SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 sydney123.lnk.telstra.net/www/westernunion/asp/regLogin/inde

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
TheProbie
Master of Master Baiters


Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1


PostPosted: Thu Dec 23, 2010 12:47 am Reply with quoteBack to top

I found this in my catcher

http://sydney123.lnk.telstra.net/www/westernunion/asp/regLogin/inde

Mail with headers wrote:

Delivered-To:[]
Received: by 10.150.201.13 with SMTP id y13cs50087ybf;
Wed, 22 Dec 2010 15:41:27 -0800 (PST)
Received: by 10.236.95.17 with SMTP id o17mr113990yhf.10.1293061280267;
Wed, 22 Dec 2010 15:41:20 -0800 (PST)
Return-Path: <[email protected]>
Received: from hornet.saude.df.gov.br (hornet.saude.df.gov.br [200.193.236.52])
by mx.google.com with SMTP id 28si14627032yhl.206.2010.12.22.15.33.58;
Wed, 22 Dec 2010 15:41:20 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 200.193.236.52 as permitted sender) client-ip=200.193.236.52;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 200.193.236.52 as permitted sender) [email protected]
Received: from saude.df.gov.br ( [10.85.3.152])
by hornet.saude.df.gov.br [172.16.0.3];
Wed, 22 Dec 2010 20:39:02 0000
(envelope-from [email protected])
Received: from webmail.saude.df.gov.br (localhost [127.0.0.1])
by saude.df.gov.br (AIX5.3/8.13.4/8.11.0) with ESMTP id oBMNXx1Y1196066;
Wed, 22 Dec 2010 21:33:59 -0200
Received: from 41.184.2.121
(SquirrelMail authenticated user gablacen)
by webmail.saude.df.gov.br with HTTP;
Wed, 22 Dec 2010 21:33:59 -0200
Message-ID: <[email protected]r>
Date: Wed, 22 Dec 2010 21:33:59 -0200
Subject:
From: "Western Union Money Transfer(WUMT)" <[email protected]>
Reply-To: [email protected]
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AkerSMTPGW-ServerID: 31870ea6565b18cbe33083d260fb835333eafb8e
X-AkerSMTPGW-MessageID: 4532e5cbe6eb3fdcc1faad85e733ad2d710719f5-0o

Dear Winner,

Congratulation! the sum amount of �2,850,000,00 was awarded to you by
Western Union Money Transfer, as one of our customers who used Western
Union Money Transfer transaction in the past. This is our own way to say
thank you for using us as means of money transfer.

To ensure a smooth collection of your winnings, the transfer of your prize
is to be handled by our Prize Transfer agents.

You are to contact our agents by email or fax within a week of receiving
this notice. Please find full contact details
below:

Name: Philip Page.
FOREIGN SERVICE MANAGER,
GATEWAY SECURITIES Ltd,
E-mail: [email protected]
Tel: +447024042657
Fax: +447024034598

Congratulation

Sincerely,
Western Union Agent.


WhoIS info wrote:

hois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with

many different competing registrars. Go to http://www.internic.net
for detailed information.

No

match for domain "SYDNEY123.LNK.TELSTRA.NET".
>>> Last update of whois database: Thu, 23 Dec 2010

00:41:40 UTC <<<

#
# Query terms are ambiguous. The query is assumed to be:
# "n 203.45.77.9"
#
# Use "?"

to get help.
#

#
# The following results may also be obtained via:
#

http://whois.arin.net/rest/nets;q=203.45.77.9?showDetails=true&showARIN=false
#

NetRange:

203.0.0.0 - 203.255.255.255
CIDR: 203.0.0.0/8
OriginAS:
NetName:

APNIC-203
NetHandle: NET-203-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer:

TINNIE.ARIN.NET
NameServer: SEC1.AUTHDNS.RIPE.NET
NameServer: NS4.APNIC.NET
NameServer:

NS3.APNIC.NET
NameServer: NS1.APNIC.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP

address range is not registered in the ARIN database.
Comment: For details, refer to the

APNIC Whois Database via
Comment: WHOIS.APNIC.NET or

http://wq.apnic.net/apnic-bin/whois.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional

Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate

networks
Comment: using this IP address range and is not able to investigate
Comment:

spam or abuse reports relating to these addresses. For more
Comment: help, refer to

http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
RegDate: 1994-04-05
Updated:

2010-08-02
Ref: http://whois.arin.net/rest/net/NET-203-0-0-0-1

OrgName:

Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 2131
City:

Milton
StateProv: QLD
PostalCode: 4064
Country: AU
RegDate:
Updated:

2004-03-01
Ref: http://whois.arin.net/rest/org/APNIC

ReferralServer:

whois://whois.apnic.net

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone:

