[Scam] can someone help me shut down this SCAM WEBSITE

Author	All Replies
victimised @tpgi.com.au	[Scam] can someone help me shut down this SCAM WEBSITE hello, ok i have a story to tell you. my mother has been a victim of a scam ( i think the google lottery) they have been talking to her, and convinced her that she really a winner. I knew from the start that it is a scam but she never listen to me. and now i found out that she paid $1000 to this person so that she can access this fake internet banking. i had a look at the site and its obviously a faked website, some of the menus are not linked and it looked as though they just copy and paste it. the address are : »www.allianceleicestercommercialo···ank.com/ you just can check it out see for yourself. I really need someone's help in shutting down this bloody website. before my mother or anything body else becomes the victim please! she's a single mom, she's a nice and really caring woman. i just sad that she been a victim of this people!! its affecting our relationship. i kept telling her its a scam but she never listen because she said she trust them, apparently they met in person. we a just normal people, she worked hard all her life, and I know as soon as someone offer you alot of money you'll sure be interested. please someone help me!! i seriously do not know what to do! she's naive old lady. please let me know if you guys can do anything. my name is ana. i really hope anybody can help me thank you.
	to forum · permalink · 2010-11-12 09:15:57 ·

nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	That is probably a fake banking site. The registrar is GANDI ("http://www.gandi.net"). You can try contacting them. However, it might be better to inform Alliance Leicester Bank, and hope that they will work on taking down the site. -- AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.3; firefox 3.6.12
	to forum · permalink · 2010-11-12 10:51:57 ·
DrStrange Technically feasible Premium join:2001-07-23 West Hartford, CT kudos:1	reply to victimised This appears to be hosted in the US, possibly in the NYC area [unless it's anycast?] --- 11/12/10 11:21:43 Eastern Standard Time --- IP lookup on »www.allianceleicestercommercialo···ank.com/ --- resolving host "www.allianceleicestercommercialonlinebank.com", please wait... cs3.gs1.wac.edgecastcdn.net [72.21.91.23] ---------------------------------------- NetRange: 72.21.80.0 - 72.21.95.255 CIDR: 72.21.80.0/20 OriginAS: AS15133 NetName: EDGECAST-NETBLK-01 NetHandle: NET-72-21-80-0-1 Parent: NET-72-0-0-0-0 NetType: Direct Allocation NameServer: NS2.EDGECASTCDN.NET NameServer: NS1.EDGECASTCDN.NET RegDate: 2007-04-23 Updated: 2007-04-23 Ref: »whois.arin.net/rest/net/NET-72-21-80-0-1 OrgName: EdgeCast Networks, Inc. OrgId: EDGEC-1 Address: 2850 Ocean Park Blvd. Address: Suite 110 City: Santa Monica StateProv: CA PostalCode: 90405 Country: US RegDate: 2007-03-09 Updated: 2009-12-07 Ref: »whois.arin.net/rest/org/EDGEC-1 OrgTechHandle: NOC2475-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-310-479-3200 OrgTechEmail: noc@edgecast.com OrgTechRef: »whois.arin.net/rest/poc/NOC2475-ARIN RTechHandle: NOC2475-ARIN RTechName: Network Operations Center RTechPhone: +1-310-479-3200 RTechEmail: noc@edgecast.com RTechRef: »whois.arin.net/rest/poc/NOC2475-ARIN RAbuseHandle: NOC2475-ARIN RAbuseName: Network Operations Center RAbusePhone: +1-310-479-3200 RAbuseEmail: noc@edgecast.com RAbuseRef: »whois.arin.net/rest/poc/NOC2475-ARIN RNOCHandle: NOC2475-ARIN RNOCName: Network Operations Center RNOCPhone: +1-310-479-3200 RNOCEmail: noc@edgecast.com RNOCRef: »whois.arin.net/rest/poc/NOC2475-ARIN
	to forum · permalink · 2010-11-12 11:26:54 ·
newview Ex .. Ex .. Exactly Premium join:2001-10-01 Parsonsburg, MD kudos:1	reply to victimised Since it's hosted in the US, the FBI might be interested. quote: Please use this website to report suspected terrorism or criminal activity. Your information will be reviewed promptly by an FBI special agent or a professional staff member. Due to the high volume of information that we receive, we are unable to reply to every submission; however, we appreciate the information that you have provided. »tips.fbi.gov/
	to forum · permalink · 2010-11-12 11:29:40 ·
