[nsp-sec] AS5713 - phishing drop box

Roper, Sara Sara.Roper at qwest.com
Mon Oct 13 13:18:25 EDT 2008 

All,
 
Anyone with contacts at AS5713?  It seems they're hosting a phishing
drop box targeting Qwest customers.  :(  Example below - I'm working to
obtain full headers.  Whois info:
 
bash-2.04$ whois -h whois.cymru.com 196.25.210.98
AS      | IP               | AS Name
5713    | 196.25.210.98    | SAIX-NET
bash-2.04$ whois -h peer-whois.cymru.com 196.25.210.98
PEER_AS | IP               | AS Name
174     | 196.25.210.98    | COGENT Cogent/PSI
1299    | 196.25.210.98    | TELIANET TeliaNet Global Network
3257    | 196.25.210.98    | TISCALI-BACKBONE Tiscali Intl Network BV
3356    | 196.25.210.98    | LEVEL3 Level 3 Communications
3491    | 196.25.210.98    | BTN-ASN - Beyond The Network America, Inc.
3549    | 196.25.210.98    | GBLX Global Crossing Ltd.
6461    | 196.25.210.98    | MFNX MFN - Metromedia Fiber Network
7018    | 196.25.210.98    | ATT-INTERNET4 - AT&T WorldNet Services
10310   | 196.25.210.98    | YAHOO-1 - Yahoo!
 
 
-------------------------
From: "QWEST WEBMAIL" <ksjberk at pa.net>

To: <undisclosed-recipients:>

Sent: Saturday, October 11, 2008 11:33 AM

Subject: PLEASE PROTECT YOUR QWEST WEBMAIL ACCOUNT FROM BEING CLOSED

 

> This is to notify you that we are presently UPGRADING our QWEST 

> WEBMAIL, this maintenance can close your QWEST WEBMAIL account 

> completely. Please do not say you were not informed, your urgent 

> response is highly needed, to protect your email account from being 

> closed, please forward your QWEST.NET USERNAME and PASSWORD to our 

> customer services with email

> address: qwestnet at webmail.co.za

 

Regards,

Sara Roper
Qwest Managed Security Services
sara.roper at qwest.com
(303)458-2105 (desk)
(303)653-1484 (mobile)

 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list