WIW - View topic - Liberty Reserve

It is currently Thu Sep 09, 2010 5:12 pm

Liberty Reserve

Page 1 of 1

[ 4 posts ]

Print view

Previous topic | Next topic

Liberty Reserve

Author

Message

rl7979

Advanced Member

Joined: Thu Sep 21, 2006 1:56 am
Posts: 285

Today got a phishing email saying my Liberty reserve was blocked :angry:

fake site is at hxxp://zq.is2u.de/

headers


	Quote: Flag this message Account Block Notice Saturday, January 24, 2009 11:41 AM From LibertyReserve.com Sat Jan 24 08:41:41 2009 Return-Path: <nobody@ls1132.lucidityhosting.net> Authentication-Results: mta156.mail.re3.yahoo.com from=libertyreserve.com; domainkeys=neutral (no sig); from=libertyreserve.com; dkim=neutral (no sig) Received: from 72.9.241.42 (EHLO ls1132.lucidityhosting.net) (72.9.241.42) by mta156.mail.re3.yahoo.com with SMTP; Sat, 24 Jan 2009 08:42:27 -0800 Received: from nobody by ls1132.lucidityhosting.net with local (Exim 4.69) (envelope-from <nobody@ls1132.lucidityhosting.net>) id 1LQlZl-0005BQ-B4; Sat, 24 Jan 2009 11:41:41 -0500 To: "blocked@libertyreserve.com" <blocked@libertyreserve.com> Subject: Account Block Notice From: "LibertyReserve.com" <block-notice@libertyreserve.com> Add sender to Contacts MIME-Version: 1.0 Content-Type: text/html; Message-Id: <N380HG90483H02U@libertyreserve.com> Date: Sat, 24 Jan 2009 11:41:41 -0500 Content-Length: 1714

Sun Jan 25, 2009 2:33 am

idaho

Elite Member

Joined: Mon Jul 17, 2006 7:49 pm
Posts: 2899
Location: USA

Good catch, rl7979 -- thank you!

Sun Jan 25, 2009 7:51 am

rl7979

Advanced Member

Joined: Thu Sep 21, 2006 1:56 am
Posts: 285

Re: Liberty Reserve

Got another.I wonder what the connection is to Cat-cash?


	Quote: Account Block Notification Saturday, February 20, 2010 2:43 AM From LibertyReserve.com Sat Feb 20 07:43:53 2010 X-Apparently-To: *@yahoo.com via 209.191.91.168; Fri, 19 Feb 2010 23:45:27 -0800 Return-Path: <nobody@nd10209.lucidityhosting.com> X-YahooFilteredBulk: 64.22.106.18 X-YMailISG: ETIvAnwWLDsDGn_ydeXjcRAmjFsK0AOvl1WERYhbJHT1_keXseR4Z5ZmVXx4qsQDvJdpDcObbqb97nbtbvhGtfOPAZD5P1gx_4M05C_ZtYEE60jfETAk3OjdKOYgVUbMjyqStohQxDS0irR1bBHAKtx_BAD695lxXWLOWL5icmnSTKB1yY5ObzdDmulpGcOshr2LwiQvkLnoU08Q8.FRvSV6FIwPH334r9p6V3TYUYh8oARARYeI2itrOTmJdzq3rhWVQyEqqMoUGMFyP7SjsPi1UUQl3WBC9qlPYMzGqrEneIloumhwPVK4JO4ykDJzB_ps X-Originating-IP: [64.22.106.18] Authentication-Results: mta1069.mail.sp2.yahoo.com from=; domainkeys=neutral (no sig); from=libertyreserve.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO nd10209.lucidityhosting.com) (64.22.106.18) by mta1069.mail.sp2.yahoo.com with SMTP; Fri, 19 Feb 2010 23:45:23 -0800 Received: from nobody by nd10209.lucidityhosting.com with local (Exim 4.69) (envelope-from <nobody@nd10209.lucidityhosting.com>) id 1Nik0H-0006wo-VQ; Sat, 20 Feb 2010 02:43:54 -0500 To: "account@libertyreserve.com" <account@libertyreserve.com> Subject: Account Block Notification X-PHP-Script: http://www.cat-cash.com/1/agl539.php for 67.159.44.139 From: "LibertyReserve.com" <no-reply@libertyreserve.com> Add sender to Contacts MIME-Version: 1.0 Content-Type: text/html; X-Priority: 1 X-MSMail-Priority: High Message-Id: <B892UJ3R2RJ2@libertyreserve.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Sender: http://www.libertyreserve.com/ X-Originating-Email: no-reply@libertyreserve.com X-Originating-IP: [102.58.136.82] Date: Sat, 20 Feb 2010 02:43:53 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - nd10209.lucidityhosting.com X-AntiAbuse: Original Domain - yahoo.com X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain - nd10209.lucidityhosting.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: cat-cash.com:/public_html/1 Content-Length: 1724 Compact Headers Liberty Reserve Account Block Notification ** Your account has been blocked due to numerous invalid login attempts. You will be unable to send and receive funds until your account has been activated. Click here to remove block from your account: http://www.libertyreserve.com/en/custom ... on=unblock Failing to unblock your account will result temporary account suspension. Sincerely, Liberty Reserve Customer Service

Page going to is
hxxp://pqv.tzz.de/

Mon Feb 22, 2010 3:19 am

wagdoll2

Newbie

Joined: Sat Mar 06, 2010 11:54 pm
Posts: 3

Re: Liberty Reserve

The phisher behind this is the same one who sends emails that are faked to appear as if they were
from sites like Donkey and No-minimum.

The same phisher has also sent phishing mails that appeared as if they were from
numerous other programs. There is no evidence of any connection to most of those
programs that the fake mails were set up to appear as if they were from them.
That makes it hard to determine if there is a real connection between the phisher
and this domain.

You also need to consider where the phisher has got your email address from
if you were never a member of cat-cash ...

eta, sorry I didn't mean to post with this username, but I forgot myself :oops:

Sun Mar 07, 2010 9:56 am

Page 1 of 1

[ 4 posts ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Installed by Installatron.
Forum theme by Vjacheslav Trushkin for Free Forum/DivisionCore.