Author |
Message |
jbirky
Not quite a Newb
Joined: 18 Oct 2011
Posts: 73
|
Posted:
Sun Dec 11, 2011 6:20 pm |
|
I am going to need somebody to kill this.
IP lookup with Google Name Server:
Quote: |
C:\>nslookup alacorte.com.br 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: alacorte.com.br
Address: 174.132.250.146
|
This is all I can get with the Who-IS:
Quote: |
% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use (http://registro.br/termo/en.html),
% being prohibited its distribution, comercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% [66.240.194.197] 2011-12-11 16:13:45 (BRST -02:00)
% You don't have permission to use this service
% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to [email protected]
% and [email protected]
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), ticket, provider, ID, CIDR
% block, IP and ASN.
|
Here is a screenshot of the Phishing Website (see the URL bar, please):
Email Header:
Quote: |
x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnL8LqRHZDpO0Z2I3W+VUzGZ4WPrRcHKsbU8KDNmJZMJflqgQDL96aynjhYpL4LK5p90bQAkKm+bSHZI34MkpDjg==
Authentication-Results: hotmail.com; sender-id=pass (sender IP is 65.55.34.157) [email protected]; dkim=neutral header.d=hotmail.com; x-hmca=pass
X-Message-Status: s1:0:n
X-SID-PRA: Account Update <[email protected]>
X-SID-Result: Pass
X-AUTH-Result: PASS
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: iIOHNJf19lhhZTL2SWx/q/qyQ2BmquAbRDplAwEKbi/KYFQ5kniLwI4pxNcAwJ6nWXNyUHOH6yb3tDkMiD+OE9w8wZeeqeR2ckwUYmhjhH4vrdm2fTFFu3ht5Zz+lTlZYhBMyEUdmy8=
Received: from col0-omc3-s18.col0.hotmail.com ([65.55.34.157]) by COL0-HMMC1-F8.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Thu, 8 Dec 2011 15:14:08 -0800
Received: from COL108-W52 ([65.55.34.137]) by col0-omc3-s18.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 8 Dec 2011 15:14:08 -0800
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_416a982b-3038-4165-80d5-1f077c8b6b2b_"
X-Originating-IP: [41.71.174.50]
From: Account Update <[email protected]>
To: <[email protected]>
Subject: =?windows-1256?Q?Hotmail_Al?= =?windows-1256?Q?ert:_Fraud?=
=?windows-1256?Q?_Departmen?= =?windows-1256?Q?t_verifica?=
=?windows-1256?Q?tion_for_y?= =?windows-1256?Q?our_Hotmai?=
=?windows-1256?Q?l_account=FE?=
Date: Thu, 8 Dec 2011 23:14:07 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Dec 2011 23:14:08.0004 (UTC) FILETIME=[1629FC40:01CCB5FF]
--_416a982b-3038-4165-80d5-1f077c8b6b2b_
Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: 8bit
|
Analysis of E-Mail Header:
ipTRACKERonline.com wrote: |
Header Analysis Quick Report<br>Originating IP: 41.71.174.50<br>Originating ISP: Visafone Communications Limited<br> City: Port Harcourt<br>Country of Origin: Nigeria<br>* For a complete report on this email header goto ipTRACKERonline |
Actual Email Sent to Me:
Quote: |
From: [email protected]
To: [email protected]
Subject: Hotmail Alert: Fraud Department verification for your Hotmail account‏
Date: Thu, 8 Dec 2011 23:14:07 +0000
Dear Hot Mail USER,
It has become noticeable that another party has been trying to corrupt your ACCOUNT and has violated our user Agreement policy listed, for this some incoming email has been held until you verify your Account...
PERSONAL AND NON COMMERCIAL USE LIMITATION
Unless otherwise specified, the Hotmail site/Services are for your personal and non-commercial use. you may not modify,copy,distribute,transmit,display,perform,reproduce,publish,license,create derivative work from, transfer, or sell any information, software, products or service obtained from the Hotmail Sites/Services.
You received this notice from the Hotmail because a website was bought fraudulently and it has come to our attention that your account may cause interruptions with other Hotmail members and Hotmail requires immediate verification for your account; please verify your account or the account may become disabled.
Please verify your Account: Click here http://alacorte.com.br/hotmaill/
Sincerely
Mike Jones
Hotmail Alert Fraud Department
Case Number: NL1FB0HOTMAIL |
|
|
|
|
|
Ima Baeder
Baiting Guru
Joined: 03 May 2007
Posts: 18313
|
Posted:
Sun Dec 11, 2011 7:04 pm |
|
Hi jbirky,
We don't deal with phishing sites here, just the fake sites scammers are using for their advance fee fraud scams.
I'll leave this thread here until you've had a chance to see it and then move it over to misc. scams.
Please do report the phishing page, though. It might be a hacked domain: http://alacorte.com.br/
The site is hosted by ThePlanet. You can report it to them: [email protected]
You can also report it to hotmail. They'll probably work to take it down. Directions for reporting it are here: http://www.microsoft.com/security/online-privacy/phishing-faq.aspx
Additionally, please report it here: [email protected] |
_________________ 348 Fake Sites killed
x 100 2 Years |
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Thu Jan 26, 2012 7:07 pm |
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|