[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <BPOL@poste.it>
Received: from ricochetpartners.com (66.206.80.1) by studio42.com with
SMTP (Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Sat, 15 Mar 2008 19:22:27 -0800
Received: from User ([72.54.8.21]) by ricochetpartners.com with
Microsoft SMTPSVC(6.0.3790.1830); Sat, 15 Mar 2008 11:26:03 -0700
Reply-To: <BPOL@poste.it>
From: "Banco Poste Italiane"<BPOL@poste.it>
Subject: Confirmare i dati del Suo conto Online Banking
Date: Sat, 15 Mar 2008 14:25:55 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: BPOL@poste.it
Message-ID:
X-OriginalArrivalTime: 15 Mar 2008 18:26:03.0484 (UTC) FILETIME=[06C049C0:01C886CA]
Abbiamo identificato da poco tempo che diversi computer si sono stati collegati al Suo conto Online Banking e sono stati presenti molteplici errori di parola prima del collegamento. Adesso e’ necessario che Lei ci riconfermi le informazioni del Suo presente conto.
Se non riceviamo le informazioni entro il 15/03/2008, saremo costretti a sospendere il Suo conto per un periodo indefinito, come se fosse stato usato in scopi fraudolenti. La ringraziamo per la Sua cooperazione in questo problema.
Per confirmare i dati del Suo conto Online Banking cliccare sul seguente link:
http://PosteItaliane.toxicteam.net/bancopostaonline.poste.it/bancopostaonline.poste.it/bpol/CARTEPRE/index.php
La ringraziamo per la Sua pazienza riguardando questo inconveniente.
© Poste italiane 2007 Partita Iva 01114601006
Per assistenza tecnica: numero verde 803.160 (segui le istruzioni della guida vocale e scegli l'opzione Servizi Internet) .
© Poste italiane 2007 Partita Iva 01114601006.
[studio42@flatus studio42]$ host 66.206.80.1
1.80.206.66.in-addr.arpa domain name pointer mail.ricochetpartners.com.
[studio42@flatus studio42]$ whois 66.206.80.1@whois.arin.net
[whois.arin.net]
Silver Star Telecom, LLC SST-NET-20-1 (NET-66-206-80-0-1)
66.206.80.0 - 66.206.95.255
Silver Star Telecom SSTP2P-NET-66-206-80-0-1 (NET-66-206-80-0-2)
66.206.80.0 - 66.206.80.63
# ARIN WHOIS database, last updated 2008-03-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois NET-66-206-80-0-1@whois.arin.net
[whois.arin.net]
OrgName: Silver Star Telecom, LLC
OrgID: SST-43
Address: 16420 SE McGillivray
Address: Suite 103-233
City: Vancouver
StateProv: WA
PostalCode: 98683
Country: US
NetRange: 66.206.80.0 - 66.206.95.255
CIDR: 66.206.80.0/20
NetName: SST-NET-20-1
NetHandle: NET-66-206-80-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: QICLAB.SCN.RAIN.COM
NameServer: SILVER1.SILVERSTARTELECOM.COM
Comment:
RegDate: 2006-01-24
Updated: 2006-01-24
RAbuseHandle: SN66-ARIN
RAbuseName: Neighorn, Steven Clark
RAbusePhone: +1-503-297-3039
RAbuseEmail: neighorn@scnresearch.com
RNOCHandle: SN66-ARIN
RNOCName: Neighorn, Steven Clark
RNOCPhone: +1-503-297-3039
RNOCEmail: neighorn@scnresearch.com
RTechHandle: SN66-ARIN
RTechName: Neighorn, Steven Clark
RTechPhone: +1-503-297-3039
RTechEmail: neighorn@scnresearch.com
OrgAbuseHandle: ABUSE1662-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-360-859-4450
OrgAbuseEmail: abuse@silverstartelecom.com
OrgNOCHandle: NOC2573-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-360-859-4450
