Author |
Message |
Dr.Robotnik
Master Baiter
Joined: 21 Jun 2013
Posts: 144
|
Posted:
Sun Jul 07, 2013 10:41 pm |
|
This website looks innocent but when you go to villasivota.gr/samples.html that is a whole other story. I just made up a fake email that does not exist and enter a random password and it just redirected me http://www.alibaba.com/
So basically the purpose of this website is to steal passwords. Here is some information
Code: |
yoda@Mordor ~ $ whois villasivota.gr
This TLD has no whois server, but you can access the whois database at
https://grweb.ics.forth.gr/whois_en.jsp
|
The link does not work by the way it just gets a 404 error I cannot find a place to report this website. When I do:
Code: |
yoda@Mordor ~ $ ping villasivota.gr -c 1
PING villasivota.gr (174.121.135.131) 56(84) bytes of data.
64 bytes from 83.87.79ae.static.theplanet.com (174.121.135.131): icmp_seq=1 ttl=54 time=103 ms
--- villasivota.gr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 103.936/103.936/103.936/0.000 ms
yoda@Mordor ~ $ whois 174.121.135.131
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=174.121.135.131?showDetails=true&showARIN=false&ext=netref2
#
NetRange: 174.120.0.0 - 174.123.255.255
CIDR: 174.120.0.0/14
OriginAS: AS36420, AS30315, AS13749, AS21844
NetName: NETBLK-THEPLANET-BLK-16
NetHandle: NET-174-120-0-0-1
Parent: NET-174-0-0-0-0
NetType: Direct Allocation
RegDate: 2009-03-23
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-174-120-0-0-1
OrgName: ThePlanet.com Internet Services, Inc.
OrgId: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
RegDate: 1999-08-31
Updated: 2010-10-13
Ref: http://whois.arin.net/rest/org/TPCM
ReferralServer: rwhois://rwhois.theplanet.com:4321
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-281-714-3000
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/TECHN33-ARIN
OrgNOCHandle: THEPL-ARIN
OrgNOCName: The Planet NOC
OrgNOCPhone: +1-281-714-3000
OrgNOCEmail: [email protected]
OrgNOCRef: http://whois.arin.net/rest/poc/THEPL-ARIN
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: The Planet Abuse
OrgAbusePhone: +1-281-714-3560
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE271-ARIN
RNOCHandle: THEPL-ARIN
RNOCName: The Planet NOC
RNOCPhone: +1-281-714-3000
RNOCEmail: [email protected]
RNOCRef: http://whois.arin.net/rest/poc/THEPL-ARIN
RAbuseHandle: ABUSE271-ARIN
RAbuseName: The Planet Abuse
RAbusePhone: +1-281-714-3560
RAbuseEmail: [email protected]
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE271-ARIN
RTechHandle: TECHN33-ARIN
RTechName: Technical Support
RTechPhone: +1-281-714-3000
RTechEmail: [email protected]
RTechRef: http://whois.arin.net/rest/poc/TECHN33-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Found a referral to rwhois.theplanet.com:4321.
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-THEPLANET-BLK-16
network:Auth-Area:174.120.0.0/14
network:Network-Name:TPIS-BLK-174-121-135-0
network:IP-Network:174.121.135.128/27
network:IP-Network-Block:174.121.135.128 - 174.121.135.159
network:Organization;I:WebsiteWelcome
network:Street-Address:N/A
network:City:Burlington
network:State:MA
network:Postal-Code:01803
network:Country-Code:USA
network:Tech-Contact;I:[email protected]
network:Admin-Contact;I:[email protected]
network:Created:20100325
network:Updated:20100325
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.174.120.0.0/14
network:Auth-Area:174.120.0.0/14
network:Network-Name:SOFTLAYER-174.120.0.0
network:IP-Network:174.121.128.0/17
network:IP-Network-Block:174.121.128.0-174.121.255.255
network:Organization;I:SoftLayer
network:Street-Address:4849 Alpha Road
network:City:Dallas
network:State:TX
network:Postal-Code:75244
network:Country-Code:US
network:Tech-Contact;I:[email protected]
network:Abuse-Contact;I:[email protected]
network:Admin-Contact;I:IPADM258-ARIN
network:Created:2013-06-13 15:23:43
network:Updated:2013-06-13 15:23:43
network:Updated-By:[email protected]
|
|
|
|
|
|
El Capitan Borracho
Baiting Guru
Joined: 17 Jun 2012
Posts: 18365
Location: Back until the artwork begins again
|
Posted:
Mon Jul 08, 2013 1:11 am |
|
http://villasivota.gr appears to be a legitimate Grecian villa/vacation site.
I think http://villasivota.gr/samples.html was just hacked into the legitimate site by the scammers.
http://villasivota.gr/samples.html is phishing, and not something we typically deal with here. It can be reported though.
I would recommend sending a report on the contact page of the legitimate site here http://villasivota.gr/index.php?option=com_contact&view=contact&id=1&Itemid=5&lang=en , and let them know that scammers have potentially hijacked their site to add the phishing page. Tell them don't be alarmed, but recommend they contact their web service provider or person that set up their website to get the content removed. Also suggest that they change any of their passwords associated with the site, and that once the phishing content is removed the scammers will just move on and they should be left alone.
If they don't respond or remove the phishing content in a few days, then let the host know of the situation and let them deal with it. [email protected]
Marking 'n/a' and thread can be moved to Misc forum |
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|