«

I've just been spammed by a not very convincing e-mail that appears to
come from "support_ref_ [daft number here] at anz.com".

The attached gif image tries to send you to:

http _www.anz.com.inetbankmain.isapdl.com_a_.htm

but shows in the gif as:

https://wwwDOTanzDOTcom/inetbank/ban...rmation/do.asp

(DOTS replaced in case someone clicks the link here).

The usual "software upgrade" - we wish you to confirm your bank
details!

Grrrrrrrrrrrrrrrrrrrrrrrr ...

Adam.

Adam wrote:
> I've just been spammed by a not very convincing e-mail that appears to
> come from "support_ref_ [daft number here] at anz.com".
>
> The attached gif image tries to send you to:
>
> http _www.anz.com.inetbankmain.isapdl.com_a_.htm
>
> but shows in the gif as:
>
> https://wwwDOTanzDOTcom/inetbank/ban...rmation/do.asp
>
> (DOTS replaced in case someone clicks the link here).
>
> The usual "software upgrade" - we wish you to confirm your bank
> details!
>
> Grrrrrrrrrrrrrrrrrrrrrrrr ...

Yes I just got five of them. The last 3 were labelled by xtra as
[SPAM]. Why doesn't a Whois work on that URL?

Yeh, got mine this morning - great - nearly clicked on it....considering I
am not a member of ANZ bank....I don't think so!


twats!!

"Matty F" <> wrote in message
news:U3DUf.8192$...
> Adam wrote:
>> I've just been spammed by a not very convincing e-mail that appears to
>> come from "support_ref_ [daft number here] at anz.com".
>>
>> The attached gif image tries to send you to:
>>
>> http _www.anz.com.inetbankmain.isapdl.com_a_.htm
>>
>> but shows in the gif as:
>>
>> https://wwwDOTanzDOTcom/inetbank/ban...rmation/do.asp
>>
>> (DOTS replaced in case someone clicks the link here).
>>
>> The usual "software upgrade" - we wish you to confirm your bank
>> details!
>>
>> Grrrrrrrrrrrrrrrrrrrrrrrr ...
>
> Yes I just got five of them. The last 3 were labelled by xtra as [SPAM].
> Why doesn't a Whois work on that URL?
>

Received and spamcopped

Matty F wrote:
> Adam wrote:
>> I've just been spammed by a not very convincing e-mail that appears to
>> come from "support_ref_ [daft number here] at anz.com".
>>
>> The attached gif image tries to send you to:
>>
>> http _www.anz.com.inetbankmain.isapdl.com_a_.htm
>>
>> but shows in the gif as:
>>
>> https://wwwDOTanzDOTcom/inetbank/ban...rmation/do.asp
>>
>> (DOTS replaced in case someone clicks the link here).
>>
>> The usual "software upgrade" - we wish you to confirm your bank
>> details!
>>
>> Grrrrrrrrrrrrrrrrrrrrrrrr ...
>
> Yes I just got five of them. The last 3 were labelled by xtra as [SPAM].
> Why doesn't a Whois work on that URL?
>

Interesting question.

ANZ are reported on Radio NZ news as having "shut down the illegal website" so
perhaps they've had it clobbered at the whois level.

However it's still in the DNS via paradise (whois results follow in order) :

