|
ataranlen (OP)
|
 |
January 13, 2012, 09:30:02 PM |
|
I just got this email about 30 minutes ago, just wanted to make people aware that this is infact NOT from MtGox, but from some russian phishing site. Do NOT click any links from this emailDelivered-To: ataranlen@gmail.com
Received: by 10.42.167.130 with SMTP id s2cs62934icy;
Fri, 13 Jan 2012 12:55:42 -0800 (PST)
Received: by 10.213.29.13 with SMTP id o13mr673749ebc.58.1326488140056;
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Return-Path: <host6059@de1.imhoster.net>
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id a9si6728572eec.214.2012.01.13.12.55.39
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 12:55:40 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of host6059@de1.imhoster.net designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of host6059@de1.imhoster.net designates 178.162.236.74 as permitted sender) smtp.mail=host6059@de1.imhoster.net
Received: from host6059 by de1.imhoster.net with local (Exim 4.69)
(envelope-from <host6059@de1.imhoster.net>)
id 1Rlo9z-003joZ-2F
for ataranlen@gmail.com; Fri, 13 Jan 2012 22:55:39 +0200
To: ataranlen@gmail.com
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6059.de1.dp10.ru/mail.php for 67.221.255.12
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1Rlo9z-003joZ-2F@de1.imhoster.net>
Date: Fri, 13 Jan 2012 22:55:39 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1240 1236] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
<HTML>Dear Mt.Gox user,<br>
<br>
Your account is currently pending review, please visit <a href='http://fugbt5.tmweb.ru/'>https://mtgox.com/forms/verification</a><br>
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br>
<br>
<a href='http://fugbt5.tmweb.ru/'>Security Measures Explained</a><br>
<br>
“Verified” Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br>
<br>
In order to apply for the “Verified” account status please attach a copy of the following documents:<br>
- Your government issued photo ID (passport, permanent residence card or driver’s license) and<br>
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br>
<br>
Thanks, <br>
The Mt.Gox team
</HTML>
|
|
|
|
|
freespirit
|
|
January 14, 2012, 09:36:35 AM |
|
Got a couple of these too.
Delivered-To: [email removed]
Received: by 10.42.140.4 with SMTP id i4cs47403icu;
Fri, 13 Jan 2012 05:57:38 -0800 (PST)
Received: by 10.180.20.69 with SMTP id l5mr9044325wie.19.1326463055717;
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Return-Path: <host6057@de1.imhoster.net>
Received: from de1.imhoster.net (de1.imhoster.net. [178.162.236.74])
by mx.google.com with ESMTPS id 41si1302813eeu.193.2012.01.13.05.57.35
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 13 Jan 2012 05:57:35 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of host6057@de1.imhoster.net designates 178.162.236.74 as permitted sender) client-ip=178.162.236.74;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of host6057@de1.imhoster.net designates 178.162.236.74 as permitted sender) smtp.mail=host6057@de1.imhoster.net
Received: from host6057 by de1.imhoster.net with local (Exim 4.69)
(envelope-from <host6057@de1.imhoster.net>)
id 1RlhdO-001KkF-BR
for [email removed]; Fri, 13 Jan 2012 15:57:34 +0200
To: [email removed]
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: host6057.de1.dp10.ru/mail/mail.php for 84.19.165.214
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1RlhdO-001KkF-BR@de1.imhoster.net>
Date: Fri, 13 Jan 2012 15:57:34 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - de1.imhoster.net
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1238 1234] / [47 12]
X-AntiAbuse: Sender Address Domain - de1.imhoster.net
<HTML>Dear Mt.Gox user,<br>
<br>
Your account is currently pending review, please visit <a href='http://host6057.de1.dp10.ru/'>https://mtgox.com/forms/verification</a><br>
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br>
<br>
<a href='http://host6057.de1.dp10.ru/'>Security Measures Explained</a><br>
<br>
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br>
<br>
In order to apply for the �Verified� account status please attach a copy of the following documents:<br>
- Your government issued photo ID (passport, permanent residence card or driver�s license) and<br>
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br>
<br>
Thanks, <br>
The Mt.Gox team
</HTML>
|
|
|
|
|
cbeast
Donator
Legendary
 Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
February 01, 2012, 06:36:07 AM |
|
Who here on the forums has access to email addresses?
