Forum
Comments:
-
- on Fri 07 Aug 2009
- 02:36:17 AM UTC
meebo phish?
Pan Wei wei
I've seen this Registrant Name elsewhere; many times... it's hard not to forget that one.- shameful-pictures.com does not load for me, DNS error - no IP - whois
- Created: 2009-08-05
Expires: 2010-08-05
Updated: 2009-08-05
Name Server: NS1.SHAMEFUL-PICTURES.COM
Name Server: NS2.SHAMEFUL-PICTURES.COM
Whois Server: whois.paycenter.com.cn
Server Data:
Ip Address: no IP
Response Code: 200
Domain Status: Registered And No Website
Registrant Search: "Pan Wei wei" owns about 628 other domains
Simply placing the IP 69.90.81.141 into the browser address bar delivers the page login page you reference..
Look at the graphics closely, then look at www.meebo.com
Familiar?
It looks like a meebo login Phishing page to me, this is for MSN, but how many more are out there PHISHing for: AIM, Yahoo!, MySpace, Facebook, gtalk, icq, jabber, and/or myyearbook.Image saves having to go to meebo:
I find it interesting (coincidental?) that the form ID's used are:
meeboid and meebopasswordAlso, reviewing the javascript, I find an interesting reference:
hxxp://server1.opentracker.net/?site=jimkimpim.com
that send the username and PW to:
hxxp://server1.opentracker.net/collect_.jsp- Digging into the IP I find these domains:
- oh-is-that-you.com
ooh-you.com - (Pan Wei wei) whois
stolen-gallery.com - (Pan Wei wei) whois
the-crazy-friends.com - (Pan Wei wei) whois
the-glory-pictures.com - (Ucj Xfm) whois
the-stolen-images.com - (Pan Wei wei) whois
the-stolen-snaps.com - (Req Hpk) whois
All these domains refer to IP 59.152.207.213 within the whois results.
Both IP's 69.90.81.141 and 59.152.207.213 display the same login page.
(view image above)Please rate RED
Fraud / Scam / Phish
Involved with a Meebo Phishing scam attempting to retrieve user name and password for unauthorized use.59.152.207.213
69.90.81.141
my.stupid.isp.did.not.update.my.dns
shameful-pictures.com
ns1.the-crazy-friends.com
ns1.the-glory-pictures.com
ns1.the-stolen-images.com
ns1.the-stolen-snaps.com
ns2.the-crazy-friends.com
ns2.the-glory-pictures.com
ns2.the-stolen-images.com
ns2.the-stolen-snaps.com
oh-is-that-you.com
ooh-you.com
stolen-gallery.com
the-crazy-friends.com
the-glory-pictures.com
the-stolen-images.com
the-stolen-snaps.com-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Fri 07 Aug 2009
- 03:14:37 AM UTC
....
Cheers dude :o), didn't have time to dig too deep into it as have been busy with work (been awake almost 24 hours again :o( ).
Noticed the Meebo ref's, but figured they'd not bothered changing 'em (never been to Meebo).
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Fri 07 Aug 2009
- 03:17:56 AM UTC
Just an FYI btw ..
... the following are presently failing to resolve;
oh-is-that-you.com
ooh-you.com
stolen-gallery.com
the-crazy-friends.com
the-glory-pictures.com
the-stolen-images.com
the-stolen-snaps.comRegards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Fri 07 Aug 2009
- 03:41:34 AM UTC
apologies
I thought I mentioned that, but reviewing the post I only stated shameful-pictures.com does not load.
No, none of the domains load with/without www prefix in the browser address bar; they all have DNS errors, but their IP's load and you'll agree Pan Wei wei does not have a good reputation. One example of many...
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Fri 07 Aug 2009
- 02:48:54 AM UTC
All rated / commented
Thanks g7w
-
- on Sat 22 Aug 2009
- 02:42:02 AM UTC
party-photo-shoot.com
party-photo-shoot.com
Found this one on PT phish_id=790437
-------
Against Intuition - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W -
- on Sun 23 Aug 2009
- 08:02:13 AM UTC
The site references their
The site references their own script files from 69.90.81.132, too. Add that to your list of red rates.
-
- on Sun 23 Aug 2009
- 08:02:52 AM UTC
Thanks for the heads-up.
Thanks for the heads-up. Rated and commented the lot. By the way, it's on the Firefox list of web forgeries, too.
Freeze.com/screensaver.com/shameful-pictures.com in MSN Phishing scam, with bonus malware
"My friend Tom sent me a couple links earlier, to URL's that were reported to contain worms.
girls.without.clothes.are.on.these.shameful-pictures.com (69.90.81.141 - my.stupid.isp.did.not.update.my.dns - QITX Inc. PEER1-QITX-51)
Not seeing anything other than references to freeze, and login requests in the source code, I created a new MSN account, and duly loaded the page in the browser to see if there was indeed a worm. Alas nope, not thus far.
This one, courtesy of shameful-pictures.com, presents you a lovely little login form, asking for your MSN login details, and yep, it obviously checks if they're valid or not as I tried several times using random and bogus data that it kept rejecting, before I gave up and created a dedicated MSN test account for it."
http://hphosts.blogspot.com/2009/08/freezecomscree...
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net