OrgNOCEmail: noc@silverstartelecom.com
OrgTechHandle: TECH231-ARIN
OrgTechName: Tech
OrgTechPhone: +1-360-859-4450
OrgTechEmail: ipadmin@silverstartelecom.com
# ARIN WHOIS database, last updated 2008-03-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Outgoing located.
Onto scammer or zombie:
[studio42@flatus studio42]$ host 72.54.8.21
Host 21.8.54.72.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ whois 72.54.8.21@whois.arin.net
[whois.arin.net]
OrgName: CBEYOND COMMUNICATIONS, LLC
OrgID: CBEY
Address: 320 Interstate North Parkway
Address: Suite 300
City: Atlanta
StateProv: GA
PostalCode: 30339
Country: US
ReferralServer: rwhois://rwhois.cbeyond.net:4321/
NetRange: 72.54.0.0 - 72.54.255.255
CIDR: 72.54.0.0/16
NetName: CBEY
NetHandle: NET-72-54-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: INFINITY.CBEYOND.NET
NameServer: BEYOND.CBEYOND.NET
Comment: For prompt attention, please send all abuse (spam, DOS,
Comment: etc) correspondence to our Abuse handle...(abuse@cbeyond.net) -Cbeyo
nd
Comment: rwhois.cbeyond.net:4321
RegDate: 2005-08-03
Updated: 2006-07-31
OrgAbuseHandle: ABUSE294-ARIN
OrgAbuseName: Cbeyond-Abuse
OrgAbusePhone: +1-678-424-2400
OrgAbuseEmail: abuse@cbeyond.net
OrgTechHandle: AI93-ARIN
OrgTechName: Admin IP
OrgTechPhone: +1-678-424-2400
OrgTechEmail: ip-admin@cbeyond.net
# ARIN WHOIS database, last updated 2008-03-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Beyond useless....
Onto scammer site:
[studio42@flatus studio42]$ host PosteItaliane.toxicteam.net
PosteItaliane.toxicteam.net has address 208.98.31.250
[studio42@flatus studio42]$ whois 208.98.31.250@whois.arin.net
[whois.arin.net]
OrgName: SHARKTECH INTERNET SERVICES
OrgID: SIS-175
Address: 140 N Easy St.
City: Missoula
StateProv: MT
PostalCode: 59802
Country: US
ReferralServer: rwhois://rwhois.sharktech.net:4321
NetRange: 208.98.0.0 - 208.98.63.255
CIDR: 208.98.0.0/18
NetName: SHARKTECH
NetHandle: NET-208-98-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: RDNS1.SHARKTECH.NET
NameServer: RDNS2.SHARKTECH.NET
Comment:
RegDate: 2006-01-23
Updated: 2006-01-30
RAbuseHandle: ABUSE1080-ARIN
RAbuseName: ABUSE Department
RAbusePhone: +1-406-493-0597
RAbuseEmail: abuse@sharktech.net
RNOCHandle: NOC2002-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-406-493-0597
RNOCEmail: support@sharktech.net
OrgAbuseHandle: ABUSE1080-ARIN
OrgAbuseName: ABUSE Department
OrgAbusePhone: +1-406-493-0597
OrgAbuseEmail: abuse@sharktech.net
OrgNOCHandle: NOC2002-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-406-493-0597
OrgNOCEmail: support@sharktech.net
OrgTechHandle: NOC2002-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-406-493-0597
OrgTechEmail: support@sharktech.net
# ARIN WHOIS database, last updated 2008-03-15 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois toxicteam.net
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: TOXICTEAM.NET
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: THING1.OPYUM.US
Name Server: THING2.OPYUM.US
Name Server: THING3.OPYUM.US
Name Server: THING4.OPYUM.US
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-jan-2008
Creation Date: 05-jan-2008
Expiration Date: 05-jan-2009
>>> Last update of whois database: Sun, 16 Mar 2008 04:35:26 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.godaddy.com]
The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the pr
ior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.
Registrant:
Stefanita Rares Dumitrescu
strz 1/554 ap 12
Brno, Moravia 60800
Czech Republic
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: TOXICTEAM.NET
Created on: 05-Jan-08
Expires on: 05-Jan-09
Last Updated on: 05-Jan-08
Administrative Contact:
Dumitrescu, Stefanita Rares katmai@keptprivate.com
strz 1/554 ap 12
Brno, Moravia 60800
Czech Republic
608224211
Technical Contact:
Dumitrescu, Stefanita Rares katmai@keptprivate.com
strz 1/554 ap 12
Brno, Moravia 60800
Czech Republic
608224211
Domain servers in listed order:
THING1.OPYUM.US
THING2.OPYUM.US
THING3.OPYUM.US
THING4.OPYUM.US
