[nsp-sec] enom security POC?
Chris Morrow
morrowc at ops-netman.net
Tue Oct 28 11:48:33 EDT 2008
On Tue, 28 Oct 2008, Chris Morrow wrote:
>
> oy! so looking for anything with enom.com, apparently I just viewed one
> example enom phish domain, there were 5407 examples on the 27th of October,
> with a spread on the names of:
> count domain
> 1809 www.enom.com.sys82.net
> 1807 www.enom.com.com94.net
> 1791 www.enom.com.sys52.net
>
> this from grepping 'enom.com' from my samples, then
>
> grep "For access your " /tmp/enom.domains | grep -v href |\
> sed 's/^.*http:\/\///' | sort | uniq -c | sort -rn | more
>
> over that result set, I probably missd some, but weee!!! :(
>
> -Chris
> (if there's interest I can run the same grep/blah on 28th data, but ... maybe
> we just ask the .net folks to kill these domains and the domains of the NS's
> for these? )
i was bored... so:
morrowc at u2:/prod/docs.as701.net/anti-UCE/files/2008/10/28$ sed
's/^.*http:\/\///' /tmp/enom.domains-28 | sort | uniq -c | sort -rn
843 www.enom.com.com92.biz
834 www.enom.com.com72.biz
808 www.enom.com.com62.biz
782 www.enom.com.com82.biz
553 www.enom.com.sys52.net
525 www.enom.com.com94.net
507 www.enom.com.sys82.net
lookie! .biz! Rodney can get these squished for us?
More information about the nsp-security
mailing list