> www.anz.com.inetbankmain.isapdlls.net has address 24.11.143.205
> www.anz.com.inetbankmain.isapdlls.net has address 66.65.19.24
> www.anz.com.inetbankmain.isapdlls.net has address 67.189.241.161
> www.anz.com.inetbankmain.isapdlls.net has address 69.76.88.225
> www.anz.com.inetbankmain.isapdlls.net has address 69.245.111.39
> ================================================== ============================
>
> OrgName: Road Runner
> OrgID: RRNY
> Address: 13241 Woodland Park Road
> City: Herndon
> StateProv: VA
> PostalCode: 20171
> Country: US
>
> ReferralServer: rwhois://ipmt.rr.com:4321
>
> NetRange: 66.65.0.0 - 66.65.255.255
> CIDR: 66.65.0.0/16
> NetName: RR-NYC-1BLK
> NetHandle: NET-66-65-0-0-1
> Parent: NET-66-0-0-0-0
> NetType: Direct Allocation
> NameServer: DNS1.RR.COM
> NameServer: DNS2.RR.COM
> NameServer: DNS3.RR.COM
> NameServer: DNS4.RR.COM
> Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
> RegDate: 2001-01-19
> Updated: 2002-11-25
>
> RTechHandle: ZS30-ARIN
> RTechName: ServiceCo LLC
> RTechPhone: +1-703-345-3416
> RTechEmail:
>
> OrgAbuseHandle: ABUSE10-ARIN
> OrgAbuseName: Abuse
> OrgAbusePhone: +1-703-345-3416
> OrgAbuseEmail:
>
> OrgTechHandle: IPTEC-ARIN
> OrgTechName: IP Tech
> OrgTechPhone: +1-703-345-3416
> OrgTechEmail:
>
> # ARIN WHOIS database, last updated 2006-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
> Found a referral to ipmt.rr.com:4321.
>
> %rwhois V-1.5:003fff:00 ipmt-01.rr.com (by Network Solutions, Inc. V-1.5.7.3)
> network:Class-Name:network
> network:ID:NETBLK-isrr-66.65.16.0-21
> network:Auth-Area:66.65.16.0/21
> network:Network-Name:isrr-66.65.16.0
> network:IP-Network:66.65.16.0/21
> network:IP-Network-Block:66.65.16.0 - 66.65.23.255
> network:Organization;I:Road Runner
> network:Tech-Contact;I:
> network:Admin-Contact;I:IPADD-ARIN
> network:Created:20060323
> network:Updated:20060323
> network:Updated-By:
>
> network:Class-Name:network
> network:ID:NETBLK-ISRR-66.65.0.0/17
> network:Auth-Area:66.65.0.0/17
> network:Network-Name:ISRR-66.65.0.0
> network:IP-Network:66.65.0.0/17
> network:IP-Network-Block:66.65.0.0 - 66.65.127.255
> network:Organization;I:Road Runner
> network:Tech-Contact;I:
> network:Admin-Contact;I:IPADD-ARIN
> network:Created:20060323
> network:Updated:20060323
> network:Updated-By:
>
> %ok
> ================================================== ============================
> Comcast Cable Communications, IP Services ATT-COMCAST (NET-67-160-0-0-1)
> 67.160.0.0 - 67.191.255.255
> Comcast Cable Communications, Inc. BOSTON-9 (NET-67-189-128-0-1)
> 67.189.128.0 - 67.189.255.255
>
> # ARIN WHOIS database, last updated 2006-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> ================================================== ============================
>
> OrgName: Road Runner
> OrgID: RRWE
> Address: 13241 Woodland Park Road
> City: Herndon
> StateProv: VA
> PostalCode: 20171
> Country: US
>
> ReferralServer: rwhois://ipmt.rr.com:4321
>
> NetRange: 69.75.0.0 - 69.76.255.255
> CIDR: 69.75.0.0/16, 69.76.0.0/16
> NetName: RRWE
> NetHandle: NET-69-75-0-0-1
> Parent: NET-69-0-0-0-0
> NetType: Direct Allocation
> NameServer: DNS1.RR.COM
> NameServer: DNS2.RR.COM
> NameServer: DNS3.RR.COM
> NameServer: DNS4.RR.COM
> Comment:
> RegDate: 2003-09-08
> Updated: 2004-05-03
>
> OrgAbuseHandle: ABUSE10-ARIN
> OrgAbuseName: Abuse
> OrgAbusePhone: +1-703-345-3416
> OrgAbuseEmail:
>
> OrgTechHandle: IPTEC-ARIN
> OrgTechName: IP Tech
> OrgTechPhone: +1-703-345-3416
> OrgTechEmail:
>
> # ARIN WHOIS database, last updated 2006-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
> Found a referral to ipmt.rr.com:4321.
>
> %rwhois V-1.5:003fff:00 ipmt-01.rr.com (by Network Solutions, Inc. V-1.5.7.3)
> network:Class-Name:network
> network:ID:NETBLK-isrr-69.76.88.0-21
> network:Auth-Area:69.76.88.0/21
> network:Network-Name:isrr-69.76.88.0
> network:IP-Network:69.76.88.0/21
> network:IP-Network-Block:69.76.88.0 - 69.76.95.255
> network:Organization;I:Road Runner
> network:Tech-Contact;I:
> network:Admin-Contact;I:IPADD-ARIN
> network:Created:20060323
> network:Updated:20060323
> network:Updated-By:
>
> network:Class-Name:network
> network:ID:NETBLK-ISRR-69.76.0.0/16
> network:Auth-Area:69.76.0.0/16
> network:Network-Name:ISRR-69.76.0.0
> network:IP-Network:69.76.0.0/16
> network:IP-Network-Block:69.76.0.0 - 69.76.255.255
> network:Organization;I:Road Runner
> network:Tech-Contact;I:
> network:Admin-Contact;I:IPADD-ARIN
> network:Created:20060323
> network:Updated:20060323
> network:Updated-By:
>
> %ok
> ================================================== ============================
> Comcast Cable Communications, Inc. JUMPSTART-4 (NET-69-240-0-0-1)
> 69.240.0.0 - 69.255.255.255
> Comcast Cable Communications, Inc MICHIGAN-17 (NET-69-245-64-0-1)
> 69.245.64.0 - 69.245.127.255
>
> # ARIN WHOIS database, last updated 2006-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> ================================================== ============================
> Comcast Cable Communications, IP Services EASTERNSHORE-1 (NET-24-0-0-0-1)
> 24.0.0.0 - 24.15.255.255
> Comcast Cable Communications MICHIGAN-G-5 (NET-24-11-128-0-1)
> 24.11.128.0 - 24.11.143.255
>
> # ARIN WHOIS database, last updated 2006-03-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
> ================================================== ============================

wrote:
> Received and spamcopped
>

Thunderbird's built in spam detection managed to catch this one pretty
well for me

k <> wrote:

> wrote:
>> Received and spamcopped
>>
>
>Thunderbird's built in spam detection managed to catch this one pretty
>well for me

Been getting these things all day. Don't even have an ANZ account.
Fortunately our exchange server puts them in the spam folder.

On Fri, 24 Mar 2006 14:48:12 +1200, k wrote:

> wrote:
>> Received and spamcopped
>>
>
>Thunderbird's built in spam detection managed to catch this one pretty
>well for me

Hmmm - my TB seems to let them in ( - I've received them from about
5 different "pseudo" addresses now.

Any general hints as to where/how my spam filter is (mis)configured)?

Adam.

On Fri, 24 Mar 2006 01:16:42 +1200, Adam wrote:

>I've just been spammed by a not very convincing e-mail that appears to
>come from "support_ref_ [daft number here] at anz.com".
>
>The attached gif image tries to send you to:
>
>http _www.anz.com.inetbankmain.isapdl.com_a_.htm
>
>but shows in the gif as:
>
>https://wwwDOTanzDOTcom/inetbank/ban...rmation/do.asp
>
>(DOTS replaced in case someone clicks the link here).
>
>The usual "software upgrade" - we wish you to confirm your bank
>details!
>
>Grrrrrrrrrrrrrrrrrrrrrrrr ...
>
>Adam.

Followed the link and put in details for them.
Unfortunately, if they try them they aren't going to get into my
account