You are notified of a phishing email attempting to lure victims to a fictitious Federal Bank Online website. The Federal Bank Online is a division of Bank of Atlas which provides financial services to members of the U.S. federal government. The phishing email contains a link to a website purporting to be run by the Federal Bank Online. Bank of Atlas has confirmed that the site, hosted at IP address 22.214.171.124, is not an authorized site (all IP addresses and site names in this scenario are fictitious and do not represent any actual persons or organizations).
You contact the owner of the web server using IP address 126.96.36.199. The administrator states that he was unaware of the fictitious Federal Bank Online website being on his server and provides the following logs from the server. Analyze the logs and determine the following, citing specific log entries to support all of your answers:
Order Unique Answer Now
- How did the attacker gain access to the system? Provide as much detail as possible about the attack, the tool used, etc.
- What IP address or addresses did the attacker use?
- How did the attacker create the fictitious Federal Bank Online website on the server?
- Was the attacker successful at his first attempt at creating the fictitious Federal Bank
- Did the attacker create any other fictitious sites on the server?
- Can you provide any other information about the attack that you feel is relevant?