daveai
1st Responder
Premium Member
Joined: Dec 07, 2004
Posts: 1987
Location: USA
|
 Posted: Mon Apr 03, 2006 6:26 am Post subject: Fried Phish Apr 03: Korean Ebay Phish |
|
|
Phish Alert
Full Report:  /modules.php?name=Fried_Phish&fp=phish&id=2109&in=1
Phish url: http://210.127.244.11/Update/Login/?MfcISAPISession=BXVShqAhQRisNfHAAeMWZlHhlWXS2AlNRqAhQRfhfhgTDrferHCURstpABgTDrzeHAfdeMWZlHhlWXhgpferHCUQRfqzeHAfdeMWZlHhlWXhgpAisDAAJbaQqze
Browser access directs to a Chinese server hosting an imitation EBay site.
The site was active at the time of investigation.
Page fetch suceeded
IP Converted: 210.127.244.11
dword = 3531600907
hex1 = 0xd27ff40b
hex2 = 0xd2.0x7f.0xf4.0xb
oct = 0322.0177.0364.013
View CIDR AS4670 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4670
"4670 | KR | apnic | 1995-06-16 | HYUNDAI-KR Shinbiro"<br />
CORRECTION:
Browser access directs to a Korean server hosting an imitation EBay site.
| Quote: |
From Fri Mar 31 12:14:06 2006
Received: from toby.dreamhost.com (toby.dreamhost.com [66.33.193.58])
by bugsbunny.castlecops.com (8.13.6/8.13.6) with ESMTP id k2VHE5Sd015480
for <>; Fri, 31 Mar 2006 12:14:06 -0500
Received: from [192.168.1.115] (dsl092-094-102.bos1.dsl.speakeasy.net [66.92.94.102])
by toby.dreamhost.com (Postfix) with ESMTP id 8DDD015EBDC
for <>; Fri, 31 Mar 2006 09:14:12 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v746.3)
References: <>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <>
Content-Transfer-Encoding: 7bit
From: Daniel Switkin <>
Subject: Fwd:
Date: Fri, 31 Mar 2006 12:14:10 -0500
To:
X-Mailer: Apple Mail (2.746.3)
Begin forward |
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