DrStrange Technically feasible Premium join:2001-07-23 West Hartford, CT kudos:1	reply to victimised It's an 'anycast' domain. Traces from NYC end up in NYC, a trace from Melbourne ended up somewhere nearby in Australia, a trace from France ended up in Moscow, RU. Whois on all IPs comes back to Edgecast. At least one place it points to is in NYC, so FBI may be interested anyway. The Santa Monica, CA address for edgecast is an added incentive. BTW: The whois info on the Moscow IP is as follows: inetnum: 93.184.216.0 - 93.184.223.255 netname: EDGECAST-NETBLK-04 descr: NETBLK-04-EU -22 country: EU admin-c: PG4404-RIPE tech-c: PG4404-RIPE status: ASSIGNED PA mnt-by: MNT-EDGECAST source: RIPE # Filtered person: Philip1 Goldsmith1 address: 2850 Ocean Park Blvd., Suite 110, Santa Monica CA 90405 USA phone: +13104793200 nic-hdl: PG4404-RIPE source: RIPE # Filtered
	to forum · permalink · 2010-11-12 11:45:21 ·
victimised @tpgi.com.au	thank you guys for all your help. the thing is though, she's malaysia and i am studying in Australia. how can i contact them? esp the fbi?, will they likely to take me seriously? i will try and call them up but sigh bureaucracy... can we like hacked it or something? i know its a bit naughty but..i really want some justice! and guys my mum kept emailing the person and i let you know the updates if there's any news. but thank you sooo much for your help guys!!! xx ana (wish i was tech savy :'( )
	to forum · permalink · 2010-11-13 04:19:02 ·
Quibble28 join:2009-12-03	Here's a link to reporting internet fraud in Au: It looks a little cluttered for a gov site but seems like the Oz site for reporting any sort of bank/credit card fraud, spam, and scams. »www.scamwatch.gov.au/content/ind···d/693900 The link to the gov site in Malaysia listed at various consumer sites is down or broken. Internet fraud has risen dramatically in the last year in that country. Saw one article written as recently as Nov 10th about superfrauds in that country. Google and check the news for more information.
	to forum · permalink · 2010-11-13 16:06:54 ·
Jameson Premium join:2004-05-28 Fallbrook, CA kudos:1	reply to victimised Running a dig any on the site shows that the nameservers for the site are: allianceleicestercommercialonlinebank.com. 10800 IN NS a.dns.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN NS c.dns.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN NS b.dns.gandi.net. Running a dig any @c.dns.gandi.net allianceleicestercommercialonlinebank.com returns: ; > DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 > any @c.dns.gandi.net allianceleicestercommercialonlinebank.com ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 24763 ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;allianceleicestercommercialonlinebank.com. IN ANY ;; ANSWER SECTION: allianceleicestercommercialonlinebank.com. 10800 IN MX 50 fb.mail.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN MX 10 spool.mail.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN A 146.101.249.107 allianceleicestercommercialonlinebank.com. 10800 IN SOA a.dns.gandi.net. hostmaster.gandi.net. 1257873774 10800 3600 604800 10800 allianceleicestercommercialonlinebank.com. 10800 IN NS a.dns.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN NS c.dns.gandi.net. allianceleicestercommercialonlinebank.com. 10800 IN NS b.dns.gandi.net. The A record is what I'm interested in. The whois for the A record IP is: [root@sec ~]# whois 146.101.249.107 [Querying whois.arin.net] [Redirected to whois.ripe.net:43] [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See »www.ripe.net/db/support/db-terms···ions.pdf % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '146.101.0.0 - 146.101.255.255' inetnum: 146.101.0.0 - 146.101.255.255 netname: PSINET-EUROPE-HOSTING descr: PSINet UK Dedicated Hosting descr: (Was originally UKNet / EUNet GB Space) country: GB remarks: ** Please send all PSInet Abuse issues, inc. remarks: 'SPAM' complaints to abuse@intl.telstra.com remarks: Thanks very much! admin-c: PR816-RIPE tech-c: PNOC4-RIPE status: ASSIGNED PA mnt-by: PSINET-UK-SYSADMIN mnt-routes: PSINET-MNT source: RIPE # Filtered role: PSINet RIPE-DB address: PSINet UK, a Telstra company address: Brookmount Court address: Kirkwood Road address: Cambridge address: CB4 2QH address: GB phone: +44 1223 577577 fax-no: +44 1223 577600 admin-c: PR816-RIPE tech-c: GS11548-RIPE tech-c: DS11374-RIPE abuse-mailbox: abuse@uk.telstra.com nic-hdl: PR816-RIPE remarks: tech-c lists those in Telstra who will be updating RIPE DB remarks: Please send all PSInet Abuse issues, remarks: inc. 