[nsp-sec] AS 5384/8966/6762 Phish site - assistance needed

Roper, Sara Sara.Roper at qwest.com
Thu May 8 14:27:13 EDT 2008 

AZ State CU is reporting a phish site hosted at Super General - Emirates
Internet and is having trouble getting the site taken down.  Do we have
any Seabone/Telecom Italia reps who could help "encourage" the
resolution?

Site:
hxxp://213.42.82.115/www.azstcu.org/onlineserv/HB/Login.cgi/index.php

 
$ whois -h whois.cymru.com 213.42.82.115
AS      | IP               | AS Name
5384    | 213.42.82.115    | EMIRATES-INTERNET Emirates Internet
$ whois -h upstream-whois.cymru.com 213.42.82.115
PEER_AS | IP               | AS Name
8966    | 213.42.82.115    | Emirates Telecommunications Corporati

$ whois -h whois.cymru.com 213.144.181.170
AS      | IP               | AS Name
6762    | 213.144.181.170  | SEABONE-NET Telecom Italia Sparkle


Trace 213.42.82.115 ...
 1 10.2.0.30        62ms   59ms   60ms  TTL:  0
(dnvrcodp04xvg01ras.qintra.com ok)
 2 10.2.0.1         60ms   62ms   58ms  TTL:  0  (No rDNS)
 3 10.1.232.225     62ms   61ms   62ms  TTL:  0  (No rDNS)
 4 10.1.232.89      60ms   60ms   61ms  TTL:  0  (No rDNS)
 5 155.70.42.81      *     62ms   59ms  TTL:  0  (No rDNS)
 6 155.70.33.138    59ms   61ms   79ms  TTL:  0
(dnvrcodp04xfr06.qintra.com ok)
 7 67.135.64.197    63ms   62ms   65ms  TTL:  0
(hlr-edge-02.inet.qwest.net fraudulent rDNS)
 8 205.171.253.57   64ms   64ms   62ms  TTL:  0
(hlr-core-01.inet.qwest.net fraudulent rDNS)
 9 67.14.12.58      90ms   88ms   85ms  TTL:  0
(svl-core-01.inet.qwest.net fraudulent rDNS)
10 205.171.214.38   88ms   86ms   91ms  TTL:  0
(pax-brdr-02.inet.qwest.net fraudulent rDNS)
11 63.146.27.6     113ms    *      *    TTL:  0  (No rDNS)
12 213.144.181.170 394ms  412ms  394ms  TTL:  0
(customer-side-etisalat-4-pal9.pal.seabone.net ok)
13 195.229.1.194   395ms  394ms  393ms  TTL:  0  (No rDNS)
14 194.170.0.146   395ms  400ms  394ms  TTL:  0  (lmail.emirates.net.ae
fraudulent rDNS)
15 213.42.8.117    399ms  399ms  397ms  TTL:  0  (No rDNS)
16 213.42.64.54    414ms  412ms  412ms  TTL:  0  (No rDNS)
17 213.42.82.115   367ms  374ms  375ms  TTL:107  (tdd623.emirates.net.ae
probable bogus rDNS: No DNS)
                                                      

Regards,

Sara Roper
Qwest Managed Security Services
sara.roper at qwest.com
(303)664-7417 (desk)
(303)653-1484 (mobile)


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list