SmartFeedSmartFeed          

Anti Scam News Blog


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 http://alacorte.com.br/hotmaill/

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
jbirky
Not quite a Newb


Joined: 18 Oct 2011
Posts: 73


PostPosted: Sun Dec 11, 2011 6:20 pm Reply with quoteBack to top

I am going to need somebody to kill this.


IP lookup with Google Name Server:
Quote:
C:\>nslookup alacorte.com.br 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: alacorte.com.br
Address: 174.132.250.146


This is all I can get with the Who-IS:
Quote:
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% [66.240.194.197] 2011-12-11 16:13:45 (BRST -02:00)


% You don't have permission to use this service

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.



Here is a screenshot of the Phishing Website (see the URL bar, please):
Image



Email Header:
Quote:
x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnL8LqRHZDpO0Z2I3W+VUzGZ4WPrRcHKsbU8KDNmJZMJflqgQDL96aynjhYpL4LK5p90bQAkKm+bSHZI34MkpDjg==

Authentication-Results: hotmail.com; sender-id=pass (sender IP is 65.55.34.157) header.from=barr-kimberly-law4all1@hotmail.com; dkim=neutral header.d=hotmail.com; x-hmca=pass

X-Message-Status: s1:0:n

X-SID-PRA: Account Update <barr-kimberly-law4all1@hotmail.com>

X-SID-Result: Pass

X-AUTH-Result: PASS

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0w

X-Message-Info: iIOHNJf19lhhZTL2SWx/q/qyQ2BmquAbRDplAwEKbi/KYFQ5kniLwI4pxNcAwJ6nWXNyUHOH6yb3tDkMiD+OE9w8wZeeqeR2ckwUYmhjhH4vrdm2fTFFu3ht5Zz+lTlZYhBMyEUdmy8=

Received: from col0-omc3-s18.col0.hotmail.com ([65.55.34.157]) by COL0-HMMC1-F8.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);

Thu, 8 Dec 2011 15:14:08 -0800

Received: from COL108-W52 ([65.55.34.137]) by col0-omc3-s18.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);

Thu, 8 Dec 2011 15:14:08 -0800

Message-ID: <COL108-W52DCD8C64D6DB09B68E398DDB80@phx.gbl>

Return-Path: barr-kimberly-law4all1@hotmail.com

Content-Type: multipart/alternative;

boundary="_416a982b-3038-4165-80d5-1f077c8b6b2b_"

X-Originating-IP: [41.71.174.50]

From: Account Update <barr-kimberly-law4all1@hotmail.com>

To: <jbirk@hotmail.com>

Subject: =?windows-1256?Q?Hotmail_Al?= =?windows-1256?Q?ert:_Fraud?=

=?windows-1256?Q?_Departmen?= =?windows-1256?Q?t_verifica?=

=?windows-1256?Q?tion_for_y?= =?windows-1256?Q?our_Hotmai?=

=?windows-1256?Q?l_account=FE?=

Date: Thu, 8 Dec 2011 23:14:07 +0000

Importance: Normal

MIME-Version: 1.0

X-OriginalArrivalTime: 08 Dec 2011 23:14:08.0004 (UTC) FILETIME=[1629FC40:01CCB5FF]



--_416a982b-3038-4165-80d5-1f077c8b6b2b_

Content-Type: text/plain; charset="windows-1256"

Content-Transfer-Encoding: 8bit




Analysis of E-Mail Header:
ipTRACKERonline.com wrote:
Header Analysis Quick Report<br>Originating IP: 41.71.174.50<br>Originating ISP: Visafone Communications Limited<br> City: Port Harcourt<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline



Actual Email Sent to Me:
Quote:
From: barr-kimberly-law4all1@hotmail.com
To: jbirk@hotmail.com
Subject: Hotmail Alert: Fraud Department verification for your Hotmail account‏
Date: Thu, 8 Dec 2011 23:14:07 +0000

Dear Hot Mail USER,

It has become noticeable that another party has been trying to corrupt your ACCOUNT and has violated our user Agreement policy listed, for this some incoming email has been held until you verify your Account...

PERSONAL AND NON COMMERCIAL USE LIMITATION

Unless otherwise specified, the Hotmail site/Services are for your personal and non-commercial use. you may not modify,copy,distribute,transmit,display,perform,reproduce,publish,license,create derivative work from, transfer, or sell any information, software, products or service obtained from the Hotmail Sites/Services.

You received this notice from the Hotmail because a website was bought fraudulently and it has come to our attention that your account may cause interruptions with other Hotmail members and Hotmail requires immediate verification for your account; please verify your account or the account may become disabled.
Please verify your Account: Click here http://alacorte.com.br/hotmaill/

Sincerely
Mike Jones
Hotmail Alert Fraud Department
Case Number: NL1FB0HOTMAIL
View user's profileSend private message
Ima Baeder
419Eater Admin


Joined: 03 May 2007
Posts: 17050


PostPosted: Sun Dec 11, 2011 7:04 pm Reply with quoteBack to top

Hi jbirky,

We don't deal with phishing sites here, just the fake sites scammers are using for their advance fee fraud scams.
I'll leave this thread here until you've had a chance to see it and then move it over to misc. scams.

Please do report the phishing page, though. It might be a hacked domain: http://alacorte.com.br/

The site is hosted by ThePlanet. You can report it to them: abuse@theplanet.com
You can also report it to hotmail. They'll probably work to take it down. Directions for reporting it are here: http://www.microsoft.com/security/online-privacy/phishing-faq.aspx
Additionally, please report it here: reportphishing@antiphishing.org

_________________
348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9242
Location: Taking Early Retirement


PostPosted: Thu Jan 26, 2012 7:07 pm Reply with quoteBack to top

Marking this NA and it can be moved now, I think. Wink

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme :: All times are GMT