|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
Fried Phish(TM)
Phishing Incident Reporting and Termination (PIRT) Squad(SM)
A global phishing termination and intelligence system operated by CastleCops.
Become a PIRT Squad terminator by reporting phish today!
[ How-To / FAQ ]
Fried Phish -> Confirmed Phish |
Terminated Phish
status: confirmed phishHTTP Response
07 May, 2008
14:37:20 | HTTP/1.1 502 Proxy Error
| | ID | 774579 (termination link) | | Title | Abbey Bank, Chase, Halifax, NatWest, Nationwide, Regions Bank, Wells Fargo | | Entry | | PIRT Squad
Reporter | 2 | | Timestamp | 27 Mar, 2008 @ 18:41:48 | | Topic ID | 218361 - Read/respond to PIRT commentary. | Handler Note:
27 Mar, 2008
18:53:40 | Paul: View CIDR AS3786 Report: http://www.cidr-report.org/cgi-bin/as-report?as=3786
"3786 | KR | apnic | 2002-08-01 | LGDACOM LG DACOM Corporation"
| Handler Note:
27 Mar, 2008
18:53:41 | Paul: Extended information for AS3786:
State/Province:
Country: kr
Responsible Domain: bora.dacom.co.kr
Abuse Email: abuse@bora.net
| Handler Note:
27 Mar, 2008
19:33:32 | Paul: Generated and sent email phish alert to respective parties. | Handler Note:
29 Mar, 2008
00:11:53 | Paul: Consumed following related reports:
[774265]
http://jorudoctor.co.kr/consulto/regions/www.regionsbank.com/www.regionsbank.com1/www.regionsbank.com2/www.regionsbank.c
om3/
[774792] http://jorudoctor.co.kr/gbook/data/gbook/Chase/Chase/
[775588] http://jorudoctor.co.kr/consulto/ws/nt/default.php
[775590] http://jorudoctor.co.kr/consulto/ws/hfx/formslogin.asp/index.php
[775591]
http://jorudoctor.co.kr/consulto/ws/a3XcFqGpyVexZXlp42ILckL16sz8USkBXj2StlL2lq74RZi-ZN0FOU7by8X_Jh2pn3AEECKZo8TFq0WyJ8II
GI0qgARKV_pf27Z0dSdpkBPWqiQQcY/a3XcFqGpyVexZXlp42ILckL16sz8USkBXj2StlL2lq74RZi-ZN0FOU7by8X_Jh2pn3AEECKZo8TFq0WyJ8IIGI0qg
ARKV_pf27Z0dSdpkBPWqiQQcY/cFqGpyV/Logon.htm
[775594] http://jorudoctor.co.kr/consulto/update.htm
[775595]
http://jorudoctor.co.kr/consulto/regions/www.regionsbank.com/www.regionsbank.com1/www.regionsbank.com2/www.regionsbank.c
om3/index.html
[775603]
http://jorudoctor.co.kr/gbook/data/gbook/Chase/Chase/update_card.html?portlet_signup_1%7BactionForm.convert%7D=&port
let_signup_1%7BactionForm.continue%7D=&portlet_signup_1wlw-radio_button_group_key%3A%7BactionForm.choice%7D=Personal
&portlet_signup_1%7BactionForm.jsBrEnrollLiveFlag%7D=&portlet_signup_1%7BactionForm.continue%7D
[775604]
http://jorudoctor.co.kr/gbook/data/gbook/Chase/Chase/update_card.html?portlet_signup_1%7BactionForm.convert%7D=&port
let_signup_1%7BactionForm.continue%7D=&portlet_signup_1%7BactionForm.jsBrEnrollLiveFlag%7D=&portlet_signup_1%7Ba
ctionForm.continue%7D
[775605] http://jorudoctor.co.kr/gbook/data/gbook/Chase/Chase/update_card.html
| Handler Note:
29 Mar, 2008
00:48:52 | Paul: This server is heavily compromised and has a php shell running on it. | Handler Note:
29 Mar, 2008
00:50:40 | Paul: Generated and sent email phish alert to respective parties. | | Fetched URLs | | | Slaves | 774265, 774792, 775588, 775590, 775591, 775594, 775595, 775603, 775604, 775605, |
|
|
|
