![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Active eBay phishing sites beyond the radar
Brian (SnSR)
SCNews.5.myspamgobbler at spamgourmet.com
Sat Feb 5 11:10:01 EST 2005
George Langford, Sc.D. wrote:
> Hello eBay:
>
> The following site has been active since October 30, 2004:
> http://213.136.106.214/.ls/ for which the Spamcop tracker is:
> http://www.spamcop.net/sc?id=z687361272z9a582fd2cc6499788f7cf719cdd80969z
> This one has been reported to: padkla at aviso.ci, assied at aviso.ci, and
> postmaster at opentransit.net, apparently to no avail.
>
> It gets worse. The guy appears to be getting set to do it again:
> http://213.136.106.214/cetig/.images/index.html (returns a blank screen
> but the HTML code is still there ... ?). However, read on; there's more.
> The Spamcop tracker for one of the three emails originally received is:
> http://www.spamcop.net/sc?id=z708555609za6ec7e8b8c61d469cdbb68cfd7d7625az
> See also: http://213.136.106.214/cetig/index2.htm but the following is
> the actual eBay phishing source is now in a new index file:
> http://213.136.106.214/cetig/.images/index2.htm
> This sourcecode has been changed since I last reported the site. Note that
> the IP address is the same as the site at the top of this page. I reported
> this site to assied at aviso.ci and j.zano at aviso.ci, clearly to no avail.
>
> The following site also remains active:
>
> http://pl.changwon.ac.kr/secure/saw-cgi/DllUpdate/signin/ws2/ISAPIDll/eBayISAPIdllSignIn_favoritenavid.uproduct.ppco_partnerId2ru.http_my.ebay.com_80_Fws2FeBayISAPI.dll3FMyeBay26ssPageName3Dh253Ah253Amebay_253AUS1ruparams_pageType1883.pa2.bshowgif.a1pUserId.errmsg_UsingSSL_0uname.siteid0.html
> For which the Spamcop tracker is:
> http://www.spamcop.net/sc?id=z715217569zbfae347f7e56405c295fb7331961fc97z
> This site was reported to: hjs123 at kt.co.kr, kren at snu.ac.kr, and mail-abuse at yahoo-inc.com. I am
> now reporting it also to slurp at inktomi.com.
>
> What's a concerned citizen to do ?
>
> George Langford, Sc.D.
> amenex at amenex.com
>
>
One of the things that I do is notify eTrust when I see their logo on
bogus sites. I did file a report.
https://www.truste.org/consumers/watchdog_complaint.php
Same with Verisign
https://www.verisign.com/support/site/abuse.html
I'm not sure that this does any good, but I would think it may help to
bring in some 'big guns'
I also found jefpro at nic.ci - hmmm, that's interesting because that is
not the address shown. This may be the perp's email address. Down at the
very bottom of 213.136.106.214 it shows an email address of
ahissi at nic.ci but the address is actually jefpro and on checking, this
is a valid address according to CentralOps.
Digging further, nic.ci is Network Information Center Côte d'Ivoire.
They show a support at nic dot ci address that may be useful. No abuse
addy listed with abuse.net.
http://www.nic.ci/presta_net.htm may be helpful. This may be the place
to go.
Good luck.
Brian
More information about the SpamCop-List
mailing list