CastleCops® Fried Phish Apr 02: Austrian Chase Phish

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

Fried Phish Apr 02: Austrian Chase Phish

All -> FavForums -> PIRT Fried Phish Reports

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

daveai

1st Responder
Premium Member

Joined: Dec 07, 2004
Posts: 1987
Location: USA

Posted: Sun Apr 02, 2006 10:27 pm Post subject: Fried Phish Apr 02: Austrian Chase Phish

Phish Alert

Full Report: CastleCops Link /modules.php?name=Fried_Phish&fp=phish&id=1949&in=1

Duplicate/Related Report(s): 2009,

IP Converted: 81.223.238.227

dword = 1373630179
hex1 = 0x51dfeee3
hex2 = 0x51.0xdf.0xee.0xe3
oct = 0121.0337.0356.0343

View CIDR AS8514 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8514

"8514 | AT | ripencc | 1997-10-20 | INODE inode Telekommunikationsdienstleistungs GmbH"<br />

Phish url: http://www.chase.onlines1.com
Browser access directs to an Austrian server hosting an imitation Chase site.
The site was active at the time of investigation.
Page fetch suceeded

Additional suspicious url in phish email:
http://chaseonline.chase.com.infiv.com/%20/Chase/cgi-bin/login_chase.htm#ssu_login.jsp?login_form
Browser access returns: 'The page cannot be displayed"
Whois returns: No match for domain "CHASEONLINE.CHASE.COM.INFIV.COM".

Quote:

From Fri Mar 31 07:47:47 2006
Received: from mail2.hagenhosting.com (ns1.hagenhosting.com [63.97.115.194])
by bugsbunny.castlecops.com (8.13.6/8.13.6) with ESMTP id k2VClkLN026743
for <>; Fri, 31 Mar 2006 07:47:47 -0500
Received: from www1.sprit.org ([81.223.238.227] helo=http2.sprit.org)
by mail2.hagenhosting.com with esmtp (Exim 4.60)
(envelope-from <>)
id 1FPJ2d-0006JW-6j
for ; Fri, 31 Mar 2006 07:47:51 -0500
Received: by http2.sprit.org (Postfix, from userid 30)
id 76CA4198574; Fri, 31 Mar 2006 14:47:48 +0200 (CEST)
X-fromdir: /home/ultraviolet/www.introvertire.biz/y
To:
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Message-Id: <>
Date: Fri, 31 Mar 2006 14:47:48 +0200 (CEST)
Content-Transfer-Encoding:

	All -> FavForums -> PIRT Fried Phish Reports	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 176ppm 0.325s (0.055s) Making cybercriminals unhappy since 2002*