[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <BPOL@poste.it>
Received: from mail.jjflanagan.com (68.88.231.33) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <webmaster@studio42.com>;
Mon, 21 Jan 2008 18:11:28 -0800
Received: from User ([72.54.8.21]) by mail.jjflanagan.com with Microsoft
SMTPSVC(6.0.3790.3959); Mon, 21 Jan 2008 12:21:34 -0600
Reply-To: <BPOL@poste.it>
From: "Banco Poste Italiane"<BPOL@poste.it>
Subject: Riattiva imediatamente il tuo conto
Date: Mon, 21 Jan 2008 13:21:28 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: BPOL@poste.it
Message-ID: <JJFHOUSTON04koK5uA7000023a1@mail.jjflanagan.com>
X-OriginalArrivalTime: 21 Jan 2008 18:21:34.0709 (UTC) FILETIME=[743DFA50:01C85C5A]
Caro cliente di Poste.it,
Per i motivi di sicurezza abbiamo sospeso il vostro conto di operazioni bancarie in linea a BancoPostaOnline. Dovete confermare che non siete una vittima del furto di identità per ristabilire il vostro conto.
Dovete scattare il collegamento qui sotto e riempire la forma alla seguente pagina per realizzare il processo di verifica.
http://www.hamco.co.kr/milboard/bancopostaonline.poste.it/bancopostaonline.poste.it/bpol/CARTEPRE/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=
Li ringraziamo per la vostra attenzione rapida a questa materia. Capisca prego che questa è una misura di sicurezza progettata per contribuire a proteggere voi ed il vostro conto. Chiediamo scusa per eventuali inconvenienti.
Grazie della collaborazione,
Poste.it
[studio42@flatus studio42]$ host 68.88.231.33
33.231.88.68.in-addr.arpa domain name pointer 68-88-231-33.ded.swbell.net.
[studio42@flatus studio42]$ whois 68.88.231.33@whois.arin.net
[whois.arin.net]
AT&T Internet Services SBCIS-SBIS-6BLK (NET-68-88-0-0-1)
68.88.0.0 - 68.95.255.255
James A. Flanagan, Inc. SBC068088231032030416 (NET-68-88-231-32-1)
68.88.231.32 - 68.88.231.39
# ARIN WHOIS database, last updated 2008-01-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois NET-68-88-231-32-1@whois.arin.net
[whois.arin.net]
CustName: James A. Flanagan, Inc.
Address: 2701 W. 15th St. PMB 236
City: Plano
StateProv: TX
PostalCode: 75075
Country: US
RegDate: 2003-04-16
Updated: 2003-04-16
NetRange: 68.88.231.32 - 68.88.231.39
CIDR: 68.88.231.32/29
NetName: SBC068088231032030416
NetHandle: NET-68-88-231-32-1
Parent: NET-68-88-0-0-1
NetType: Reassigned
Comment: For Policy Abuse issues, contact: abuse@swbell.net
Comment: For Technical issues, contact: noc@swbell.net
RegDate: 2003-04-16
Updated: 2003-04-16
RTechHandle: ZS44-ARIN
RTechName: IPAdmin-ATT Internet Services
RTechPhone: 800-648-1626
RTechEmail: ipadmin@att.com
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: abuse@sbcglobal.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: 800-648-1626
OrgNOCEmail: ipadmin@txmail.sbc.com
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: 800-648-1626
OrgTechEmail: support@swbell.net
# ARIN WHOIS database, last updated 2008-01-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Idiot server operator on idiot network.
Onto scammer IF this can be trusted:
[studio42@flatus studio42]$ host 72.54.8.21
Host 21.8.54.72.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ whois 72.54.8.21@whois.arin.net
[whois.arin.net]
OrgName: CBEYOND COMMUNICATIONS, LLC
OrgID: CBEY
Address: 320 Interstate North Parkway
Address: Suite 300
City: Atlanta
StateProv: GA
PostalCode: 30339
Country: US
ReferralServer: rwhois://rwhois.cbeyond.net:4321/
NetRange: 72.54.0.0 - 72.54.255.255
CIDR: 72.54.0.0/16
NetName: CBEY
NetHandle: NET-72-54-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: INFINITY.CBEYOND.NET
NameServer: BEYOND.CBEYOND.NET
Comment: For prompt attention, please send all abuse (spam, DOS,
Comment: etc) correspondence to our Abuse handle...(abuse@cbeyond.net) -Cbeyo
nd
Comment: rwhois.cbeyond.net:4321
RegDate: 2005-08-03
Updated: 2006-07-31
OrgAbuseHandle: ABUSE294-ARIN
OrgAbuseName: Cbeyond-Abuse
OrgAbusePhone: +1-678-424-2400
OrgAbuseEmail: abuse@cbeyond.net
OrgTechHandle: AI93-ARIN
OrgTechName: Admin IP
OrgTechPhone: +1-678-424-2400
OrgTechEmail: ip-admin@cbeyond.net
# ARIN WHOIS database, last updated 2008-01-21 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Proxy?
Onto scammer site:
[studio42@flatus studio42]$ host www.hamco.co.kr
www.hamco.co.kr is an alias for hamco.co.kr.
hamco.co.kr has address 211.202.2.230
[studio42@flatus studio42]$ whois 211.202.2.230@whois.nic.or.kr
[whois.nic.or.kr]
query: 211.202.2.230
# ENGLISH
KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The following is organization information that is using the IPv4 address.
IPv4 Address : 211.202.0.0-211.202.3.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Connect Date : 20010327
Registration Date : 20041015
Publishes : Y
[ Organization Information ]
Organization ID : ORG3930
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874
[ Technical Contact Information ]
Name : IP manager
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874
Phone : +82-2-106-2
E-Mail : ip-adm@hanaro.com
--------------------------------------------------------------------------------
If the above contacts are not reachable, please contact following ISP
for further information.
[ ISP IPv4 Admin Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@hanaro.com
[ ISP IPv4 Tech Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-adm@hanaro.com
[ ISP Network Abuse Contact Information ]
Name : manager
Phone : +82-2-106-2
E-Mail : abuse@hanaro.com
