rconner Posted July 22, 2009 Share Posted July 22, 2009 Got a couple of these this evening, here's the tracking link for the latest. The phisher's URL is, of course, disguised as the bank's (ally.com) via "prepended subdomain." It is on a botnet, with about 15 addresses currently and a TTL of about 15min or so. There are 4 name servers at 3 different IPs, they seem to be bots as well. The domain name was registered just today with namebay.com, registrant data looks a little fishy but seems to point to the Miami area. I have LARTed namebay via their website. Professionals at work. -- rick Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.