Search found 17 matches

by westwind
Fri Nov 18, 2011 8:27 pm
Forum: Reputation discussions
Topic: Malware phish - "ACH transfer was hold by our bank"
Replies: 8
Views: 307

RE: Malware phish - "ACH transfer was hold by our bank"

I got a similar fake "money transfer was held" message with <red>an attached file named "report.zip"</red>. [Report from SpamCop] http://www.spamcop.net/sc?id=z5176161350zbe68c545b61d969937fc78939f5ba45az (plane text + head part of the attached file base64 encoded) [Info. about an attached file: "re...
by westwind
Wed Nov 16, 2011 4:23 pm
Forum: Reputation discussions
Topic: Malware phish - "ACH transfer was hold by our bank"
Replies: 8
Views: 307

RE: Malware phish - "ACH transfer was hold by our bank"


Similar fake "money transfer was held" messages included the php location name: "zfin.php".

I caught 1 more massage.
whitehorsemedia.de
message text: http://www.spamcop.net/sc?id=z5174532105ze504ad60283833a85416d40ed77d46b4z
by westwind
Wed Nov 16, 2011 1:48 pm
Forum: Reputation discussions
Topic: Malware phish - "ACH transfer was hold by our bank"
Replies: 8
Views: 307

RE: Malware phish - "ACH transfer was hold by our bank"

Similar fake "money transfer was held" messages included the php location name: "zfin.php". <red>horuz.com.ar</red> message text: http://www.spamcop.net/sc?id=z5174376787zaddd0ac350db888f7bbe46fc84fd17dcz <red>iguazuwonderful.com</red> message text: http://www.spamcop.net/sc?id=z5174362698z7fab35f25...
by westwind
Mon Oct 24, 2011 2:14 am
Forum: General discussion
Topic: [ALERT] Somebody might be HIGHJACKING WOT ACCOUNTS!
Replies: 3
Views: 133

RE: [ALERT] Somebody might be HIGHJACKING WOT ACCOUNTS!

Ok, I'll RE-UPLOAD these HTML codes on MY BOARD with pubric mode. Wait a minute.
by westwind
Mon Oct 24, 2011 1:44 am
Forum: General discussion
Topic: [ALERT] Somebody might be HIGHJACKING WOT ACCOUNTS!
Replies: 3
Views: 133

RE: [ALERT] Somebody might be HIGHJACKING WOT ACCOUNTS!

Might be CAREFULLY on OTHER NET SERVICES.

( I tweeted on Twitter with this topic URL)
by westwind
Sun Oct 23, 2011 10:23 pm
Forum: General discussion
Topic: PhishTank false positive: re-tweet.net
Replies: 8
Views: 169

RE^2: PhishTank false positive: re-tweet.net

@ NotBuyingIt <quote user="NotBuyingIt"> I suspect that the sites and/or their hosting web server(s) were hacked and scam web pages were planted on them. The scam was detected and has been removed. Are the sites secure and free of scams now? I cannot say. </quote> My rating is changed to "poor" on "...
by westwind
Sun Oct 23, 2011 9:40 pm
Forum: General discussion
Topic: PhishTank false positive: re-tweet.net
Replies: 8
Views: 169

RE^3: PhishTank false positive: re-tweet.net (#4 of 4)

Additional reply (continued): (V) Domain info. (for ref.) Each domains: "re-tweet.net" and "*.xfader.jp" is held by different name, but <red><strong>actual holder may be same</strong></red>. "re-tweet.net" -> a private person. "mtsv11.xfader.jp" -> The Japanese ASP: "Crossfader Inc." ( http://www.cr...
by westwind
Sun Oct 23, 2011 9:13 pm
Forum: General discussion
Topic: PhishTank false positive: re-tweet.net
Replies: 8
Views: 169

RE^3: PhishTank false positive: re-tweet.net (#3 of 4)

Additional reply (continued): (U) Location of servers on IP network. The web servers: "re-tweet.net" and "mtsv11.xfader.jp" are located on same network range and registered same private name server set. It seems <strong>some common security holes produce same phish</strong> on both web servers, does...
by westwind
Sun Oct 23, 2011 8:22 pm
Forum: General discussion
Topic: PhishTank false positive: re-tweet.net
Replies: 8
Views: 169

RE^3: PhishTank false positive: re-tweet.net (#2 of 4)

Additional reply (continued): (T) Verify test about related URL: "hXXp://mtsv11.xfader.jp/.site/bbva.es/0/portal/validacion/formulario_alta_migrado_CAS/" : ( http://www.phishtank.com/phish_detail.php?phish_id=1268396 ) The web server: re-tweet.net is not work now (domain is still alive on DNS.) this...
by westwind
Sun Oct 23, 2011 8:09 pm
Forum: General discussion
Topic: PhishTank false positive: re-tweet.net
Replies: 8
Views: 169

RE^3: PhishTank false positive: re-tweet.net (#1 of 4)

Additional reply about below: <quote user="westwind"> I'm wondering whether or not to remove bad links history from reputation. However, if any bad links are resumed or created on "re-tweet.net", I will change the assessment back to "very poor". </quote> (S) Verify test about "hXXp://re-tweet.net/.w...