Reported .. both to 'rdsnet.ro' for the hosting and to Register.com for
delisting.
And that whole URL also works as: http://f4ca.com/Login.htm
On 22 Feb 2008 at 12:57, Julio Canto wrote:
lovely long URL.
--
Regards,
Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf:
Called the network .. ran into the 'usual' that nobody is there who can
action the site and nobody will be until tomorrow morning. Weekend,
ya know. But .. snark I should be overjoyed /snark .. somebody
will look at it in the morning.
I get a real case of heartburn with ISPs/hosts who have
Reported .. tnx!
On 20 Nov 2007 at 20:00, Randy Mueller wrote:
From - Tue Nov 20 19:52:42 2007
X-Account-Key: account2
X-UIDL: 1195589464.31293.mail.fidmail.com
X-Mozilla-Status: 0001
X-Mozilla-Status2:
X-Mozilla-Keys:
Return-Path: [EMAIL
Added to the growing list ... thanks!
On 2 Nov 2007 at 9:30, Steve Pirk wrote:
Another CUNA credit union number. Don't remember if this
one was posted or not.
(425) 998-1199
--
Steve
Equal bytes for women.
-- Forwarded message --
Return-Path: [EMAIL PROTECTED]
We've got it .. thanks!
On 30 Oct 2007 at 14:38, Ron Simmons wrote:
This is a different number from the one posted the other day.
-Original Message-
From: Credit Union [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 30, 2007 13:41
Subject: For your security we deactivated
Interesting. Did you go back to just:
http://securelogin-55736468.moneymanagergps.com.sks47.com/
Both reported.
On 28 Sep 2007 at 14:28, Mark Hora wrote:
And another
http://securelogin-55736468.moneymanagergps.com.sks47.com/Online_Form.
ht m
From:
Got it .. and Jake's, too.
On 15 Sep 2007 at 20:26, Matt Conover wrote:
-- Forwarded message --
From: Bank of America [EMAIL PROTECTED]
Date: Sep 15, 2007 4:44 PM
Subject: Unauthorized Activity
To:
Dear Bank of America client,
You have received this email because you
Thank you!
On 10 Sep 2007 at 13:49, Joey Costoya wrote:
On 9/8/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
John ...
Were there actual phish pages with these? Or are they just kits for
the taking?
Thanks ...
hi,
these three are live as of this writing
Good day dear scammer.
Our company is glad to inform you that we have achieved high level of
security and we are moving you out with the trash .
:)
Reported.
On 7 Sep 2007 at 22:40, Steve Pirk wrote:
Another BancorpSouth site with a similar domain name:
John ...
Were there actual phish pages with these? Or are they just kits for the
taking?
Thanks ...
On 7 Sep 2007 at 13:52, John LaCour wrote:
http/www.europneus.be/albums/album01/scan.zip
http/ustaboys.com/this_year/secured/eBay.zip
Reported
On 1 Sep 2007 at 7:58, Steve Pirk wrote:
IRS spoof site at:
http://6532110hfc146.tampabay.res.rr.com/irs.html
Looks to be still active. Redirects to:
http://203.122.23.167:84/irs.gov/
--
Steve
Equal bytes for women.
-- Forwarded message --
Return-Path:
I'll catch you off list .. and we've got those reports.
On 28 Aug 2007 at 16:00, Julio Canto wrote:
Anyone from Universidad Nacional Autonoma de México?
--
Regards,
Julio Canto | VirusTotal.com | Hispasec Sistemas Lab | Tlf:
+34.902.161.025 | Fax: +34.952.028.694 | PGP Key ID:
Thanks!
On 28 Aug 2007 at 16:05, Don Jackson wrote:
There is a drop site here. It does not have directory browsing turned
on.
http://81.95.149.27/data/
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 28, 2007 12:28 AM
To:
I'll pick this one up. We're familiar with that IP and the malware.
Thanks
On 28 Aug 2007 at 12:24, Mark Hora wrote:
Anyone know how I can go about reporting a possible hacked site -
groundhogtech.com.
Visiting some news articles on the site infects you - for example:
Yes .. the host has 'taken care of it.' :)
On 23 Aug 2007 at 12:40, Dennis Oberhausen, RLS Techsupport wrote:
There was a page there this morning
bet it has already been taken down
Thanks,
Dennis Oberhausen
Technical Support Manager
w-502-489-3806
h-502-267-9980
--Original
On these rockphish all the registrants are forged. They are the victims
of a previous ID theft phishing scam.
It's also true for domains registered expressly for the purpose of
phishing .. as opposed to a hacked legit site.
ew
On 6 Jun 2007 at 14:43, John Holan wrote:
Hi
Here comes the
Steve ...
