rconner Posted July 22, 2009 Share Posted July 22, 2009 Got a couple of these this evening, here's the tracking link for the latest. The phisher's URL is, of course, disguised as the bank's (ally.com) via "prepended subdomain." It is on a botnet, with about 15 addresses currently and a TTL of about 15min or so. There are 4 name servers at 3 different IPs, they seem to be bots as well. The domain name was registered just today with namebay.com, registrant data looks a little fishy but seems to point to the Miami area. I have LARTed namebay via their website. Professionals at work. -- rick Link to comment Share on other sites More sharing options...
Geek Posted July 22, 2009 Share Posted July 22, 2009 Hmmm, that "njhyu.net" has been the root of a recent mega Ebay phishing scam too. Link to comment Share on other sites More sharing options...
Farelf Posted July 22, 2009 Share Posted July 22, 2009 Hmmm, that "njhyu.net" has been the root of a recent mega Ebay phishing scam too.And the other 'alphabet soup' domain (jghtyu.com) with similar botnet hosting you showed in http://www.spamcop.net/sc?id=z3132540596z1...4e0a6c47721416z in another topic is from the same registrar. Heck, I wonder if namebay.com is actually cheaper than the Chinese bulk-registration industry these days? That was about 13 cents per domain, last time I looked, IIRC. The good news is they may be much better than the Chinese (were) at pulling rogues - jghtyu.com (at least) is gone, defunct, no longer with us or, to quote Mr. Praline: - 'E's not pinin'! 'E's passed on! This parrot is no more! He has ceased to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the perch 'e'd be pushing up the daisies! 'Is metabolic processes are now 'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-PARROT!!'. In a word it is 'dead'. Link to comment Share on other sites More sharing options...
rconner Posted July 22, 2009 Author Share Posted July 22, 2009 Progress report: "NJHYU.NET" is now NXDOMAIN as of this afternoon. Sometimes people do listen (although I wouldn't presume that they were listening to me). -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.