Author |
Message |
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Fri Jul 10, 2009 7:03 pm |
|
It was a normal Friday the bank phishing messages were starting to come in. A badly put together phishing message had the ususal link to a website.
This time it was a spoofed bank website with a host running interfereence. I reported the phishing URL to bank security and the host contact email. The response from the host was best descibed as different.
p.
Quote: |
From: [email protected] (Melbourne_IT)
Subject: Melbourne IT - My Private Registration
THIS IS AN AUTOMATED MESSAGE - DO NOT REPLY
You are attempting to contact a domain name that is protected by "My
Private Registration" service.
To ensure that your message is delivered to the administrative contact
you will need to complete the form at the following web site.
http://www.melbourneit.com.au/cc/emailmanagement/
You will need to submit the following information:
* Your Name & email address
* Your Message to the registrant
Regards
"My Private Registration" Team. |
The registration information for www.soopercu-uplimit23.org is
Quote: |
Website Title: Ultra Access - Home Banking
Title Relevancy 0%
Meta Description: main page of credit union website
Relevancy: 0% relevant.
Meta Keywords: credit union, credit union, banking, accounts, year, tools, sitemap, search, save, reorder, registration, rates, promotions, product, privacy, mortgages, invest, insure, free, enroll, contact, borrow, aggregation, account
Relevancy: 4% relevant
SEO Score: 72%
Terms: 37 (Unique: 28, Linked: 21)
Images: 1 (Alt tags missing: 0)
Links: 7 (Internal: 0, Outbound: 7)
Indexed Data
Registry Data
Created: 2009-07-10
Expires: 2010-07-10
Updated: 2009-07-10
Server Data
IP Address: 216.39.57.104 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location - California - Sunnyvale - Altavista Company
Response Code: 200
Domain Status: Registered And Active Website
Domain ID:D156619926-LROR
Domain Name:SOOPERCU-UPLIMIT23.ORG
Created On:10-Jul-2009 13:26:50 UTC
Last Updated On:10-Jul-2009 13:26:55 UTC
Expiration Date:10-Jul-2010 13:26:50 UTC
Sponsoring Registrar:Melbourne IT, Ltd. dba Internet Names Worldwide (R52-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:C124723046633911
Registrant Name:Matt Spider
Registrant Organization:Private Registration US
Registrant Street1:PO Box 61359
Registrant Street2:
Registrant Street3:
Registrant City:Sunnyvale
Registrant State/Province:CA
Registrant Postal Code:94088
Registrant Country:US
Registrant Phone:+1.5105952002
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: [email protected]
Admin ID:C12472304663398
Admin Name:PrivateRegContact Admin
Admin Organization:Private Reg US
Admin Street1:PO Box 61359
Admin Street2:
Admin Street3:
Admin City:Sunnyvale
Admin State/Province:CA
Admin Postal Code:94088
Admin Country:US
Admin Phone:+1.5105952002
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email: [email protected] |
|
|
|
|
|
Madhatter
Master Baiter
Joined: 27 Jun 2009
Posts: 172
|
Posted:
Fri Jul 10, 2009 7:48 pm |
|
Not sure who your who is but i get for www.soopercu-uplimit23.org
Quote: |
Address lookup
canonical name soopercu-uplimit23.org.
aliases
addresses 216.39.57.104
Domain Whois record
Queried whois.publicinterestregistry.net with "soopercu-uplimit23.org"...
Domain ID:D156619926-LROR
Domain Name:SOOPERCU-UPLIMIT23.ORG
Created On:10-Jul-2009 13:26:50 UTC
Last Updated On:10-Jul-2009 13:26:55 UTC
Expiration Date:10-Jul-2010 13:26:50 UTC
Sponsoring Registrar:Melbourne IT, Ltd. dba Internet Names Worldwide (R52-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:C124723046633911
Registrant Name:Matt Spider
Registrant Organization:Private Registration US
Registrant Street1:PO Box 61359
Registrant Street2:
Registrant Street3:
Registrant City:Sunnyvale
Registrant State/Province:CA
Registrant Postal Code:94088
Registrant Country:US
Registrant Phone:+1.5105952002
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:[email protected]
Admin ID:C12472304663398
Admin Name:PrivateRegContact Admin
Admin Organization:Private Reg US
Admin Street1:PO Box 61359
Admin Street2:
Admin Street3:
Admin City:Sunnyvale
Admin State/Province:CA
Admin Postal Code:94088
Admin Country:US
Admin Phone:+1.5105952002
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:[email protected]
Tech ID:C124723046633910
Tech Name:PrivateRegContact TECH
Tech Organization:Private Reg US
Tech Street1:PO Box 61359
Tech Street2:
Tech Street3:
Tech City:Sunnyvale
Tech State/Province:CA
Tech Postal Code:94088
Tech Country:US
Tech Phone:+1.5105952002
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:[email protected]
Name Server:YNS1.YAHOO.COM
Name Server:YNS2.YAHOO.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Network Whois record
Queried whois.arin.net with "216.39.57.104"...
OrgName: AltaVista Company
OrgID: ALTAVI-1
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 216.39.48.0 - 216.39.63.255
CIDR: 216.39.48.0/20
NetName: NETBLK-INTERNET-BLK-1-AV
NetHandle: NET-216-39-48-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2002-09-09
Updated: 2004-05-26
RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: [email protected]
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: [email protected]
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2009-07-09 19:10
|
I dont see Melbourne_IT at all, |
_________________ The man who smiles when things go wrong has thought of someone to blame it on. - Robert Bloch
X 4 X 3 X4
X 3 |
|
|
|
BluthBanana
Baiting Guru
Joined: 16 Sep 2008
Posts: 2260
Location: Balboa Towers
|
Posted:
Fri Jul 10, 2009 7:58 pm |
|
This is a phishing site. We don't deal with these here.
In fact, the legitimate site has a page dedicated to phishing: http://www.soopercu.org/phishing-examples.aspx. They even have an email address that they would like you to send the whole email to: [email protected]. They can take care of this site much quicker than we could.
I believe this belongs in the Miscellaneous Scams forum. |
_________________ {Area 419: Scambaiting Radio}
x11 x17 x3
x115
x2
Art baits: X-Wing
419 Eater Theatre: The Hitchhiker
Lads & Crocodiles: x3 x3 {John} {Willie} {Kingsley}
x2 - . .
"I will never forgive you for all the pains, trouble, frustrations, strandedness and disappointments you have caused us." - David |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|