Clicky
Last visit was: Sat Jul 05, 2014 3:07 pm
It is currently Sat Jul 05, 2014 3:07 pm

CartaSi: cannot shut down those phish web sites


All times are UTC - 5 hours [ DST ]


 [ 34 posts ]  Go to page 1, 2, 3  Next
Author Message
 PostPosted: Tue Apr 28, 2009 9:15 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
I cannot shut down those phishing web sites:
hxxp://210.196.146.170/manual/.cartasi/index.htm
hxxp://josephpolansky.com/index.htm
hxxp://masmediauk.com/Joomla/administra ... t28th2003/
hxxp://www.starnaweb.com.br/lojas/08/nCartasi.php

are the phish web site of italian credit card cartasi.it


Top
 Profile  
 PostPosted: Wed Apr 29, 2009 10:34 am   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Update:

2 are down now. These below were reported as of 4/29/09 7 pm

hxxp://josephpolansky.com/index.htm
hxxp://www.starnaweb.com.br/lojas/08/nCartasi.php


josephpolansky.com/index.htm
IP: 72.41.199.74

joepolansky [at] yahoo
[email protected]


starnaweb.com.br/lojas/08/nCartasi.php
208.43.100.26
[email protected]


Top
 Profile  
 PostPosted: Fri May 01, 2009 2:29 am   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Nice, all 404ed or "gone to Atlanta" as an obscurist would say.


Top
 Profile  
 PostPosted: Fri Jun 05, 2009 3:46 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
this Kuwait one have no abuse contact, and no NIC for Kuwait.
How do proceed?

hxxp://94.128.2.172/titolari/cartasi/it ... /bonus/pt/


Top
 Profile  
 PostPosted: Fri Jun 05, 2009 10:38 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
best I can find is:

ahozayen.c [at] stc.com.sa

Emailing to see if they will take down.

Code:
inetnum:        94.128.0.0 - 94.128.127.255
netname:        GPRS_NETWORK
descr:          3G allocation , VAS allocation , 2G allocation
country:        KW
admin-c:        AH2832-RIPE
tech-c:         AH2832-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-AS2306
changed:        [email protected] 20080706
source:         RIPE


I also am locating an upstream provider through a tracert, below is a partial one
Code:
 10  [ 192.205.34.158]  192.205.34.158  8 ms 
 11  [     64.86.9.18]  if-11-0-0.core3.AEQ-Ashburn.as6453.net  27 ms 
 12  [195.219.195.153]  if-11-0-0-903.mcore3.LDN-London.as6453.net  159 ms 
 13  [ 195.219.195.14]  if-4-0.core2.LDN-London.as6453.net  107 ms 
 14  [  195.219.189.6]  ix-8-1.core2.LDN-London.as6453.net  250 ms 
 15  [  78.159.161.10]  tec-sw-ace-Vl200-x-tec-kdc.fastteleco.net  251 ms 
 16  [     94.128.3.2]  94.128.3.2  251 ms 
 17  [    94.128.3.18]  94.128.3.18  250 ms 
 18  [   94.128.2.133]  94.128.2.133  252 ms 
 19  [   94.128.2.172]  94.128.2.172  251 ms 



So from this I got these 2 emails:
abuse [at] oversee.net
abuse [at] as6453.net


Top
 Profile  
 PostPosted: Tue Jun 09, 2009 7:39 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Oversee.net responded on 6/8/09 and confirmed it was offline

Code:
[oversee.net #47132] Resolved: [PHISHING SITE] 94.128.2.172 - Cartasi Bank - URG...


Top
 Profile  
 PostPosted: Thu Jun 25, 2009 2:32 am   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
thanks!


Top
 Profile  
 PostPosted: Thu Sep 17, 2009 6:26 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
another one registered by tucows that do nothing ...
hxxp://s8625c.com/titolari.cartasi.it/
domain registered uniquely for phishing on 04-Sep-2009


Top
 Profile  
 PostPosted: Thu Sep 17, 2009 6:43 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Where is CartaSi while all this is going on? It seems like you are single-handedly fighting this battle, when they have the most to lose.

Knujon needs to come out with a top ten list of most "spoofable" targets, naming and shaming the companies that do the least to get spoofed sites shut down. CartaSi and Paypal would belong on a list like that from what I can see.


