funsec mailing list archives
phishing domain registrars (ENOM)
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 29 Oct 2008 03:47:06 -0500 (CDT)
I guess criminals are now looking to use established domain names, via phishing targeted at domain registrars. I guess I will devote some of my time in the next few months to help educate registrars on protecting themselves from phishing attacks, before losses go up. Spam message:
From - Wed Oct 29 09:39:44 2008
X-Account-Key: account2 X-UIDL: 5997-1199923184 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Received: from pitbull-b612d39 ([81.183.66.117]) by mxin6.netvision.net.il (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0K9H00DNCRQC4TF0 () mxin6 netvision net il>; Wed, 29 Oct 2008 10:32:51 +0200 (IST) Received: from [81.183.66.117] by in.smtp.cz; Wed, 29 Oct 2008 09:32:46 +0100 Date: Wed, 29 Oct 2008 09:32:46 +0100 From: eNom Support Team <support () enom com> Subject: Warning: Inaccurate whois information. To: gevaha () netvision net il Message-id: <01c939a9$4d78fa00$7542b751@qrj> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Mailer: Microsoft Outlook Express 6.00.2800.1506 Content-type: multipart/alternative; boundary="----=_NextPart_000_0007_01C939A9.4D78FA00" X-Priority: 3 X-MSMail-priority: Normal This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C939A9.4D78FA00 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Dear user, On Wed, 29 Oct 2008 09:32:46 +0100 we received a third party complaint of= invalid domain contact information in the Whois database for this domain= Whenever we receive a complaint, we are required by ICANN regulations t= o initiate an investigation as to whether the contact data displaying in = the Whois database is valid data or not. If we find that there is invalid= or missing data, we contact both the registrant and the account holder a= nd inform them to update the information. The contact information for the domain which displayed in the Whois datab= ase was indeed invalid. On Wed, 29 Oct 2008 09:32:46 +0100 we sent a noti= ce to you at the admin/tech contact email address and the account email a= ddress informing you of invalid data in breach of the domain registration= agreement and advising you to update the information or risk cancellatio= n of the domain. The contact information was not updated within the speci= fied period of time and we canceled the domain. The domain has subsequent= ly been purchased by another party. You will need to contact them for any= further inquiries regarding the domain. PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com.com62.biz If you find any invalid contact information for this domain, please respo= nd to this email with evidence of the specific contact information you ha= ve found to be invalid on the Whois record for the domain name. Examples = would be a bounced email or returned postal mail. If you have a bounced e= mail, please attach or forward with your reply or in the case of returned= postal mail, scan the returned letter and attach to your email reply or = please send it to: Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260 LINK TO CHANGE INFORMATION - http://www.enom.com.com82.biz Thank you, Domain Services [IncidentID:75047] ------=_NextPart_000_0007_01C939A9.4D78FA00 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3DWindows-1= 252"> <META content=3D"MSHTML 6.00.2800.1506" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <div style=3D"width: 750px; font-size:14px; font-family: monospace;"> Dear user, <br /> <br /> On Wed, 29 Oct 2008 09:32:46 +0100 we received a third party complaint of= invalid domain contact information in the Whois database for this domain= Whenever we receive a complaint, we are required by ICANN regulations t= o initiate an investigation as to whether the contact data displaying in = the Whois database is valid data or not. If we find that there is invalid= or missing data, we contact both the registrant and the account holder a= nd inform them to update the information. <br /> <br /> The contact information for the domain which displayed in the Whois datab= ase was indeed invalid. On Wed, 29 Oct 2008 09:32:46 +0100 we sent a noti= ce to you at the admin/tech contact email address and the account email a= ddress informing you of invalid data in breach of the domain registration= agreement and advising you to update the information or risk cancellatio= n of the domain. The contact information was not updated within the speci= fied period of time and we canceled the domain. The domain has subsequent= ly been purchased by another party. You will need to contact them for any= further inquiries regarding the domain. <br /> <br /> PLEASE VERIFY YOUR CONTACT INFORMATION - <a href=3D"http://www.enom.com.c= om92.biz">http://www.enom.com</a> <br /> <br /> If you find any invalid contact information for this domain, please respo= nd to this email with evidence of the specific contact information you ha= ve found to be invalid on the Whois record for the domain name. Examples = would be a bounced email or returned postal mail. If you have a bounced e= mail, please attach or forward with your reply or in the case of returned= postal mail, scan the returned letter and attach to your email reply or = please send it to: <br /> <br /> Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260 <br /> <br /> <br /> LINK TO CHANGE INFORMATION - <a href=3D"http://www.enom.com.com62.biz">ht= tp://www.enom.com</a><br /> <br /> <br /> Thank you,<br /> Domain Services<br /> <br /> [IncidentID:10908]<br /> <br /> </BODY></HTML> ------=_NextPart_000_0007_01C939A9.4D78FA00-- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- phishing domain registrars (ENOM) Gadi Evron (Oct 29)