[nsp-sec] Help with Phishing @ AS48500
Gabriel Iovino
giovino at ren-isac.net
Fri Oct 28 10:12:04 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
Can anyone help get this Phishing site taken offline? I have been
unsuccessful via conventional methods.
> -----
> Type: Phishing
> IP address: 94.230.68.44
> Date/Time (UTC): 2011-10-28 14:06:46Z
> URL: hxxp://woki.as48500.net/phpform/phpform/use/php/form1.html
> First Seen: 2011-10-24 15:35:06Z
> -----
> whois -h whois.cymru.com 94.230.68.44
> AS | IP | AS Name
> 48500 | 94.230.68.44 | IRPNET-AS IrpiniaNetCom SRL
> whois -h peer.whois.cymru.com 94.230.68.44
> PEER_AS | IP | AS Name
> 12874 | 94.230.68.44 | FASTWEB Fastweb SpA
Sample Phishing email message body:
Your mailbox has exceeded the storage limit set by your
administrator,you may not be able to send or receive new mail until you
re-validate your mailbox.To re-validate your mailbox please CLICK
HERE<hxxp://woki.as48500.net/phpform/phpform/use/php/form1.html>: System
Administrator
Thanks
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAk6quDMACgkQwqygxIz+pTtRnACgvtveul+FGOiz21GNuP2v1Tgt
Es0AoM+5DP7n1QXFeCsJnU5Pc7CX+/62
=wb5m
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list