another Fraud website :(
Yep, not a new trick, emulating e-gold site, this particular email pointing to a site falsely claiming to be e-gold http://66.162.74.192/acct/login.html If you type garbage and submit, it sends you to e-gold site proper.... e-gold users, any finacial users, need to watch that URL, should be SSL (https) etc... oh well can't protect everyone from fraud. I agree, the person(s) doing this are evil. Might be interesting to setup a sting and let the person steal a small amount and see how they attempt to move the e-gold. Suspect they'll transfer immediately then move through moneymaker to currency. however they could also do a purchase and launder that way to... ? -------- hmmm taking a look at the server itself Doing a traceroute, it appears the server is one hop down from hrnoc.net 20 nycp-rt-hr7200-1.hrnoc.net (66.162.65.2) 95.374 ms 95.184 ms 116.384 ms 21 66.162.74.192 (66.162.74.192) 96.83 ms 91.846 ms 92.89 ms Which has admin email [EMAIL PROTECTED] so its probably http://hostrocket.com/home/index.htm Which is a hosting company.... No phone number on contact info, so I filled out a form warning them they have a fraud site up on their servers.... Hope it helps. Did a nmap on 66.162.74.192 They are running OpenBSD 3.0 - which saddens me, most Openbsd sysadmins like myself are ususually the good guys :( But the machine has a lot of open ports like its a web server and mail server for hosting services. So most likely it is a hosted website and the owner is not aware.. For example ftp & pop3 are not on by default after install but needfull for putting websites up and retrieving email, it is setup for SSL, yet ssl is not used by site. And, the machine is using a newer ssh, so it's doubtfull it was directly compromised, if it is an honest server, its an user account that had weak password or evil user. # scanssh 66.162.74.192 66.162.74.192 SSH-1.99-OpenSSH_3.1p1 here is the nmap port scan results Interesting ports on (66.162.74.192): (The 1522 ports scanned but not shown below are in state: filtered) Port State Service 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp closed telnet 25/tcp open smtp 42/tcp closed nameserver 53/tcp closed domain 69/tcp closed tftp 80/tcp open http 81/tcp closed hosts2-ns 101/tcp closed hostname 110/tcp open pop-3 111/tcp open sunrpc 113/tcp closed auth 443/tcp open https 513/tcp closed login 576/tcp closed ipcd 950/tcp closed oftep-rpc 2049/tcp closed nfs 6112/tcp closed dtspc 6666/tcp open irc-serv 6667/tcp closed irc TCP/IP fingerprint: SInfo(V=2.54BETA25%P=i386-unknown-openbsd3.0%D=4/7%Time=3CB08B61%O=21%C=20) -regards paul <ppruett at cocoavillagepublishing.com> //************************************************************* // Designing, Integrating and Maintaining Information Techology // Cocoa Village Publishing www.cocoavillagepublishing.com // 415 Brevard Ave, Cocoa FL 32922, ph 321-639-4344 fx 639-8681 //************************************************************* On Sun, 7 Apr 2002, Rick van Rein wrote: > read the message in a non-HTML tool, there is an indication that the link > would go to the real e-gold.com website, but what actually happens is that > a browser is taken to IP 66.162.74.192. > Rick van Rein, --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
