Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Commonwealth Bank of Australia

2 views
Skip to first unread message

Scam Buster

unread,
Jun 1, 2009, 3:23:16 AM6/1/09
to
The phish site was working a few minutes ago.

This junk came from:
64.6.225.1 <=> s1.n225.vds2000.com
64.6.224.0 - 64.6.255.255 is assigned to myhostcenter.com JUMPLINE (US)
64.6.225.1 is listed at: BBFH, Backscatter
BBFH says:
[4] See http://www.bbfh.org/ask34.cgi?64.6.225.0
Backscatter says:
Sorry 64.6.225.1 is blacklisted at
http://www.backscatterer.org/?ip=64.6.225.1

The phish site is hosted at:
pbx.intdev.co.za => 196.211.110.210, No reverse DNS.
196.208.0.0 - 196.211.255.255 is assigned to is.co.za (ZA)

That redirects to:
http://190.182.81.57/webapps/
190.182.81.57 => No reverse DNS
190.182.64.0 - 190.182.127.255 is assigned to metrotel.com.co (CO)
190.182.81.57 is listed at: PSBL, SORBS, WPBL, UCEPROTECT-3
PSBL says:
Listed in PSBL, see
http://psbl.surriel.com/listing?ip=190.182.81.57
SORBS says:
Exploitable Server See:
http://www.sorbs.net/lookup.shtml?190.182.81.57
UCEProtect says:
Your ISP METROTEL REDES S.A./AS8163 is UCEPROTECT-Level3 listed for
hosting a total of 911 abusers. See:
http://www.uceprotect.net/rblcheck.php?ipr=190.182.81.57
WPBL says:
Spam source - http://wpbl.info/record?ip=190.182.81.57

Notes:
Body decoded from quoted-printable to help google find things.

------- Forwarded Message

Return-Path: <secu...@onlineupdate.com>
[local routing snipped]
Received: from ps01.vds2000.com ([64.6.225.1] verified)
by fe.mail.megapathdsl.net (CommuniGate Pro SMTP 5.1.10)
with ESMTPS id 621761962 for xx...@megapathdsl.net; Sun, 31 May 2009
23:16:11 -0700
Received-SPF: none
receiver=fe.mail.megapathdsl.net; client-ipd.6.225.1;
envelope-from=secu...@onlineupdate.com
Received: (qmail 27061 invoked from network); 1 Jun 2009 02:16:08 -0400
Received: from 216-207-229-186.dia.static.qwest.net (HELO onlineupdate.com)
(216.207.229.186)
by northshoreknits.com with SMTP; 1 Jun 2009 02:16:08 -0400
From: Commonwealth Bank <secu...@onlineupdate.com>
To: xx...@megapathdsl.net
Subject: Important message from the Commonwealth Bank
Date: 01 Jun 2009 01:16:26 -0500
Message-ID: <20090601011626....@onlineupdate.com>
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
XX-Content-Transfer-Encoding: quoted-printable

<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
<FONT size=2 color=#000000 face="Arial">
<DIV>
We recorded a payment request from "HostGator -www.hostgator.com-</DIV>
<DIV>
Reseller Web Hosting" to enable the charge of $74.95 on your account.</DIV>
<DIV>
&nbsp;</DIV>
<DIV>
Because the order was made from an African internet address, we put an</DIV>
<DIV>
Exception Payment on transaction id #POS PAYM7284 motivated by our</DIV>
<DIV>
Geographical Tracking System.</DIV>
<DIV>
&nbsp;</DIV>
<DIV>
THE PAYMENT IS PENDING FOR THE MOMENT.</DIV>
<DIV>
&nbsp;</DIV>
<DIV>
If you made this transaction or if you just authorize this payment, please
ignore</DIV>
<DIV>
or remove this email message. The transaction will be shown on your
monthly</DIV>
<DIV>
statement as "HostGator - Reseller Web Hosting".</DIV>
<DIV>
&nbsp;</DIV>
<DIV>
If you didn't make this payment and would like to decline the $74.95 billing
to</DIV>
<DIV>
your card, please follow the link below to cancel the payment :</DIV>
<DIV>
&nbsp;</DIV>
<DIV>
<A href="http://pbx.intdev.co.za/webps/"><FONT color=#0000FF><U>
https://www3.netbank.commbank.com.au/netbank/bankmain</U></FONT></A></DIV>
<DIV>
&nbsp;</DIV>
<DIV>
NOTE: Because email is not a secure form of communication, please do not
reply</DIV>
<DIV>
to this email.</DIV>
<DIV>
Yours sincerely,</DIV>
<DIV>
� Commonwealth Bank of Australia 2009 ABN 48 123 123 124</DIV>
</FONT>
</BODY></HTML>


------- End of Forwarded Message


0 new messages