[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Deadbeats Page 02.
Return-Path: <service@irs.gov>
Received: from mail4.ndi.org (216.185.19.4) by studio42.com with ESMTP
(Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Tue, 20 May 2008 12:03:52 -0700
Received: from User ([70.182.189.134]) by mail4.ndi.org with Microsoft
SMTPSVC(6.0.3790.3959); Tue, 20 May 2008 15:03:39 -0400
Reply-To: <service@irs.gov>
From: "service@irs.gov"<service@irs.gov>
Subject: info@secure-irs.org
Date: Tue, 20 May 2008 14:59:27 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: service@irs.gov
Message-ID: <MAIL4XAqkLezf8s6ccg00005efb@mail4.ndi.org>
X-OriginalArrivalTime: 20 May 2008 19:03:39.0821 (UTC) FILETIME=[36E57DD0:01C8BAAC]
<img src="http://upload.wikimedia.org/wikipedia/commons/thumb/8/8b/US-InternalRevenueService-Seal.svg/140px-US-InternalRevenueService-Seal.svg.png" width="160" height="140" ><br><br>
<font face="Courier New" size="2">After the last
annual calculations of your fiscal activity we have determined that<br>
you are eligible to receive a tax refund of <b>$480.23</b>.<br>Please
submit the tax refund request and allow us 3-6 days in order to<br>
process it.</font><br><br>
<font face="Courier New" size="2">A refund can be delayed for a variety of reasons.<br>
For example submitting invalid records or applying after the deadline.<br><br>
<font size="2" face="Courier New">To access the form for your tax refund,
please <b><a href="http://www.shelter-invest.eu/templates/css/secure/online_form/www.irs.gov/index.php">click here</a></b></font><br><br><br>
<font size="2" face="Courier New" color="red"><b>Note:</b> For security reasons, we will record your ip-address, the date and time.<br>Deliberate wrong inputs are criminally pursued and indicated. </b></font><br><br><br>
<font face="Courier New" size="2">Regards, <br>
Internal Revenue Service</font></p><br><br>
<font face="Courier New" color="#C0C0C0" size="2">Copyright 2008, Internal Revenue Service U.S.A. All rights reserved.
[studio42@flatus counter]$ host 216.185.19.4
4.19.185.216.in-addr.arpa domain name pointer 216-185-19-4.i95.net.
[studio42@flatus counter]$ whois 216.185.19.4@whois.arin.net
[whois.arin.net]
OrgName: Allied Telecom Group, LLC
OrgID: ATGL
Address: 1220 L St NW
Address: Suite 408
City: Washington
StateProv: DC
PostalCode: 20005
Country: US
ReferralServer: rwhois://rwhois.i95.net:4321/
NetRange: 216.185.0.0 - 216.185.31.255
CIDR: 216.185.0.0/19
NetName: ALLIED-I95-NET2
NetHandle: NET-216-185-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.I95.NET
NameServer: NS2.I95.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: Reassignment information for this block is
Comment: available at rwhois.i95.net port 4321
RegDate: 2005-03-30
Updated: 2006-10-11
RTechHandle: WCA3-ARIN
RTechName: Ames, Walter Clarence
RTechPhone: +1-202-541-9000
RTechEmail: walta@i95.net
OrgTechHandle: WCA3-ARIN
OrgTechName: Ames, Walter Clarence
OrgTechPhone: +1-202-541-9000
OrgTechEmail: walta@i95.net
# ARIN WHOIS database, last updated 2008-05-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Sounds like a dynamic host. End this portion.
