Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re[2]: Another false Citibank e-mail...a new phishing?
From: Vizzy <vizzy () freemail hu>
Date: Sun, 21 Mar 2004 01:37:13 +0000

hiho Steve!

It is not disguisted, but indeed hacked server:

sk03.cultureclub.co.kr ---> 218.36.71.193

No wonder someone found it very easy to exploit (as it runs buggy mod_ssl, openssl, php, ..)
and use compromised server to collect CC data without traces.

It has two Apache versions running on 80 and 443 as was said here
already, and looks like has some backdoor ports open (but I'll
investigate more..)
 
SM> Nope.
SM> Just More misdiredction by the miscreants

SM> try the url   
SM> http://218.36.71.193:443/test.php

SM> The requested URL /test.php was not found on this server.

SM> ------------------------------------------------------------------------
SM> Apache/1.3.6 Server at proxyegana.goldpfeil.de Port 80

SM> [stm () rp2]$ nslookup www.sk.com
SM> Note:  nslookup is deprecated and may be removed from future releases.
SM> Consider using the `dig' or `host' programs instead.  Run nslookup with
SM> the `-sil[ent]' option to prevent this message from appearing.
SM> Server:         192.168.8.1
SM> Address:        192.168.8.1#53

SM> Non-authoritative answer:
SM> Name:   www.sk.com
SM> Address: 64.227.233.29

-- 
have phun,
 Vizzy 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault