Randall,
Can you try to submit the source of the email instead of the raw html
message contents. Just to protect against some scripted/rendered exploit.
Otherwise, have other people noticed the increase in phishing emails to use
hex values or other obfuscation methods to try and hide the source of the
phish?
As for the phish:
The source 216.138.92.146 in your email seems to be a mail server...also
running someone's web server "
Halsa Pharmaceuticals default page
is on the main page.
IP Information 216.138.92.146 Record Type: IP Address IP Location: [image:
United States] United States - Texas - Houston - Data Star Reverse DNS:
mail.dsassign.com Blacklist Status: Clear Whois RecordOrgName:
Airband Communications, Inc
OrgID: AIRB
Address: 14800 Landmark Blvd
Address: Suite 500
City: Dallas
StateProv: TX
PostalCode: 75254
Country: US
OrgAbuseHandle: ATE4-ARIN
OrgAbuseName: Team, Abuse
OrgAbusePhone: +1-469-791-0136
OrgAbuseEmail: [image: Whois Privacy and Spam Prevention by
DomainTools.com]<http://whois.domaintools.com/domain-privacy/>
Also the phish will submit your information to another server that doesn't
seem to be up.
------ SECOND IP (submit of phish)
IP Information 216.200.64.13 Record Type: IP Address IP Location: [image:
United States] United States - New Jersey - Edison - Abovenet Communications
Inc Reverse DNS: 216.200.64.13.available.above.net Blacklist Status: Clear
On 2/21/07, Randall M <[EMAIL PROTECTED]> wrote:
Can someone PLEASE answer this guy for me. I'm tired.
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 12772 invoked from network); 21 Feb 2007 19:19:52 -0000
Received: from exprod6mx132.postini.com (HELO psmtp.com) (64.18.1.39)
by smtp.fidmail.com with SMTP; 21 Feb 2007 19:19:52 -0000
Received: from source ([210.181.2.214]) by exprod6mx132.postini.com ([
64.18.5.10]) with SMTP;
Wed, 21 Feb 2007 14:19:48 EST
Received: from 232.64.64.116 by ; Wed, 21 Feb 2007 13:57:52 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "eBay Member kevinmcn" <[EMAIL PROTECTED]>
Reply-To: "eBay Member kevinmcn" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Question from eBay Member regarding Item #99054574368
Date: Wed, 21 Feb 2007 20:56:52 +0200
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--8562385580788478"
X-Priority: 3
X-MSMail-Priority: Normal
X-pstn-levels: (S: 0.00000/56.52172 R:95.9108 M:97.0282 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r m
X-pstn-addresses: from <[EMAIL PROTECTED]> forward (org good) [562/19]
____________
*From:* eBay Member kevinmcn [mailto:[EMAIL PROTECTED]
*Sent:* Wednesday, February 21, 2007 12:57 PM
*To:* [EMAIL PROTECTED]
*Subject:* Question from eBay Member regarding Item #99054574368
[image:
eBay]<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
Question from eBay Member -- Respond Now
eBay sent this message on behalf of an eBay member via My Messages.
Responses sent using email will not reach the eBay member. Use the *Respond
Now* button below to respond to this message
Question from kevinmcn
**kevinmcn<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>(
10[image: Feedback score is 10 to
49]<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
)
Positive feedback:
*100%*
Member since:
Member since: Nov-10-99
Location:
United States
Registered on:
www.ebay.com<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
Item:99054574368<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
This message was sent while the listing was *ended*.
kevinmcn is a *potential buyer*.
Hello,
Do you accept paypal as a payment method? If you do, please let me know
and we have a deal.
Regards, I look forward to hearing from you. Roy
*Respond to this question*
<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
*Responses in My Messages will not include your email address.*
Thank you,
eBay
*Marketplace Safety Tip <http://pages.ebay.com/securitycenter>*
Always remember to complete your transaction on eBay - it's the safer
way to buy.
Please do not offer to buy or sell this item through this form without
completing the transaction on eBay. If you receive a response inviting you
to transact outside of eBay, you should decline -- such transactions may be
unsafe and are against eBay policy.
Is this email inappropriate? Does it violate eBay
policy<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
? Help protect the Community by reporting
it<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
.
Learn how you can protect yourself from spoof (fake) emails at:
http://pages.ebay.com/education/spooftutorial<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
This eBay notice was sent through the eBay platform and in accordance with
our Privacy Policy. If you would like to receive this email in text format,
change your notification
preferences<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
.
See our Privacy Policy and User Agreement if you have questions about
eBay's communication policies.
Privacy Policy:
http://pages.ebay.com/help/policies/privacy-policy.html<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
User Agreement: ht!
tp://pages.ebay.com/help/policies/user-agreement.html<http://0xd8.0x8a.0x5c.0x92/ws/eBayISAPISignInco_partnerId=2pUserId=siteid=0pageType=pa1=i1=bshowgif=UsingSSL=isCheckout=migrateVisitor=.dll>
Copyright (c) 2007 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective
owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay,
Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
_______________________________________________
phishing mailing list
[email protected]
http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
_______________________________________________
phishing mailing list
[email protected]
http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
