The Internet Storm Center [http://isc.sans.org/diary.php] is reporting that: "The DNS server 'NS1.SPX2K.com' currently hosts the following domains CITIFINANCUPDATE.com, SAFE-KEYNET.com, WAMU4U.com, WAMUCORP.com which appear to be phishing related. The use of actual 'valid' domains like this opens up the possibility that they are used with SSL certificates. The whois info for these domains appears to be fake." Does anyone have any further information into this? - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net
From prior experience I don't see anything novel. Yup. Real domains, and
From my last go around with Vint, <registrar_hat="on> if I were of a mind to, I could sell bulk to even poor sniff-text buyers, cause I don't know in advance they actually do smell poorly, and my RRA doesn't really make
Howdy Paul, rgid:id:domain ENOM:048:SAFE-KEYNET.com YESN:100:CITIFINANCUPDATE.com YESN:100:WAMU4U.com YESN:100:WAMUCORP possibly real certs. that revenue enhancement a risk to my accreditation. No. I don't have a mind to.</registrar_hat> I wrote a longer piece on a related list recently, but I don't see much in the way of effective recourse that isn't leased-host-in-cage-seizure with the intangibles trivially rehosted. Cheers, Eric
participants (2)
-
Eric Brunner-Williams in Portland Maine -
Fergie (Paul Ferguson)