Phish Alert
 
 Full Report: /UMB_phish829719.html
 
 Phish was active at time of investigationChanged status to confirmed phish.IP Converted: 203.68.220.17

dword = 3410287633
hex1 = 0xcb44dc11
hex2 = 0xcb.0x44.0xdc.0x11
oct = 0313.0104.0334.021
View CIDR AS1659 Report: http://www.cidr-report.org/cgi-bin/as-report?as=1659

"1659 | TW | apnic | 2002-08-01 | ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center"<br />
Extended information for AS1659:
State/Province:
Country: tw
Responsible Domain: moe.edu.tw
Abuse Email: abuse@moe.edu.tw
Consumed following related reports:

[830234] http://srvanti.must.edu.tw:10010

Edit: The server hosting the phish has been taken down.



-----BEGIN PGP SIGNED MESSAGE-----

=========================================================
¥xÆW¹qž£ºôžôŠMŸ÷³B²zº[šóœÕ€€€ß€J«IšÆ¥ó³q³ø
Message from TWCERT/CC (twcert@cert.org.tw)
Unauthorised scanning from your domain(203.68.220.17).
=========================================================

¡iGreeting in Chinese¡j

±zŠn¡A
§Ú­Ì¬O¥xÆW¹qž£ºôžôŠMŸ÷³B²zº[šóœÕ€€€ß¡A¥D­nªA°È€º®e¬°ºôžôŠw¥þ§Þ³N¿Ôžß¡B
€J«IšÆ¥ó³B²z¡BŠw¥þ³q§iµo§Gµ¥¡A€u§@©Êœè»P¬ü°êCERT/CCÃþŠü¡C
°²Šp±z·Q¶i€@šB±oªŸ¥»€€€ß¬ÛÃö°T®§¥i³sµ²ŠÜ
http://www.cert.org.tw

¡iGreeting in English¡j

Dear Sir,
We are the Computer Emergency Response Team/Coordination Center
(CERT/CC) in Taiwan (TW). TWCERT/CC is a nonprofit organization providing
incidents reporting and technical information publication in Taiwan,
similar to those provided by the United States CERT Coordination Center
that you may be familiar with.

If you wish to find out more about TWCERT/CC, please visit our Web Page:
http://www.cert.org.tw

¡iDetail in Chinese¡j

§Ú­ÌŠ¬šì€@¥ó€J«IšÆ¥ó³q³ø(Incident Report)¡A
Ž£šìžg¥Ñ±z©ÒºÞÁÒºô¬q€ºªº¹qž£¡A
¹ï²Ä€TªÌ¶iŠæ¥Œžg±ÂÅvªººôžôŠsšúŠæ¬°©Î¶iŠæºôžôžê°TªºŠ¬¶°¡A
«ØijÀˬd©ÒºÞÁÒªºip¬O§_šÏ¥ÎªÌ€£ŠXªkšÏ¥Î¡A©Î³Q·í§@žõªO€J«I¥L€H¹qž£¡A
·qœÐšó§U³B²zšÃŽfÂбzªº³B²zµ²ªG¡C

Š¹€@¥Œžg±ÂÅvªºšÓ·œŠì§}¡G<<203.68.220.17>>

°w¹ïŠ¹€@€J«IšÆ¥ó¡A§Ú­Ì€wžgµ¹€©€@€J«IšÆ¥óœsž¹
<<TWCERT/CC-incident-reponse-F#2008-05-19-2836>>¡A
¹ï©ó¥»€J«IšÆ¥ó¬ÛÃöšÆ©yªºŠ^ÂМКϥΞӜsž¹šÓ¶iŠæ¡A¥H«K°lÂܚƥó³B²zª¬ªp¡C
<<203.68.220.17>>©Ò¶iŠæªººôžô±ŽŽú©Î¥Œ±ÂÅvªººôžôŠsšú°Ê§@ªºšt²Îœ]®Ö°O¿ýªþŠb¥»°T®§«á­±¡C

ŠpªG±z€£¬O³B²zŠ¹€@€J«IšÆ¥ó³q³øªºŸA·í€H­û¡A
©Î¬O€£À³žÓ±µšüšì¥»€@€J«IšÆ¥ó³q³ø¡A
¥i¯à¬OŠ]¬°¥H€Uªº­ìŠ]©Ò³yŠšªº¡G

¶iŠæºôžô±œŽy¥H€Î±Ž¯ÁªºšÓ·œŠì§}Ž¿žg³Q«§ï¹L¡A
€~·|¿ù»~ªº«ü¥X¥»Šž€J«I¬OŠb±z©ÒºÞÁÒ€Uªººôžô©Òµo¥Í¡A
ŠpªG±zŠbºôžôªºLOGÀÉ€€œT©wšSŠ³¶iŠæŠ¹Šžªº€J«IŠæ¬°¡A
œÐ±z©¿²€Š¹€@³q³ø¡AšÃ§iªŸ§Ú­Ì¡C

¥Ñ©óWhoisžê®Æ®w©|¥Œ§ó·s©Î¬O¿é€J¿ù»~¡A
€~·|«ü¥X±zªº¹q€l¶l¥ó¬OŠ¹Šž€J«IšÆ¥ó³q³øªºÁpµž€H¡A
°ò©ó³oŒËªº¿ù»~¡AÅwªï±z³qªŸ§Ú­Ì¥H«K­×¥¿Ápµž²M³æ¡C

·PÁ±z¹ï©óŠ¹€@€J«IšÆ¥óªº³B²z¡A·PÁ±zªº°tŠX»P€ä«ù¡I
­YŠ³¥ôŠó»Ý­n§Ú­Ìšó§UªºŠa€è¡AÅwªï±zÁpµž§Ú­Ì¡A§Ú­Ì±NºÜžÛ¬°±zªA°È¡C

­Y¬O±z¹ï©óŠ¹€@šÆ¥óŠ³¥ôŠó»Ý­nÁpµžTWCERT/CC¡A
œÐ±N±zªº·Nš£±Hšì twcert@cert.org.tw¡A
šÃŠb«H¥óªº¥DŠ®ªþ€WŠ¹€@«H¥óªº¬ö¿ýœsž¹
(šÒŠp¡GTWCERT/CC-incident-report-#XXXXXXXX-XXXX).


·q¯¬

Žr§Ö

______________________________________________________________________

Ša¡@¡@§}¡G °ª¶¯¥«804¹ª€s°Ïœ¬®üžô70ž¹
Ápµž¹qžÜ¡G +886-7-5250211
¶Ç¯u¹qžÜ¡G +886-7-5252539
¹q€l¶l¥ó«Hœc¡G twcert@cert.org.tw
PGP key: http://www.cert.org.tw/eng/pgp.htm

______________________________________________________________________

¡iDetail in English¡j
We have received an incident report detailing unauthorized scanning
activity which originated from an IP address that you are registered
as a contact for.
If you are not the correct person to be contacted for this incident,
we would mostly appreciate it if you could contact the appropriate
person with the details and inform us.

The unauthorized scanning has originated from: <<203.68.220.17>>.

A reference number <<TWCERT/CC-incident-reponse-F#2008-05-19-2836>> has
been assigned to this incident. Please use this reference number in
the subject field of future correspondences regarding this incident.
You will find some log excerpt appended at the end of this message.
Could you please acknowledge receipt of this message and inform us of
the actions taken?

If you believe that you have received this message in error, one or more
of these explanations may apply:

The source address of the original scan/probe may have been forged,
with the result that your network has been erroneously identified as
the origin of this incident. If you determine that no activity of this
nature has originated from your network at the logged time(s), please
disregard this message and inform us.

Your email address(es) are incorrectly listed as the contacts for the
reported IP address in the WHOIS database. We would appreciate it if you
could inform us with the correct WHOIS contact details.

Thank you very much for your efforts on this matter, we appreciate it
greatly. If there is any further assistance that we can provide you,
please do not hesitate to contact us.

If you would like to contact TWCERT/CC about this incident, please address
your communication to twcert@cert.org.tw and maintain the subject line
from this message (an additional \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'////// is ok), including the tracking code
(eg. TWCERT/CC-incident-report-#XXXXXXXX-XXXX).

Thank you.
Regards,