[nsp-sec] ACK 174 RE: Phishing site at AS24611 (DCLUXNET)

Par Osterberg Medina par.osterberg at sitic.se
Thu May 29 05:02:12 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

I've contacted the hosting firm (make-it.se) with a request to take the
system down.

- --
Mvh / Regards
Pär Österberg Medina - Sitic, GovCERT-SE


Shelton, Steve wrote:
> ----------- nsp-security Confidential --------
> 
> Hello,
> 
> I'll see if I can help with this one.  The site is currently pulling
> content from 212.247.61.24.
> 
> </head>
> <frameset rows="*,1" frameborder="NO" border="0" framespacing="0">
>   <frame src="http://212.247.61.24:1280/visa/index.html"
> name="EuroDNSmainFrame"
> 
> URL: http://212.247.61.24:1280/visa/index.html
> 
> 1257    | 212.247.61.24    | TELE2
> 
> Steve Shelton
> Network Security Engineer
> Cogent Communications
> 
> 
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Veronika
> Berglund
> Sent: Wednesday, May 28, 2008 7:25 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Phishing site at AS24611 (DCLUXNET)
> 
> ----------- nsp-security Confidential --------
> 
> Is someone around that could help getting this site taken down,
> http://www.visaverified-se.cn:80/
> 
> AS	| IP		| AS Name
> 24611	| 80.92.66.14	| DCLUX-AS Datacenter Luxembourg S.A.
> 
> We've gotten a large amount of phishing e-mails regarding this site this
> 
> morning.
> 
> Thanks!
> Veronika
> --
> Veronika Berglund
> SUNet CERT
> <veronika.berglund at cert.sunet.se>
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIPnEUpIEfudwUi78RApMGAJ9RJDzUoNEeSu9j2ZMULwYBbpGWagCcCcSI
1whTEUxvB/wla4p20CwNTxk=
=gPMM
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list