SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 villasivota.gr

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Dr.Robotnik
Master Baiter


Joined: 21 Jun 2013
Posts: 144


PostPosted: Sun Jul 07, 2013 10:41 pm Reply with quoteBack to top

This website looks innocent but when you go to villasivota.gr/samples.html that is a whole other story. I just made up a fake email that does not exist and enter a random password and it just redirected me http://www.alibaba.com/
So basically the purpose of this website is to steal passwords. Here is some information
Code:

[email protected] ~ $ whois villasivota.gr             
This TLD has no whois server, but you can access the whois database at
https://grweb.ics.forth.gr/whois_en.jsp

The link does not work by the way it just gets a 404 error I cannot find a place to report this website. When I do:
Code:

[email protected] ~ $ ping villasivota.gr -c 1
PING villasivota.gr (174.121.135.131) 56(84) bytes of data.
64 bytes from 83.87.79ae.static.theplanet.com (174.121.135.131): icmp_seq=1 ttl=54 time=103 ms

--- villasivota.gr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 103.936/103.936/103.936/0.000 ms
[email protected] ~ $ whois 174.121.135.131

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=174.121.135.131?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       174.120.0.0 - 174.123.255.255
CIDR:           174.120.0.0/14
OriginAS:       AS36420, AS30315, AS13749, AS21844
NetName:        NETBLK-THEPLANET-BLK-16
NetHandle:      NET-174-120-0-0-1
Parent:         NET-174-0-0-0-0
NetType:        Direct Allocation
RegDate:        2009-03-23
Updated:        2012-02-24
Ref:            http://whois.arin.net/rest/net/NET-174-120-0-0-1

OrgName:        ThePlanet.com Internet Services, Inc.
OrgId:          TPCM
Address:        315 Capitol
Address:        Suite 205
City:           Houston
StateProv:      TX
PostalCode:     77002
Country:        US
RegDate:        1999-08-31
Updated:        2010-10-13
Ref:            http://whois.arin.net/rest/org/TPCM

ReferralServer: rwhois://rwhois.theplanet.com:4321

OrgTechHandle: TECHN33-ARIN
OrgTechName:   Technical Support
OrgTechPhone:  +1-281-714-3000
OrgTechEmail:  [email protected]
OrgTechRef:    http://whois.arin.net/rest/poc/TECHN33-ARIN

OrgNOCHandle: THEPL-ARIN
OrgNOCName:   The Planet NOC
OrgNOCPhone:  +1-281-714-3000
OrgNOCEmail:  [email protected]
OrgNOCRef:    http://whois.arin.net/rest/poc/THEPL-ARIN

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName:   The Planet Abuse
OrgAbusePhone:  +1-281-714-3560
OrgAbuseEmail:  [email protected]
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE271-ARIN

RNOCHandle: THEPL-ARIN
RNOCName:   The Planet NOC
RNOCPhone:  +1-281-714-3000
RNOCEmail:  [email protected]
RNOCRef:    http://whois.arin.net/rest/poc/THEPL-ARIN

RAbuseHandle: ABUSE271-ARIN
RAbuseName:   The Planet Abuse
RAbusePhone:  +1-281-714-3560
RAbuseEmail:  [email protected]
RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE271-ARIN

RTechHandle: TECHN33-ARIN
RTechName:   Technical Support
RTechPhone:  +1-281-714-3000
RTechEmail:  [email protected]
RTechRef:    http://whois.arin.net/rest/poc/TECHN33-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#



Found a referral to rwhois.theplanet.com:4321.

%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-THEPLANET-BLK-16
network:Auth-Area:174.120.0.0/14
network:Network-Name:TPIS-BLK-174-121-135-0
network:IP-Network:174.121.135.128/27
network:IP-Network-Block:174.121.135.128 - 174.121.135.159
network:Organization;I:WebsiteWelcome
network:Street-Address:N/A
network:City:Burlington
network:State:MA
network:Postal-Code:01803
network:Country-Code:USA
network:Tech-Contact;I:[email protected]
network:Admin-Contact;I:[email protected]
network:Created:20100325
network:Updated:20100325

network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.174.120.0.0/14
network:Auth-Area:174.120.0.0/14
network:Network-Name:SOFTLAYER-174.120.0.0
network:IP-Network:174.121.128.0/17
network:IP-Network-Block:174.121.128.0-174.121.255.255
network:Organization;I:SoftLayer
network:Street-Address:4849 Alpha Road
network:City:Dallas
network:State:TX
network:Postal-Code:75244
network:Country-Code:US
network:Tech-Contact;I:[email protected]
network:Abuse-Contact;I:[email protected]
network:Admin-Contact;I:IPADM258-ARIN
network:Created:2013-06-13 15:23:43
network:Updated:2013-06-13 15:23:43
network:Updated-By:[email protected]
View user's profileSend private message
El Capitan Borracho
Baiting Guru


Joined: 17 Jun 2012
Posts: 18365
Location: Back until the artwork begins again


PostPosted: Mon Jul 08, 2013 1:11 am Reply with quoteBack to top

http://villasivota.gr appears to be a legitimate Grecian villa/vacation site.

I think http://villasivota.gr/samples.html was just hacked into the legitimate site by the scammers.

http://villasivota.gr/samples.html is phishing, and not something we typically deal with here. It can be reported though.

I would recommend sending a report on the contact page of the legitimate site here http://villasivota.gr/index.php?option=com_contact&view=contact&id=1&Itemid=5&lang=en , and let them know that scammers have potentially hijacked their site to add the phishing page. Tell them don't be alarmed, but recommend they contact their web service provider or person that set up their website to get the content removed. Also suggest that they change any of their passwords associated with the site, and that once the phishing content is removed the scammers will just move on and they should be left alone.

If they don't respond or remove the phishing content in a few days, then let the host know of the situation and let them deal with it. [email protected]

Marking 'n/a' and thread can be moved to Misc forum
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT