Posted on 09/16/2013 12:19:09 PM PDT by Bob
I received an unusual email from FR today:
On Mon Sep 16 12:23:52 2013 somebody at the Internet address 138.162.0.42 requested this information to be sent to you.Your screen name is: Bob
Your password is: ----------- (removed)
To log into your account, please visit: http://www.freerepublic.com/perl/login
When I looked up the requesting IP address, this is what was returned:
Overview for 138.162.0.42
Updated 0 seconds ago
NetRange: 138.162.0.0 - 138.162.255.255
CIDR: 138.162.0.0/16
OriginAS:
NetName: NMCI-NET-ORF
NetHandle: NET-138-162-0-0-1
Parent: NET-138-0-0-0-0
NetType: Direct Assignment
RegDate: 1990-05-07
Updated: 2011-02-23
Ref: http://whois.arin.net/rest/net/NET-138-162-0-0-1
OrgName: Navy Network Information Center (NNIC)
OrgId: NNICN-1
Address: 2465 GUADALCANAL ROAD
Address: BLDG 1265
City: VIRGINIA BEACH
StateProv: VA
PostalCode: 23459
Country: US
RegDate: 2006-09-21
Updated: 2011-08-17
Ref: http://whois.arin.net/rest/org/NNICN-1
OrgAbuseHandle: REGIS10-ARIN
OrgAbuseName: Registration
OrgAbusePhone: +1-800-365-3642
OrgAbuseEmail: registra@nic.mil
OrgAbuseRef: http://whois.arin.net/rest/poc/REGIS10-ARIN
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: registra@nic.mil
OrgTechRef: http://whois.arin.net/rest/poc/REGIS10-ARIN
Weird. Did you ask Jim about it?
Weird. Did you ask Jim about it?
I forgot to mention — the sending address for the email was “webmaster@freerepublic.com” and the link in the email does point to FR.
Ignore it, do not respond
Was the password correct?
ID scam, gleaned from your cookie cache.
Strange....
When you hover over freerepublic.com’s URL in the email does the destination URL match the URL displayed?
Agreed.
Most likely someone with a handle like Bob_G or the like requested the password to be sent, and it pulled up your account instead. It does not offer a verification (Do you mean Bob?) for example before sending. If it finds a match, it mails.
Doubt there’s anything to worry about.
If gleaned password is correct, beware you have a keystroke logger attached to your computer and need to clean your computer and reset all your passwords.
Navy Network Information Center (NNIC)....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Perhaps some low-level goon at the NSA just having a boring day, so he decides you should be pwned.
I goggled the address: navy cyber forces
Good point, I should have thought of that myself. This is the first email that I've ever gotten from FR but I'd have to presume that it's just an automated response for a password confirmation. (I do wonder, though, what the Navy Network Information Center is doing by sending a password request to FR for my screen name.)
Yes, it was. Since it came from FR, that didn't surprise me.
You should know how to look at the source text of an email. Anyone can type in (a href=”www.evilsite.com”)http://www.freerepublic.com (/a) in an email.
(Mine is defanged for display purposes).
Yes, the URL in the email was a legitimate link back to FR.
Someone entered your screen name into our lost password feature. It sends the password for the account to the registered email address, so no harm done. My guess is the someone involved uses “Bob” as a handle on other sites and he was looking to see if he’s already registered here with that name.
Go to whatismyip.com and check what your IP address is.
If it is 138.162.0.42 then you most likely accidently sent yourself a password hint/reminder (clicked forgot my password link.)
Because your username is bob it’s more likely that it was some robot (or human) trying to access your account.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.