Jump to content
Eternal Lands Official Forums
Sign in to follow this  
SolarStar

A word of warning

Recommended Posts

I found this message today in my inbox. What makes it so special ? It seems to have come from Microsoft when you look at the sender.

But really, it is very sophisticated scam. In case you also receive a similar mail. Never open the link inside it.

 

I'm still figuring out a way to report this mail to microsoft. Maybe you can help me ?

 

2i73dzb.png

Share this post


Link to post
Share on other sites

Even if you report it to Microsoft, they won't do anything. What you can do is check the email headers and tell the originating IP address. Then do a whois check on that IP address and report it to it's ISP for abuse/spam.

Edited by hussam

Share this post


Link to post
Share on other sites

Even if you report it to Microsoft, they won't do anything. What you can do is check the email headers and tell the originating IP address. Then do a whois check on that IP address and report it to it's ISP for abuse/spam.

 

yep, hussam is right ! Do that Solar.

Share this post


Link to post
Share on other sites

This is the information I found in the Quellcode:

 

Authentication-Results: hotmail.com; spf=none (sender IP is 198.57.188.175) smtp.mailfrom=data@microsoft.de; dkim=none header.d=microsoft.de; x-hmca=none header.id=data@microsoft.de

 

I tried to get a result with this tool here but no origin was found: http://www.heise.de/netze/tools/whois/

Share this post


Link to post
Share on other sites

whois 198.57.188.175
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=198.57.188.175?showDetails=true&showARIN=false&ext=netref2
#
NetRange:	   198.57.128.0 - 198.57.255.255
CIDR:		   198.57.128.0/17
OriginAS:	   AS46606
NetName:		UNIFIEDLAYER-NETWORK-12
NetHandle:	  NET-198-57-128-0-1
Parent:		 NET-198-0-0-0-0
NetType:		Direct Allocation
RegDate:		2012-07-27
Updated:		2012-11-14
Ref:			http://whois.arin.net/rest/net/NET-198-57-128-0-1
OrgName:		Unified Layer
OrgId:		  BLUEH-2
Address:		1958 South 950 East
City:		   Provo
StateProv:	  UT
PostalCode:	 84606
Country:		US
RegDate:		2006-08-08
Updated:		2012-11-26
Ref:			http://whois.arin.net/rest/org/BLUEH-2
ReferralServer: rwhois://rwhois.unifiedlayer.com:4321
OrgTechHandle: NETWO5508-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-888-401-4678
OrgTechEmail:  netops@unifiedlayer.com
OrgTechRef:	http://whois.arin.net/rest/poc/NETWO5508-ARIN
OrgNOCHandle: NETWO5508-ARIN
OrgNOCName:   Network Operations
OrgNOCPhone:  +1-888-401-4678
OrgNOCEmail:  netops@unifiedlayer.com
OrgNOCRef:	http://whois.arin.net/rest/poc/NETWO5508-ARIN
OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-888-401-4678
OrgAbuseEmail:  abuse@unifiedlayer.com
OrgAbuseRef:	http://whois.arin.net/rest/poc/ABUSE3581-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
Found a referral to rwhois.unifiedlayer.com:4321.
%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.0.0)
network:Class-Name:network
network:ID: NETBLK-UL.198.57.128.0/17
network:Auth-Area: 198.57.128.0/17
network:Network-Name: UL-198.57.128.0/17
network:IP-Network: 198.57.128.0/17
network:Organization: Unified Layer
network:Tech-Contact: netops@unifiedlayer.com
network:Admin-Contact: netops@unifiedlayer.com
network:Abuse-Contact: abuse@unifiedlayer.com
network:Created: 20121119
network:Updated: 20121119
network:Updated-By: netops@unifiedlayer.com
%ok

 

So email abuse@unifiedlayer.com with contents of the emails and the email headers.

Except since the email is in german, it is very likely that the origin IP address is a compromised personal computer used to send email spam without the owner's knowledge.

Edited by hussam

Share this post


Link to post
Share on other sites

Solar, don't bother with the IP address, of course those phishers and scammers hide behind proxies or operate from virus-infected normal home users' PCs. I get heaps of such mails, trying get get my banking pins, paypal password, ebay login, you name it they want it.

Share this post


Link to post
Share on other sites

Solar, don't bother with the IP address, of course those phishers and scammers hide behind proxies or operate from virus-infected normal home users' PCs. I get heaps of such mails, trying get get my banking pins, paypal password, ebay login, you name it they want it.

 

Solar is from the past, this is new to him.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×