SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Recieved an email asking me to confirm details, but no link?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
loki255
Hello I'm New here!


Joined: 11 Aug 2007
Posts: 12


PostPosted: Tue Aug 14, 2007 2:43 am Reply with quoteBack to top

I recieved what appeared to be a standard "verify your account" scam, but I can't find a link to the scammer's site anywhere on the email. I checked the images urls, and they appear to be from a http://kanaweb.bankone.com/ I'm not sure if this is the scam site or not, when I go to it, all I get is TEST THIS 54. I don't want to take any action against the image hoster's site untill I see the scam page, because for all I know, the scammer could be just leeching the images. Below is the email's source

Code:
Delivered-To: *****@gmail.com
Received: by 10.140.162.19 with SMTP id k19cs113359rve;
        Mon, 13 Aug 2007 11:54:37 -0700 (PDT)
Received: by 10.100.106.5 with SMTP id e5mr5255215anc.1187031275686;
        Mon, 13 Aug 2007 11:54:35 -0700 (PDT)
Return-Path: <[email protected]>
Received: from RCSEXCHANGE.rcslogistics.com (rrcs-72-43-166-74.nyc.biz.rr.com [72.43.166.74])
        by mx.google.com with ESMTP id c40si7566648anc.2007.08.13.11.54.34;
        Mon, 13 Aug 2007 11:54:35 -0700 (PDT)
Received-SPF: fail (google.com: domain of [email protected] does not designate 72.43.166.74 as permitted sender) client-ip=72.43.166.74;
Received: from User ([80.11.213.14]) by RCSEXCHANGE.rcslogistics.com with Microsoft SMTPSVC(6.0.3790.1830);
    Mon, 13 Aug 2007 14:54:49 -0400
From: "JPMorgan Chase & Co"<[email protected]>
Subject: Machine Identification Issue
Date: Mon, 13 Aug 2007 20:54:26 +0200
MIME-Version: 1.0
Content-Type: text/html;
   charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Bcc:
Return-Path: [email protected]
Message-ID: <[email protected]>
X-OriginalArrivalTime: 13 Aug 2007 18:54:49.0293 (UTC) FILETIME=[6C9997D0:01C7DDDB]

<td class="message"><!-- START MESSAGE --><HTML> <HEAD> 
</HEAD><html xmlns="http://www.w3.org/1999/xhtml">
<wmfiltered>
<table border="0" align="center" width="604" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="3">
<font size="1" face="Verdana">
</td>
</tr>
<tr>
<td colspan="3">
<table border="0" width="602" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">
<img width="1" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif" height="20"/>
</td>
</tr>
<tr>
<td width="22">
<img width="22" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif" height="1"/>
</td>
<td>
<img height="25" width="130" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/Chase_Logo.gif"/>
</td>
</tr>
<tr>
<td colspan="2">
<img width="1" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif" height="20"/>
</td>
</tr>
</tbody>
</table>
</td>
<td width="100%"/>
<td/>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="3">
<img height="24" width="604" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/Content_Border-Top.gif"/>
</td>
</tr>
<tr>
<td colspan="3">
<table border="0" align="center" width="604" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td bgcolor="#0467bc" width="1">
<img height="1" width="1" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif"/>
</td>
<td width="602">
<table border="0" width="602" cellpadding="0" cellspacing="8">
<tbody>
<tr>
<td>
<FONT size="2" face="Arial, Helvetica, sans-serif">
                  Dear valued Chase account holder,<br/>
<br/>
<br/>
                   We apologize for the inconvenience, but each time you log on using a computer we don't recognize, our new security guidelines require us to give you a new Activation Code.


                   <BR/>
<BR/> 
             
<a target="_blank" href="http://www.hurd.in/pub/bizpartner/chaseonline.chase.com/">
         Log on to Chase Internet Banking</a> and fill in the required informations. This is required for us to continue to offer you a safe and risk free environment.
           <BR/><br>
<b>Note: Please allow extra time</b> to receive Activation Codes by e-mail.  We send the code immediately, but many factors can influence how fast it appears in your inbox (internet traffic, ISPs, software settings, etc). If you ask us to send you a new Activation Code, the previous code will become invalid, even if it has not yet arrived.

