[nsp-sec] Phishing site at 64.15.137.185
Chris Calvert
Chris.Calvert at telus.com
Mon Jan 11 11:16:03 EST 2010
Hi Thomas
I doubt anyone directly representing the owners of that IP are on the list.
Looks like iWeb (AS32613). I've had brief contact with their Abuse team before (as an individual reporting malware-infected hosts distributing stuff), took a few tries to get their attention but I was able to get responses. No insight into "Monsterhosting.ca" at all.
Have you tried iWeb's abuse contact?
OrgAbuseHandle: ABUSE1906-ARIN
OrgAbuseName: Abuse Coordinator
OrgAbusePhone: +1-514-286-4242
OrgAbuseEmail: abuse at noc.privatedns.com
I can probe a few contacts and see if they have iWeb contacts, but I'll have to share the phish URL and very brief details (i.e., targeted against Swedish victims) to get action... permission?
Regards,
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Thomas Stridh
> Sent: Monday, January 11, 2010 7:44 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Phishing site at 64.15.137.185
>
> ----------- nsp-security Confidential --------
>
> Hi
>
> Several Universities in Sweden has false login web pages on
>
> http://64.15.137.185/~mrtech/
>
> it has been phishing mails attempting to get people to login on the web
> page.
>
> We would like this site to be taken down ASAP.
>
> regards,
> /Thomas Stridh,
> SUNet CERT
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list