Author |
Message |
Gadget
Not quite a Newb
Joined: 28 Feb 2008
Posts: 32
Location: The Land of Oz
|
Posted:
Mon Apr 21, 2008 12:02 am |
|
I got a few emails over the weekend with the typical romance scam intro:
Quote: |
Hello! I am tired this afternoon. I am nice girl that would like to chat with you. Email me at [email protected] only, because I am using my friend's email to write this. Hope you like my pictures. |
All had the same domain names so I did a lookup of the website from that domain: www.rtutcentral.com and it shows some crappy partner search that doesn't seem to work either.
Anyone seen this before? Is this a legit website that is having trouble? |
|
|
|
|
bill2
Baiting Guru
Joined: 10 Sep 2006
Posts: 5495
Location: Yeah who can tell me where I am?
|
Posted:
Mon Apr 21, 2008 12:30 am |
|
Quote: |
Domain Name:rtutcentral.com
Registrant:
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
550001
Domain Name: RTUTCENTRAL.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.DNSREAL.COM
Name Server: NS2.DNSREAL.COM
Status: ok
Updated Date: 15-apr-2008
Creation Date: 02-apr-2008
Expiration Date: 02-apr-2009 |
Nope doesn't look like a dating site Might be done by an employee with some computer knowledge.
Drop it at the fake website forum and they will take action if... |
_________________ I don't do bling, I just do lads |
|
|
|
Stepan Fetchit
Elite Baiter
Joined: 09 Nov 2005
Posts: 1977
Location: Anywhere but squaresville, man
|
Posted:
Mon Apr 21, 2008 4:40 am |
|
What do the email headers look like? |
_________________ <center> <b>
<A href="http://www.dragonladies.org/bbs">Dragonladies.org</a> |
|
|
|
Gadget
Not quite a Newb
Joined: 28 Feb 2008
Posts: 32
Location: The Land of Oz
|
Posted:
Mon Apr 21, 2008 6:03 am |
|
This is the first contact email and the respond to address is different to the one it's come from so I'm not sure the headers are of value on this first contact email. The first reply might tell more but since you asked here is the header that I have:
Quote: |
Return-Path: <[email protected]>
Received: from 808804714B71479 (244.236.114.125.broad.nb.zj.dynamic.163data.com.cn [125.114.236.244] (may be forged))
by XXXXXX
Received: from [125.114.236.244] by mail1.acfchefs.net; Sat, 19 Apr 2008 01:27:19 +0800
Message-ID: <01c8a1bc$822d7580$f4ec727d@a-andtay>
From: "Ann Parker" <[email protected]>
To: <[email protected]>
Subject: I saw your picture
Date: Sat, 19 Apr 2008
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_50,RCVD_IN_SORBS_DUL
autolearn=no version=3.1.6
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on XXX.XXX.XXX
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.7.5.1 |
|
|
|
|
|
Stepan Fetchit
Elite Baiter
Joined: 09 Nov 2005
Posts: 1977
Location: Anywhere but squaresville, man
|
Posted:
Mon Apr 21, 2008 7:30 pm |
|
It's coming out of China, but may be a vlad stunt.
Tell her you want to chat. One guess I come up with is she will steer you to a paid chat site.....maybe via one of the fake translation dating sites the russians run. |
_________________ <center> <b>
<A href="http://www.dragonladies.org/bbs">Dragonladies.org</a> |
|
|
|
Stepan Fetchit
Elite Baiter
Joined: 09 Nov 2005
Posts: 1977
Location: Anywhere but squaresville, man
|
Posted:
Mon Apr 21, 2008 11:23 pm |
|
an email sent to the original sender email address, not the redirect one, bounces.
THAT domain is a legit one in FL, USA.
I don't know the tech details, but they spoofed the email address somehow to send the thing......and the second email is probably set up via chinese sources, but this is still probably a russian thing. |
_________________ <center> <b>
<A href="http://www.dragonladies.org/bbs">Dragonladies.org</a> |
|
|
|
|