<BR/> <br>
                    Thanks again for using our online services.<br><BR>

<br/>
     Sincerely,
     <br/>
     Chase Online Services


                       </FONT>
</td>
</tr>
</tbody>
</table>
</td>
<td bgcolor="#0467bc" width="1">
<img height="1" width="1" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif"/>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td colspan="3" bgcolor="#0467bc">
<img height="1" width="1" src="http://kanaweb.bankone.com/notifications/events/ccs_epay/images/spacer.gif"/>
</td>
</tr>
</tbody>
</table>
<br/>


Regarding the missing link, is he just dumb and forgot to include it, or did I miss it?
View user's profileSend private message
justjay
Baiting Guru


Joined: 22 Mar 2007
Posts: 2412
Location: ~Data Miner & Esoteric Trivia Collecter~


PostPosted: Tue Aug 14, 2007 4:51 am Reply with quoteBack to top

loki255 wrote:
...
a target="_blank" href="http://www.hurd.in/pub/bizpartner/chaseonline.chase.com/">
Log on to Chase Internet Banking ...
http://www.hurd.in/pub/bizpartner/chaseonline.chase.com/
is the link, but at the present time
Quote:
The connection has timed out.
The server at www.hurd.in is taking too long to respond.

Blocked by Netcraft as phishing site. RiskRating = 7
IP = 207.210.77.147 ==> Global Net Access

Quote:
Domain ID:D2217141-AFIN
Domain Name:HURD.IN
Created On:05-Apr-2006 07:49:02 UTC
Last Updated On:04-Jun-2006 19:20:43 UTC
Expiration Date:05-Apr-2008 07:49:02 UTC
Sponsoring Registrar:Name.com LLC (R65-AFIN)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:dsite-190499
Registrant Name:Praveen Kumar
Registrant Organization:Praveen Kumar
Registrant Street1:36, 16th Main 6th A Cross
Registrant Street2:BTM Layout II Stage
Registrant City:Bangalore
Registrant State/Province:Karanatka
Registrant Postal Code:India
Registrant Country:IN
Registrant Phone:+91.918041200679
Registrant Email:[email protected]
Admin ID:dsite-190501
Admin Name:Praveen Kumar
Admin Organization:Praveen Kumar
Admin Street1:36, 16th Main 6th A Cross
Admin Street2:BTM Layout II Stage
Admin City:Bangalore
Admin State/Province:Karanatka
Admin Postal Code:India
Admin Country:IN
Admin Phone:+91.918041200679
Admin Email:[email protected]
Tech ID:dsite-190500
Tech Name:Praveen Kumar
Tech Organization:Praveen Kumar
Tech Street1:36, 16th Main 6th A Cross
Tech Street2:BTM Layout II Stage
Tech City:Bangalore
Tech State/Province:Karanatka
Tech Postal Code:India
Tech Country:IN
Tech Phone:+91.918041200679
Tech Email:[email protected]
Name Server:NS1.NAME.COM
Name Server:NS2.NAME.COM
Name Server:NS3.NAME.COM
Name Server:NS4.NAME.COM
Quote:
Network Whois record
Queried whois.arin.net with "207.210.77.147"...

OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US

_________________
Dubitando ad veritatem pervenimus
aa419.org member
Site Killing Mortar x uncounted numbers
Mugu Resellerpyramid Closed lad accountsAustraliaUnited StatesUnited KingdomNetherlandsSwitzerlandGhanaBelgiumChinaNigeriaSpain
Ivory CoastCanadaBurkina FasoSenegalHong KongSouth AfricaEuropean UnionBahamas, TheBeninMalaysiaGermanyItalyTogo|¿?|
Over 1000 - no longer counting since sometime in 2008 + #unknown# assists
WDPRs >150 Netcraft>115
----
pony pony pony - just because...

Last edited by justjay on Tue Aug 14, 2007 4:17 pm; edited 1 time in total
View user's profileSend private message
dwgz
Not quite a Newb


Joined: 07 Aug 2007
Posts: 24
Location: Looking for gater bait


PostPosted: Tue Aug 14, 2007 3:09 pm Reply with quoteBack to top

I've got a question about this.... Received: from User ([80.11.213.14])

Comes up as this on what's my IP...
IP address location & IP address info:
IP address: 80.11.213.14
IP country: France
IP address state: Ile-de-France
IP address city: Drancy
IP latitude: 48.933300
IP longitude: 2.450000
ISP: France Telecom
Organization: France Telecom

Noob hijack, but now I'm confused. Where is this guy?

_________________
"cos am presently in gulf coast southern Arkansas" - His IP put him off the Nigerian coast
View user's profileSend private message
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Tue Aug 14, 2007 3:12 pm Reply with quoteBack to top

dwgz wrote:
Where is this guy?


ummm...cough... http://en.wikipedia.org/wiki/Botnet

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT