Phish Alert
 
 Full Report: /Equifax_Rock_Phish_phish953501.html
 
 Consumed following related reports:

[953588] http://www.eport.equifax.com.file3.org/eport/member_id.jsp?session=919512322152254472782944743809233864753714271130626023928129781614398952
[953597] http://www.eport.equifax.com.file3.org/eport/member_id.jsp?session=3D5162010754735904410811319843227168833393947476250572425827006836
Changed status to confirmed phish.IP Converted: 61.114.66.102

dword = 1030898278
hex1 = 0x3d724266
hex2 = 0x3d.0x72.0x42.0x66
oct = 075.0162.0102.0146
View CIDR AS10002 Report: http://www.cidr-report.org/cgi-bin/as-report?as=10002

"10002 | JP | apnic | 2000-04-27 | ICT IGAUENO CABLE TELEVISION CO.,LTD"<br />
Extended information for AS10002:
State/Province:
Country: jp
Responsible Domain: ict-tv.co.jp
Abuse Email: yoshi@ict-tv.co.jp
IP Converted: 59.25.174.151

dword = 991538839
hex1 = 0x3b19ae97
hex2 = 0x3b.0x19.0xae.0x97
oct = 073.031.0256.0227
View CIDR AS4766 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4766

"4766 | KR | apnic | 1996-04-22 | KIXS-AS-KR Korea Telecom"<br />
Extended information for AS4766:
State/Province:
Country: kr
Responsible Domain: kornet.net
Abuse Email: abuse@kornet.net
IP Converted: 89.46.37.173

dword = 1496196525
hex1 = 0x592e25ad
hex2 = 0x59.0x2e.0x25.0xad
oct = 0131.056.045.0255
View CIDR AS32748 Report: http://www.cidr-report.org/cgi-bin/as-report?as=32748

"32748 | US | arin | 2004-07-16 | STEADFAST - NoZone, Inc."<br />
Extended information for AS32748:
State/Province: wi
Country: us
Responsible Domain: nozoneinc.com
Abuse Email: noc@nozoneinc.com
The URL accesses a phishing site hosted on a bot net.
IP addresses 12.202.108.211, 124.86.130.228, 142.177.231.216, 203.243.220.175, 59.25.174.151, 61.114.66.102, 80.73.12.66 were active at Mon, 08 Sep 2008 23:33:48 +0000 (GMT).
Nameservers
NS1.LENGINESS.COM [89.46.37.173] response 12.202.108.211, 124.86.130.228, 142.177.231.216, 203.243.220.175, 59.25.174.151, 61.114.66.102, 80.73.12.66 in 45 mSec
NS1.MORECCN.COM [89.46.37.173] response 12.202.108.211, 124.86.130.228, 142.177.231.216, 203.243.220.175, 59.25.174.151, 61.114.66.102, 80.73.12.66 in 45 mSec
were active at the same time
=================================
REGISTRAR :Internet Invest, Ltd. dba Imena.ua:
Domain FILE3.ORG has been registered with Imena.ua for fraudulent purposes.
It is part of a network of phishing sites hosted on a bot net.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.

This domain was used in reported phishing frauds dated 7/24/08:
http://chaseonline.chase.com.file3.org/Secure/webform/

=================================
REGISTRAR REGISTER.COM,:
Domain LENGINESS.COM has been registered with REGISTER.COM, for fraudulent purposes.
It is part of a network of phishing sites hosted on a bot net.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
REGISTRAR eNom:
Domain MORECCN.COM has been registered with eNom for fraudulent purposes.
It is part of a network of phishing sites hosted on a bot net.
Please suspend this domain immediately to prevent further criminal activity.
Please also check for any domains registered using the same (stolen) identity and credit card details, or the same email address.
=================================
NAMESERVER HOST STEADFAST - NoZone, Inc:
Nameservers
NS1.LENGINESS.COM [89.46.37.173] - response 45 mSec
NS1.MORECCN.COM [89.46.37.173]
have been set up on your network to serve addresses for this phishing domain and others.
No legitimate domains use these nameservers.
Please shut them down urgently.
Please close the customer's account.
If possible please also be alert for anyone setting up other nameservers on your network for this domain.
=================================