[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <service@eppicard.com>
Received: from mail.iaimail.com (64.146.13.22) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Sun, 11 May 2008 11:26:33 -0700
Received: from wildlife-control.com ([66.17.42.69])
by mail.iaimail.com (Merak 8.0.3) with ASMTP id JCG75012;
Sun, 11 May 2008 11:33:05 -0700
Received: from User ([24.0.73.87]) by wildlife-control.com with Microsoft
SMTPSVC(6.0.3790.1830); Sun, 11 May 2008 11:26:23 -0700
From: "EPPICard Security Center"<service@eppicard.com>
Subject: Your account have been accessed from an unauthorized computer ,
Date: Sun, 11 May 2008 14:26:50 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: service@eppicard.com
Message-ID: <SBSERVERq36yERwkN5Y0000e682@wildlife-control.com>
X-OriginalArrivalTime: 11 May 2008 18:26:24.0238 (UTC) FILETIME=[84AAD8E0:01C8B394]
Dear EPPICard member,
We recently reviewed your account, and suspect that your EPPICard account may have been accessed from an unauthorized computer. This may be due to changes in your IP address or location. Protecting the security of your account and the EPPICard network is our primary concern.
We are asking you to immediately login and report any unnoticed password changes, unauthorized withdrawals, and check you account profile to make sure no changes have been made.
To protect your account please follow the instructions below:
* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
* LOG OFF AFTER USING YOUR ONLINE ACCOUNT
Please click the following link, to verify your account activity:
http://balder743.startdedicated.com/manual/style/css/.cgi-bin/e/update/login/www.eppicard.com/online/
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintaining the integrity of the entire EPPICard system. Please login as soon as possible.
Thank you,
EPPICard Security Advisor.
[studio42@flatus studio42]$ host 64.146.13.22
22.13.146.64.in-addr.arpa domain name pointer mail.iaimail.com.
[studio42@flatus studio42]$ whois 64.146.13.22@whois.arin.net
[whois.arin.net]
New Edge Networks NEWEDGENETS-2BLK (NET-64-146-0-0-1)
64.146.0.0 - 64.146.127.255
American Broadband Services NEWE-AMBB-1 (NET-64-146-12-0-1)
64.146.12.0 - 64.146.15.255
# ARIN WHOIS database, last updated 2008-05-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois NET-64-146-12-0-1@whois.arin.net
[whois.arin.net]
OrgName: American Broadband Services
OrgID: ABS-109
Address: 5718 East Shields Ave
Address: Network Operations Center
City: Fresno
StateProv: CA
PostalCode: 93727
Country: US
ReferralServer: rwhois://rwhois1.absinet.net:4321
NetRange: 64.146.12.0 - 64.146.15.255
CIDR: 64.146.12.0/22
NetName: NEWE-AMBB-1
NetHandle: NET-64-146-12-0-1
Parent: NET-64-146-0-0-1
NetType: Reassigned
NameServer: HNS1.NEWEDGENETWORKS.COM
NameServer: HNS2.NEWEDGENETWORKS.COM
Comment:
RegDate: 2003-03-27
Updated: 2003-03-27
RTechHandle: TSD8-ARIN
RTechName: Tech Support Department
RTechPhone: +1-866-827-4638
RTechEmail: support@absinet.net
OrgAbuseHandle: ABUSE225-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-866-827-4638
OrgAbuseEmail: abuse@absinet.net
OrgNOCHandle: NOC342-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-866-827-4638
OrgNOCEmail: noc@absinet.net
OrgTechHandle: TSD8-ARIN
OrgTechName: Tech Support Department
OrgTechPhone: +1-866-827-4638
OrgTechEmail: support@absinet.net
# ARIN WHOIS database, last updated 2008-05-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois NET-64-146-0-0-1@whois.arin.net
[whois.arin.net]
OrgName: New Edge Networks
OrgID: NEWE
Address: 3000 Columbia House Blvd.
Address: Suite 106
City: Vancouver
StateProv: WA
PostalCode: 98661
Country: US
NetRange: 64.146.0.0 - 64.146.127.255
CIDR: 64.146.0.0/17
NetName: NEWEDGENETS-2BLK
NetHandle: NET-64-146-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: HNS1.NEWEDGENETWORKS.COM
NameServer: HNS2.NEWEDGENETWORKS.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-09-12
Updated: 2002-08-06
RTechHandle: ZN90-ARIN
RTechName: New Edge Networks
RTechPhone: +1-360-693-9009
RTechEmail: ip-admin@newedgenetworks.com
OrgAbuseHandle: ABUSE33-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-360-906-9800
OrgAbuseEmail: abuse@newedgenetworks.com
OrgNOCHandle: NOC135-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-877-546-8698
OrgNOCEmail: customercare@newedgenetworks.com
OrgTechHandle: ZN90-ARIN
OrgTechName: New Edge Networks
OrgTechPhone: +1-360-693-9009
OrgTechEmail: ip-admin@newedgenetworks.com
# ARIN WHOIS database, last updated 2008-05-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Bad ISP spotted. Let's see why this may have happened:
[studio42@flatus studio42]$ host 66.17.42.69
69.42.17.66.in-addr.arpa domain name pointer 66-17-42-69.biz.frsn.arrival.net.