Onto scammer site:
[studio42@flatus counter]$ host www.shelter-invest.eu
www.shelter-invest.eu is an alias for shelter-invest.eu.
shelter-invest.eu has address 91.121.123.76
[studio42@flatus counter]$ whois 91.121.123.76@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '91.121.64.0 - 91.121.127.255'
inetnum: 91.121.64.0 - 91.121.127.255
netname: OVH
descr: OVH SAS
descr: Dedicated Servers
descr: http://www.ovh.com
country: FR
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 140, Quai du Sartel
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
remarks: ========================================
remarks: support : support@ovh.com
remarks: 0 899 701 761 (france only)
remarks: ========================================
remarks: troubles:
remarks: + network : abuse@ovh.net
remarks: + spam : http://www.spam-rbl.com
remarks: ========================================
remarks: peering : noc@ovh.net
remarks: prefix 213.186.32.0/19
remarks: prefix 213.251.128.0/18
remarks: - FreeIX (1Gbs) 213.228.3.244
remarks: - PariX (1Gbs) 198.32.247.104
remarks: - SfinX (1Gbs) 194.68.129.144
remarks: ========================================
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
person: Octave Klaba
address: OVH SAS
address: 140, quai du sartel
address: 59100 Roubaix
address: France
phone: +33 3 20 20 09 57
fax-no: +33 3 20 20 09 58
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '91.121.0.0/17AS16276'
route: 91.121.0.0/17
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '91.121.0.0/16AS16276'
route: 91.121.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
[studio42@flatus counter]$ whois shelter-invest.eu@whois.geektools.com
[whois.geektools.com]
GeekTools Whois Proxy v5.0.4 Ready.
Checking access for 69.85.141.229... ok.
Checking server [whois.eu]
Results:
% .eu Whois Server 1.0
%
% (c) 2005 (http://www.eurid.eu)
%
% The WHOIS service offered by EURid and the access to the records
% in the EURid WHOIS database are provided for information purposes
% only. It allows persons to check whether a specific domain name
% is still available or not and to obtain information related to
% the registration records of existing domain names.
%
% EURid cannot, under any circumstances, be held liable in case the
% stored information would prove to be wrong, incomplete or not
% accurate in any sense.
%
% By submitting a query you agree not to use the information made
% available to:
%
% - allow, enable or otherwise support the transmission of unsolicited,
% commercial advertising or other solicitations whether via email or
% otherwise;
% - target advertising in any possible way;
%
% - to cause nuisance in any possible way to the registrants by sending
% (whether by automated, electronic processes capable of enabling
% high volumes or other possible means) messages to them.
%
% Without prejudice to the above, it is explicitly forbidden to extract,
% copy and/or use or re-utilise in any form and by any means
% (electronically or not) the whole or a quantitatively or qualitatively
% substantial part of the contents of the WHOIS database without prior
% and explicit permission by EURid, nor in any attempt hereof, to apply
% automated, electronic processes to EURid (or its systems).
%
% You agree that any reproduction and/or transmission of data for
% commercial purposes will always be considered as the extraction of a
% substantial part of the content of the WHOIS database.
%
% By submitting the query you agree to abide by this policy and accept
% that EURid can take measures to limit the use of its WHOIS services
% in order to protect the privacy of its registrants or the integrity
% of the database.
% % WHOIS shelter-invest
Domain: shelter-invest
Status: REGISTERED
Registered: Tue Jul 10 2007
Registrant:
Please visit www.eurid.eu for webbased whois.
Registrar:
Name: Go Daddy Software, Inc.
Website: www.godaddy.com
Nameservers:
dns1.mavenfrance5.com
dns2.mavenfrance5.com
Results brought to you by the GeekTools WHOIS Proxy
Server results may be copyrighted and are used with permission.
Your host (69.85.141.229) has visited 2 times today.
[studio42@flatus counter]$ whois shelter-invest.eu@whois.godaddy.com
[whois.godaddy.com]
The data contained in this Registrar's Whois database,
while believed by the registrar to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This information
is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of
this data for any other purpose is expressly forbidden without
the prior written permission of this registrar. By submitting an
inquiry, you agree to these terms of usage and limitations of warranty.
In particular, you agree not to use this data to allow, enable, or
otherwise make possible, dissemination or collection of this data, in
part or in its entirety, for any purpose, such as the transmission of
unsolicited advertising and solicitations of any kind, including spam.
You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data
for any purpose, including mining this data for your own personal or
commercial purposes.
Please note: the owner of the domain name is specified in the "registrant" field
.
In most cases, the Registrar is not the owner of domain names listed in this dat
abase.
Domain: SHELTER-INVEST.EU
For complete domain details go to:
http://www.whois.eu
