Jump to content

Ambitious bank phishing


rconner
 Share

Recommended Posts

Got a couple of these this evening, here's the tracking link for the latest.

The phisher's URL is, of course, disguised as the bank's (ally.com) via "prepended subdomain." It is on a botnet, with about 15 addresses currently and a TTL of about 15min or so. There are 4 name servers at 3 different IPs, they seem to be bots as well. The domain name was registered just today with namebay.com, registrant data looks a little fishy but seems to point to the Miami area. I have LARTed namebay via their website.

Professionals at work.

-- rick

Link to comment
Share on other sites

Hmmm, that "njhyu.net" has been the root of a recent mega Ebay phishing scam too.
And the other 'alphabet soup' domain (jghtyu.com) with similar botnet hosting you showed in http://www.spamcop.net/sc?id=z3132540596z1...4e0a6c47721416z in another topic is from the same registrar.

Heck, I wonder if namebay.com is actually cheaper than the Chinese bulk-registration industry these days? That was about 13 cents per domain, last time I looked, IIRC. The good news is they may be much better than the Chinese (were) at pulling rogues - jghtyu.com (at least) is gone, defunct, no longer with us or, to quote Mr. Praline: -

'E's not pinin'! 'E's passed on! This parrot is no more! He has ceased to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the perch 'e'd be pushing up the daisies! 'Is metabolic processes are now 'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-PARROT!!'.

In a word it is 'dead'.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...