- Joined
- Jul 20, 2002
- Location
- Newnan, GA
This morning at work I recieved the following email.
Somehow it got through the email filter. Normally I would delete this on the spot but this looked like a phishing site.
So I clicked the link and went to the site. Sure enough it was. Time to shut them down! Basically, to shut them down you need to find out their webhost and contact their abuse department (Usually [email protected]). So step #1, find their host. Easiest way is using whois. I like whois.net. Type the domain name in and click search. Well delta-the-animal-house.de gave me a nice error.
Honestly, I've never seen whois not give me anything. It's always givin me something. But their is more than one way to skin a cat. Time to play a little ball. Next I ping the name to get the IP address. Ping delta-the-animal-house.de however you want (I used command prompt) and it gave me the IP address of 212.227.119.101. Now we got something. Since IP addresses are assigned, we should be able to look up the ip and see who it goes to (hopefully thier webhost). For this I went to Network Solutions handy whois page. This allowed me to look up the IP address. What do you know...
Well, this IP address is for another part of the world. (We know this already from the .de domain). And it kindly points us where to go. So I do. I go to the whois page at ripe.net and pop in the IP address. The results...
Now we have them. Almost. Notice the abuse@ emails. Well they go to schlund.com. If my thinking is correct. schulund.com should be a webhost probably in Europe. Just to double check lets go there. Well, I see a section for webhosting at the top and it's in a diffrent language. Success! Now I shoot off an email to them.
I also attached a full copy of the email I recieved. I get a response.
Well hey, it's a generic auto response but at least this tells me it's not forgotten about. Another response.
Alright! Sure enough if I try to visit the site again I get a nast error in another language. Now I can be glad that I potentually foiled a scammer from taking advantage of someone less computer savvy than I.
This was my way of doing it, there are plenty of other ways. Maybe not the most efficient either but it worked. I hope this helps anyone that was curious about shutting down spammers and encourages people to try to shut them down. Some person somewhere is not filing a police report or arguing with their bank because of what I did. At least that's what I like to think.
To: xxx@xxx
Subject: CITIBANK Account Suspended
From: [email protected] <[email protected]>
<p>
<b>CITIBANK Update - Account Suspended !</b>
<br>
<br>
We recently have discovered that multiple computers have attempted to log into
your Citibank Online Account, and multiple password failures were presented
before the logons. We now require you to re-validate your account information to
us. <br>
If this is not completed by August 09, 2006, we will be forced to suspend your
account indefinitely, as it may have been used for fraudulent purposes. <br>
<br>
To continue please <a href="http://www.delta-the-animal-house.de/citi/">Click Here</a> or
on the link below to re-validate your account information : <br>
<br>
<a href="http://www.delta-the-animal-house.de/citi/">http://www.citibank.com/update.html/</a><br>
</p>
<p><span lang="EN-CA">Sincerely,<O
<p><span lang="EN-CA">The </span><b>CITIBANK</b> <span lang="EN-CA">Team<O
<p><span lang="EN-CA">Please do not reply to this e-mail. Mail sent to this
address cannot be answered. For assistance, log in to your </span><b>CITIBANK</b> <span lang="EN-CA">account and choose the "Help" link in the header of any page.<O
<p>© 2006 <b>CITIBANK</b> Security Manager</p>
</body>
</html>
Somehow it got through the email filter. Normally I would delete this on the spot but this looked like a phishing site.
So I clicked the link and went to the site. Sure enough it was. Time to shut them down! Basically, to shut them down you need to find out their webhost and contact their abuse department (Usually [email protected]). So step #1, find their host. Easiest way is using whois. I like whois.net. Type the domain name in and click search. Well delta-the-animal-house.de gave me a nice error.Honestly, I've never seen whois not give me anything. It's always givin me something. But their is more than one way to skin a cat. Time to play a little ball. Next I ping the name to get the IP address. Ping delta-the-animal-house.de however you want (I used command prompt) and it gave me the IP address of 212.227.119.101. Now we got something. Since IP addresses are assigned, we should be able to look up the ip and see who it goes to (hopefully thier webhost). For this I went to Network Solutions handy whois page. This allowed me to look up the IP address. What do you know...
Well, this IP address is for another part of the world. (We know this already from the .de domain). And it kindly points us where to go. So I do. I go to the whois page at ripe.net and pop in the IP address. The results...
Now we have them. Almost. Notice the abuse@ emails. Well they go to schlund.com. If my thinking is correct. schulund.com should be a webhost probably in Europe. Just to double check lets go there. Well, I see a section for webhosting at the top and it's in a diffrent language. Success! Now I shoot off an email to them.
I also attached a full copy of the email I recieved. I get a response.
Well hey, it's a generic auto response but at least this tells me it's not forgotten about. Another response.
Alright! Sure enough if I try to visit the site again I get a nast error in another language. Now I can be glad that I potentually foiled a scammer from taking advantage of someone less computer savvy than I.
This was my way of doing it, there are plenty of other ways. Maybe not the most efficient either but it worked. I hope this helps anyone that was curious about shutting down spammers and encourages people to try to shut them down. Some person somewhere is not filing a police report or arguing with their bank because of what I did. At least that's what I like to think.
