Today I got a suspicious email and makes me think it's a virus. Here's what the email says:
Do you think this is fake? cause my domain has whois privacy so my email is hidden and it doesn't look like he used the contact form on my site since my contact script would add ip information.
Hello,
this a kind reminder about vulnerabilities we reported for your domain on January, 14th. Our data shows that one or more vulnerabilities were still present within the last 72 hours. We realize that due to spam protection mechanisms, our original email might not have been delivered.
To access to the technical report, you can use our web interface at:
https://notify.mmci.uni-saarland.de...ef29ee08d586b1a9cce9ebe26c257341ef8d538c56d5b
If you do not trust the URL included in this email, you may also retrieve the report from our mailbot. To do so, please send an email to notify@notify.mmci.uni-saarland.de and set the subject to the following token:
4b183c883a268ec80d4ef29ee08d586b1a9cce9ebe26c257341ef8d538c56d5b
Should you need further information or have any other questions, please reach out to us using the following email address:
contact@notify.mmci.uni-saarland.de.
Please note: This mailbox is used solely to send notifications and handle incoming report requests. It is otherwise unmonitored.
Best Regards,
Ben Stock, Researcher at CISPA
---
Center for IT-Security, Privacy, and Accountability (CISPA)
Saarland University, Building E9 1
Phone +49 681 302 57377
Original Message:
Hello,
Primer: All information in and attached to this email is confidential and should be passed on to individuals and organizations on a need-to-know principle only.
We are security researchers from Saarland University, Germany. In our research, we have been scanning several web sites for critical vulnerabilities. We would like to inform you that your website is susceptible to the following vulnerability(ies):
- DOM-based Cross-Site Scripting in Wordpress (CVE-2015-3429)
A Cross-Site Scripting attack may be used by an attacker to arbitrarily interact with the vulnerable application in the name of the victim, thereby allowing impersonation attacks, account hijacking, and password extraction.
You can review more detailed information using our web interface at https://notify.mmci.uni-saarland.de...ef29ee08d586b1a9cce9ebe26c257341ef8d538c56d5b. Alternatively, you can retrieve more information via email. To do so, please respond to this email and set the subject line to *only* contain the token 4b183c883a268ec80d4ef29ee08d586b1a9cce9ebe26c257341ef8d538c56d5b. We will automatically respond with the vulnerability report via email.
Since this notification is part of an ongoing research project, we will re-scan your web site to see if the vulnerability has been fixed. If you wish us to stop scanning your web site, please contact us at contact@notify.mmci.uni-saarland.de. Should you need further information or have any other questions, please do not hesitate to contact us using the same email address.
Best Regards,
Ben Stock, Researcher at CISPA
---
Center for IT-Security, Privacy, and Accountability (CISPA)
Saarland University, Building E9 1
Phone +49 681 302 57377
Do you think this is fake? cause my domain has whois privacy so my email is hidden and it doesn't look like he used the contact form on my site since my contact script would add ip information.