There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly. I suspect that the owner of the site has some ulterior motive (I stand to be corrected), especially seeing that the homepage for all these sites have username and password fields, leaving users susceptible to phishing scams as they have their pages that they are viewing (ending with .com) redirected to com.co.ke. I have attached a screenshot of dns lookups for facebook and gmail, bot redirecting to that very IP.\ Therefore, KENIC admins, if it is within your powers, kindly do something about thismenace as it poses a security risk to internet users in Kenya. Thanks. -- שִׁמְעוֹן
Funny, I thought this name is mine...dont know when I lost it... David. On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
I suspect that the owner of the site has some ulterior motive (I stand to be corrected), especially seeing that the homepage for all these sites have username and password fields, leaving users susceptible to phishing scams as they have their pages that they are viewing (ending with .com) redirected to com.co.ke. I have attached a screenshot of dns lookups for facebook and gmail, bot redirecting to that very IP.\
Therefore, KENIC admins, if it is within your powers, kindly do something about thismenace as it poses a security risk to internet users in Kenya.
Thanks.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------- http://blog.majibu.com
What name? 2009/8/24 David Mugo <raidarmax@gmail.com>
Funny, I thought this name is mine...dont know when I lost it...
David.
On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
I suspect that the owner of the site has some ulterior motive (I stand to be corrected), especially seeing that the homepage for all these sites have username and password fields, leaving users susceptible to phishing scams as they have their pages that they are viewing (ending with .com) redirected to com.co.ke. I have attached a screenshot of dns lookups for facebook and gmail, bot redirecting to that very IP.\
Therefore, KENIC admins, if it is within your powers, kindly do something about thismenace as it poses a security risk to internet users in Kenya.
Thanks.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------- http://blog.majibu.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
com.co.ke David. On Mon, Aug 24, 2009 at 12:30 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
What name?
2009/8/24 David Mugo <raidarmax@gmail.com>
Funny, I thought this name is mine...dont know when I lost it...
David.
On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
I suspect that the owner of the site has some ulterior motive (I stand to be corrected), especially seeing that the homepage for all these sites have username and password fields, leaving users susceptible to phishing scams as they have their pages that they are viewing (ending with .com) redirected to com.co.ke. I have attached a screenshot of dns lookups for facebook and gmail, bot redirecting to that very IP.\
Therefore, KENIC admins, if it is within your powers, kindly do something about thismenace as it poses a security risk to internet users in Kenya.
Thanks.
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------- http://blog.majibu.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- ------------- http://blog.majibu.com
On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
the person has just pointed *.com.co.ke to the com.co.ke default. e.g. google.com.co.ke nytimes.com.co.ke ... anything.com.co.ke ... doesnt look malicious...
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke? @David [root@my-box etc]# whois com.co.ke -h kenic.or.ke domain: COM.CO.KE owner: e-ofisi Solutions ownerid: KE-EOSO-KENIC **responsible: Edward Macharia** address: Raki House, Londiani road Off Likoni road, 51120, 00200 person: SawaSawa.com Limited e-mail: hostmaster@SAWASAWA.COM 2009/8/24 <ashok+skunkworks@parliaments.info<ashok%2Bskunkworks@parliaments.info>
On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
the person has just pointed *.com.co.ke to the com.co.ke default.
e.g. google.com.co.ke nytimes.com.co.ke ... anything.com.co.ke ...
doesnt look malicious... _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
Okey, cyber terror just started. Is this govt doing (surveillance) or someone is up to all the mischief. ./Chuks On 8/24/09, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke?
