phishing

Technomage technomage-hawke at cox.net
Thu Jan 11 12:14:54 MST 2007


On Thursday 11 January 2007 08:08, keith smith wrote:
> Good Morning to all you guru's out there in PLUG land!
>
> I received an email this morning:
>
> From : Bank of America
> Subject : Account Authentication Required
>
> Saying I needed to verify my account.  It contained a link that took me to
>
> http://203.199.124.235/bankofamerica.com/
>
> Obviously this is fraudulent.  My first clue was I do not have a BofA
> account :)
>
> So this form asks for account numbers, social security number, date of
> birth, mothers maiden name .... ETC.
>
> This is the second time I have received this type of email.  Both times I
> have reported it to BofA.
>
> So now I'm curious.  I would like to do a little detective work here.  I
> went to DNSStuff.com and did a reverse lookup and the IP shows it is in
> India City....
>
> I know there must be a Linux command that I can run to learn more about
> this IP.  I'm wondering just how much information I might be able to learn
> from just having this limited amount of information and how I would go
> about it.
>
> Any Ideas?
>
> Thanks,
> Keith
>
>
>
>
> Keith Smith

here's what I got using whois....

***********
proudhawk at leopard:~> whois 203.199.124.235
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:      203.199.0.0 - 203.199.255.255
netname:      VSNL-IN
descr:        Videsh Sanchar Nigam Ltd - India.
descr:        Videsh Sanchar Bhawan, M.G. Road
descr:        Fort, Bombay 400001
country:      IN
admin-c:      IA15-AP
tech-c:       VT43-AP
remarks:      -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be modified by APNIC hostmaster
remarks:      If you wish to modify this object details please
remarks:      send email to hostmaster at apnic.net with your organisation
remarks:      account name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by:       APNIC-HM
mnt-lower:    MAINT-VSNL-AP
mnt-routes:   MAINT-VSNL-AP
changed:      hm-changed at apnic.net 20040318
status:       ALLOCATED PORTABLE
changed:      hm-changed at apnic.net 20040319
source:       APNIC

person:       IP Administrator
nic-hdl:      IA15-AP
e-mail:       ip.admin at vsnl.co.in
address:      6th Floor, LVSB, VSNL
address:      Kashinath Dhuru marg, Prabhadevi
address:      Dadar(W), Mumbai 400028
address:      India
phone:        +91-22-56633503
fax-no:       +91-22-24320132
country:      IN
changed:      gpsingh at giasbm01.vsnl.net.in  20040312
mnt-by:       MAINT-VSNL-AP
source:       APNIC

person:       VSNL Tech
nic-hdl:      VT43-AP
e-mail:       ip.tech at vsnl.co.in
address:      6th Floor, LVSB, VSNL
address:      Kashinath Dhuru marg, Prabhadevi
address:      Dadar(W), Mumbai 400028
address:      India
phone:        +91-22-56633503
fax-no:       +91-22-24320132
country:      IN
changed:      kapilkumar.jain at vsnl.co.in 20040312
mnt-by:       MAINT-VSNL-AP
source:       APNIC




More information about the PLUG-discuss mailing list