CartaSi: cannot shut down those phish web sites

Phishing operations, including perpetrators, how to report them and get them shut down.

Re: CartaSi: cannot shut down those phish web sites

Postby efa » Sat Sep 19, 2009 5:34 pm

Tucows answered me to write to compliance@opensrs.org that was already in CC in my 14/9 email. No action
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Sat Sep 19, 2009 6:09 pm

very frustrating, efa. :!: Will it take TuCows another week or two?
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby efa » Mon Sep 21, 2009 3:48 am

Subject: Re: [Inquiry=26711] Re: Phishing CartaSi using domain 's8625c.com'
Date: Mon, 21 Sep 2009 09:44:15 +0200
From: <efa>
To: customer.support@tucows.com
CC: Tucows Compliance <compliance@opensrs.org>

Tucows Customer Support ha scritto:
> When replying, type your text above this line.
> ----------------------------------------------

are you joking?
compliance@opensrs.org was in CC also the first complaint on 14 september!
opensrs.org are inactive, the phish domain is still up today on 21.

Please shutdown this phish domain
efa
...
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Mon Sep 21, 2009 3:16 pm

I reported it, too. :( let's see if it is online next week, still.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Tue Sep 22, 2009 12:48 pm

lame, emailed and it is still up .... maybe in October at this rate.

Code: Select all
--- 09/22/09 12:49:38 Eastern Daylight Time
--- reading URL s8625c.com/titolari.cartasi.it/
--- contacting host s8625c.com [217.73.236.40] on port 80

HTTP/1.1 200 OK
Content-Length: 38501
Content-Type: text/html
Content-Location: http://s8625c.com/titolari.cartasi.it/Index.htm
Last-Modified: Thu, 17 Sep 2009 08:31:42 GMT
Accept-Ranges: bytes
ETag: "346b94487137ca1:3a90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PleskWin
Date: Tue, 22 Sep 2009 16:47:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE>
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby efa » Tue Sep 22, 2009 2:05 pm

I filled the form at:
http://reports.internic.net/cgi/registr ... report.cgi
with Item "Registrar Customer Service"

Form text:

Domain: s8625c.com
Real Registrar Name: TUCOWS INC.

I wrote a complaint to Tucows on 14 september, because the domain:
s8625c.com
was registered uniquely for phishing on 04-sep-2009
as show by spamvertized link:
hxxp://s8625c.com/titolari.cartasi.it/

Tucows answered to write to 'compliance@opensrs.org' that was already in CC in my 4 september mail.
The domain is still active today 22 september, seems Tucows do not act immediately on the phisher.

Please ask for domain suspension.
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Tue Sep 22, 2009 4:00 pm

OK, will try to report it and then update this thread as soon as I can, efa.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby efa » Sat May 29, 2010 2:17 pm

To: abuse@register.com, legal@register.com
Subject: Phishing CartaSi using domain "cartasi-log.com"

Dear Registrar:RANGER REGISTRATION (MADEIRA) LLC.
I have received a phish email, that contain a link to:

hxxp://cartasi-log.com/login/

The link is a fake page of the Italian Credit Card 'Cartasi':

https://titolari.cartasi.it/portal/server.pt

The domain is registered uniquely for phishing on:10-may-2010
Please suspend immediately the domain "cartasi-log.com"
Removal instructions are at this link:
http://www.spamtrackers.eu/wiki/index.p ... rar_Advice


Regards, efa
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Tue Jun 01, 2010 3:36 pm

still live as of 6/1/10. I am reporting to support@register.com
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby Red Dwarf » Tue Jun 01, 2010 6:08 pm

Both Firefox and IE refuse to let me get past the login page.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10431
Joined: Tue Jun 27, 2006 2:01 am

Re: CartaSi: cannot shut down those phish web sites

Postby roberto7888 » Wed Jun 02, 2010 6:52 am

meep wrote:still live as of 6/1/10. I am reporting to support@register.com

use these e-mails for ICANN Registrar : RANGER REGISTRATION (MADEIRA) LLC. : support@rangermadeira.com, postmaster@rangermadeira.com, legal@rangermadeira.com, info@rangermadeira.com,
admin@rangermadeira.com, abuse@rangermadeira.com
User avatar
roberto7888
Spam Muncher
 
Posts: 842
Joined: Tue Jan 02, 2007 11:04 am

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Wed Jun 02, 2010 9:15 am

Thanks, Roberto, for the reseller registrar finds. Good digging.

Well, it is now 6/2/10 and this is still active:

cartasi-log.com [96.9.51.205]
Code: Select all
--- 06/02/10 08:13:59 Central Daylight Time
--- reading URL cartasi-log.com/login/
--- contacting host cartasi-log.com [96.9.51.205] on port 80

HTTP/1.1 200 OK
Date: Wed, 02 Jun 2010 13:14:01 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 20 Dec 2008 05:30:20 GMT
ETag: "2818c71-86d1-45e73b8b59300"
Accept-Ranges: bytes
Content-Length: 34513
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE> ...
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby meep » Fri Jun 04, 2010 11:14 am

cartasi-log.com/login/ is still online as of 6/4/10, but I don't want to test it to see if it works since phishing sites, even fraudulent domains can harbor malware.

Code: Select all
--- 06/04/10 10:12:07 Central Daylight Time
--- reading URL cartasi-log.com/login/
--- contacting host cartasi-log.com [96.9.51.205] on port 80

HTTP/1.1 200 OK
Date: Fri, 04 Jun 2010 15:12:11 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Sat, 20 Dec 2008 05:30:20 GMT
ETag: "2818c71-86d1-45e73b8b59300"
Accept-Ranges: bytes
Content-Length: 34513
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0044)https://titolari.cartasi.it/portal/server.pt -->
<HTML><HEAD><TITLE>Home Page</TITLE>
<META http-equiv=Content-Type content="text/html; charset=utf-8"><LINK lang=it
href="index_files/mainstyle-titolari-it.css" type=text/css
rel=StyleSheet></LINK>
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: CartaSi: cannot shut down those phish web sites

Postby efa » Wed Jun 09, 2010 2:28 am

9 Jun, the domain "cartasi-log.com" is still active.

The contacts:
postmaster@rangermadeira.com
abuse@rangermadeira.com
info@rangermadeira.com
support@rangermadeira.com
answer with a "Delivery Status Notification Recipient Unknown (state 17)"
User avatar
efa
Spammer Exterminator
 
Posts: 1061
Joined: Wed May 02, 2007 8:59 pm

Re: CartaSi: cannot shut down those phish web sites

Postby Red Dwarf » Wed Jun 09, 2010 7:14 pm

roberto7888 wrote:
meep wrote:still live as of 6/1/10. I am reporting to support@register.com

use these e-mails for ICANN Registrar : RANGER REGISTRATION (MADEIRA) LLC. : support@rangermadeira.com, postmaster@rangermadeira.com, legal@rangermadeira.com, info@rangermadeira.com,
admin@rangermadeira.com, abuse@rangermadeira.com

As reported by efa -
postmaster, info, abuse and support do not exist.
I got a "Recipient Unknown (state 14)." for all but the addresses admin and legal
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10431
Joined: Tue Jun 27, 2006 2:01 am

PreviousNext

Return to Phishers

Who is online

Users browsing this forum: No registered users and 1 guest

cron