Clicky
Last visit was: Sat Jul 05, 2014 2:04 pm
It is currently Sat Jul 05, 2014 2:04 pm

CartaSi: cannot shut down those phish web sites


All times are UTC - 5 hours [ DST ]


 [ 34 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 PostPosted: Sat Sep 19, 2009 5:34 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
Tucows answered me to write to [email protected] that was already in CC in my 14/9 email. No action


Top
 Profile  
 PostPosted: Sat Sep 19, 2009 6:09 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
very frustrating, efa. :!: Will it take TuCows another week or two?


Top
 Profile  
 PostPosted: Mon Sep 21, 2009 3:48 am   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
Subject: Re: [Inquiry=26711] Re: Phishing CartaSi using domain 's8625c.com'
Date: Mon, 21 Sep 2009 09:44:15 +0200
From: <efa>
To: [email protected]
CC: Tucows Compliance <[email protected]>

Tucows Customer Support ha scritto:
> When replying, type your text above this line.
> ----------------------------------------------

are you joking?
[email protected] was in CC also the first complaint on 14 september!
opensrs.org are inactive, the phish domain is still up today on 21.

Please shutdown this phish domain
efa
...


Top
 Profile  
 PostPosted: Mon Sep 21, 2009 3:16 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
I reported it, too. :( let's see if it is online next week, still.


Top
 Profile  
 PostPosted: Tue Sep 22, 2009 12:48 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
lame, emailed and it is still up .... maybe in October at this rate.

Code:
--- 09/22/09 12:49:38 Eastern Daylight Time
--- reading URL s8625c.com/titolari.cartasi.it/
--- contacting host s8625c.com [217.73.236.40] on port 80

HTTP/1.1 200 OK
Content-Length: 38501
Content-Type: text/html
Content-Location: http://s8625c.com/titolari.cartasi.it/Index.htm
Last-Modified: Thu, 17 Sep 2009 08:31:42 GMT
Accept-Ranges: bytes
ETag: "346b94487137ca1:3a90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
Date: Tue, 22 Sep 2009 16:47:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE>


Top
 Profile  
 PostPosted: Tue Sep 22, 2009 2:05 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
I filled the form at:
http://reports.internic.net/cgi/registr ... report.cgi
with Item "Registrar Customer Service"

Form text:

Domain: s8625c.com
Real Registrar Name: TUCOWS INC.

I wrote a complaint to Tucows on 14 september, because the domain:
s8625c.com
was registered uniquely for phishing on 04-sep-2009
as show by spamvertized link:
hxxp://s8625c.com/titolari.cartasi.it/

Tucows answered to write to '[email protected]' that was already in CC in my 4 september mail.
The domain is still active today 22 september, seems Tucows do not act immediately on the phisher.

Please ask for domain suspension.


Top
 Profile  
 PostPosted: Tue Sep 22, 2009 4:00 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
OK, will try to report it and then update this thread as soon as I can, efa.


Top
 Profile  
 PostPosted: Sat May 29, 2010 2:17 pm   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
To: [email protected], [email protected]
Subject: Phishing CartaSi using domain "cartasi-log.com"

Dear Registrar:RANGER REGISTRATION (MADEIRA) LLC.
I have received a phish email, that contain a link to:

hxxp://cartasi-log.com/login/

The link is a fake page of the Italian Credit Card 'Cartasi':

https://titolari.cartasi.it/portal/server.pt

The domain is registered uniquely for phishing on:10-may-2010
Please suspend immediately the domain "cartasi-log.com"
Removal instructions are at this link:
http://www.spamtrackers.eu/wiki/index.p ... rar_Advice


Regards, efa


Top
 Profile  
 PostPosted: Tue Jun 01, 2010 3:36 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
still live as of 6/1/10. I am reporting to [email protected]


Top
 Profile  
 PostPosted: Tue Jun 01, 2010 6:08 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Both Firefox and IE refuse to let me get past the login page.


Top
 Profile WWW  
 PostPosted: Wed Jun 02, 2010 6:52 am   
Spam Muncher
User avatar

Joined: Tue Jan 02, 2007 11:04 am
Posts: 842
meep wrote:
still live as of 6/1/10. I am reporting to [email protected]

use these e-mails for ICANN Registrar : RANGER REGISTRATION (MADEIRA) LLC. : [email protected], [email protected], [email protected], [email protected],
[email protected], [email protected]


Top
 Profile  
 PostPosted: Wed Jun 02, 2010 9:15 am   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Thanks, Roberto, for the reseller registrar finds. Good digging.

Well, it is now 6/2/10 and this is still active:

cartasi-log.com [96.9.51.205]
Code:
--- 06/02/10 08:13:59 Central Daylight Time
--- reading URL cartasi-log.com/login/
--- contacting host cartasi-log.com [96.9.51.205] on port 80

HTTP/1.1 200 OK
Date: Wed, 02 Jun 2010 13:14:01 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 20 Dec 2008 05:30:20 GMT
ETag: "2818c71-86d1-45e73b8b59300"
Accept-Ranges: bytes
Content-Length: 34513
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE> ...


Top
 Profile  
 PostPosted: Fri Jun 04, 2010 11:14 am   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
cartasi-log.com/login/ is still online as of 6/4/10, but I don't want to test it to see if it works since phishing sites, even fraudulent domains can harbor malware.

Code:
--- 06/04/10 10:12:07 Central Daylight Time
--- reading URL cartasi-log.com/login/
--- contacting host cartasi-log.com [96.9.51.205] on port 80

HTTP/1.1 200 OK
Date: Fri, 04 Jun 2010 15:12:11 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 20 Dec 2008 05:30:20 GMT
ETag: "2818c71-86d1-45e73b8b59300"
Accept-Ranges: bytes
Content-Length: 34513
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8"><LINK lang=it
href="index_files/mainstyle-titolari-it.css" type=text/css
rel=StyleSheet></LINK>


Top
 Profile  
 PostPosted: Wed Jun 09, 2010 2:28 am   
Spammer Exterminator

Joined: Wed May 02, 2007 8:59 pm
Posts: 1055
9 Jun, the domain "cartasi-log.com" is still active.

The contacts:
[email protected]
[email protected]
[email protected]
[email protected]
answer with a "Delivery Status Notification Recipient Unknown (state 17)"


Top
 Profile  
 PostPosted: Wed Jun 09, 2010 7:14 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
roberto7888 wrote:
meep wrote:
still live as of 6/1/10. I am reporting to [email protected]

use these e-mails for ICANN Registrar : RANGER REGISTRATION (MADEIRA) LLC. : [email protected], [email protected], [email protected], [email protected],
[email protected], [email protected]

As reported by efa -
postmaster, info, abuse and support do not exist.
I got a "Recipient Unknown (state 14)." for all but the addresses admin and legal


Top
 Profile WWW  
 [ 34 posts ]  Go to page Previous  1, 2, 3  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008