering? urlquery and virustotal give the site a clean bill of health.
Anyone know what the goal is?
== Spam sample ==
== Links ==
hxxp://price.poojarosebeauty.com redirects to
URL Query report using IE and Windows user-agent:
|thread locked Quote Subscribe||
Oct 16th 2017
3 years ago