[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY115-F1445950D27D49C91C2F875C03A0@phx.gbl>
Date: Fri Dec 16 14:08:19 2005
From: dan_20407 at msn.com (DAN MORRILL)
Subject: Amazon Phishing Scam - Tech Details
Ran across a very nice phishing scam from amazon this morning. Technical
details follow as suggested black list for this domain. It was really nice,
very authentic looking, and would suck in a lot of folks because it really
looked very good. It has been reported to Amazon, but thought I would
include the technical details to this group.
Cheers/r/Dan
This is a header from an authentic e-mail from Amazon.
Received: from mail-store-1001.amazon.com ([207.171.164.43]) by
bay0-mc8-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 15
Dec 2005 21:03:11 -0800
Received: from ae-app-2102.iad2.amazon.com by mail-store-1001.amazon.com
with ESMTP (peer crosscheck: ae-app-2102.iad2.amazon.com)
Received: by ae-app-2102.iad2.amazon.comid AAA06388,375; 15 Dec 2005
21:03:08 -0800
X-Message-Info: JGTYoYF78jEEhmTX9UX+3w4ZLRY9TlPY7fSuoOPz5zo=
X-Amazon-Corporate-Relay: mail-store-1001.vdc.amazon.com
X-AMAZON-TRACK: default
Bounce-to: VarzeaEmailSender+4-61129391@...nces.amazon.com
Return-Path: VarzeaEmailSender+4-61129391@...nces.amazon.com
X-OriginalArrivalTime: 16 Dec 2005 05:03:11.0815 (UTC)
FILETIME=[0377ED70:01C601FE]
This is the email header from the suspected phishing e-mail
Received: from thebe.jtan.com ([207.106.84.138]) by
bay0-mc7-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 15
Dec 2005 12:34:48 -0800
Received: from thebe.jtan.com (localhost [127.0.0.1])by thebe.jtan.com
(8.13.3/8.12.9) with ESMTP id jBFKYki2014108for <dan_XXXX7@....com>; Thu, 15
Dec 2005 15:34:46 -0500
Received: (from apache@...alhost)by thebe.jtan.com (8.13.3/8.13.3/Submit) id
jBFKYkhi014107;Thu, 15 Dec 2005 15:34:46 -0500
X-Message-Info: JGTYoYF78jE8tZXo0G/OwVSmdTTPCilDDfKPKME8AI4=
Return-Path: apache@...be.jtan.com
X-OriginalArrivalTime: 15 Dec 2005 20:34:48.0333 (UTC)
FILETIME=[FDF9F3D0:01C601B6]
So the phishing e-mail came from here: http://www.uslec.com/
OrgName: USLEC Corp.
OrgID: USLC
Address: 6801 Morrison Blvd
City: Charlotte
StateProv: NC
PostalCode: 28211
Country: US
With an eventual owner here (Suspected hacked site http://thebe.jtan.com/)
with the owner http://www.jtan.com which is a service provider under uslec.
J. Thomas Associates
1302 Diamond St
Sellersville, PA 18960
US
Domain Name: JTAN.COM
Administrative Contact, Technical Contact:
Nadovich, Chris T chris@...N.COM
1302 DIAMOND ST
SELLERSVILLE, PA 18960-2906
US 215-257-8708 fax: 123 123 1234
Sometimes MSN E-mail will indicate that the mesasge failed to be delivered.
Please resend when you get those, it does not mean that the mail box is bad,
merely that MSN mail is over worked at the time.
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Powered by blists - more mailing lists