Several factors here:
The e-mail address for the scammer is either already terminated, a data
drop addy, or one that's just not ever monitored.
I wouldn't ever encourage a previous victim to contact the scammer ..
just saying that e-mail addy *is* valid. That gives the scammer a
The short answer is: yes. :)
The rockphish are being tracked .. not only the banks currently being
hit, but the domains/hosts. So .. keep submitting 'em. I'm probably not
going to give a 'reported' message to each one, but they're going in.
Tnx.
On 4 Jun 2007 at 10:43, Mark Hora wrote:
Site appears to be gone. :)
On 20 Apr 2007 at 8:30, Tom wrote:
OK here is a load of phish ready to be deployed at
http://scam2007.by.ru/. It contains:
[HTML Document] hhh.htm 02-Feb-2007
00:11 396 [Text Document] c99.txt
Reported .. the redirector site has been used before.
On 4 Apr 2007 at 13:22, Steve Pirk wrote:
Earthmover CU phishing site starting at:
http://121st-ahc-association.org/phpMyAdmin/libraries/export/.ssh.html
redirects to: http://netil-financial-net.com/earthmovercu/login_id.htm
--
Reported .. dedicated box which is interesting considering the root IP shows
an XAMPP site. Even more interesting to look at all the files. So far the
data drop shows two test entries.
On 5 Apr 2007 at 11:53, Mark Hora wrote:
http://0x48.0x04.0xaf.0xee/efs/servlet/military/login.html
Reported.
Your question of 'registrar housecleaning' generates a complex response.
It breaks down to:
1- the huge increase of using hacked legitimate sites for phishing. In the
case of this one that you reported, the IP goes to a valid site that has been
hacked, but it *redirects* to
Contacted site on-call. They *thought* they took this down earlier today.
The on-call is about to rain on the tech's parade! :)
Thanks.
On 31 Mar 2007 at 12:16, Steve Pirk wrote:
Ebay phishing site at:
http://diha.login.com/SIngIn/signin.ebay.com/ws/eBayISAPI/index.htm
--
Steve
Good grief, lemme catch up!
Reported
On 24 Mar 2007 at 14:48, Steve Pirk wrote:
BBT phishing site at:
http://business-eb.ibanking-services95376m.bbt.com.troniek.hk/update/K
1/sb_login.jsp
--
Steve
panic: can't find /
-- Forwarded message --
Return-Path: [EMAIL
Yes .. those are the 'full' rockphish and they haven't gone away.
Unfortunately. But the ones running off the specific HK host and only
hitting one target bank .. predominantly BBT .. are the 'subset.'
Both are piranhas!
On 22 Mar 2007 at 11:58, Tom wrote:
Actually they are also hitting
Reported .. this network isn't the fastest to respond, but we'll see.
On 18 Feb 2007 at 12:33, Steve Pirk wrote:
CapitolOne phishing site at:
http://www.blog-biz.jp/onlinebanking.capitalone.com/
Hopefully, this one will be easy to shut down...
--
Steve
panic: can't find /
A Horde hack .. and I wish Alec a Happy Birthday, too! :)
Reported ..
On 14 Feb 2007 at 17:20, Avery Buffington wrote:
http://secure.fundsxpress.alsgood.com/start/C2WSBLI/
___
phishing mailing list
phishing@whitestar.linuxbox.org
Reported!
Thanks ...
On 5 Feb 2007 at 16:01, Steve Pirk wrote:
Regions bank phishing site at:
http://0xdc.0x80.0xef.0xd5/.secure.regionsnet.com/EB/logon/VerifiedByV
isa/index.htm or
http://220.128.239.213/.secure.regionsnet.com/EB/logon/VerifiedByVisa/
index.htm
Active as of Monday
Ryan ...
Just talked to the site owner .. he's going to get his tech guy in to take
the phishing directory down. He's considering dumping the whole box
since this happened before.
The directory file indicates it's been around for a while .. and the
phished data is running back thru IRC.
The root site is a legit page .. hacked with a redirector to the phish site
at:
http://211.241.24.119/menu/SignIn.html
Both are Korean IPs .. I'll report it.
We're seeing more 'dispute' scams, but agreed, this is unusual by
accusing the spam recipient of being the seller. Can't have those
Reported .. it's a hacked legit site.
On 5 Dec 2006 at 17:12, Jamie Riden wrote:
Still up as of Dec. 05, 04:11:49 UTC.
cheers,
Jamie
Received: by 10.67.119.3 with SMTP id w3cs2090ugm;
Mon, 4 Dec 2006 19:35:19 -0800 (PST)
Received: by 10.78.200.3 with SMTP id
31 matches
Mail list logo
