I was looking at my who's online section and i came across this ip OFDP-3.phishmongers.com after doing a little research i cam across this article PhishMongers Stealth Web Bot Unleashed I believe everyone should block the ips in this article. Better off safe then sorry
Avi Freedman, one of the ultimate Internet insiders, has teamed up with
a fellow Internet Systems Consortium (ISC) member named Andy Fried (who
is also a member of the FOP Grand Lodge and a former IRS investigator),
along with the IRS itself, to unleash a stealth web-bot called the
PhishMongers.
Freedman and Fried have essentially privatized an IRS system called OFDP
and started running it from a company called Deteque. This private company
runs on Freedman's network, and the network of the ISC. Another government
spying function contracted out. Freedman especially should be aware that
running a web bot which doesn't identify itself or obey the Robots Exclusion
Standard is improper.
Avi and Andy are government spies. Block their networks from your networks:
198.186.194.0/24
198.186.190.0/23
198.186.192.0/23
If you have any balls, you can also try blocking the ISC:
149.20.0.0/16
==========================================================================
From my web logs:
198.186.192.44 - - [15/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
198.186.192.44 - - [16/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
198.186.192.44 - - [18/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
No user agent string provided.
==========================================================================
A little DNS probing:
198.186.192.44 -PTR-> ofdp-3.phishmongers.com.
phishmongers.com. -TXT-> "v=spf1 mx mx:irs.gov ip4:198.186.193.197 ~all"
198.186.193.197 -PTR-> atom2.deteque.com.
deteque.com. -TXT-> "v=spf1 mx include:aspmx.googlemail.com
ip4:198.186.193.48/28
ip4:198.186.193.192/27
ip4:149.20.54.184
ip4:149.20.51.18
ip4:149.20.4.210 ~all"
==========================================================================
What is the meaning of "ofdp-3"?
"OFDP Mission. To reduce online fraud against the IRS and taxpayers."
http://www.irs******pub/irs-utl/online_fraud_detection_and_prevention.pdf
==========================================================================
http://www.robtex.com/r/x?q=ofdp-3.phishmongers.com&odns=in+dns
Ofdp.irs.gov is a domain controlled by three name servers at treas.gov.
Two of them are on the same ...
ofdp-3-lo.phishmongers.com
ofdp-3.phishmongers.com
==========================================================================
ARIN assignments:
NetRange: 198.186.190.0 - 198.186.194.255
OrgName: Prescient Software, Inc.
OrgTechName: Freedman, Avi
OrgTechEmail: domains@freedman.net
NetRange: 149.20.0.0 - 149.20.255.255
OrgName: Internet Systems Consortium, Inc.
OrgTechName: Internet Systems Consortium NOC
OrgTechEmail: noc@isc.org
==========================================================================
Dozens of ZeuS Botnets Knocked Offline ? Krebs on Security
"Andy Fried, owner of Deteque, a computer security consultancy in
Alexandria, Va... a former cyber fraud investigator with the IRS."
==========================================================================
Andrew H. Fried's former employers, via ZoomInfo:
Internet Systems Consortium
U.S. Department of the Treasury
U.S. Treasury Department
Bryan Cave LLP
U.S. Internal Revenue Service
==========================================================================
Fried is the Financial Secretary of the Fraternal Order of Police (FOP)
Grand Lodge:
Andrew Fried
5211 Ballycastle Circle
Alexandria, VA 22315
FOP | Tracking the Swine Flu Pandemic in DC
Avi Freedman, one of the ultimate Internet insiders, has teamed up with
a fellow Internet Systems Consortium (ISC) member named Andy Fried (who
is also a member of the FOP Grand Lodge and a former IRS investigator),
along with the IRS itself, to unleash a stealth web-bot called the
PhishMongers.
Freedman and Fried have essentially privatized an IRS system called OFDP
and started running it from a company called Deteque. This private company
runs on Freedman's network, and the network of the ISC. Another government
spying function contracted out. Freedman especially should be aware that
running a web bot which doesn't identify itself or obey the Robots Exclusion
Standard is improper.
Avi and Andy are government spies. Block their networks from your networks:
198.186.194.0/24
198.186.190.0/23
198.186.192.0/23
If you have any balls, you can also try blocking the ISC:
149.20.0.0/16
==========================================================================
From my web logs:
198.186.192.44 - - [15/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
198.186.192.44 - - [16/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
198.186.192.44 - - [18/Jul/2010:XX:XX:XX +0000] "GET / HTTP/1.1"
No user agent string provided.
==========================================================================
A little DNS probing:
198.186.192.44 -PTR-> ofdp-3.phishmongers.com.
phishmongers.com. -TXT-> "v=spf1 mx mx:irs.gov ip4:198.186.193.197 ~all"
198.186.193.197 -PTR-> atom2.deteque.com.
deteque.com. -TXT-> "v=spf1 mx include:aspmx.googlemail.com
ip4:198.186.193.48/28
ip4:198.186.193.192/27
ip4:149.20.54.184
ip4:149.20.51.18
ip4:149.20.4.210 ~all"
==========================================================================
What is the meaning of "ofdp-3"?
"OFDP Mission. To reduce online fraud against the IRS and taxpayers."
http://www.irs******pub/irs-utl/online_fraud_detection_and_prevention.pdf
==========================================================================
http://www.robtex.com/r/x?q=ofdp-3.phishmongers.com&odns=in+dns
Ofdp.irs.gov is a domain controlled by three name servers at treas.gov.
Two of them are on the same ...
ofdp-3-lo.phishmongers.com
ofdp-3.phishmongers.com
==========================================================================
ARIN assignments:
NetRange: 198.186.190.0 - 198.186.194.255
OrgName: Prescient Software, Inc.
OrgTechName: Freedman, Avi
OrgTechEmail: domains@freedman.net
NetRange: 149.20.0.0 - 149.20.255.255
OrgName: Internet Systems Consortium, Inc.
OrgTechName: Internet Systems Consortium NOC
OrgTechEmail: noc@isc.org
==========================================================================
Dozens of ZeuS Botnets Knocked Offline ? Krebs on Security
"Andy Fried, owner of Deteque, a computer security consultancy in
Alexandria, Va... a former cyber fraud investigator with the IRS."
==========================================================================
Andrew H. Fried's former employers, via ZoomInfo:
Internet Systems Consortium
U.S. Department of the Treasury
U.S. Treasury Department
Bryan Cave LLP
U.S. Internal Revenue Service
==========================================================================
Fried is the Financial Secretary of the Fraternal Order of Police (FOP)
Grand Lodge:
Andrew Fried
5211 Ballycastle Circle
Alexandria, VA 22315
FOP | Tracking the Swine Flu Pandemic in DC