Cleartext Systems

Value Added Distributor, Software & Cloud
Call +44 (0)1494-453945
 

I decided to be pro-active today and try and close down a phishing web site, I think I managed it in less than 15 minutes…

The email came in looking like a PayPal ‘security’ message, so a quick look at the email html source revealed the ‘PayPal’ link of

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

actually went here;

http://www.paypal-unlocking.net/

So, checking the source of this page revealed that it was pulling content in from here;

http://69.57.130.51/~stevenbw/web/

Stepping back one directory to here;

http://69.57.130.51/~stevenbw/

Revealed this listing… with another phishing site in the sky/ directory

Confirm.htm
_private/
cgi-bin/ –
class.phpmailer.php
class.smtp.php
images/
off.php
postinfo.html
sky/
web/

... and a quick lookup of the ipaddress using this resource;

http://www.whois.sc/69.57.130.51

revealed that it was hosted at Everyones Internet, Inc.

So I just popped onto their web site clicked the ‘Support Chat’ link and asked the nice person if he was aware of the phishing using their web site. They didn’t know and said they promptly shut it down.

Job done, maybe, if I’m awake and didn’t make any mistakes…

Published: October 25th 2005 at 8:44am

Back to article list
 

Contact us to discover how we can help grow your business.

If you’re an IT vendor looking to for value added channel management, or if you’re a reseller who wants superior technical and admin support, and access to leading IT solutions, contact Cleartext Systems today on: +44 (0)1494-453945