Author |
Message |
TheProbie
Master of Master Baiters
Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1
|
Posted:
Thu Dec 23, 2010 12:47 am |
|
I found this in my catcher
http://sydney123.lnk.telstra.net/www/westernunion/asp/regLogin/inde
Mail with headers wrote: |
Delivered-To:[]
Received: by 10.150.201.13 with SMTP id y13cs50087ybf;
Wed, 22 Dec 2010 15:41:27 -0800 (PST)
Received: by 10.236.95.17 with SMTP id o17mr113990yhf.10.1293061280267;
Wed, 22 Dec 2010 15:41:20 -0800 (PST)
Return-Path: <[email protected]>
Received: from hornet.saude.df.gov.br (hornet.saude.df.gov.br [200.193.236.52])
by mx.google.com with SMTP id 28si14627032yhl.206.2010.12.22.15.33.58;
Wed, 22 Dec 2010 15:41:20 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 200.193.236.52 as permitted sender) client-ip=200.193.236.52;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 200.193.236.52 as permitted sender) [email protected]
Received: from saude.df.gov.br ( [10.85.3.152])
by hornet.saude.df.gov.br [172.16.0.3];
Wed, 22 Dec 2010 20:39:02 0000
(envelope-from [email protected])
Received: from webmail.saude.df.gov.br (localhost [127.0.0.1])
by saude.df.gov.br (AIX5.3/8.13.4/8.11.0) with ESMTP id oBMNXx1Y1196066;
Wed, 22 Dec 2010 21:33:59 -0200
Received: from 41.184.2.121
(SquirrelMail authenticated user gablacen)
by webmail.saude.df.gov.br with HTTP;
Wed, 22 Dec 2010 21:33:59 -0200
Message-ID: <3620009cba1b5f18bc39f897173c90bd.squirrel@webmail.saude.df.gov.br>
Date: Wed, 22 Dec 2010 21:33:59 -0200
Subject:
From: "Western Union Money Transfer(WUMT)" <[email protected]>
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AkerSMTPGW-ServerID: 31870ea6565b18cbe33083d260fb835333eafb8e
X-AkerSMTPGW-MessageID: 4532e5cbe6eb3fdcc1faad85e733ad2d710719f5-0o
Dear Winner,
Congratulation! the sum amount of �2,850,000,00 was awarded to you by
Western Union Money Transfer, as one of our customers who used Western
Union Money Transfer transaction in the past. This is our own way to say
thank you for using us as means of money transfer.
To ensure a smooth collection of your winnings, the transfer of your prize
is to be handled by our Prize Transfer agents.
You are to contact our agents by email or fax within a week of receiving
this notice. Please find full contact details
below:
Name: Philip Page.
FOREIGN SERVICE MANAGER,
GATEWAY SECURITIES Ltd,
E-mail: [email protected]
Tel: +447024042657
Fax: +447024034598
Congratulation
Sincerely,
Western Union Agent.
|
WhoIS info wrote: |
hois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with
many different competing registrars. Go to http://www.internic.net
for detailed information.
No
match for domain "SYDNEY123.LNK.TELSTRA.NET".
>>> Last update of whois database: Thu, 23 Dec 2010
00:41:40 UTC <<<
#
# Query terms are ambiguous. The query is assumed to be:
# "n 203.45.77.9"
#
# Use "?"
to get help.
#
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=203.45.77.9?showDetails=true&showARIN=false
#
NetRange:
203.0.0.0 - 203.255.255.255
CIDR: 203.0.0.0/8
OriginAS:
NetName:
APNIC-203
NetHandle: NET-203-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer:
TINNIE.ARIN.NET
NameServer: SEC1.AUTHDNS.RIPE.NET
NameServer: NS4.APNIC.NET
NameServer:
NS3.APNIC.NET
NameServer: NS1.APNIC.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP
address range is not registered in the ARIN database.
