[nsp-sec] Phishing site - AS32244 Liquid Web (attn Google as well, search results)

[Borja Marcos]

Hi

We have found a phishing site trying to impersonate www.saremail.com (our customers webmail system).

The phishing site is here,
http://www.peticiones.es/externo/www.saremail.net/src/read_body.php?account=0&mailbox=INBOX&passed_id=14696&startMessage=1

trillian:~ borjam$ whois -h whois.cymru.com 50.28.21.178
AS      | IP               | AS Name
32244   | 50.28.21.178     | LIQUID-WEB-INC - Liquid Web, Inc.

trillian:~ borjam$ whois -h peer.whois.cymru.com 50.28.21.178
PEER_AS | IP               | AS Name
174     | 50.28.21.178     | COGENT Cogent/PSI
2381    | 50.28.21.178     | WISCNET1-AS - WiscNet
3257    | 50.28.21.178     | TINET-BACKBONE Tinet Spa
3356    | 50.28.21.178     | LEVEL3 Level 3 Communications
3549    | 50.28.21.178     | GBLX Global Crossing Ltd.
3561    | 50.28.21.178     | SAVVIS - Savvis
6939    | 50.28.21.178     | HURRICANE - Hurricane Electric, Inc.


They have managed to have it appear in the first page of results, so, Dear Google, pray do something so that a search for "www.saremail.net" doesn't return this:

http://www.google.es/url?sa=t&rct=j&q=www.saremail.net&source=web&cd=3&ved=0CDwQFjAC&url=http%3A%2F%2Fwww.peticiones.es%2Fexterno%2Fwww.saremail.net%2Fsrc%2Fread_body.php%3Faccount%3D0%26mailbox%3DINBOX%26passed_id%3D14696%26startMessage%3D1&ei=Js1YT9rGMIe-0QWen_jgDQ&usg=AFQjCNE3aLWl7yUmjKCKqhuNXL0_hU490g

Any useful contacts for Liquid Web? I've sent an email to abuse but there is no answer so far.



Cheers,






Borja.