uid1307457
Premium
join:2005-12-30
Tempe, AZ
 ·Qwest.net
·Convergent Interne..
 ·DIRECTV
2 edits | [Phishing] monster phish
the mail to email dont work for me ever, so here it is attached, there was a txt file with it so i zipped the html and txt together.
the links goes to some online finance site.
quote:
From Monster Wed Oct 25 11:45:54 2006
X-Apparently-To: @yahoo.com via 209.191.124.129; Wed, 25 Oct 2006 07:45:55 -0700
X-Originating-IP: [68.142.200.255]
Return-Path:
Authentication-Results: mta530.mail.mud.yahoo.com from=route.monster.com; domainkeys=neutral (no sig)
Received: from 68.142.200.255 (HELO smtp107.biz.mail.mud.yahoo.com) (68.142.200.255) by mta530.mail.mud.yahoo.com with SMTP; Wed, 25 Oct 2006 07:45:55 -0700
Received: (qmail 53230 invoked from network); 25 Oct 2006 14:45:55 -0000
Received: from unknown (HELO localhost) (a27@online-hommery.com@4.79.181.237 with login) by smtp107.biz.mail.mud.yahoo.com with SMTP; 25 Oct 2006 14:45:54 -0000
X-Mailer: Microsoft Outlook, Build 10.0.2627
Envelope-to: n
Reply-to: Monster
Message-ID:
From: "Monster" Add to Address BookAdd to Address Book Add Mobile Alert
To: "n"
Subject: An Important message for n
Date: Wed, 25 Oct 2006 14:45:54 -0400
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary="----------"
Content-Length: 2320
bolded is obvious phish indicator
--
when given enough factual proof that god exists, i will believe it; until then there is no god. -Tim822002 |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
| Please forward the original email to me as an attachment to the email address in my profile.
I'll manually submit it for you-
THanks !
-amy-
--
DSLR Phishtracker |
|
xmrocks
Premium,MVM
join:2003-09-23
clubs:   |  reply to uid1307457
Phish4980
 |
|
NS4683
join:2000-08-25
Hoboken, NJ
| reply to uid1307457
I just received this phish, but what puzzles me is the fact it has my name in it. Does this mean that Monster has been compromised? I clicked the link to download the file but it's an EXE and I don't use Windows. Does anyone know what that EXE does? |
|
uid1307457
Premium
join:2005-12-30
Tempe, AZ | its a virus. |
|
Greg_Z
Premium
join:2001-08-08
Springfield, IL
·Comcast
1 edit | reply to uid1307457
Result for online-hommery.com
--> fwhois online-hommery.com@whois.internic.net
[whois.internic.net]
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
Domain Name: ONLINE-HOMMERY.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: »www.melbourneit.com
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Status: clientTransferProhibited
Updated Date: 16-oct-2006
Creation Date: 16-oct-2006
Expiration Date: 16-oct-2007
The Registry database contains ONLY .COM, .NET, .EDU domains and
--> fwhois online-hommery.com@whois.melbourneit.com:whois
[whois.MelbourneIT.com.au]
Domain Name.......... online-hommery.com
Creation Date........ 2006-10-16
Registration Date.... 2006-10-16
Expiry Date.......... 2007-10-16
Organisation Name.... peter bartelloni
Organisation Address. 125 far horizons dr
Organisation Address.
Organisation Address. Easton
Organisation Address. 06612
Organisation Address. CT
Organisation Address. UNITED STATES
Admin Name........... peter bartelloni
Admin Address........ 125 far horizons dr
Admin Address........
Admin Address........ Easton
Admin Address........ 06612
Admin Address........ CT
Admin Address........ UNITED STATES
Admin Email.......... fordnofler@yahoo.com
Admin Phone.......... +1.2034673580
Admin Fax............
Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +1.6198813096
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
Address list (125 far horizon dr, easton ct) is in a residential area »www.google.com/maps?ie=UTF-8&oe=···ab=wl&q=
--
I threw out the map a long time ago. Now I follow my own direction! |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | The ONLINE-HOMMERY.COM domain was more than likely registered with a stolen/phished credit card, which is typical for scam domains.
Peter Bartelloni at that address was born in 1928, which makes him about 78 years old. Not your typical scam domain registrant!!. I am sure he has no idea that this is registered to him.
PS. On the other hand the contact email address for the domain fordnofler@yahoo.com does belong to the scammer
MGD |
|
