| Author |
Message |
Leka
Elite Baiter
Joined: 10 Mar 2013
Posts: 1482
|
 Posted:
Tue Nov 19, 2013 5:02 am |
  |
WARNING: When i clicked that link FPROT immediately warns me not to go to the site.
http://sk8kingsphp.com/adm/style/wire/transfer/weblogin.html
Not exactly sure what this is but lad sent me the following message:
| Quote: |
Delivered-To: @gmail.com
Received: by 10.140.102.34 with SMTP id v31csp118135qge;
Mon, 18 Nov 2013 18:39:18 -0800 (PST)
X-Received: by 10.14.5.133 with SMTP id 5mr427588eel.84.1384828758106;
Mon, 18 Nov 2013 18:39:18 -0800 (PST)
Return-Path: <[email protected]>
Received: from smtp301.alice.it (smtp301.alice.it. [82.57.200.117])
by mx.google.com with ESMTP id o46si14142912eef.302.2013.11.18.18.39.17
for <multiple recipients>;
Mon, 18 Nov 2013 18:39:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 82.57.200.117 as permitted sender) client-ip=82.57.200.117;
Authentication-Results: mx.google.com;
spf=pass (google.com: best guess record for domain of [email protected] designates 82.57.200.117 as permitted sender) [email protected]
Received: from feu10-alice (82.57.204.65) by smtp301.alice.it (8.6.060.2
id 52622C0F022E167F; Tue, 19 Nov 2013 03:39:15 +0100
Received: from (151.54.105.233) by alicemail.rossoalice.alice.it; Tue, 19 Nov 2013 03:39:15 +0100
Message-ID: <[email protected]>
Date: Tue, 19 Nov 2013 03:39:15 +0100 (CET)
From: AMBASSADOR JAMES KNIGHT <[email protected]>
Reply-To: [email protected]
Subject: GREETING FROM US EMBASSY
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_213120_6278442.1384828755657"
X-Originating-IP: 151.54.105.233
------=_Part_213120_6278442.1384828755657
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
kindly click on this link and log in with your email and password to view the status of your fund online.. CLICK HERE AND LOG IN.. Regard Ambassador Knight.
------=_Part_213120_6278442.1384828755657
Content-Type: text/html;charset="UTF-8"
Content-Transfer-Encoding: 7bit
kindly click on this link and log in with your email and password to view the status of your fund online.. <a href="http://sk8kingsphp.com/adm/style/wire/transfer/weblogin.html">CLICK HERE AND LOG IN</a>.. Regard Ambassador Knight.
------=_Part_213120_6278442.1384828755657--
|
WARNING: When i clicked that link FPROT immediately warns me not to go to the site.
But i was thinking that the content of the email is proof enough that the site belongs here?
Feel free to do whatever you like to that site. I'm goint to sleep but after that i might do more if needs to. But consider this free game to everyone.
BTW. I checked the IP: Messina, Italy! That is in Sicily and the place where the Mafia comes from! So consider it possible that these guys are bit more sophisticated than usual lads. |
_________________
 x350 Assorted baits.
 x6  x3   x5, India 2x  1x unkown
4x (These are the hitpiggies they were given by a hitlad called "Jack")
(Romo -bait)
(This is Abdul he is a hitpiggy(the other one is Abdul's brother i call it "Stupid")(3rd. is a "Moron"))
 This is the start of my multiethnic pigsty.
 Subject "AM".
"Note that I will not stand to be accepting embarrassment words from you"
"PLEASE YOU HAVE TO GO FOR CHECK UP WITH YOUR DOCTOR OKAY.
HOLY JESUS
DR KENITH L00KMAN"
"Please do not email me again, you are a good layer" |
|
|
|
|
Leka
Elite Baiter
Joined: 10 Mar 2013
Posts: 1482
|
| Posted:
Tue Nov 19, 2013 4:46 pm |
|
I found something that might be interesting to someone who knows about web pages: http://sk8kingsphp.com/adm/style/
Edit: In a moment of reclessness i went and tried that site few times. No warnings this time. I found a login screen asking for a email and a password. I fed them a fake email and was told to go back and fill it again. I'm guessing this is to confirm the previous?
Or so i interpret this: http://sk8kingsphp.com/adm/style/wire/transfer/ |
_________________
x350 Assorted baits.
x6 x3 x5, India 2x 1x unkown
4x (These are the hitpiggies they were given by a hitlad called "Jack")
(Romo -bait)
(This is Abdul he is a hitpiggy(the other one is Abdul's brother i call it "Stupid")(3rd. is a "Moron"))
This is the start of my multiethnic pigsty.
Subject "AM".
"Note that I will not stand to be accepting embarrassment words from you"
"PLEASE YOU HAVE TO GO FOR CHECK UP WITH YOUR DOCTOR OKAY.
