[PIRT#883281] Multiple brands on AS5432 194.78.204.57

 CastleCops -> PIRT Fried Phish Reports
Author: downie PostPosted: Thu Jul 03, 2008 7:47 pm    Post subject: [PIRT#883281] Multiple brands on AS5432 194.78.204.57
Phish Alert
 
 Full Report: CastleCops Link/Bank_of_America_Halifax_Lloyds_TSB_eBay_phish883281.html
 
 Consumed following related reports:

[876716] http://57.204-78-194.adsl-fix.skynet.be/ws2/eBayISAPI.php?cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runameTYPE=eBay
[876718] http://57.204-78-194.adsl-fix.skynet.be/ws2/eBayISAPI.php?cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runameMessage-Id:
[879974] http://57.204-78-194.adsl-fix.skynet.be/ws2/
[881615] http://57.204-78-194.adsl-fix.skynet.be/bpol/bancoposta/CartePre/formslogin.aspx.html?TYPE=33554432&REALMOID=06-67b8b137-8480-11d6-ac6e-009027fd3897&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-Xg2ehmNnNxChiYuesPt7tBvIqGG0E23CvXcJCiQB/gHBOAlavoWoQUdB7/utCXBi&TARGET=-SM-/BPOL/bancoposta
[883282] http://57.204-78-194.adsl-fix.skynet.be/loyds.tsb.update.das23da21ew23r/index.html
[883283] http://57.204-78-194.adsl-fix.skynet.be/b.php
[884242] http://57.204-78-194.adsl-fix.skynet.be/_mem_bin/formslogin.asp
The URL accesses a Lloyds TSB phishing site, active at the time of investigation.
A page fetch was successful.
There is a Halifax phish at
http://57.204-78-194.adsl-fix.skynet.be/_mem_bin/formslogin.asp/
There is a Poste Italiane phish at
http://57.204-78-194.adsl-fix.skynet.be/bpol/bancoposta/CartePre/formslogin.aspx.html?TYPE=33554432&REALMOID=06-67b8b137-8480-11d6-ac6e-009027fd3897&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-Xg2ehmNnNxChiYuesPt7tBvIqGG0E23CvXcJCiQB%2fgHBOAlavoWoQUdB7%2futCXBi&TARGET=-SM-%2fBPOL%2fbancoposta%2f
There is an eBay phish at
http://57.204-78-194.adsl-fix.skynet.be/ws2/eBayISAPI.php?cmd=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=
There is a redirector at
http://57.204-78-194.adsl-fix.skynet.be/b.php Changed status to confirmed phish.IP Converted: 194.78.204.57

dword = 3259943993
hex1 = 0xc24ecc39
hex2 = 0xc2.0x4e.0xcc.0x39
oct = 0302.0116.0314.071
View CIDR AS5432 Report: http://www.cidr-report.org/cgi-bin/as-report?as=5432

"5432 | EU | ripencc | 1995-10-23 | BELGACOM-SKYNET-AS Belgacom regional ASN"<br />
Extended information for AS5432:
State/Province:
Country: be
Responsible Domain: skynet.be
Abuse Email: abuse@skynet.be
Bank of America phish at
http://57.204-78-194.adsl-fix.skynet.be/bankofamerica/do.php?cmd=SignInGenerated and sent email phish alert to respective parties.
Quote:
http://57.204-78-194.adsl-fix.skynet.be/loyds.tsb.update.das23da21ew23r/customer.php?ibc=customer.ibc
CastleCops -> PIRT Fried Phish Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group