We have been down for nearly a week as a result of a DDoS. We needed to switch providers. We apologize for any inconvenience this may have caused.

There may be some bugs which occur as a result of the move. Please let us know if you find any.

Thank you --Robin 21:14, 15 July 2008 (UTC)

From CastleCopsWiki

I'm not sure how you want to go about this, so I'll start with the basics and leave it for you to work on.

This has been been reported and accepted by NetCraft, although it is very similar to two previous submissions which were rejected.

[edit] Headers

X-Apparently-To: seafsee@yahoo.com via 68.142.200.137; Tue, 22 Mar 2005 12:07:41 -0800 X-YahooFilteredBulk: 217.232.133.206 Authentication-Results: mta164.mail.mud.yahoo.com from=consultant.com; domainkeys=neutral (no sig) X-Originating-IP: [217.232.133.206] Return-Path: <qpodgquwjdr@consultant.com> Received: from 217.232.133.206 (HELO pD9E885CE.dip0.t-ipconnect.de) (217.232.133.206) by mta164.mail.mud.yahoo.com with SMTP; Tue, 22 Mar 2005 12:07:41 -0800 Received: from 9 by pD9E885CE.dip0.t-ipconnect.de; Tue, 22 Mar 2005 15:07:50 -0500 Subject: Charles Calvo Account Summary Content-Transfer-Encoding: 7bit Mime-Version: 1.0 Date: Tue, 22 Mar 2005 15:07:06 -0500 Content-Type: text/plain; From: "Scot Banks" <qpodgquwjdr@consultant.com> Add to Address Book Message-ID: <77699320006788707-fft4uNe@HWFMTOKOS> To: <XXXXXXX@yahoo.com> Content-Length: 278

[edit] Main Body

Charles Calvo,

We have had trouble getting a hold of you by phone. As we promised, your refiynance may be aprrovned with 3,2

Please correct your phone here, so we can start (http://www.rehazs.com/yq.asp?bny=218310413) [Link deadened]

Thank you Scot BanksBody

Bank Accounting Staten island, NY

[edit] Time Stamps

Date: Wed, 23 Mar 2005 23:00:41 UT From: toolbar-announce@netcraft.com Add to Address Book To: XXXXXXX@yahoo.com Subject: Thank you for reporting (http://www.rehazs.com/yq.asp)

Netcraft would like to thank you for reporting the URL 'http://www.rehazs.com/yq.asp'.

The URL will be reviewed as soon as possible and it will be blocked if our staff confirm it to be a phishing site.

If you are the first to report a site which is subsequently blocked then you will be eligible for a prize and we will be contacting you again in the near future.

Regards,

The Netcraft Anti-Phishing Team

{Confirmation} Date: Thu, 24 Mar 2005 04:26:53 UT From: toolbar@netcraft.com Add to Address Book To: "Charles F. Calvo" <XXXXXXX@yahoo.com> Subject: Congratulations from Netcraft

The URL you recently submitted has been accepted as a phishing site by the Netcraft Anti-Phishing Team. Thanks for reporting your 3rd phish. Keep up the good work!

URL: (http://www.rehazs.com/yq.asp)

Thanks and congratulations,

The Netcraft Anti-Phishing Team

[edit] Flags

Mention of an account I know does not exist. Indeed, I do no online banking at all!

No mention of a specific account.

Use of a former address and former town.

Poor grammar and spelling.

"Security at Login Your login is secured using Secure Sockets Layer (SSL) technology." Yet there is no "https" in the address bar and the lock in my browsers status bar shows open.

[edit] Conclusions

Although this is similar to the other two sites I attempted to report and were rejected, Netcraft now recognizes this for what it is.

Several other things I noticed. In the header, there appears to a German domain; the email purports to come from my hometown bank, yet the site is in China; Fraud Eliminator Toolbar had no reaction what-so-ever, although it sent up a warning on the first two previous sites that Netcraft rejected! --Seafsee 05:42, 24 Mar 2005 (EST)