Farelf Posted July 8, 2009 Share Posted July 8, 2009 http://www.spamcop.net/sc?id=z3093036426z7...d449282c746bb6z and http://members.spamcop.net/sc?track=http%3...pacsecurity.com "Cannot resolve h ttp://www.westpacsecurity.co m/ No valid email addresses found, sorry!" But C:\Documents and Settings\...>nslookup Non-authoritative answer: Name: westpacsecurity.com Address: 216.39.57.104 Appears to point straight to AltaVista/Yahoo: WHOIS Source: ARIN IP Address: 216.39.57.104 Country: USA - California Network Name: NETBLK-INTERNET-BLK-1-AV Owner Name: AltaVista Company From IP: 216.39.48.0 To IP: 216.39.63.255 Allocated: Yes ... Yahoo nameservice too. > set type=ns > westpacsecurity.com Non-authoritative answer: westpacsecurity.com nameserver = ns9.san.yahoo.com westpacsecurity.com nameserver = yns1.yahoo.com westpacsecurity.com nameserver = yns2.yahoo.com westpacsecurity.com nameserver = ns8.san.yahoo.com yns1.yahoo.com internet address = 98.136.43.32 yns2.yahoo.com internet address = 66.196.84.168 ns8.san.yahoo.com internet address = 98.136.43.32 ns9.san.yahoo.com internet address = 66.196.84.168 >exit No particular reason seen why the website IP query might not be found by SC (using IDServe.exe): Initiating server query ... Looking up IP address for domain: www.westpacsecurity.com The IP address for the domain is: 216.39.57.104 Connecting to the server on standard HTTP port: 80 [Connected] Requesting the server's default page. ... unless P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" means something to querying agents?? I don't know enough about this stuff. Yahoo advised of the errant site and invited to consider how SC blocked and appropriateness of that action. Also melbourneit contacted about the domain registration, cc: spoof[at]westpac.com.au My ISP won't let me forward the copies many seem to require, hope they learn to cope with SC tracking URLs. Link to comment Share on other sites More sharing options...
Wazoo Posted July 8, 2009 Share Posted July 8, 2009 Gave it a few hours, n case it was simply proprogation delay .. However, SamSpade under Windows, using OpenDNS isn't happy yet ... Dig www.westpacsecurity.com[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for www.westpacsecurity.com type=255 class=1 dns www.westpacsecurity.com No data of requested type (Host doesn't exist - try Dig for MX record) Browsing http://www.westpacsecurity.com/ No such server as www.westpacsecurity.com just in case it was the www. screwing things up; Dig westpacsecurity.com[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for westpacsecurity.com type=255 class=1 dns westpacsecurity.com No data of requested type (Host doesn't exist - try Dig for MX record) whois -h whois.melbourneit.com westpacsecurity.com ... Domain Name.......... westpacsecurity.com Creation Date........ 2009-07-08 Registration Date.... 2009-07-08 Expiry Date.......... 2010-07-08 Hard to get much 'newer' than this ... Name Server.......... yns1.yahoo.com Name Server.......... yns2.yahoo.com Browsing http://westpacsecurity.com/ No such server as westpacsecurity.com Fetching http://216.39.57.104/ ... Host: 216.39.57.104 HTTP/1.1 400 Bad Request P3P: policyref="http://info.yahoo.com/w3c/p3p.xml" X-Host: p4w10.geo.re4.yahoo.com X-INKT-URI: http://us.geocities.com/server-errors/pd_bad_request.html X-INKT-SITE: http://us.geocities.com/server-errors So, simply put, I don't see it either, no not sure I could complain about the parser. Link to comment Share on other sites More sharing options...
Farelf Posted July 8, 2009 Author Share Posted July 8, 2009 Gave it a few hours, n case it was simply proprogation delay .. However, SamSpade under Windows, using OpenDNS isn't happy yet ...Aha - thanks for all that....So, simply put, I don't see it either, no not sure I could complain about the parser.Right - for some reason it is responsive enough locally (if it can be seen in the W. coast it can probably be seen anywhere in Oz). Still, it is an "Australasian" phish, no real need for that site to be running well anywhere else. [on edit] Now I can't get it either - alternative hypothesis, someone has taken it down already. Awesome. Link to comment Share on other sites More sharing options...
rconner Posted July 8, 2009 Share Posted July 8, 2009 [on edit] Now I can't get it either - alternative hypothesis, someone has taken it down already. Awesome.I couldn't resolve it [at] 7AM local this morning. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted July 9, 2009 Author Share Posted July 9, 2009 I couldn't resolve it [at] 7AM local this morning.Thanks Rick, it seems to be globally gone now, no DNS records working - though DomainDossier still shows what was. Domain registration seems intact but, as we know, registrars operate in a different world and feel it is not their business to ask questions about the business models of their registrants, no matter how 'apparent' the criminality. To be fair, they have a point in law on matters of evidence and an explicit contract of some sort to uphold. Well, good luck to melbourneit if they want to hold out, in Australia, against one of the Australian 'big four' banks (heck, it's a moot point whether even the Aus federal government can pull that off). Anyway, registration records are (currently) defective in the particulars of name servers. Marking this resolved - as Wazoo pointed out, nothing to do with the parser or reporting (anymore, if ever it was). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.