Fried Phish Mar 29: Multiple phish/multiple ips

 CastleCops -> PIRT Fried Phish Reports
Author: Robin PostPosted: Wed Mar 29, 2006 10:48 pm    Post subject: Fried Phish Mar 29: Multiple phish/multiple ips
Phish Alert
 
 Full Report: CastleCops Link/modules.php?name=Fried_Phish&fp=phish&id=546&in=1
 
 This ip is hosting eBay, Chase and PayPal phish.

http://web2.ptisp.net/~mario/ch/cgi-bin/us/webscr.php?cmd=_login-run
http://web2.ptisp.net/~mario/ch/ws2/ws2/eBayISAPI.php?cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=
http://web2.ptisp.net/~mario/ch/chase/chase/str.php?cmd=login
Accessing http://web2.ptisp.net/~mario/ brings up a bulk email handler
View CIDR AS14361 Report: http://www.cidr-report.org/cgi-bin/as-report?as=14361

"14361 | US | arin | 1999-12-02 | HOPONE-DCA - HopOne Internet Corporation"<br />
This phish is running on two different ips

http://66.235.183.44/~mario/ch/chase/chase/str.php?cmd=login
http://66.235.183.44/~mario/ch/ws2/ws2/eBayISAPI.php?cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=
http://66.235.183.44/~mario/ch/cgi-bin/us/webscr.php?cmd=_login-run

Accessing http://66.235.183.44/~mario/ also brings up a bulk email handler
Accessing the ip only http://66.235.183.44/ brings up a page saying under construction
Quote:
From - Tue Mar 28 07:41:15 2006
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <>
X-Original-To:
Delivered-To:
Received: from localhost (localhost [127.0.0.1])
by mail.anderson-ent.com (Postfix) with ESMTP id E06BE73B4
for <>; Tue, 28 Mar 2006 00:32:39 -0600 (CST)
Received: from mail.anderson-ent.com ([127.0.0.1])
by localhost (mail.anderson-ent.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 08262-05 for <>;
Tue, 28 Mar 2006 00:32:28 -0600 (CST)
Received: from titan.i-quest.ch (unknown [195.141.204.163])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.anderson-ent.com (Postfix) with ESMTP id 3C0B364C0
for <>;
CastleCops -> PIRT Fried Phish Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group