[SURBL-Discuss] Fw: heads up, massive phishing going on.

Kevin A. McGrail kmcgrail at pccc.com
Thu Apr 28 19:40:25 CEST 2005


>From a guy I trust and work on anti-spam algorithm's who also works at Network Solutions:
    

The system running here detected a rash of ebay and paypal phishing earlier today and it is still going on.  Hope this info can help find and stop it before someone gets damaged.

 

Here are the IP addresses of the mail servers sending them and the sites they point to.  84.0.191.93: http://61.8.248.242/paypal/

211.207.71.179: http://ebay-loginpage.com/

222.121.181.227: http://ebay-loginpage.com/

82.155.149.110: http://61.8.248.242/paypal/

81.153.23.110: http://61.8.248.242/paypal/

66.169.92.212: http://ebay-loginpage.com/

68.161.50.212: http://ebay-loginpage.com/

220.77.245.178: http://ebay-loginpage.com/

220.77.180.56: http://ebay-loginpage.com

12.207.38.75: http://ebay-loginpage.com/

61.223.193.166: http://ebay-loginpage.com/

85.137.184.131: http://ebay-loginpage.com/

211.212.84.200: http://ebay-loginpage.com/

24.147.168.88: http://ebay-loginpage.com/

143.107.228.233: http://ebay-loginpage.com/

24.175.96.61: http://ebay-loginpage.com/

24.175.96.61: http://ebay-loginpage.com/

80.99.29.32: http://ebay-loginpage.com/

199.222.69.90: http://211.92.164.43/paypal/login.html

66.163.169.223: http://62.14.104.42/popcond/cgi-bin/webscr/cmd_login/submit/login_cmd/login_params/login_cancel_cmd/login_email/login_password/submit/Log/In/login/index.htm

66.163.169.227: http://62.14.104.42//popcond/cgi-bin/webscr/cmd_login/submit/login_cmd/login_params/login_cancel_cmd/login_email/login_password/submit/login698788/index.htm

66.163.170.7: 62.14 one

218.71.219.118: http://61.8.248.242/paypal/

201.3.200.130: http://200.126.231.52/verify/paypalDLLUPDATE/index.html

81.154.223.105: http://61.8.248.242/paypal/

 

 

There are too many, here are all the ip addresses so far. Except for the paypal one, nearly all of them point to that ebay-loginpage link.:

12.207.38.75

143.107.228.233

143.107.228.233

161.67.47.158

161.67.47.158

172.193.163.214

194.126.113.99

201.132.84.249

202.160.31.55

207.14.190.25

210.124.50.122

211.204.200.248

211.207.71.179

211.207.71.179

211.212.84.200

211.238.88.66

213.10.229.235

218.20.62.11

218.52.113.198

218.52.113.198

218.74.7.184

219.74.51.148

220.117.95.86

220.117.95.86

220.75.20.2

220.77.180.56

220.77.245.178

220.91.135.89

220.92.95.169

221.143.218.203

221.220.115.241

222.116.57.65

222.121.181.227

222.136.148.24

222.209.126.58

222.248.162.59

222.97.136.193

222.97.136.193

24.12.180.41

24.12.180.41

24.132.102.192

24.136.234.85

24.136.234.85

24.147.168.88

24.147.168.88

24.161.195.248

24.171.68.170

24.175.96.61

59.189.82.23

59.19.143.13

59.23.88.148

61.110.240.238

61.223.193.166

61.84.102.163

61.91.197.226

65.184.247.8

66.169.92.212

67.163.166.132

68.161.28.204

68.161.50.212

68.59.7.246

69.250.34.189

80.131.76.88

80.48.131.35

80.8.64.78

80.99.29.32

81.153.23.110

81.9.129.170

81.9.129.170

82.123.168.1

82.155.149.110

83.145.180.107

84.0.191.93

84.121.40.154

84.94.184.172

84.94.192.145

85.137.184.131

 


More information about the Discuss mailing list