[AusNOG] Has MelbourneIT been hacked?

Andrew Hawken ahawken at roycesoftware.com
Tue Nov 3 10:42:16 EST 2015 

I got a bunch for all my domains claiming to be from Enom... Where I have my domains registered. Same content as yours with the suspicious links etc. 

--
Andrew Hawken
http://www.linkedin.com/in/AndrewHawken

> On 3 Nov 2015, at 10:29 AM, Ross Wheeler <ausnog at rossw.net> wrote:
> 
> 
> For the last 4 days, I've been getting a flurry of email claiming to be from TPP Internet to the properly listed email addresses for domain renewals etc, for a concerning number of domains... several dozen - but every single one of them is a domain I /AM/ the admin for. (ie, no falses)
> 
> The mail appears to be originating from all over the world and not from TPP (now owned by MelbourneIT) themselves.
> 
> Typical mail looks like this:
> 
> 
>  From: TPP Internet Pty Ltd <abuse at tppinternet.com.info>
>  To: (valid mail address)
>  Subject: Domain XXXXXXXXXX.COM Suspension Notice
> 
>  Dear Sir/Madam,
> 
>  The following domain names have been suspended for violation of the TPP
>  Internet Pty Ltd Abuse Policy:
> 
>  Domain Name: XXXXXXXX.COM
>  Registrar: TPP Internet Pty Ltd
>  Registrant Name: (registered owner)
> 
>  Multiple warnings were sent by TPP Internet Pty Ltd Spam and Abuse
>  Department to give you an opportunity to address the complaints we have
>  received.
> 
>  We did not receive a reply from you to these email warnings so we then
>  attempted to contact you via telephone.
> 
>  We had no choice but to suspend your domain name when you did not
>  respond to our attempts to contact you.
> 
>  Click here and download a copy of complaints we have received.
> 
> 
> Of course the "click here" is fake too...
> 
>  http://classified.canadaautomotivedirectory.com/abuse_report.php?XXXXXX.COM
> 
> I haven't bothered to download it, but I think we can safely assume it's some kind of malware.
> 
> 
> I've not seen this aproach before.... I wonder if there's been another registry/registrar "security issue", or am I just being paranoid? Anyone else getting them?
> 
> R.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list