[nsp-sec] Kiwibank phishing - dyndns?
Tim Wilde
twilde at cymru.com
Mon Mar 10 21:31:07 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Robb wrote:
| ----------- nsp-security Confidential --------
|
| Today's phishing attempt for Kiwibank sends victims off to:
|
| hxxp
| ://w
ww.autoflock.com/counter/.web/www.kiwibank.com.au/update%20account/Online%20Services/
|
| -> 64.185.237.101 (Content Broadcast)
|
| 17081 | 64.185.237.101 | XIBIG - Xibi Group, Inc.
|
|
| autoflock.com has no useful contact details (surprise!), but is hosted by
| 1forallhosting.com -> dnsdc4.com/NameCheap.com -> mydyndns.org
|
| dnsdc4.com also looks like it might be the same person.
I don't know how much help it will be, but DynDNS might be able to pass
on a note to namecheap.com - they at least would theoretically have
billing contact information, since they use their paid service. Contact
abuse at dyndns.com for that (though no promises on what their responses
are like, since I haven't been affiliated with them for a year and a
half now). They're not really hosting the badness directly (or even its
direct NS), though, so I can't even guarantee that the link is going to
be firm enough that they'll be willing to do even that. Doesn't hurt to
try, I guess :|
You could also ping enom about the domain registration itself and the
blatantly invalid WHOIS, though YMMV there too. Good luck!
Regards,
Tim
- --
Tim Wilde, Manager of Development, Team Cymru
twilde at cymru.com | +1-312-924-4033 | http://www.cymru.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFH1eDbluRbRini9tgRAtRDAKCBhAOP+6oUHfYwumlHpkhdohR7qwCfeBRX
gaP8dfF9Nk8D+Vla/DJczXQ=
=TYoy
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list