[nsp-sec] Phishing form at AS2914
Gabriel Iovino
giovino at ren-isac.net
Thu Jan 27 08:52:21 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Can someone at NTT take a look at the following:
> hxxp://ayemman.com/upgrade/secured/index.htm
> hxxp://ayemman.com/
We first saw this and reported it to <abuse at ntt.net> on (15 Dec 2010
13:40:09 -0600) but unfortunaly didn't provide a lot of supporting
information.
At that time it was an iframe at the following URL:
> hxxp://pulsix.com/vrmn
The message body of the Phishing email was this:
> To ensure quick, responsive e-mail services, it is necessary to establish l=
> imits on the amount of e-mail each user may store on the system. The volume=
> of e-mail you are storing on the Central e-mail system is now exceeding yo=
> ur normal space allocation. To request for more storage space on your webma=
> il account, simply click here<hxxp://pulsix.com/vrmn>
Yesterday we got another report of ayemman.com used in a Phishing scheme
but did not get any supporting details. If I get some, I'll be sure to
pass them along.
> dig ayemman.com +short
> 207.57.109.18
> AS | IP | AS Name
> 2914 | 207.57.109.18 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
Thanks
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1BeJUACgkQwqygxIz+pTvKJgCfVIf8sbHMHt5EWFkAKC2j9ePf
yvUAmwSbJIo/SZRMW0jxZSK6Mf98UJDk
=pkc8
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list