By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here. - Internet Anti-Fraud Center - now open!

View next topic
View previous topic
Post new topicReply to topic
Author Message
Not quite a Newb

Joined: 18 Oct 2011
Posts: 73

PostPosted: Sun Dec 11, 2011 6:20 pm Reply with quoteBack to top

I am going to need somebody to kill this.

IP lookup with Google Name Server:

Non-authoritative answer:

This is all I can get with the Who-IS:
% Copyright (c)
% The use of the data below is only permitted as described in
% full by the terms of use (,
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% [] 2011-12-11 16:13:45 (BRST -02:00)

% You don't have permission to use this service

% Security and mail abuse issues should also be addressed to
%,, respectivelly to [email protected]
% and [email protected]
% accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.

Here is a screenshot of the Phishing Website (see the URL bar, please):

Email Header:

Authentication-Results:; sender-id=pass (sender IP is [email protected]; dkim=neutral; x-hmca=pass

X-Message-Status: s1:0:n

X-SID-PRA: Account Update <[email protected]>

X-SID-Result: Pass


X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0w

X-Message-Info: iIOHNJf19lhhZTL2SWx/q/qyQ2BmquAbRDplAwEKbi/KYFQ5kniLwI4pxNcAwJ6nWXNyUHOH6yb3tDkMiD+OE9w8wZeeqeR2ckwUYmhjhH4vrdm2fTFFu3ht5Zz+lTlZYhBMyEUdmy8=

Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4900);

Thu, 8 Dec 2011 15:14:08 -0800

Received: from COL108-W52 ([]) by with Microsoft SMTPSVC(6.0.3790.4675);

Thu, 8 Dec 2011 15:14:08 -0800

Message-ID: <[email protected]>

Return-Path: [email protected]

Content-Type: multipart/alternative;


X-Originating-IP: []

From: Account Update <[email protected]>

To: <[email protected]>

Subject: =?windows-1256?Q?Hotmail_Al?= =?windows-1256?Q?ert:_Fraud?=

=?windows-1256?Q?_Departmen?= =?windows-1256?Q?t_verifica?=

=?windows-1256?Q?tion_for_y?= =?windows-1256?Q?our_Hotmai?=


Date: Thu, 8 Dec 2011 23:14:07 +0000

Importance: Normal

MIME-Version: 1.0

X-OriginalArrivalTime: 08 Dec 2011 23:14:08.0004 (UTC) FILETIME=[1629FC40:01CCB5FF]


Content-Type: text/plain; charset="windows-1256"

Content-Transfer-Encoding: 8bit

Analysis of E-Mail Header: wrote:
Header Analysis Quick Report<br>Originating IP:<br>Originating ISP: Visafone Communications Limited<br> City: Port Harcourt<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline

Actual Email Sent to Me:
From: [email protected]
To: [email protected]
Subject: Hotmail Alert: Fraud Department verification for your Hotmail account‏
Date: Thu, 8 Dec 2011 23:14:07 +0000

Dear Hot Mail USER,

It has become noticeable that another party has been trying to corrupt your ACCOUNT and has violated our user Agreement policy listed, for this some incoming email has been held until you verify your Account...


Unless otherwise specified, the Hotmail site/Services are for your personal and non-commercial use. you may not modify,copy,distribute,transmit,display,perform,reproduce,publish,license,create derivative work from, transfer, or sell any information, software, products or service obtained from the Hotmail Sites/Services.

You received this notice from the Hotmail because a website was bought fraudulently and it has come to our attention that your account may cause interruptions with other Hotmail members and Hotmail requires immediate verification for your account; please verify your account or the account may become disabled.
Please verify your Account: Click here

Mike Jones
Hotmail Alert Fraud Department
Case Number: NL1FB0HOTMAIL
View user's profileSend private message
Ima Baeder
Baiting Guru

Joined: 03 May 2007
Posts: 18314

PostPosted: Sun Dec 11, 2011 7:04 pm Reply with quoteBack to top

Hi jbirky,

We don't deal with phishing sites here, just the fake sites scammers are using for their advance fee fraud scams.
I'll leave this thread here until you've had a chance to see it and then move it over to misc. scams.

Please do report the phishing page, though. It might be a hacked domain:

The site is hosted by ThePlanet. You can report it to them: [email protected]
You can also report it to hotmail. They'll probably work to take it down. Directions for reporting it are here:
Additionally, please report it here: [email protected]

348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
Baiting Guru

Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi

PostPosted: Thu Jan 26, 2012 7:07 pm Reply with quoteBack to top

Marking this NA and it can be moved now, I think. Wink

United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic

 Jump to:   

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

E-Mail Header Analysis

All Content © 2003 -
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT