Phishin' Probs

[BlackHatHunter]

I looked in some tutorials and the newbie help and couldn't find anything on this.
I work for a financial institution, we and our members get hit with a lot of phishing scams. As you know, the links inside the e-mail rarely go to the the site it says it's going to. I have tried to be diligent in reporting these incidents. I generally get the contact to report the abuse through ARIN or NetworkSolutions - WHOIS.

Here is my question:
How do I get the information about them if the domain name isn't pulling up any information in the WHOIS?
Maybe any easier question:
How can I get the IP Address to the site it's directing me to in the phishing message?

I'll give you the URL to the site it's trying to direct me to:
http://blueorange.gda.pl/update.htm?...ate/update.htm
(I don't recommend going to this site... who know what knid of crap is on it)

I narrowed my search down to Poland, but that's as far as I got.

[Computernerd22]

How do I get the information about them if the domain name isn't pulling up any information in the WHOIS?

I narrowed my search down to Poland, but that's as far as I got.

You need just a little more information. Heres some useful information I found for you on them check it out;


http://houston.dnstools.com/?lookup=...ubmit=Get+Info


http://samspade.org/t/rbl?a=www.blueorange.gda.pl

http://toolbar.netcraft.com/site_rep...eorange.gda.pl

person: Karol Zamorski
address: Volta
address: ul Matejki 6
address: 80-232 Gdansk
address: Poland
phone: +48 58 340 22 40
fax-no: +48 58 340 22 42
e-mail: kzamorski@volta.net.pl

They're not that anonymous. I hope it helps ComputerNerd22

85.219.174.100 = Linux Apache/1.3.33 Debian GNU/Linux PHP/4.3.10-8

[XTC46]

Right click on the link and go to proporties. it will show you either the IP address or the real domain. ALL domains MUST be registered in order to work (unless they have access to the root DNS servers) so its on paper somewhere who registered it.

[zencoder]

You may also want to expand your AO search to the Phishing and Scams forum, or ask the Moderator, HTRegz

[BlackHatHunter]

Very cool guys... Lots of help.
Great sites Computernerd22.

[Katja]

At http://toolbar.netcraft.com/ you can download and install their anti-phishing toolbar. This toolbar will display you some useful information about the website you're visiting but will also warn you when you try to visit a known phishing website. (I've tried that with that link you provided, and it works!)

And of course, any phishing emails can be reported at http://www.spamcop.net after you've registered for a free or paid account. Do those guys a favor and pay for it, if your budget allows it. They're doing a good job here.