[nsp-sec] Ping Cogent / Level3 / GBLX / TWTC (phishing site)
Jason Chambers
jchambers at ucla.edu
Mon Jul 25 19:00:11 EDT 2011
Hello all,
Could someone from Cogent / Level3 / GBLX / TWTC please assist with
takedown of a phishing site ?
This site has been active since April 2011. Each time we report it to
the provider (eNet / XLHost / EE.Net), they reply it will be shutdown
within 24-48 hours.
I'm wondering if maybe LEO involvement is keeping the site active ??
Not on our doing as far as I know. I started brute forcing names and
found this site also hosts a phishing page for UCSC.
hxzp://university-admin.totalh.com/ucla.html
hxzp://university-admin.totalh.com/ucsc.html
The form results go to formbuddy.com. I've yet to report that user
account (nimi).
AS | IP | AS Name
10297 | 209.51.196.250 | ENET-2 - eNET Inc.
PEER_AS | IP | AS Name
174 | 209.51.196.250 | COGENT Cogent/PSI
3356 | 209.51.196.250 | LEVEL3 Level 3 Communications
3549 | 209.51.196.250 | GBLX Global Crossing Ltd.
4323 | 209.51.196.250 | TWTC - tw telecom holdings, inc.
Thanks / Regards,
--
Jason Chambers
UCLA
jchambers at ucla.edu
310-206-5603
More information about the nsp-security
mailing list