Phishing Trip?
Results 1 to 3 of 3

Thread: Phishing Trip?

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    856

    Phishing Trip?

    This came to my inbox today (I've removed my e-mail login name). I think this must be a phishing attempt.

    1) I don't remember having a PayPal account. If I did at one time, I haven't used it in three years.
    2) Per the PayPal site, they would have used my real name if this was a valid email.

    Look at the link I'm supposed to click. Does that look suspicious to you?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    The SamSpade Whois shows:

    Server Used: [ whois.godaddy.com ]

    futurecis.futurecis.com = [ 210.79.186.77 ]

    Registrant:
    Future CIS
    Registered through: GoDaddy.com
    Domain Name: FUTURECIS.COM
    Domain servers in listed order:
    PARK11.SECURESERVER.NET
    PARK12.SECURESERVER.NET
    For complete domain details go to:


    The IP Whois shows:

    Server Used: [ whois.nic.ad.jp ]

    210.79.186.77 = [ 077M31.oasis.mediatti.net ]
    [ JPNIC database provides information regarding IP address and ASN. Its use ]
    [ is restricted to network administration purposes. For further information ]
    [ use 'whois -h whois.nic.ad.jp help'. To only display English output ]
    [ add '/e' at the end of command e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
    Network Information:
    a. [Network Number] 210.79.184.0/22
    b. [Network Name] MEDIATTI-MBC
    g. [Organization] Mediatti Communications Inc.
    m. [Administrative Contact] LS032JP
    n. [Technical Contact] LS032JP
    p. [Nameserver] vs0002.shi.kvh.ne.jp
    p. [Nameserver] ns2.kvh.ne.jp
    [Assigned Date] 2005/01/16
    [Return Date]
    [Last Update] 2005/01/16 22: 20: 03(JST)
    Less Specific Info.
    ----------
    Mediatti Communications Inc.
    [Allocation] 210.79.128.0/18
    More Specific Info.
    ----------
    No match!!

    -----------------
    Supposedly in Japan. The Domain is registered via GoDaddy.com. http://futurecis.futurecis.com/.web/ seems to be a compromised server. However, there doesn't seem to be any files beyond the login.php and two text files under the .web folder. It may be that the text files contain the ips of systems it links to. Some of those ips are in Thailand, some in India. The .web folder has this structure:

    Index of /.web

    Name Last modified Size Description

    [DIR] Parent Directory 31-Jan-2006 21:18 -
    [TXT] bune.txt 31-Jan-2006 14:38 1k
    [ ] login.php 31-Jan-2006 14:39 2k
    [TXT] naspa.txt 01-Feb-2006 10:51 1k

    Apache/1.3.17 Server at futurecis.futurecis.com Port 80

    If you click on the link, the login.php uses the IP numbers in the support txt files to forward you to another system, like:

    http://202.143.xxx.xxx:81/https/www....scr/cmd=_home/
    ======================================================

    Oh, yeah, to answer your question, YES it is a Phising expedition.


  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    1

    Webmaster@FutureCIS.com

    In regards to this thread, I would like to send you my sincerest apologies. Futurecis.com is my domain. I assure you that Future CIS is a legit company and should not have allowed this to happen. The issue has been resolved.

    This particular incident took place on one of our servers that had been compromised by an outside source. Due to extended leave that I was on, I was unaware of it until it was too late. The issue has been fixed and will not happen again. Please accept our sincerest apologies. For further information or questions, please visit us at www.futurecis.com or you can email me at Webmaster@FutureCIS.com. Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •