Fried Phish Apr 02: Austrian Chase Phish

 CastleCops -> PIRT Fried Phish Reports
Author: daveaiLocation: USA PostPosted: Sun Apr 02, 2006 10:27 pm    Post subject: Fried Phish Apr 02: Austrian Chase Phish
Phish Alert
 
 Full Report: CastleCops Link/modules.php?name=Fried_Phish&fp=phish&id=1949&in=1
 
 Duplicate/Related Report(s): 2009,
IP Converted: 81.223.238.227

dword = 1373630179
hex1 = 0x51dfeee3
hex2 = 0x51.0xdf.0xee.0xe3
oct = 0121.0337.0356.0343
View CIDR AS8514 Report: http://www.cidr-report.org/cgi-bin/as-report?as=8514

"8514 | AT | ripencc | 1997-10-20 | INODE inode Telekommunikationsdienstleistungs GmbH"<br />
Phish url: http://www.chase.onlines1.com
Browser access directs to an Austrian server hosting an imitation Chase site.
The site was active at the time of investigation.
Page fetch suceeded
Additional suspicious url in phish email:
http://chaseonline.chase.com.infiv.com/%20/Chase/cgi-bin/login_chase.htm#ssu_login.jsp?login_form
Browser access returns: 'The page cannot be displayed"
Whois returns: No match for domain "CHASEONLINE.CHASE.COM.INFIV.COM".
Quote:

From Fri Mar 31 07:47:47 2006
Received: from mail2.hagenhosting.com (ns1.hagenhosting.com [63.97.115.194])
by bugsbunny.castlecops.com (8.13.6/8.13.6) with ESMTP id k2VClkLN026743
for <>; Fri, 31 Mar 2006 07:47:47 -0500
Received: from www1.sprit.org ([81.223.238.227] helo=http2.sprit.org)
by mail2.hagenhosting.com with esmtp (Exim 4.60)
(envelope-from <>)
id 1FPJ2d-0006JW-6j
for ; Fri, 31 Mar 2006 07:47:51 -0500
Received: by http2.sprit.org (Postfix, from userid 30)
id 76CA4198574; Fri, 31 Mar 2006 14:47:48 +0200 (CEST)
X-fromdir: /home/ultraviolet/www.introvertire.biz/y
To:
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Message-Id: <>
Date: Fri, 31 Mar 2006 14:47:48 +0200 (CEST)
Content-Transfer-Encoding:
CastleCops -> PIRT Fried Phish Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group