[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phis Scam Edition.
Received: from 91.121.156.190 (91.121.156.190) by studio42.com with SMTP
(Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Tue, 3 Jun 2008 19:03:19 -0700
X-Message-Info: CImTGR443ruHAPt/yyyUDPadPSvrTIZePsrgaqHOv432VZG
Received: from sparkle-u003.connotative.hotmail.com (13.70.33.108) by e50-xy63.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);
Tue, 03 Jun 2008 19:56:18 -0500
From: EPPICard <custserv@eppicard.com>
To: chris@studio42.com
Subject: EPPICard Notice
Date: Wed, 04 Jun 2008 07:00:18 +0600 EST
Message-ID: <70074.7527761508.23@footwear-al2.hotmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--4445663969279011"
----4445663969279011
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<html><title>EPPICard Notice</title>
<img src=3D"https://www.eppicard.com/img/ecard_create_01.gif"><BR><BR>
<font face=3D"verdana" size=3D2>We recently reviewed your account, and sus=
pect that your <B>EPPICard</B><br>
account may have been accessed by an unauthorized third-party.<br>
Protecting the security of your account and of the <B>EPPICard</B> network=
<br>
is our primary concern. Therefore, as a preventative measure, we<br>
have temporarily limited access to sensitive account features.<br><br>
To restore your account access, please login and verify your profile.<br><=
br>
<b>To get started, please click the link below:<br><br>
<a href=3D"http://sebastr.club.fr/administrator/components/com_securityima=
ges/logs/log.php">CLICK HERE</a></b><br><br>
We apologize for any inconvenience this may cause, and appreciate<br>
your assistance in helping us maintain the integrity of the entire<br>
<B>EPPICard System</b><br><br>
Thank You!<br>
<BR>
</font>
<font face=3D"verdana" color=3D"99999" size=3D1>=A9 2008 EPPICard. All rig=
hts reserved</font>
</html>
----4445663969279011--
[studio42@flatus studio42]$ host 91.121.156.190
190.156.121.91.in-addr.arpa domain name pointer ns202584.ovh.net.
[studio42@flatus studio42]$ whois 91.121.156.190@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '91.121.144.0 - 91.121.159.255'
inetnum: 91.121.144.0 - 91.121.159.255
netname: OVH
descr: OVH SAS
descr: Dedicated Servers
descr: http://www.ovh.com
country: FR
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 140, Quai du Sartel
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
remarks: ========================================
remarks: support : support@ovh.com
remarks: 0 899 701 761 (france only)
remarks: ========================================
remarks: troubles:
remarks: + network : abuse@ovh.net
remarks: + spam : http://www.spam-rbl.com
remarks: ========================================
remarks: peering : noc@ovh.net
remarks: prefix 213.186.32.0/19
remarks: prefix 213.251.128.0/18
remarks: - FreeIX (1Gbs) 213.228.3.244
remarks: - PariX (1Gbs) 198.32.247.104
remarks: - SfinX (1Gbs) 194.68.129.144
remarks: ========================================
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
person: Octave Klaba
address: OVH SAS
address: 140, quai du sartel
address: 59100 Roubaix
address: France
phone: +33 3 20 20 09 57
fax-no: +33 3 20 20 09 58
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '91.121.0.0/16AS16276'
route: 91.121.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
French, what can I expect? No action taken, that's for damn sure.
I don't really expect the rest of the headers to be trustworthy.
Onto scammer site:
[studio42@flatus studio42]$ host sebastr.club.fr
sebastr.club.fr is an alias for perso2.club-internet.fr.
perso2.club-internet.fr has address 194.158.120.142
[studio42@flatus studio42]$ whois 194.158.120.142@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '194.158.118.0 - 194.158.125.255'
inetnum: 194.158.118.0 - 194.158.125.255
netname: T-ONLINEFRANCE
descr: T-Online France / Club-Internet platform addressing
country: FR
admin-c: NOCT1-RIPE
tech-c: NOCT1-RIPE
status: ASSIGNED PA
mnt-by: T-ONLINEFRANCE
source: RIPE # Filtered
role: Network Operation Centre T-ONLINE FRANCE
address: Club Internet - T-Online France
address: 11 rue de Cambrai
address: 75019 Paris
address: France
phone: +33 1 55 45 45 00
fax-no: +33 1 55 45 47 78
e-mail: ripe@clubint.net
admin-c: OB346-RIPE
tech-c: OB346-RIPE
tech-c: SOFT-RIPE
nic-hdl: NOCT1-RIPE
mnt-by: T-ONLINEFRANCE
source: RIPE # Filtered
% Information related to '194.158.96.0/19AS5410'
route: 194.158.96.0/19
descr: T-Online France - Club Internet
origin: AS5410
mnt-by: T-ONLINEFRANCE
source: RIPE # Filtered
I expect all complaints in regards to this to be ignored.
