Last visit was: Sat Jul 05, 2014 1:54 pm
It is currently Sat Jul 05, 2014 1:54 pm

Your Webmail Provider phish on a zombie domain


All times are UTC - 5 hours [ DST ]


 [ 2 posts ] 
Author Message
 PostPosted: Sat Sep 12, 2009 11:15 am   
Spammer Exterminator
User avatar

Joined: Mon Feb 26, 2007 11:13 pm
Posts: 1132
Found the following email:
Code:
Return-Path: <[email protected]>
Received: from aaliptha.com (dns1.aaliptha.com [203.129.240.200])
        by x (8.13.6/8.13.6) with ESMTP id n8CCPDZR029294
        for <[email protected]>; Sat, 12 Sep 2009 08:25:16 -0400
Received: (qmail 27364 invoked by uid 33); 12 Sep 2009 12:46:26 -0000
Date: 12 Sep 2009 12:46:26 -0000
Message-ID: <[email protected]>
To: spurious
Subject: Subject: **ACCOUNT SECURITY UPGRADE**
From: "[email protected]" <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
X-SpamBouncer: 2.2 (04/16/06)
X-SBNote: From Admin
X-SBRule: Received IP: 203.129.240.200 is in no-more-funn (spam sources)
X-SBBlocklist-URL: http://moensted.dk/spam/no-more-funn/?addr=203.129.240.200
X-SBNote: Spamcop Standard Report submitted.
X-SBClass: Spam
X-Folder: Spam
Status:   

Subject: **ACCOUNT SECURITY UPGRADE**

A new email server with secure E-mail has been implemented and configuration to replace old CS email server. As a result, we are shutting down your account.

To confirm your active/inactive account you, are required to send us your E-mail account details listed below for verification. These information would be needed to verify your account and to avoid being shut down;

Click on reply and fill the information below correctly.

* Email:
* User name:
* Password:
* Password Again:
* Date of Birth:

Warning!!! All account owner are advised to follow this instruction immediately to avoid loosing your email account permanently.

Thanks for your understanding!

                 .:: WEBMAIL ADMINISTRATOR::.


The sending network is bogus and blocklisted, but the Reply-to network is particularly interesting:
Code:
$ dig mx mail2webmaster.com         

; <<>> DiG 9.2.3rc4 <<>> mx mail2webmaster.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22711
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;mail2webmaster.com.            IN      MX

;; ANSWER SECTION:
mail2webmaster.com.     86400   IN      MX      10 publicms2.mail2world.com.
mail2webmaster.com.     86400   IN      MX      5 publicms1.mail2world.com.

;; AUTHORITY SECTION:
mail2webmaster.com.     172724  IN      NS      ns02.mail2world.com.
mail2webmaster.com.     172724  IN      NS      ns01.mail2world.com.

;; Query time: 121 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Sep 12 10:52:21 2009
;; MSG SIZE  rcvd: 137

These four hosts are on four entirely different networks:

$ host publicms2.mail2world.com
publicms2.mail2world.com has address 65.74.168.215
$ host publicms1.mail2world.com
publicms1.mail2world.com has address 216.163.188.54
$ host ns02.mail2world.com
ns02.mail2world.com has address 74.202.142.53
$ host ns01.mail2world.com
ns01.mail2world.com has address 209.67.128.53


mail2webmaster.com (209.67.128.20)

mail2world, Inc SAVV-S265634-1 (NET-209-67-128-0-1)
                                  209.67.128.0 - 209.67.129.255


Reported to SAVVIS, though I don't expect much to come of that.

_________________
Only on our site you will find a SPICE under the comprehensible prices!


Top
 Profile  
 PostPosted: Sat Sep 12, 2009 2:01 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
mail2world.com is another freemail provider. Numerous 419 spammers use mail2world addresses as an alternative to both GMail and Hotmail, both of whom have become far more efficient at shutting down accounts used in 419 scams.

mail2world.com is not a malicious domain.

ADD: you can report this message by emailing: [email protected]

SiL


Top
 Profile  
 [ 2 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008