Dating Website?

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Mon Apr 21, 2008 12:02 am

I got a few emails over the weekend with the typical romance scam intro:

Quote:

Hello! I am tired this afternoon. I am nice girl that would like to chat with you. Email me at [email protected] only, because I am using my friend's email to write this. Hope you like my pictures.

All had the same domain names so I did a lookup of the website from that domain: www.rtutcentral.com and it shows some crappy partner search that doesn't seem to work either.

Anyone seen this before? Is this a legit website that is having trouble?

Posted: Mon Apr 21, 2008 12:30 am

Quote:

Domain Name:rtutcentral.com
Registrant:
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
550001
Domain Name: RTUTCENTRAL.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.DNSREAL.COM
Name Server: NS2.DNSREAL.COM
Status: ok
Updated Date: 15-apr-2008
Creation Date: 02-apr-2008
Expiration Date: 02-apr-2009

Nope doesn't look like a dating site Smile

Might be done by an employee with some computer knowledge.
Drop it at the fake website forum and they will take action if...

Posted: Mon Apr 21, 2008 4:40 am

What do the email headers look like?

Posted: Mon Apr 21, 2008 6:03 am

This is the first contact email and the respond to address is different to the one it's come from so I'm not sure the headers are of value on this first contact email. The first reply might tell more but since you asked here is the header that I have:

Quote:

Return-Path: <[email protected]>
Received: from 808804714B71479 (244.236.114.125.broad.nb.zj.dynamic.163data.com.cn [125.114.236.244] (may be forged))
by XXXXXX
Received: from [125.114.236.244] by mail1.acfchefs.net; Sat, 19 Apr 2008 01:27:19 +0800
Message-ID: <01c8a1bc$822d7580$f4ec727d@a-andtay>
From: "Ann Parker" <[email protected]>
To: <[email protected]>
Subject: I saw your picture
Date: Sat, 19 Apr 2008
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Spam-Status: No, score=2.0 required=5.0 tests=BAYES_50,RCVD_IN_SORBS_DUL
autolearn=no version=3.1.6
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on XXX.XXX.XXX
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.7.5.1

Posted: Mon Apr 21, 2008 7:30 pm

It's coming out of China, but may be a vlad stunt.

Tell her you want to chat. One guess I come up with is she will steer you to a paid chat site.....maybe via one of the fake translation dating sites the russians run.

Posted: Mon Apr 21, 2008 11:23 pm

an email sent to the original sender email address, not the redirect one, bounces.
THAT domain is a legit one in FL, USA.

I don't know the tech details, but they spoofed the email address somehow to send the thing......and the second email is probably set up via chinese sources, but this is still probably a russian thing.