[studio42@flatus studio42]$ whois 66.17.42.69@whois.arin.net
[whois.arin.net]
OrgName: Arrival Communication, Inc
OrgID: ARRV
Address: 5100 California Ave Suite 104
City: Bakersfield
StateProv: CA
PostalCode: 93309
Country: US
NetRange: 66.17.0.0 - 66.17.63.255
CIDR: 66.17.0.0/18
NetName: ARRIVAL-COM
NetHandle: NET-66-17-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ARRIVAL.NET
NameServer: NS2.ARRIVAL.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-09-08
Updated: 2005-09-30
RAbuseHandle: ABUSE121-ARIN
RAbuseName: Abuse
RAbusePhone: +1-661-281-2100
RAbuseEmail: abuse@arrival.net
RTechHandle: TLF5-ARIN
RTechName: Fruzza, Tony Lee
RTechPhone: +1-661-716-6044
RTechEmail: tfruzza@arrival.com
OrgTechHandle: ARIN3-ARIN
OrgTechName: ARIN
OrgTechPhone: +1-661-716-6000
OrgTechEmail: ARIN@arrival.com
# ARIN WHOIS database, last updated 2008-05-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Zombie abuse?
Onto scammer site:
[studio42@flatus studio42]$ host balder743.startdedicated.com
balder743.startdedicated.com has address 69.64.47.76
[studio42@flatus studio42]$ whois 69.64.47.76@whois.arin.net
[whois.arin.net]
OrgName: Server4You Inc.
OrgID: SERVE-6
Address: 710 North Tucker Blvd
Address: Suite 610
City: St. Louis
StateProv: MO
PostalCode: 63101
Country: US
NetRange: 69.64.32.0 - 69.64.63.255
CIDR: 69.64.32.0/19
NetName: S4Y1-NET
NetHandle: NET-69-64-32-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.NAMESERVERSERVICE.COM
NameServer: NS2.NAMESERVERSERVICE.COM
Comment: http://www.server4you.com
RegDate: 2003-07-30
Updated: 2004-04-29
RAbuseHandle: SWI19-ARIN
RAbuseName: Wintz, Sascha
RAbusePhone: +1-866-342-5749
RAbuseEmail: sw@server4you.net
RNOCHandle: SWI19-ARIN
RNOCName: Wintz, Sascha
RNOCPhone: +1-866-342-5749
RNOCEmail: sw@server4you.net
RTechHandle: SWI19-ARIN
RTechName: Wintz, Sascha
RTechPhone: +1-866-342-5749
RTechEmail: sw@server4you.net
OrgAbuseHandle: ABUSE260-ARIN
OrgAbuseName: Abuse Contact
OrgAbusePhone: +1-314-754-0420
OrgAbuseEmail: abuse@server4you.net
OrgNOCHandle: NOC1222-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-314-754-0420
OrgNOCEmail: noc@server4you.net
OrgTechHandle: SWI19-ARIN
OrgTechName: Wintz, Sascha
OrgTechPhone: +1-866-342-5749
OrgTechEmail: sw@server4you.net
# ARIN WHOIS database, last updated 2008-05-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois startdedicated.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: STARTDEDICATED.COM
Registrar: TUCOWS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.STARTDEDICATED.COM
Name Server: NS2.STARTDEDICATED.COM
Status: ok
Updated Date: 06-dec-2007
Creation Date: 01-aug-2003
Expiration Date: 01-aug-2008
>>> Last update of whois database: Sun, 11 May 2008 16:54:44 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.tucows.com]
Registrant:
Server4You, Inc.
710 North Tucker Blvd
Suite 610a
St. Louis, MO 63101
US
Domain name: STARTDEDICATED.COM
Administrative Contact:
Inc., Server4You info@server4you.net
710 North Tucker Blvd
Suite 610a
St. Louis, MO 63101
US
+1 (866) 3425
Technical Contact:
Support, Domain domain@server4you.com
710 North Tucker Blvd
Suite 610a
St. Louis, Missouri 63101
US
+1.8663425749
Registration Service Provider:
SERVER4YOU,Inc., domain@server4you.com
1-314-266-3638
1-314-558-1859 (fax)
http://www.server4you.com
Registrar of Record: TUCOWS, INC.
Record last updated on 06-Dec-2007.
Record expires on 01-Aug-2008.
Record created on 01-Aug-2003.
Registrar Domain Name Help Center:
http://domainhelp.tucows.com
Domain servers in listed order:
NS2.STARTDEDICATED.COM 69.64.45.122
NS1.STARTDEDICATED.COM 69.64.45.121
Domain status: ok
The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.
Tucows makes this information available "as is," and does not guarantee its
accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.
Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.
Tucows reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
