Phish Alert
Full Report:  /NatWest_Rock_Phish_phish840101.html
Consumed following related reports:
[840019] http://www.natwest.com.ddddll.co.uk/globalsite/isapidl/form.ashx?pc=7928845395730644363115315542176986043742954014832757754&id=2564475880
The URL accesses a phishing site with one fake bank. It has the potential to host multiple fake banks.
IP addresses 121.146.224.190, 121.169.35.139, 211.243.151.230, 76.111.24.146, 89.32.130.125 were active at Sat, 24 May 2008 11:47:34 +0000 (GMT).
Nameservers
NS1.MEDIAPX.COM [194.169.192.117] response 121.146.224.190, 121.169.35.139, 211.243.151.230, 76.111.24.146, 89.32.130.125 in 174 mSec
were active at the same timeChanged status to confirmed phish.IP Converted: 121.146.224.190
dword = 2039668926
hex1 = 0x7992e0be
hex2 = 0x79.0x92.0xe0.0xbe
oct = 0171.0222.0340.0276
IP Converted: 121.169.35.139
dword = 2041127819
hex1 = 0x79a9238b
hex2 = 0x79.0xa9.0x23.0x8b
oct = 0171.0251.043.0213
View CIDR AS4766 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4766
"4766 | KR | apnic | 1996-04-22 | KIXS-AS-KR Korea Telecom"<br />
Extended information for AS4766:
State/Province:
Country: kr
Responsible Domain: kornet.net
Abuse Email: abuse@kornet.net
IP Converted: 211.243.151.230
dword = 3555956710
hex1 = 0xd3f397e6
hex2 = 0xd3.0xf3.0x97.0xe6
oct = 0323.0363.0227.0346
View CIDR AS9318 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9318
"9318 | KR | apnic | 1998-06-03 | HANARO-AS Hanaro Telecom Inc."<br />
Extended information for AS9318:
State/Province:
Country: kr
Responsible Domain: hananet.net
Abuse Email: abuse@hananet.net
IP Converted: 76.111.24.146
dword = 1282349202
hex1 = 0x4c6f1892
hex2 = 0x4c.0x6f.0x18.0x92
oct = 0114.0157.030.0222
View CIDR AS33657 Report: http://www.cidr-report.org/cgi-bin/as-report?as=33657
"33657 | US | arin | 2005-02-16 | DNEO-OSP7 - Comcast Cable Communications, Inc."<br />
Extended information for AS33657:
State/Province: nj
Country: us
Responsible Domain: comcast.net
Abuse Email: abuse@comcast.net
IP Converted: 89.32.130.125
dword = 1495302781
hex1 = 0x5920827d
hex2 = 0x59.0x20.0x82.0x7d
oct = 0131.040.0202.0175
View CIDR AS34825 Report: http://www.cidr-report.org/cgi-bin/as-report?as=34825
"34825 | RO | ripencc | 2005-04-11 | MEGANET-AS SC Mega Net Distribution SRL"<br />
Extended information for AS34825:
State/Province:
Country: ro
Responsible Domain: scmeganet.ro
Abuse Email: dan_daniel1999@yahoo.com
IP Converted: 194.169.192.117
dword = 3265904757
hex1 = 0xc2a9c075
hex2 = 0xc2.0xa9.0xc0.0x75
oct = 0302.0251.0300.0165
View CIDR AS25486 Report: http://www.cidr-report.org/cgi-bin/as-report?as=25486
"25486 | DE | ripencc | 2002-12-09 | LUN-AS Lightup Network Solutions GmbH & Co. KG"<br />
Extended information for AS25486:
State/Province:
Country: de
Responsible Domain: lightupnet.de
Abuse Email: security@lightupnet.de
REGISTRAR GX Networks Ltd t/a 123-Reg.co.uk [Tag = 123-REG]:
Domain DDDDLL.CO.UK has been registered with GX Networks Ltd t/a 123-Reg.co.uk [Tag = 123-REG] for fraudulent purposes.
It is part of a network of phishing sites with multiple fake banks.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
REGISTRAR INTERNET INVEST, INC. DBA IMENA.UA:
Domain MEDIAPX.COM has been registered with INTERNET INVEST, INC. DBA IMENA.UA for fraudulent purposes.
It is part of a network of phishing sites with multiple fake banks.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
HOST HANARO-AS:
The machine at IP address
211.243.151.230
is acting as proxy for the real server for these criminal websites. Please shut it down.
PLEASE check the logs for this IP to find the address that it was forwarding
requests to at the time given above , and pass the information to us or to Law Enforcement.
=================================
HOST Comcast Cable Communications:
The machine at IP address
76.111.24.146
is acting as proxy for the real server for these criminal websites. Please shut it down.
PLEASE check the logs for this IP to find the address that it was forwarding
requests to at the time given above , and pass the information to us or to Law Enforcement.
=================================
HOST MEGANET-AS SC:
The machine at IP address
89.32.130.125
is acting as proxy for the real server for these criminal websites. Please shut it down.
PLEASE check the logs for this IP to find the address that it was forwarding
requests to at the time given above , and pass the information to us or to Law Enforcement.
=================================
HOST Korea Telecom:
The machine at IP addresses
121.146.224.190 and 121.169.35.139
is acting as proxy for the real server for these criminal websites. Please shut it down.
PLEASE check the logs for this IP to find the address that it was forwarding
requests to at the time given above , and pass the information to us or to Law Enforcement.
=================================
NAMESERVER HOST Lightup Network Solutions:
Nameserver
NS1.MEDIAPX.COM [194.169.192.117] - response 174 mSec
has been set up on your network to serve addresses for this phishing domain and others.
No legitimate domains use this nameserver.
Please shut it down urgently.
Please close the customer's account.
If possible please also be alert for anyone setting up other nameservers on your network for this domain. | Quote: | | http://www.natwest.com.ddddll.co.uk/globalsite/isapidl/form.ashx?pc=7217541047904827621759747046303019455914165591552&id=11442125 |
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
