CastleCops :: View topic - Fried Phish Apr 02: Chase phish

Fried Phish Apr 02: Chase phish

CastleCops -> PIRT Fried Phish Reports

Author: Robin,

Posted: Sun Apr 02, 2006 9:01 pm Post subject: Fried Phish Apr 02: Chase phish

Phish Alert

Full Report: CastleCops Link

/modules.php?name=Fried_Phish&fp=phish&id=1887&in=1

The inital url http://chasefield.pendinginformation.imponderabilityoptions-online.org/meteor-tracker/chasonline/index.php redirects to http://assistancealliance-services.us/paradise/island/index.html

Accessing http://chasefield.pendinginformation.imponderabilityoptions-online.org/meteor-tracker/ brings up an index page which contains only the chaseonline directory.

IP Converted: 198.170.84.210

dword = 3333051602
hex1 = 0xc6aa54d2
hex2 = 0xc6.0xaa.0x54.0xd2
oct = 0306.0252.0124.0322

View CIDR AS2914 Report: http://www.cidr-report.org/cgi-bin/as-report?as=2914

"2914 | US | arin | 1998-12-07 | NTTA-2914 - NTT America, Inc."<br />

QUESTION SECTION:
;pendinginformation.imponderabilityoptions-online.org. IN A

;; ANSWER SECTION:
pendinginformation.imponderabilityoptions-online.org. 600 IN CNAME premium7.geo.yahoo7.akadns.net.
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.42
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.43
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.47
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.64
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.65
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.68
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.48
premium7.geo.yahoo7.akadns.net. 300 IN A 216.39.58.67

Domain ID:D119441990-LROR
Domain Name:IMPONDERABILITYOPTIONS-ONLINE.ORG
Created On:29-Mar-2006 17:52:08 UTC
Last Updated On:29-Mar-2006 17:52:12 UTC
Expiration Date:29-Mar-2007 17:52:08 UTC

QUESTION SECTION:
;imponderabilityoptions-online.org. IN A

;; ANSWER SECTION:
imponderabilityoptions-online.org. 600 IN A 216.39.58.66
imponderabilityoptions-online.org. 600 IN A 216.39.58.67
imponderabilityoptions-online.org. 600 IN A 216.39.58.68
imponderabilityoptions-online.org. 600 IN A 216.39.58.69
imponderabilityoptions-online.org. 600 IN A 216.39.58.64
imponderabilityoptions-online.org. 600 IN A 216.39.58.65

QUESTION SECTION:
;assistancealliance-services.us. IN A

;; ANSWER SECTION:
assistancealliance-services.us. 600 IN A 216.39.58.40
assistancealliance-services.us. 600 IN A 216.39.58.41
assistancealliance-services.us. 600 IN A 216.39.58.42
assistancealliance-services.us. 600 IN A 216.39.58.43
assistancealliance-services.us. 600 IN A 216.39.58.44
assistancealliance-services.us. 600 IN A 216.39.58.39

Accessing http://assistancealliance-services.us/ brings up an under construction page. Accessing http://assistancealliance-services.us/paradise/ brings up a directory index showing the folder "island" last modified April 2nd 2006.

This phish is spoofing the real address bar by hiding it and replacing it with a gif.

http://assistancealliance-services.us/paradise/island/online.html
http://assistancealliance-services.us/paradise/island/authenticate.php
http://assistancealliance-services.us/paradise/island/card.php

Quote:

http://chasefield.pendinginformation.imponderabilityoptions-online.org/meteor-tracker/chasonline/index.php

CastleCops -> PIRT Fried Phish Reports

All times are GMT

Page 1 of 1