Stopping fakes sites

[pegasys]

I got this email supposedly from paypal saying that my account may become inactive, I am aware it is a scam and the link is an IP address belongs to a company in Vietnam. I have mailed the technical emamil address on there to let him know that this dodge link is on their web server but is there any chance that I can do anything else to stop other people clicking on this link?

This link is http://203.162.1.205/support/support.asp

[SirDice]

You already did all you can do

Reporting the dodgy site and perhaps the real sender's ISP of the email there's something fishy going on is about the only thing you could do. Just make sure you send them the complete email (including all the headers). Don't do any digging yourself as this usually results in your email being ignored. Just state what you think is going on and cut 'n past the headers and the body.

Oh, and if you can find it use the abuse email address. Most providers have one. If it isn't mentioned in the whois info just try abuse@their.domain. If it bounces, see if they have any contact info on their website. Sometimes the technical contacts in the whois info is outdated.

[GONEin62nd]

Found this. Check it out.

Source - apnic - http://www.apnic.net/apnic-bin/whois.pl - search for 203.162.1.205

% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 203.162.0.0 - 203.162.255.255
netname: VNPT-VNNIC-VN
country: VN
descr: Vietnam Posts and Telecommunications (VNPT)
descr: 23 Phan Chu Trinh st., Hanoi capital, Vietnam
admin-c: NXC1-AP
tech-c: KNH1-AP
status: ALLOCATED PORTABLE
changed: hm-changed@vnnic.net.vn 20041011
mnt-by: MAINT-VN-VNNIC
mnt-lower: MAINT-VN-VNPT
source: APNIC

person: Nguyen Xuan Cuong
nic-hdl: NXC1-AP
e-mail: cuong.ng@vnn.vn
address: Vietnam Posts and Telecommunications (VNPT)
address: 18 Nguyen Du street, Hanoi capital, Vietnam
phone: +84-4-9430427
fax-no: +84-4-8226861
country: VN
changed: hm-changed@vnnic.net.vn 20040527
mnt-by: VNPT
source: APNIC

person: Khanh Nguyen Hien
address: Vietnam Datacommunications Company (VDC)
address: 258 Ba Trieu street, Hanoi capital, Vietnam
country: VN
phone: +84-4-8212680
fax-no: +84-4-9760397
e-mail: pbthuy29@vnn.vn
nic-hdl: KNH1-AP
remarks: Contact: pbthuy29@vnn.vn
mnt-by: VNPT
changed: admin.vnn@vnnic.net.vn 20020604
source: APNIC

- You might want to try to contact the above e-mail and report the incident.

-GONE

[pegasys]

I already have, I just wanted to know if I could let someone who allocates the IP addresses to that company as I informed them on monday morning and still the site stays up.

[pegasys]

ok I have the email an I am trying to find the orgin of the email I believe it could be techtarget.

Received: from aamta01-winn.mailhost.ntl.com ([212.250.162.8]) by mta08-winn.mailhost.ntl.com with ESMTP id <20050412184415.EGDD928.mta08-winn.mailhost.ntl.com@aamta01-winn.mailhost.ntl.com>; Tue, 12 Apr 2005 19:44:15 +0100
Received: from muedsl-82-207-246-065.citykom.de ([82.207.246.65]) by aamta01-winn.mailhost.ntl.com with SMTP id <20050412184414.VYCA1187.aamta01-winn.mailhost.ntl.com@muedsl-82-207-246-065.citykom.de>; Tue, 12 Apr 2005 19:44:14 +0100
Received: from xesp.com by stout853.140.118.182.82 (9.52.7/6.48.9) id vs38IPGdW9595 with SMTP; Tue, 12 Apr 2005 13:39:11 -0600
Message-ID: <20041101163013.ED8DA244AE@mailhost10.lists.techtarget.com>
Date: Tue, 12 Apr 2005 23:41:11 +0400

[MrLinus]

Have you informed PayPal? I've found that by dealing with them the problem gets resolved rather quickly and far more so than dealing with the "offending" ISP.

[pegasys]

I have mailed paypal about a previous attempt to gain my information and they never responded to my email telling me they were dealing with it

[MrLinus]

That was through this page right?

https://www.paypal.com/ewf/f=pps_spf

Sometimes they may not respond right away. Additionally you may want to send it off to http://www.antiphishing.org

[pegasys]

that will be the page