Jump to content

Lets talk about Phishing


anyedie

Recommended Posts

I get phishing e-mails on one of my e-mail accounts pretty regularly.  Most of the time they get deleted quickly, but sometimes I get curious and check them out.  I look at where the link is pointing, how it works, and usually run a little enumeration on the server.  What I have noticed is that most of the phishing e-mails have one main thing in common: they are either on or re-directed off some innocuous server.  One looked like a Spanish frat boy site, the other a Chinese business solutions site (or something like that).  The most recent one I received though was redirected off what appears to be a old server some guy in the east (USA) put up in the 2004 as a personal blog and then goes to another server which seems kind of like a legitimate business website.  (although come to think of it, i think it was a Chinese website yesterday...)

In any case, my questions is:

What are the chances that the blog guy knows that his site is being used to redirect people to a phishing site?

Should I send e-mails to these sites admins telling them about this?

Are phishing website actually against the law  is the US? (possibly why mine are usually redirected to another country?)

If these sites are obvious fronts strictly to run phishing scams, could one make an argument for ethical hacking?

Also, not sure if I should do this, if not Mods please delete.  But I will include the link I was sent (well, where it was pointing)

hxxp://www.fuerst-of-all.com/images/boa.html

(Edit - Moonlit: Careful with this link, I x'd out the http so no-one clicks it by accident, be aware that this link may not be safe.)

the fuerst-of-all.com is the blog site and the boa.html is the redirect

thanks! :-P

Edit: DNSStuff.com is now asking for paid memberships, does anyone know a similar free site I cant find a good one.  :-(

Link to comment
Share on other sites

seeing the page is in his image directory, i'm guessing at one point he  had a badly coded image upload script or something that got exploited, shelled, and some of these pages put up, so i doubt he kno's about it ...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...