Comment: For details, refer to the
APNIC Whois Database via
Comment: WHOIS.APNIC.NET or
http://wq.apnic.net/apnic-bin/whois.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional
Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate
networks
Comment: using this IP address range and is not able to investigate
Comment:
spam or abuse reports relating to these addresses. For more
Comment: help, refer to
http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
RegDate: 1994-04-05
Updated:
2010-08-02
Ref: http://whois.arin.net/rest/net/NET-203-0-0-0-1
OrgName:
Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 2131
City:
Milton
StateProv: QLD
PostalCode: 4064
Country: AU
RegDate:
Updated:
2004-03-01
Ref: http://whois.arin.net/rest/org/APNIC
ReferralServer:
whois://whois.apnic.net
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone:
+61 7 3858 3188 begin_of_the_skype_highlighting +61 7 3858 3188 end_of_the_skype_highlighting
OrgTechEmail: [email protected]
OrgTechRef:
http://whois.arin.net/rest/poc/AWC12-ARIN
#
# ARIN WHOIS data and services are subject to the Terms
of Use
# available at: https://www.arin.net/whois_tou.html
|
It tries to copy off this site: https://wumt.westernunion.com/asp/regLogin.asp (with no script to redirect)
The only reason I'm in doubt is that if you take away the part after the first "/", you'll end up having a legitimate looking site, which is to be found here: http://sydney123.lnk.telstra.net/
So what should be done about this?
If it gets to a stage where it has to be reported, I'd like to do so myself. |
_________________ Dai Teatime - real name Anderson Frank:
- Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
- Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
x2
-x14
x5 - Charity lads
x6 x2
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished
Last edited by TheProbie on Mon Dec 26, 2011 8:57 pm; edited 1 time in total |
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Thu Dec 23, 2010 12:59 am |
|
Hi TheProbie,
It looks like that link is already dead and I don't see the actual link in your email, but I am willing to bet it was a phishing site. Was it a login page for WU or something like that?
Usually those funky looking long URLs are phishing sites and they are also many times found on legit domains -- the phishers are able to get the phishing page on the legit site just long enough to collect the info from some vics before it is found and pulled.
We don't deal with phishing sites here in the FB as the real company can handle it much better and faster than us. If you google 'phish' and the name of the real company (like in this case WU), you will usually find the email address to send the phish email to.
Always better to ask if you don't know about a site. And if I have misunderstood your post, just let me know. |
_________________
x 2714
Paga John Paga Willie Paga Kingsley James
The Dynamic Duo Travels! |
|
|
|
TheProbie
Master of Master Baiters
Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1
|
Posted:
Thu Dec 23, 2010 1:05 am |
|
Hello Dora,
You didn't misunderstand my post.
Thanks for the advice , I'll do that next time |
_________________ Dai Teatime - real name Anderson Frank:
- Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
- Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
x2
-x14
x5 - Charity lads
x6 x2
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished |
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Thu Dec 23, 2010 3:30 am |
|
|
|
|
woody999
Baiting Guru
Joined: 30 May 2009
Posts: 20608
Location: East of Humptulips
|
Posted:
Thu Feb 10, 2011 7:33 am |
|
This one can be moved to the offline forum |
_________________ "thank you for making me a fool" CC lad
"I lost my assories" Barr. Angus Bu...g
"YOU NEED SOME DOCTOR" Barrister Peter Paul
I dont know who is lieing ,either you or F3lcha1r
is annoying to watch my email for a whole day and not read from you-
>178 x 200 x2
Peru : sri lanka : USVI : Oman x 5816
x 45 x2 |
|
|
|
Ima Baeder
Baiting Guru
Joined: 03 May 2007
Posts: 18313
|
Posted:
Sat Feb 12, 2011 5:20 pm |
|
Moved here from the Fake Sites forum since it's phishing. |
_________________ 348 Fake Sites killed
x 100 2 Years |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|