Full Disclosure mailing list archives
Re: Amazon Phishing Scam - Tech Details
From: S G Masood <sgmasood () yahoo com>
Date: Fri, 16 Dec 2005 06:29:59 -0800 (PST)
--- DAN MORRILL <dan_20407 () msn com> wrote:
Ran across a very nice phishing scam from amazon this morning. Technical details follow as suggested black list for this domain. It was really nice, very authentic looking, and would suck in a lot of folks because it really looked very good. It has been reported to Amazon, but thought I would include the technical details to this group.
Hi Dan, What's the point in posting this to the list? How is it different from the zillion other phishing emails? It doesn't seem to use any new techniques from what I could gather from your post. If it does, you haven't mentioned it. -- SG Masood
Cheers/r/Dan This is a header from an authentic e-mail from Amazon. Received: from mail-store-1001.amazon.com ([207.171.164.43]) by bay0-mc8-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 15 Dec 2005 21:03:11 -0800 Received: from ae-app-2102.iad2.amazon.com by mail-store-1001.amazon.com with ESMTP (peer crosscheck: ae-app-2102.iad2.amazon.com) Received: by ae-app-2102.iad2.amazon.comid AAA06388,375; 15 Dec 2005 21:03:08 -0800 X-Message-Info: JGTYoYF78jEEhmTX9UX+3w4ZLRY9TlPY7fSuoOPz5zo= X-Amazon-Corporate-Relay: mail-store-1001.vdc.amazon.com X-AMAZON-TRACK: default Bounce-to: VarzeaEmailSender+4-61129391 () bounces amazon com Return-Path: VarzeaEmailSender+4-61129391 () bounces amazon com X-OriginalArrivalTime: 16 Dec 2005 05:03:11.0815 (UTC) FILETIME=[0377ED70:01C601FE] This is the email header from the suspected phishing e-mail Received: from thebe.jtan.com ([207.106.84.138]) by bay0-mc7-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 15 Dec 2005 12:34:48 -0800 Received: from thebe.jtan.com (localhost [127.0.0.1])by thebe.jtan.com (8.13.3/8.12.9) with ESMTP id jBFKYki2014108for <dan_XXXX7 () msn com>; Thu, 15 Dec 2005 15:34:46 -0500 Received: (from apache@localhost)by thebe.jtan.com (8.13.3/8.13.3/Submit) id jBFKYkhi014107;Thu, 15 Dec 2005 15:34:46 -0500 X-Message-Info: JGTYoYF78jE8tZXo0G/OwVSmdTTPCilDDfKPKME8AI4= Return-Path: apache () thebe jtan com X-OriginalArrivalTime: 15 Dec 2005 20:34:48.0333 (UTC) FILETIME=[FDF9F3D0:01C601B6] So the phishing e-mail came from here: http://www.uslec.com/ OrgName: USLEC Corp. OrgID: USLC Address: 6801 Morrison Blvd City: Charlotte StateProv: NC PostalCode: 28211 Country: US With an eventual owner here (Suspected hacked site http://thebe.jtan.com/) with the owner http://www.jtan.com which is a service provider under uslec. J. Thomas Associates 1302 Diamond St Sellersville, PA 18960 US Domain Name: JTAN.COM Administrative Contact, Technical Contact: Nadovich, Chris T chris () JTAN COM 1302 DIAMOND ST SELLERSVILLE, PA 18960-2906 US 215-257-8708 fax: 123 123 1234 Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time.
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amazon Phishing Scam - Tech Details DAN MORRILL (Dec 16)
- Re: Amazon Phishing Scam - Tech Details S G Masood (Dec 16)
- Re: Amazon Phishing Scam - Tech Details DAN MORRILL (Dec 16)
- Re: Amazon Phishing Scam - Tech Details Dave Korn (Dec 16)
- <Possible follow-ups>
- RE: Amazon Phishing Scam - Tech Details Todd Towles (Dec 16)
- RE: Amazon Phishing Scam - Tech Details S G Masood (Dec 16)
- RE: Amazon Phishing Scam - Tech Details DAN MORRILL (Dec 16)
- Re: Amazon Phishing Scam - Tech Details S G Masood (Dec 16)