Delivered-To: XXXXXXXXXXXXXXX
Received: by 10.112.40.68 with SMTP id v4cs77491lbk;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received: by 10.14.132.74 with SMTP id n50mr1007560eei.47.1327991019323;
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Return-Path: <brasting@xm63.hostsila.org>
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
by mx.google.com with ESMTPS id n42si11987546eef.200.2012.01.30.22.23.39
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 30 Jan 2012 22:23:39 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of brasting@xm63.hostsila.org designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of brasting@xm63.hostsila.org designates 194.28.85.190 as permitted sender) smtp.mail=brasting@xm63.hostsila.org
Received: from brasting by xm63.hostsila.org with local (Exim 4.69)
(envelope-from <brasting@xm63.hostsila.org>)
id 1Rs7Ar-00023G-8i
for XXXXXXXXXXXXXXXXXXXXXX; Tue, 31 Jan 2012 08:26:37 +0200
To: XXXXXXXXXXXXXXXXXXXXXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~brasting/mail/mail2.php for 84.19.169.235
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1Rs7Ar-00023G-8i@xm63.hostsila.org>
Sender: <brasting@xm63.hostsila.org>
Date: Tue, 31 Jan 2012 08:26:37 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1002 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/brasting/public_html/mail/mail2.php
X-Source-Dir: brasting33.org:/public_html/mail
<HTML>Dear Mt.Gox user,<br>
<br>
Your account is currently pending review, please visit <a href='http://194.28.85.190/~brasting/'>https://mtgox.com/forms/verification</a><br>
For those users who have had their accounts marked for review, an explanation of why were are implementing these security measures can be found here:<br>
<br>
<a href='http://194.28.85.190/~brasting/'>Security Measures Explained</a><br>
<br>
�Verified� Accounts are eligible for monthly/daily transaction limits of up to 5 times the monthly limit and 10 times the daily limit.<br>
<br>
In order to apply for the �Verified� account status please attach a copy of the following documents:<br>
- Your government issued photo ID (passport, permanent residence card or driver�s license) and<br>
- A scan of either your monthly utility bill (power, phone, TV, gas, water, etc.) or a certificate of residency issued by your local government.<br>
<br>
Thanks, <br>
The Mt.Gox team
</HTML>
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
alex0
Newbie
Offline
Activity: 31
Merit: 0
|
|
February 01, 2012, 11:32:43 AM |
|
Also got one. Very clever phishing email. Looks very natural. I was confused by strange domain tmweb.ruWho here on the forums has access to email addresses?
I think spammers use stolen MtGox DB |
|
|
|
|
zvs
Legendary
Offline
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
|
|
April 21, 2012, 07:42:52 PM |
|
Also got one. Very clever phishing email. Looks very natural. I was confused by strange domain tmweb.ruWho here on the forums has access to email addresses?
I think spammers use stolen MtGox DB yeah, using the DB that got passed out june '11, i'm sure. i have the same list anyway, i just got this. points to rgy###.tmweb.ru i didn't think it was very clever though, i mean, all you have to do is see that the link is to some site in russia? |
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
April 21, 2012, 07:48:55 PM |
|
I had my email on the mtgox db that leaked and never got any of those emails. Strange. Not that I used gox anyway, so I wouldn't get fooled.
|
|
|
|
|
|
MPOE-PR
|
|
April 22, 2012, 12:33:56 PM |
|
It's a wonder there's not a lot more of this going on, really.
|
|
|
|
|
