[AusNOG] Has MelbourneIT been hacked?

Mike Kurkowski mike at audiovation.com.au
Tue Nov 3 10:50:40 EST 2015


Hi Andrew,

TPP have a "Spam Alert" page up acknowledging the issue.
Apparently they are not the only registrar being targeted.

http://support.tppwholesale.com.au/articles/reseller/Spam-Alert-27th-October-15/?c=TPP_Wholesale%3AService_Alerts&fs=Search&pn=1

Regards,
Mike Kurkowski


On 03/11/2015 9:42 AM, Andrew Hawken wrote:
> I got a bunch for all my domains claiming to be from Enom... Where I have my domains registered. Same content as yours with the suspicious links etc.
>
> --
> Andrew Hawken
> http://www.linkedin.com/in/AndrewHawken
>
>> On 3 Nov 2015, at 10:29 AM, Ross Wheeler <ausnog at rossw.net> wrote:
>>
>>
>> For the last 4 days, I've been getting a flurry of email claiming to be from TPP Internet to the properly listed email addresses for domain renewals etc, for a concerning number of domains... several dozen - but every single one of them is a domain I /AM/ the admin for. (ie, no falses)
>>
>> The mail appears to be originating from all over the world and not from TPP (now owned by MelbourneIT) themselves.
>>
>> Typical mail looks like this:
>>
>>
>>   From: TPP Internet Pty Ltd <abuse at tppinternet.com.info>
>>   To: (valid mail address)
>>   Subject: Domain XXXXXXXXXX.COM Suspension Notice
>>
>>   Dear Sir/Madam,
>>
>>   The following domain names have been suspended for violation of the TPP
>>   Internet Pty Ltd Abuse Policy:
>>
>>   Domain Name: XXXXXXXX.COM
>>   Registrar: TPP Internet Pty Ltd
>>   Registrant Name: (registered owner)
>>
>>   Multiple warnings were sent by TPP Internet Pty Ltd Spam and Abuse
>>   Department to give you an opportunity to address the complaints we have
>>   received.
>>
>>   We did not receive a reply from you to these email warnings so we then
>>   attempted to contact you via telephone.
>>
>>   We had no choice but to suspend your domain name when you did not
>>   respond to our attempts to contact you.
>>
>>   Click here and download a copy of complaints we have received.
>>
>>
>> Of course the "click here" is fake too...
>>
>>   http://classified.canadaautomotivedirectory.com/abuse_report.php?XXXXXX.COM
>>
>> I haven't bothered to download it, but I think we can safely assume it's some kind of malware.
>>
>>
>> I've not seen this aproach before.... I wonder if there's been another registry/registrar "security issue", or am I just being paranoid? Anyone else getting them?
>>
>> R.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>

-- 
Kind regards,
Michael Kurkowski

Audiovation (Technologies)
7 Sophia Street
Mackay, QLD
4740

ABN 95 255 659 153

E - mike at audiovation.com.au
M - +61 407 165 797


More information about the AusNOG mailing list