HOLY JESUS
DR KENITH L00KMAN"
"Please do not email me again, you are a good layer" |
|
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13579
Location: In self-isolation practicing social distancing
|
| Posted:
Tue Nov 19, 2013 5:00 pm |
|
The style directory appears to contain all the layout files for the site (possibly PHPBB) and is part of a legitimate site and the scammers have just added the files in the wire directory.
It appears to be a phishing page - the weblogin.html file passes the email address and password to a PHP file, which emails them to the email address [email protected], along with the IP address used. |
_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
 x 5     
                              x 335   🚽
 x 4 x 1746 x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
|
Leka
Elite Baiter
Joined: 10 Mar 2013
Posts: 1482
|
| Posted:
Tue Nov 19, 2013 5:28 pm |
|
I tried to find if there is something underneath this site but for example http://sk8kingsphp.com doesn't seem to have anythin in it.
Anyway: Does it make difference if there is a legimate site on the side if they have allowed someone to use the site for phishing? |
_________________
x350 Assorted baits.
x6 x3 x5, India 2x 1x unkown
4x (These are the hitpiggies they were given by a hitlad called "Jack")
(Romo -bait)
(This is Abdul he is a hitpiggy(the other one is Abdul's brother i call it "Stupid")(3rd. is a "Moron"))
This is the start of my multiethnic pigsty.
Subject "AM".
"Note that I will not stand to be accepting embarrassment words from you"
"PLEASE YOU HAVE TO GO FOR CHECK UP WITH YOUR DOCTOR OKAY.
HOLY JESUS
DR KENITH L00KMAN"
"Please do not email me again, you are a good layer" |
|
|
|
|
justjay
Baiting Guru
Joined: 22 Mar 2007
Posts: 2412
Location: ~Data Miner & Esoteric Trivia Collecter~
|
| Posted:
Tue Nov 19, 2013 6:04 pm |
|
|
|
|
|
Leka
Elite Baiter
Joined: 10 Mar 2013
Posts: 1482
|
| Posted:
Tue Nov 19, 2013 7:55 pm |
|
Reported to [email protected] and phishtank.
do these go to DB? |
_________________
x350 Assorted baits.
x6 x3 x5, India 2x 1x unkown
4x (These are the hitpiggies they were given by a hitlad called "Jack")
(Romo -bait)
(This is Abdul he is a hitpiggy(the other one is Abdul's brother i call it "Stupid")(3rd. is a "Moron"))
This is the start of my multiethnic pigsty.
Subject "AM".
"Note that I will not stand to be accepting embarrassment words from you"
"PLEASE YOU HAVE TO GO FOR CHECK UP WITH YOUR DOCTOR OKAY.
HOLY JESUS
DR KENITH L00KMAN"
"Please do not email me again, you are a good layer" |
|
|
|
|
justjay
Baiting Guru
Joined: 22 Mar 2007
Posts: 2412
Location: ~Data Miner & Esoteric Trivia Collecter~
|
| Posted:
Tue Nov 19, 2013 8:03 pm |
|
| Leka wrote: |
..
do these go to DB? |
Not sure what current status is regarding them and DB, but (imo) phishing sites in general - not unless tied to AFF sites.
If artemis &/or El Capitan Borracho agree, then this can be set to whatever they think is best |
_________________
Dubitando ad veritatem pervenimus
aa419.org member
Site Killing  x uncounted numbers
   
    |¿?|
Over 1000 - no longer counting since sometime in 2008 + #unknown# assists
WDPRs >150 Netcraft>115
----
 - just because... |
|
|
|
|
Artemis
Baiting Guru
Joined: 19 Feb 2006
Posts: 31267
Location: Lower Elements
|
| Posted:
Tue Nov 19, 2013 8:17 pm |
|
We don't DB phishing sites
Are we sure that the domain has not been hacked to host the phish? |
_________________
Total kills 21667 + x 5 x10
    |
|
|
|
|
B8er
Associate Boomdazzler
Joined: 16 Feb 2009
Posts: 13579
Location: In self-isolation practicing social distancing
|
| Posted:
Tue Nov 19, 2013 8:27 pm |
|
There doesn't appear to be any legitimate content on the site now, but there was in the past.
Wayback Machine shows that back in early 2011, the site was a forum for skateboarding, but the entry for earlier this year shows the main page looking like a phishing page. |
_________________
"I DENOUNCE THE MUFFIN MEN" - Ma Kim
"YOU ARE WALKING DEAD MAN. YOUR WOODEN COFFIN IS READY TO SWALLOW YOU AND YOUR DIRTY GENERATION"
"all chaps are ass-less by design otherwise they just be leather pants" - jose_cuervo
x 5
x 335 🚽
x 4 x 1746 x 1904 - Fake cheques: $4,392,620.83
Team Woody - Ghana to Singapore - 11535km |
|
|
|
|
El Capitan Borracho
Baiting Guru
Joined: 17 Jun 2012
Posts: 18365
Location: Back until the artwork begins again
|
| Posted:
Sat Nov 30, 2013 4:18 am |
|
Can be moved to misc forum |
|
|
|
|
|
|
|
SmartFeed
