by Terminator5
Sat Oct 01, 2011 1:47 pm
Source IP Address 41.184.26.42 . Nigeria
Begin Phishing Email:
Dear Customer,
During our regular updating and verification of the InternetBanking Accounts,
wecould not verify your current information. Either your information has been
changed or incompleted,as a result your access to use our services has been
limited. Please update your online banking information
To update your online banking information and start using our services please click on the link below:
Update Your Online Banking Information
If your account information is not re-updatedthen your ability to access your account will become restricted.
Thank you,
USAA
End Phishing Email
USAA PHISHING SITE
http://www.cujab.com/themes/default/Login/Login.htm
Header Details:
Delivered-To: xxxxxx
Received: by 10.180.94.170 with SMTP id dd10cs77482wib;
Fri, 30 Sep 2011 14:49:22 -0700 (PDT)
Received: by 10.100.237.8 with SMTP id k8mr11096391anh.64.1317419361370;
Fri, 30 Sep 2011 14:49:21 -0700 (PDT)
Return-Path: <rburley9@tiburon.websitewelcome.com>
Received: from tiburon.websitewelcome.com (tiburon.websitewelcome.com. [70.84.121.130])
by mx.google.com with ESMTPS id o20si3119667anb.166.2011.09.30.14.49.20
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 30 Sep 2011 14:49:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of rburley9@tiburon.websitewelcome.com designates 70.84.121.130 as permitted sender) client-ip=70.84.121.130;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of rburley9@tiburon.websitewelcome.com designates 70.84.121.130 as permitted sender) smtp.mail=rburley9@tiburon.websitewelcome.com
Received: from rburley9 by tiburon.websitewelcome.com with local (Exim 4.69)
(envelope-from <rburley9@tiburon.websitewelcome.com>)
id 1R9kxL-0002nq-Rm
for xxxxxx; Fri, 30 Sep 2011 16:49:19 -0500
To: xxxxxx
Subject: Verify Your USAA Account To Avoid Suspended
X-PHP-Script: http://www.cujab.com/themes/default/Log ... s/corr.php for 41.184.26.42
From: USAA <USAA.Web.Services@customermail.usaa.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1R9kxL-0002nq-Rm@tiburon.websitewelcome.com>
Date: Fri, 30 Sep 2011 16:49:19 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tiburon.websitewelcome.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1462 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - tiburon.websitewelcome.com
X-BWhitelist: no
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/rburley9/public_html/themes/default/Login/Login_files/corr.php
X-Source-Dir: cujab.com:/public_html/themes/default/Login/Login_files
X-Source-Sender:
X-Source-Auth: rburley9
X-Email-Count: 67
X-Source-Cap: cmJ1cmxleTk7Z2V0d2lzZTt0aWJ1cm9uLndlYnNpdGV3ZWxjb21lLmNvbQ==
Begin Phishing Email:
Dear Customer,
During our regular updating and verification of the InternetBanking Accounts,
wecould not verify your current information. Either your information has been
changed or incompleted,as a result your access to use our services has been
limited. Please update your online banking information
To update your online banking information and start using our services please click on the link below:
Update Your Online Banking Information
If your account information is not re-updatedthen your ability to access your account will become restricted.
Thank you,
USAA
End Phishing Email
USAA PHISHING SITE
http://www.cujab.com/themes/default/Login/Login.htm
Header Details:
Delivered-To: xxxxxx
Received: by 10.180.94.170 with SMTP id dd10cs77482wib;
Fri, 30 Sep 2011 14:49:22 -0700 (PDT)
Received: by 10.100.237.8 with SMTP id k8mr11096391anh.64.1317419361370;
Fri, 30 Sep 2011 14:49:21 -0700 (PDT)
Return-Path: <rburley9@tiburon.websitewelcome.com>
Received: from tiburon.websitewelcome.com (tiburon.websitewelcome.com. [70.84.121.130])
by mx.google.com with ESMTPS id o20si3119667anb.166.2011.09.30.14.49.20
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 30 Sep 2011 14:49:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of rburley9@tiburon.websitewelcome.com designates 70.84.121.130 as permitted sender) client-ip=70.84.121.130;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of rburley9@tiburon.websitewelcome.com designates 70.84.121.130 as permitted sender) smtp.mail=rburley9@tiburon.websitewelcome.com
Received: from rburley9 by tiburon.websitewelcome.com with local (Exim 4.69)
(envelope-from <rburley9@tiburon.websitewelcome.com>)
id 1R9kxL-0002nq-Rm
for xxxxxx; Fri, 30 Sep 2011 16:49:19 -0500
To: xxxxxx
Subject: Verify Your USAA Account To Avoid Suspended
X-PHP-Script: http://www.cujab.com/themes/default/Log ... s/corr.php for 41.184.26.42
From: USAA <USAA.Web.Services@customermail.usaa.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1R9kxL-0002nq-Rm@tiburon.websitewelcome.com>
Date: Fri, 30 Sep 2011 16:49:19 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tiburon.websitewelcome.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1462 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - tiburon.websitewelcome.com
X-BWhitelist: no
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/rburley9/public_html/themes/default/Login/Login_files/corr.php
X-Source-Dir: cujab.com:/public_html/themes/default/Login/Login_files
X-Source-Sender:
X-Source-Auth: rburley9
X-Email-Count: 67
X-Source-Cap: cmJ1cmxleTk7Z2V0d2lzZTt0aWJ1cm9uLndlYnNpdGV3ZWxjb21lLmNvbQ==
Daniel 8 :25