@David [root@my-box etc]# whois com.co.ke -h kenic.or.ke
domain: COM.CO.KE owner: e-ofisi Solutions ownerid: KE-EOSO-KENIC **responsible: Edward Macharia** address: Raki House, Londiani road Off Likoni road, 51120, 00200 person: SawaSawa.com Limited e-mail: hostmaster@SAWASAWA.COM
2009/8/24 <ashok+skunkworks@parliaments.info<ashok%2Bskunkworks@parliaments.info>
On Mon, Aug 24, 2009 at 12:23 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
There is this website www.com.co.ke, having one Edward Macharia responsible for it, according to Kenic whois records. I have just been wondering what intention its owners have because every once in a while, all pages in the .com TLD are redirected to an IP address of 216.14.114.188, which is owned by e-ofisi Solutions, and has about 4 other domains hosted on that server, including kenyainternetmarketing.com etc. Looks to me like some kind of DNS poisoning, though I'm not sure what it is exactly.
the person has just pointed *.com.co.ke to the com.co.ke default.
e.g. google.com.co.ke nytimes.com.co.ke ... anything.com.co.ke ...
doesnt look malicious... _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/
On Mon, Aug 24, 2009 at 12:40 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke?
but gmail.com isnt redirecting to com.co.ke
there is nothing illegal about anything that com.co.ke has done. All he has done is if you try to access any sub domain within it you are redirected to the front page. gmail.com.co.ke is not gmail.com try www.kichwa.com.co.ke and see what happens. On Mon, Aug 24, 2009 at 12:45 PM, <ashok+skunkworks@parliaments.info<ashok%2Bskunkworks@parliaments.info>
wrote:
On Mon, Aug 24, 2009 at 12:40 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke?
but gmail.com isnt redirecting to com.co.ke _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
@Jacob, It may not be illegal, and I agree it is not, but what if someone enters his/her login credentials for some page? and what is Novus Osavinya anyway? Anyway, I just said it posed a securoty threat to users who would log in to that site thinking it is what they expect. @Ashok Look at the screenshot that I attached. It did. Also, in that first email, I said every once so often it does that.. not all the time. Right now I am sending this email from gmail.com :) 2009/8/24 Jacob Odada <jacob.odada@gmail.com>
there is nothing illegal about anything that com.co.ke has done. All he has done is if you try to access any sub domain within it you are redirected to the front page. gmail.com.co.ke is not gmail.com try www.kichwa.com.co.ke and see what happens.
On Mon, Aug 24, 2009 at 12:45 PM, <ashok+skunkworks@parliaments.info<ashok%2Bskunkworks@parliaments.info>
wrote:
On Mon, Aug 24, 2009 at 12:40 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke?
but gmail.com isnt redirecting to com.co.ke _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
That Osavinya loads on some dysfunctional url's see http://air-uganda.com/ http://www.air-uganda.com/ On Mon, Aug 24, 2009 at 1:08 PM, Simon Mbuthia <simon.mbuthia@gmail.com>wrote:
@Jacob, It may not be illegal, and I agree it is not, but what if someone enters his/her login credentials for some page? and what is Novus Osavinya anyway? Anyway, I just said it posed a securoty threat to users who would log in to that site thinking it is what they expect.
@Ashok Look at the screenshot that I attached. It did. Also, in that first email, I said every once so often it does that.. not all the time. Right now I am sending this email from gmail.com :)
2009/8/24 Jacob Odada <jacob.odada@gmail.com>
there is nothing illegal about anything that com.co.ke has done.
All he has done is if you try to access any sub domain within it you are redirected to the front page. gmail.com.co.ke is not gmail.com try www.kichwa.com.co.ke and see what happens.
On Mon, Aug 24, 2009 at 12:45 PM, <ashok+skunkworks@parliaments.info<ashok%2Bskunkworks@parliaments.info>
wrote:
On Mon, Aug 24, 2009 at 12:40 PM, Simon Mbuthia<simon.mbuthia@gmail.com> wrote:
@Ashok Have you seen that page, and wouldn't you find it bothersome if you tried accessing gmail.com and it redirected to com.co.ke?
but gmail.com isnt redirecting to com.co.ke _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- שִׁמְעוֹן
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Best Regards, Paul Njoroge. Skype: njorogepaul
participants (6)
-
ashok+skunkworks@parliaments.info -
David Mugo -
Gichuki John Chuksjonia -
Jacob Odada -
Paul Njoroge -
Simon Mbuthia