+61 7 3858 3188 begin_of_the_skype_highlighting +61 7 3858 3188 end_of_the_skype_highlighting
OrgTechEmail: [email protected]
OrgTechRef:

http://whois.arin.net/rest/poc/AWC12-ARIN

#
# ARIN WHOIS data and services are subject to the Terms

of Use
# available at: https://www.arin.net/whois_tou.html


It tries to copy off this site: https://wumt.westernunion.com/asp/regLogin.asp (with no script to redirect)

The only reason I'm in doubt is that if you take away the part after the first "/", you'll end up having a legitimate looking site, which is to be found here: http://sydney123.lnk.telstra.net/

So what should be done about this?

If it gets to a stage where it has to be reported, I'd like to do so myself.

_________________
Dai Teatime - real name Anderson Frank:
Safari - Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
Safari - Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
Closed lad accounts x2

United KingdomUnited StatesBurkina FasoGhanaCanadaSpainNigeriaGermanyIreland-x14
Closed lad accounts x5 - Charity lads
Closed lad accounts x6 x2
Easter Egg 2012
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished

Last edited by TheProbie on Mon Dec 26, 2011 8:57 pm; edited 1 time in total
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Thu Dec 23, 2010 12:59 am Reply with quoteBack to top

Hi TheProbie,

It looks like that link is already dead and I don't see the actual link in your email, but I am willing to bet it was a phishing site. Was it a login page for WU or something like that?

Usually those funky looking long URLs are phishing sites and they are also many times found on legit domains -- the phishers are able to get the phishing page on the legit site just long enough to collect the info from some vics before it is found and pulled.

We don't deal with phishing sites here in the FB as the real company can handle it much better and faster than us. If you google 'phish' and the name of the real company (like in this case WU), you will usually find the email address to send the phish email to.

Always better to ask if you don't know about a site. And if I have misunderstood your post, just let me know. Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
TheProbie
Master of Master Baiters


Joined: 24 Oct 2010
Posts: 907
Location: Guarding Goat #1


PostPosted: Thu Dec 23, 2010 1:05 am Reply with quoteBack to top

Hello Dora,

You didn't misunderstand my post.
Thanks for the advice Smile, I'll do that next time

_________________
Dai Teatime - real name Anderson Frank:
Safari - Lagos to Accra (WIMP) + unconfirmed travel from Lagos to Cotonou
Safari - Lagos to Nairobi (big beacon hunt, starring Robert Heinrich - featuring myself, Dr. Mike, Muzungu, Gwonam and TheDane)
best quote: I HATE MYSELF MORE EACH DAY TO REALISE THAT I FALL A VICTIM.
Closed lad accounts x2

United KingdomUnited StatesBurkina FasoGhanaCanadaSpainNigeriaGermanyIreland-x14
Closed lad accounts x5 - Charity lads
Closed lad accounts x6 x2
Easter Egg 2012
"Why will i be afraid? Even the government knows its was a result of what they did to us back then, although is not encouraging but it can't stop" - Lad answering if he's afraid of being punished
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Thu Dec 23, 2010 3:30 am Reply with quoteBack to top

No problem. Glad to help. Wink

Marking this as N/A.

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
woody999
Dormain Reshuffler


Joined: 30 May 2009
Posts: 19799
Location: East of Humptulips


PostPosted: Thu Feb 10, 2011 7:33 am Reply with quoteBack to top

This one can be moved to the offline forum

_________________
"thank you for making me a fool" CC lad
"I lost my assories" Barr. Angus Bu...g

"YOU NEED SOME DOCTOR" Barrister Peter Paul

I dont know who is lieing ,either you or F3lcha1r

is annoying to watch my email for a whole day and not read from you-
>178 Closed lad accounts x 198 Goat Easter Egg Purple Flower x2
United StatesNigeriaSpainUnited KingdomChinaGhanaUnited NationsThailandFilipino flagCambodia FlagcameroonGermanyMalaysiaSouth AfricaCanadaBeninRussiaFranceCayman IslandsLuxembourg
Ivory CoastBurkina FasoPortugalUnited Arab EmiratesTogoMexican FlagNetherlandsAustraliaIndonesiaSwitzerlandItalySenegalTurkeyJapanGibraltar
Peru : sri lanka : USVI : Oman x 5815
Cellphone x 45 Nurse Nastys Audi TT x2
View user's profileSend private messageSend e-mail
Ima Baeder
419Eater Admin


Joined: 03 May 2007
Posts: 18314


PostPosted: Sat Feb 12, 2011 5:20 pm Reply with quoteBack to top

Moved here from the Fake Sites forum since it's phishing.

_________________
348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT