Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Rchivist · 28-05-2008, 21:07

Over on BT Beta forums we were assured recently by our forum moderator that webwise.bt.com was not a phishing site.

I have been trying to submit an enquiry via the webwise.bt.com/contact.php page, which appeared to be broken - but it seems although the confirmation page never showed up an email did get through. I got a reply today - the body text was the usual BT Webwise spin, and the headers are here (edited to protect the innocent)

X-Apparently-To: ******-webwise@yahoo.co.uk via 87.***.***.61; **, ** May 2008 **:30:45 +0000
X-Originating-IP: [217.32.164.151]
Authentication-Results: mta163.mail.ukl.yahoo.com from=bt.com; domainkeys=neutral (no sig)
Received: from 217.32.164.151 (EHLO smtp4.smtp.bt.com) (217.32.164.151)
by mta163.mail.ukl.yahoo.com with SMTP; **, ** May 2008 **:30:43 +0000
Received: from E03MVA2-UKBR.domain1.systemhost.net ([193.113.197.106]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830);
**, ** May 2008 **:30:43 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: FW: BT.webwise.com Contact Request
Date: **, ** May 2008 15:30:43 +0100
Message-ID: <***********@**********2-UKBR.domain1.systemhost.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: BT.webwise.com Contact Request
Thread-Index: ********3L4La2sQ69Q0WaQ3lWM+7bAgAia1zL
References: <********.************@ww3.phorm.com>
From: <bt.webwise.help.desk@bt.com>
To: <******@*******>
X-OriginalArrivalTime: ******** (UTC) FILETIME=[*************]

I'm a bit puzzled by the References: line

References: <*********.*******@ww3.phorm.com>

and wondering what that was doing in a reply to a contact form email made via what we were assured by an official BT forum moderator, was a genuine non-phishing site. In fact we were roundly told off for reporting the site as a phishing site and told to stop it.

I did a lookup on www3.phorm.com and got this:
Registrant:

Phorm, Inc.

264 W. 40th St., 16th Floor

New York, New York 10018

United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)

Domain Name: PHORM.COM

Created on: 29-Apr-00

Expires on: 29-Apr-09

Last Updated on:

Administrative Contact:

Cote, Chris chris.cote@phorm.com

Phorm, Inc.

264 W. 40th St., 16th Floor

New York, New York 10018

United States

2123592030 Fax --

Technical Contact:

Clark, Allan allan.clark@phorm.com

Phorm, Inc

264 W40 Street

16th Floor

New York, New York 10018

United States

2123592030 Fax --

Domain servers in listed order:

NS1.PHORM.COM

NS2.PHORM.COM

I'm not up on the technicalities of headers so I would appreciate some advice before I take this further.

28-05-2008, 21:07	#7402
Rchivist Inactive Join Date: Apr 2008 Posts: 831	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] Over on BT Beta forums we were assured recently by our forum moderator that webwise.bt.com was not a phishing site. I have been trying to submit an enquiry via the webwise.bt.com/contact.php page, which appeared to be broken - but it seems although the confirmation page never showed up an email did get through. I got a reply today - the body text was the usual BT Webwise spin, and the headers are here (edited to protect the innocent) X-Apparently-To: ****-webwise@yahoo.co.uk via 87...61; , May 2008 :30:45 +0000 X-Originating-IP: [217.32.164.151] Authentication-Results: mta163.mail.ukl.yahoo.com from=bt.com; domainkeys=neutral (no sig) Received: from 217.32.164.151 (EHLO smtp4.smtp.bt.com) (217.32.164.151) by mta163.mail.ukl.yahoo.com with SMTP; , May 2008 :30:43 +0000 Received: from E03MVA2-UKBR.domain1.systemhost.net ([193.113.197.106]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830); , May 2008 :30:43 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: FW: BT.webwise.com Contact Request Date: , May 2008 15:30:43 +0100 Message-ID: <*********@******2-UKBR.domain1.systemhost.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: BT.webwise.com Contact Request Thread-Index: ****3L4La2sQ69Q0WaQ3lWM+7bAgAia1zL References: <*****.********@ww3.phorm.com>* From: <bt.webwise.help.desk@bt.com> To: <****@***> X-OriginalArrivalTime: **** (UTC) FILETIME=[*********] I'm a bit puzzled by the References: line References: <******.***@ww3.phorm.com>* and wondering what that was doing in a reply to a contact form email made via what we were assured by an official BT forum moderator, was a genuine non-phishing site. In fact we were roundly told off for reporting the site as a phishing site and told to stop it. I did a lookup on www3.phorm.com and got this: Registrant: Phorm, Inc. 264 W. 40th St., 16th Floor New York, New York 10018 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: PHORM.COM Created on: 29-Apr-00 Expires on: 29-Apr-09 Last Updated on: Administrative Contact: Cote, Chris chris.cote@phorm.com Phorm, Inc. 264 W. 40th St., 16th Floor New York, New York 10018 United States 2123592030 Fax -- Technical Contact: Clark, Allan allan.clark@phorm.com Phorm, Inc 264 W40 Street 16th Floor New York, New York 10018 United States 2123592030 Fax -- Domain servers in listed order: NS1.PHORM.COM NS2.PHORM.COM I'm not up on the technicalities of headers so I would appreciate some advice before I take this further.