'SPAM' complaints to abuse@uk.telstra.com ** mnt-by: PSINET-MNT source: RIPE # Filtered role: PSINET UK Network Operations address: Telstra Europe Network Operations address: Telstra House address: 21 Tabernacle Street address: London address: EC2A 1AE address: GB phone: +44 207 965 8888 fax-no: +44 207 965 5646 remarks: Please send reports about UBM to abuse@uk.telstra.com remarks: ------------------------------------------------ remarks: Please send peering requests to: peering@uk.telstra.com remarks: ------------------------------------------------ admin-c: PR816-RIPE tech-c: PNOC4-RIPE abuse-mailbox: abuse@uk.telstra.com nic-hdl: PNOC4-RIPE mnt-by: PSINET-MNT source: RIPE # Filtered % Information related to '146.101.0.0/16AS12471' route: 146.101.0.0/16 descr: PSINet UK Dedicated Hosting remarks: (Was originally UKNet / EUNet GB space) origin: AS12471 mnt-by: PSINET-MNT source: RIPE # Filtere You may try contacting them at the above listed abuse email.
	to forum · permalink · 2010-11-13 17:39:36 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to victimised Sent notices on Friday to both abuse[@]gandi.net and phishing[@]santander.co.uk MGD
	to forum · permalink · 2010-11-14 02:56:48 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to victimised said by victimised : hello, .... I knew from the start that it is a scam but she never listen to me. and now i found out that she paid $1000 to this person so that she can access this fake internet banking. i had a look at the site and its obviously a faked website, some of the menus are not linked and it looked as though they just copy and paste it. the address are : »www.allianceleicestercommercialo···ank.com/ you just can check it out see for yourself. I really need someone's help in shutting down this bloody website. ..... ... please someone help me!! i seriously do not know what to do! she's naive old lady. please let me know if you guys can do anything. ... thank you. Apparently the holding company Santander in the UK has responded promptly to the "Heads Up" alerts. The fake cloned copy of Alliance Leicester Bank website is now offline allianceleicestercommercialonlinebank.com The fraudsters may replace it with another, please come back and report any that you become aware of. MGD
	to forum · permalink · 2010-11-16 13:11:01 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to victimised I formally withdraw my earlier post and assumption that the fraudulent bank website has been removed in response to complaints. After my initial optimism subsided, and bothered by the now restricted access message I decided to do a little forensic digging. I was able to infiltrate some remaining pages and still find cloned bank Logos: That was not good, So I infiltrated further, not good at all. Apparently the account stats for a recent "deposit". Presumably the assets of a recently deceased African prince "Mr Kwami Uwame", who probably had an untimely death in an air crash. Jih Shen Wen: >http://www.allianceleicestercommercialonlinebank.com/#/jih-shen-wen/ These (non existing) deposits and the account access login codes are probably being given to unsuspecting victims of the ruse. Such account stats are used to lure the victims in paying up front release fees in order to obtain and share in the foreign transfer of these assets. My initial satisfaction at the apaprent prompt removal has now been replaced by the true circumstances, which are that the operation continues to function and that the opriginal complaints HAVE NOT BEEN ACTED UPON. Therefore I reverse the conclusion of my original post, and stand corrected. If the website was suspended or properly blocked, the above should not be available. MGD
	to forum · permalink · 2010-11-16 13:38:34 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to victimised I can now confirm that as of 11/17 Gandi has effetively shut the fraudulent website allianceleicestercommercialonlinebank.com down by null routing the DNS ============================= domain: allianceleicestercommercialonlinebank.com reg_created: 2010-04-18 15:16:49 changed: 2010-11-17 11:26:26 ns0: blackhole.gandi.net -----> LOOK ns1: ns6.gandi.net ============================= MGD
	to forum · permalink · 2010-11-18 14:26:16 ·

Broadband Tech > Security > Scam and Phishbusters > [Scam] can someone help me shut down this SCAM WEBSITE