Phish: Hacker IP's

Here’s the e-Mail:

Return-Path: thibaultcapde@hotmail.fr
Received: from wylf ([222.69.180.93]) by BLU0-SMTP81.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 24 May 2010 05:26:25 -0700
From: “BLIZZARD ENTERTAINMENT” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: Blizzard Identification

Dear customer, ttyktoblhtkjqhwi5164fi9pvveib5mju

This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on April 26th form the 125.75.182.* range, but our system shows the 125.88.189.* IP range exists a large number of hackers. As too many customer complaints, the 125.94.109.* IP range has been blacklisted. We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, we need you check your account status here as soon as possible. If you have any questions, please visit http://us.battle.net/login.html?ref=https%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
frfviijvmn1cadps6rladxh6tdmejnrwn
Regards,

Blizzard account system
Blizzard Entertainment

OK, let’s see…

  • Header says it’s from Hotmail (In France this time!)
  • Personalized Greeting is no name in this planet (and most definitely not my name.)
  • English and Spelling issues.
  • E-mail is just plain stupid.

OK, so let me summarize this e-mail:

  1. We saw you logged into IP Range [a]
  2. We know that Hackers often use IP Range [b]
  3. Because of 1 and 2, we are blocking IP Range [c]

But, because we saw you on this IP Range we are concerned that your account may be stolen.

So we want you to verify who you are (Because we all know stolen accounts can easily be fixed by verifying yourself…)

WOW…so, we’re just stupid then?  I mean I’m getting a headache just trying to find logic to follow in this e-mail.

Everything in this e-mail screams “WHAT PSYCHOTROPIC DRUGS ARE YOU TAKING??!!??”

I mean beyond not being able to follow the chain of logic for what IP Range they are talking about, if they did blacklist my IP range how am I going to get to any page to verify my account?

Did they just blacklist me from the login servers and not the more precious account system?  That would be Stupid…oh wait….They didn’t blacklist me, they blacklisted a completely different range.  They didn’t even blacklist the range of IP’s they “know” to be from hackers.

My head…it hurts.

Even the phrasing is really bad…

You logined your account successfully

but our system shows the 125.88.189.* IP range exists a large number of hackers

To quote a great actor…”English motherfucker! Do you SPEAK it?”

Update:

  • Received Again

Return-Path: thomasbm86@hotmail.com
Received: from pyjb ([222.69.163.1]) by BLU0-SMTP19.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Wed, 26 May 2010 11:52:17 -0700
From: “BLIZZARD” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: Blizzard Account Identification

Links to: blizzard.game-id-admin.com

  • Received Again

Return-Path: simonkorbeld@hotmail.com
Received: from cfzhvjfa ([118.114.84.88]) by BLU0-SMTP71.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Sat, 29 May 2010 19:03:31 -0700
Reply-To: <noreply@blizzard.com>
From: “noreply” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: World Of Warcraft Account Security Risks Notice

  • Received Again

Return-Path: a_la_pelota@hotmail.com
Received: from qoq ([222.69.185.91]) by BLU0-SMTP74.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Sun, 30 May 2010 10:55:55 -0700
From: “BLIZZARD” <noreply@blizzard.com>
To: <jayras@gmail.com>
Subject: Account Identification

Links to: www.id-admin-service.com

  • Received Again:

Return-Path: frans_maroki@hotmail.com

Received: from ayy ([58.22.172.34]) by BLU0-SMTP64.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);

Sat, 5 Jun 2010 17:05:26 -0700

Sender: frans_maroki@hotmail.com

From: “noreply@blizzard.com” <noreply@blizzard.com>

To: <jayras@gmail.com>

Subject: World Of Warcraft Account Security Risks Notice

Links to: www.wovrlofwarcraft.com

  • Received Again:

Return-Path: bloodi_1@hotmail.com

Received: from rycovci ([113.244.144.171]) by BLU0-SMTP19.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);

Mon, 7 Jun 2010 19:47:36 -0700

Reply-To: <noreply@blizzard.com>

From: “billing@blizzard.com” <noreply@blizzard.com>

Links to: www.blizzard-account-information.com

  • Received again:

Return-Path: natashadarling@hotmail.com
Received: from fznurvg ([117.66.223.122]) by BLU0-SMTP88.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 2 Aug 2010 09:00:35 -0700
Reply-To: <WoWAccountAdmin@blizzard.com>
From: “Blizzard Entertainment” <WoWAccountAdmin@blizzard.com>
To: <jayras@gmail.com>
Subject: Battle.net Account Management

Links to: www.worldoftwarcarft.com

  • Received again:

Return-Path: nickyjmilburn@hotmail.com
Received: from momog ([114.99.254.128]) by BLU0-SMTP36.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 3 Aug 2010 10:21:40 -0700
Reply-To: <WoWAccountAdmin@blizzard.com>
From: “Blizzard Entertainment” <WoWAccountAdmin@blizzard.com>
To: <jayras@gmail.com>
Subject: Battle.net Account Management

Links to: www.worldofwaracarft.com

One response so far

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/