[nsp-sec] Ping Cogent / Level3 / GBLX / TWTC (phishing site)
Janish, Nathan
Nathan.Janish at Level3.com
Mon Jul 25 19:13:38 EDT 2011
Jason,
I'll put someone on it.
Nathan Janish
Level3 Network Security
----- Original Message -----
From: nsp-security-bounces at puck.nether.net <nsp-security-bounces at puck.nether.net>
To: nsp-security NSP <nsp-security at puck.nether.net>
Sent: Mon Jul 25 17:00:11 2011
Subject: [nsp-sec] Ping Cogent / Level3 / GBLX / TWTC (phishing site)
----------- nsp-security Confidential --------
Hello all,
Could someone from Cogent / Level3 / GBLX / TWTC please assist with
takedown of a phishing site ?
This site has been active since April 2011. Each time we report it to
the provider (eNet / XLHost / EE.Net), they reply it will be shutdown
within 24-48 hours.
I'm wondering if maybe LEO involvement is keeping the site active ??
Not on our doing as far as I know. I started brute forcing names and
found this site also hosts a phishing page for UCSC.
hxzp://university-admin.totalh.com/ucla.html
hxzp://university-admin.totalh.com/ucsc.html
The form results go to formbuddy.com. I've yet to report that user
account (nimi).
AS | IP | AS Name
10297 | 209.51.196.250 | ENET-2 - eNET Inc.
PEER_AS | IP | AS Name
174 | 209.51.196.250 | COGENT Cogent/PSI
3356 | 209.51.196.250 | LEVEL3 Level 3 Communications
3549 | 209.51.196.250 | GBLX Global Crossing Ltd.
4323 | 209.51.196.250 | TWTC - tw telecom holdings, inc.
Thanks / Regards,
--
Jason Chambers
UCLA
jchambers at ucla.edu
310-206-5603
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list