a.gif however, isn't what it actually appears to be. All the phisher has done is configure the server to serve .gif files as it would a .html;
*****************************************************************
vURL Desktop Edition v0.3.7 Results
Source code for: http://ns2.dlb1.net/roundcube/temp/a.gif
Server IP: 74.202.84.155 [ ns2.dlb1.net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: TeMerc Internet Countermeasures (US)
Date: 03 February 2009
Time: 15:52:23:52
*****************************************************************
<html>
<head>
<meta http-equiv="REFRESH"
content="0;URL=http://users.cvalley.net/danny/.new/">
</head>
</html>
vURL Desktop Edition v0.3.7 Results
Source code for: http://ns2.dlb1.net/roundcube/temp/a.gif
Server IP: 74.202.84.155 [ ns2.dlb1.net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: TeMerc Internet Countermeasures (US)
Date: 03 February 2009
Time: 15:52:23:52
*****************************************************************
<html>
<head>
<meta http-equiv="REFRESH"
content="0;URL=http://users.cvalley.net/danny/.new/">
</head>
</html>
This phish is also valid as;
ns2.annexa.net/roundcube/temp/a.gif
The headers for this e-mail show it was sent through either an open, or compromised mail server at;
mail.i-p-c.com (IP: 75.150.127.81)
Both cvalley.net and i-p-c.com have been notified.
No comments:
Post a Comment