Phish Alert
Full Report:  /Botnet_NatWest_phish856353.html
The URL accesses a NatWest Bank phishing site hosted on a bot net.
IP addresses 222.96.64.208, 82.78.230.197, 84.108.120.96, 84.25.2.69, 85.178.236.230, 86.121.244.251, 86.55.145.87 were active at Sat, 07 Jun 2008 17:53:58 +0000 (GMT).
Nameservers
NS1.THEYESNET.COM [208.84.149.131] response 222.96.64.208, 82.78.230.197, 84.108.120.96, 84.25.2.69, 85.178.236.230, 86.121.244.251, 86.55.145.87 in 88 mSec
were active at the same time
============================
REGISTRAR 123-reg.co.uk:
Domain MODECONF.ORG.UK has been registered with 123-reg.co.uk for fraudulent purposes.
It is operating a NetWest phishing site hosted on a bot net.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
REGISTRAR SPIRIT DOMAINS:
Domain THEYESNET.COM has been registered with SPIRIT DOMAINS for fraudulent purposes.
It operating nameservers for a network of phishing sites hosted on a bot net.
Please suspend this domain immediately (and null-route the glue records) to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
NAMESERVER HOST RAPIDVPS/DNSULTRA:
Nameserver
NS1.THEYESNET.COM [208.84.149.131]
has been set up on your network to serve addresses for this phishing domain and others.
No legitimate domains use this nameserver.
Please shut it down urgently.
Please close the customer's account.
If possible please also be alert for anyone setting up other nameservers on your network for this domain.
=================================Changed status to confirmed phish.IP Converted: 208.84.149.131
dword = 3495204227
hex1 = 0xd0549583
hex2 = 0xd0.0x54.0x95.0x83
oct = 0320.0124.0225.0203
View CIDR AS17183 Report: http://www.cidr-report.org/cgi-bin/as-report?as=17183
"17183 | US | arin | 2007-03-21 | RAPIDVPS-COM - Infinitum Technologies Inc."<br />
Extended information for AS17183:
State/Province: fl
Country: us
Responsible Domain: rapidvps.com
Abuse Email: abuse@rapidvps.com
Generated and sent email phish alert to respective parties.Consumed following related reports:
[856359] http://www.natwest.co.uk.modeconf.org.uk/serverstack/usersdirectory/ncf.aspx?pc=41863954824497282455545489753033043847978817576132237&id=08785517
[857935] http://www.natwest.com.modeconf.org.uk/serverstack/usersdirectory/ncf.aspx?pc=58796913592266547542897098583792069628888072329017240082457&id=0779684
[857937] http://www.natwest.com.modeconf.org.uk/serverstack/usersdirectory/ncf.aspx/?
[858436] http://www.natwest.com.modeconf.org.uk/serverstack/usersdirectory/ncf.aspx/
| Quote: | | http://www.natwest.co.uk.modeconf.org.uk/serverstack/usersdirectory/ncf.aspx?pc=892882300357720653950258677933516459591528478123098003092&id=2248446783 |
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
