Return-Path: <verify@halifax.co.uk>
Received: from itest.com (209.237.6.20) by studio42.com with ESMTP 
(Eudora Internet Mail Server 3.2.10) for <spam-hater@studio42.com>; 
Wed, 2 Jul 2008 10:15:08 -0700
Received: from User [24.235.111.114] by itest.com with ESMTP  (SMTPD-9.10) 
id ACB70CA0; Wed, 02 Jul 2008 05:03:51 -0800
Reply-To: <verify@halifax.co.uk>
From: "verify@halifax.co.uk"<verify@halifax.co.uk>
Subject: Online Banking - Security Measures !
Date: Wed, 2 Jul 2008 08:09:34 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;	boundary="----=_NextPart_000_0081_01C2A9A6.6B16881A"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20080702050315.SM01044@User>
To: undisclosed-recipients:;








[studio42@flatus /]$ host 209.237.6.20
20.6.237.209.in-addr.arpa domain name pointer mailhost.itest.com.
[studio42@flatus /]$ whois 209.237.6.20@whois.arin.net
[whois.arin.net]

OrgName:    HyperSurf Internet Services, Inc.
OrgID:      HSIS
Address:    2355-B Paragon Drive
City:       San Jose
StateProv:  CA
PostalCode: 95131
Country:    US

NetRange:   209.237.0.0 - 209.237.63.255
CIDR:       209.237.0.0/18
NetName:    HSIS-209-237
NetHandle:  NET-209-237-0-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.BJT.NET
NameServer: NS2.BJT.NET
NameServer: NS3.BJT.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    1998-06-17
Updated:    2002-11-20

OrgTechHandle: CAL13-ARIN
OrgTechName:   Alameda, Chris
OrgTechPhone:  +1-408-325-0300
OrgTechEmail:  chris@hypersurf.com

# ARIN WHOIS database, last updated 2008-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Network with bad server located.

Onto scammer or zombie:

[studio42@flatus /]$ host 24.235.111.114
114.111.235.24.in-addr.arpa domain name pointer wsp05957754wss.cr.net.cable.roge
rs.com.
[studio42@flatus /]$ whois 24.235.111.114@whois.arin.net
[whois.arin.net]
Rogers Cable Communications Inc. ROGERS-CAB-100 (NET-24-235-96-0-1)
                                  24.235.96.0 - 24.235.127.255
IDEA TECHNOLOGY NEWKIRK IDEA-TECHNOLOGY (NET-24-235-111-112-1)
                                  24.235.111.112 - 24.235.111.119

# ARIN WHOIS database, last updated 2008-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

[studio42@flatus /]$ whois NET-24-235-111-112-1@whois.arin.net
[whois.arin.net]

CustName:   IDEA TECHNOLOGY NEWKIRK
Address:    20 STEELCASE RD
City:       MARKHAM
StateProv:  ON
PostalCode: L3R-1B2
Country:    CA
RegDate:    2008-03-20
Updated:    2008-03-20

NetRange:   24.235.111.112 - 24.235.111.119
CIDR:       24.235.111.112/29
NetName:    IDEA-TECHNOLOGY
NetHandle:  NET-24-235-111-112-1
Parent:     NET-24-235-96-0-1
NetType:    Reassigned
Comment:
RegDate:    2008-03-20
Updated:    2008-03-20

OrgTechHandle: IPMAN-ARIN
OrgTechName:   IP MANAGE
OrgTechPhone:  +1-416-935-4729
OrgTechEmail:  ipmanage@rogers.wave.ca

# ARIN WHOIS database, last updated 2008-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

[studio42@flatus /]$ whois NET-24-235-96-0-1@whois.arin.net
[whois.arin.net]

OrgName:    Rogers Cable Communications Inc.
OrgID:      RCC-100
Address:    One Mount Pleasant
City:       Toronto
StateProv:  ON
PostalCode: M4Y-2Y5
Country:    CA

NetRange:   24.235.96.0 - 24.235.127.255
CIDR:       24.235.96.0/19
NetName:    ROGERS-CAB-100
NetHandle:  NET-24-235-96-0-1
Parent:     NET-24-0-0-0-0
NetType:    Direct Allocation
NameServer: NS2.YM.RNC.NET.CABLE.ROGERS.COM
NameServer: NS2.WLFDLE.RNC.NET.CABLE.ROGERS.COM
NameServer: NS3.YM.RNC.NET.CABLE.ROGERS.COM
NameServer: NS3.WLFDLE.RNC.NET.CABLE.ROGERS.COM
Comment:
RegDate:    2003-09-29
Updated:    2006-12-06

OrgTechHandle: IPMAN-ARIN
OrgTechName:   IP MANAGE
OrgTechPhone:  +1-416-935-4729
OrgTechEmail:  ipmanage@rogers.wave.ca

# ARIN WHOIS database, last updated 2008-07-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

And the scammer site:

[studio42@flatus /]$ host 57.204-78-194.adsl-fix.skynet.be
57.204-78-194.adsl-fix.skynet.be has address 194.78.204.57
[studio42@flatus /]$ whois 194.78.204.57@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '194.78.204.0 - 194.78.204.255'

inetnum:        194.78.204.0 - 194.78.204.255
netname:        BE-SKYNET-20011108
descr:          ADSL-PRO
descr:          Belgacom ISP SA/NV
country:        BE
admin-c:        SN2068-RIPE
tech-c:         SN2068-RIPE
rev-srv:        ns1.skynet.be
rev-srv:        ns2.skynet.be
rev-srv:        ns3.skynet.be
rev-srv:        ns4.skynet.be
status:         ASSIGNED PA
mnt-by:         SKYNETBE-MNT
mnt-by:         SKYNETBE-ROBOT-MNT
source:         RIPE # Filtered

role:           Skynet NOC administrators
address:        Belgacom SA de droit public
address:        ANS/ROC/RNO/IEC - TGX Building
address:        Boulevard du Roi Albert II, 27
address:        B-1030 Bruxelles
address:        Belgium
phone:          +32 2 202-4111
fax-no:         +32 2 203-6593
abuse-mailbox:  abuse@skynet.be
admin-c:        BIEC1-RIPE
tech-c:         BIEC1-RIPE
nic-hdl:        SN2068-RIPE
remarks:        ******************************************
remarks:        Abuse notifications to: abuse@belgacom.be
remarks:        Abuse mails sent to other addresses will be ignored !
remarks:        ******************************************
remarks:        Network problems to: noc@skynet.be
remarks:        Peering requests to: peering@skynet.be
mnt-by:         SKYNETBE-MNT
source:         RIPE # Filtered

% Information related to '194.78.0.0/16AS5432'

route:        194.78.0.0/16
descr:        SKYNETBE-CUSTOMERS
origin:       AS5432
mnt-by:       SKYNETBE-MNT
source:       RIPE # Filtered