[nsp-sec] UBP Phish (at 68.168.209.243/AS19318/Interserver, Inc)
Nicolas Fischbach
nicolist at securite.org
Thu Oct 31 10:27:24 EDT 2013
Hi all,
Arrigo reached out to seek help regarding the shutdown of this phish
site which seems to keep returning. Does anyone have a (trusted)
contact at 19318/Interserver ?
Thanks,
Nico (Colt, 8220).
-------- Original Message --------
Subject: Phishing site
Date: Thu, 31 Oct 2013 03:18:12 +0100
From: Arrigo Triulzi <arrigo at sevenseas.org>
To: Nicolas Fischbach <nico at securite.org>
Ciao Nico,
the problem is:
ubpen.com (68.168.209.243, AS10334)
ubpeng.com (same as above)
both registered to:
Registrant Contact Details:
Ubpacks Intl
Ubpacks Intl (ubpacks at outlook.com)
Zalman Shazar 217/12
Tsfat
Tsfat,61238
IL
Tel. +972.97246932409
obviously not Union Bancaire Privé... and more specifically:
hxxp://ubpen.com/en/
-> hxxp://ubpen.com/page/en.html
which contains a fake e-banking and e-banking signup site:
hxxp://ubpen.com/page/etransact/register.html
hxxp://ubpen.com/page/etransact/register.html
I had managed to get its sister site hxxp://ubpeng.com/en/ down via the
provider yesterday but it bounced back up again today as both domains
again by changing /home/en.html -> /page/en.html.
The hxxp://ubpen[g].com/ URL just gives you a directory listing with a
cgi-bin.
If we could get them offline it would be nice, apparently it is being
very successful.
Arrigo
--
Arrigo Triulzi <arrigo at sevenseas.org> - Independent Security Consultant
PGP: 0x50CA88330B5B541E / 7625 6707 2B2E 77D8 C4FE 59EF 50CA 8833 0B5B
541E
More information about the nsp-security
mailing list