Top
 Profile  
 PostPosted: Thu Sep 17, 2009 8:00 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
s8625c.com [217.73.236.40]

Code:
inetnum:      217.73.232.0 - 217.73.239.255
netname:      ALICOM
descr:        Alicom S.r.l. Network
country:      IT
admin-c:      ON232-RIPE
tech-c:       ON232-RIPE
status:       ASSIGNED PA
notify:       [email protected]
mnt-by:       ALICOM-MNT
changed:      [email protected] 20041029
source:       RIPE


s8625c.com is clearly a fraudulent domain that should have been shutdown. :?

I remember Tucows does shutdown domains, but they would change their contact email addresses. Honestly, I haven't reported fraud domains to them in a while, so please tell us, which Tucows email contact address are you using?

Code:
   Domain Name: S8625C.COM
   Registrar: TUCOWS INC.
   Whois Server: whois.tucows.com
   Referral URL: http://domainhelp.opensrs.net
   Name Server: NS7W.TOL.IT
   Name Server: NS8W.TOL.IT
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 04-sep-2009
   Creation Date: 04-sep-2009
   Expiration Date: 04-sep-2010


If Tucows isn't responsive, how about the people who run the nameserver?
Contact Page on website: http://www.tol.it/contatti.php

Code:
Domain:             tol.it
Status:             ACTIVE
Created:            1998-11-13 00:00:00
Last Update:        2009-06-26 00:02:22
Expire Date:        2010-06-10

Registrant
  Name:             Alicom srl
  ContactID:        ALIC25-ITNIC
  Address:          Via Pietro Nenni 294
                    San Giovanni Teatino
                    66020
                    CH
                    IT
  Created:          2007-03-01 10:34:40
  Last Update:      2008-06-26 17:50:02

Admin Contact
  Name:             Omero Narducci
  ContactID:        ON60-ITNIC
  Address:          Via Pietro Nenni 294
                    San Giovanni Teatino
                    66020
                    CH
                    IT
  Created:          2004-06-09 00:00:00
  Last Update:      2007-03-01 07:39:03

Technical Contacts
  Name:             Alicom Domain Registration Staff
  ContactID:        ADRS1-ITNIC
  Address:          VIA P. NENNI, 294
                    San Giovanni Teatino
                    66020
                    CH
                    IT
  Created:          2007-02-16 00:00:00
  Last Update:      2009-09-03 15:04:49

  Name:             Alicom Technical Management Staff
  ContactID:        ATMS1-ITNIC
  Organization:     Alicom s.r.l.
  Address:          VIA P. NENNI, 294
                    Sambuceto
                    66020
                    CH
                    IT
  Created:          2005-03-04 00:00:00
  Last Update:      2009-08-24 15:29:55

Registrar
  Organization:     Alicom s.r.l.
  Name:             ALICOM-MNT

Nameservers
  dns.tol.it
  dns2.tol.it


Top
 Profile  
 PostPosted: Fri Sep 18, 2009 2:20 am   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
I wrote to:
[email protected]
[email protected]
two times, on 14/9 and yesterday, no action


Top
 Profile  
 PostPosted: Fri Sep 18, 2009 2:24 am   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
AlphaCentauri wrote:
Where is CartaSi while all this is going on? It seems like you are single-handedly fighting this battle, when they have the most to lose.

I do not know why I got so much cartasi phish email, but my mission becomed to shut all down ;-))


Top
 Profile  
 PostPosted: Fri Sep 18, 2009 11:27 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
When I visit s8625c.com I get a "Domain Default Page", not a phishing website.

?

SiL


Top
 Profile  
 PostPosted: Fri Sep 18, 2009 12:09 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Hi efa,

I will try my contacts at TuCows. Obviously someone is asleep over there.

Hey, SiL

That phish is still active on the subdir

hxxp://s8625c.com/titolari.cartasi.it/

Code:
--- 09/18/09 12:07:45 Eastern Daylight Time
--- reading URL s8625c.com/titolari.cartasi.it/
--- contacting host s8625c.com [217.73.236.40] on port 80

HTTP/1.1 200 OK
Content-Length: 38501
Content-Type: text/html
Content-Location: http://s8625c.com/titolari.cartasi.it/Index.htm
Last-Modified: Thu, 17 Sep 2009 08:31:42 GMT
Accept-Ranges: bytes
ETag: "346b94487137ca1:3a90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
Date: Fri, 18 Sep 2009 16:05:54 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE>


Top
 Profile  
 PostPosted: Fri Sep 18, 2009 2:08 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Aha. Thanks Meep. Sorry for missing that.

SiL


Top
 Profile  
 [ 34 posts ]  Go to page 1, 2, 3  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot], Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008