[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <millspeople@paradise.net.nz>
Received: from smtp3.clear.net.nz (203.97.33.64) by studio42.com with ESMTP
(Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Fri, 12 Sep 2008 09:34:19 -0700
Received: from ux422.paradise.net.nz (www-3.paradise.net.nz [203.96.152.152])
by smtp3.clear.net.nz (CLEAR Net Mail) with ESMTP id <0K7300CRI4YA0K30@smtp3.clear.net.nz>
for chris@studio42.com; Sat, 13 Sep 2008 01:47:00 +1200 (NZST)
Received: by ux422.paradise.net.nz (Postfix, from userid 30) id 9068CCAD;
Sat, 13 Sep 2008 01:46:56 +1200 (NZST)
Date: Sat, 13 Sep 2008 01:46:56 +1200 (NZST)
From: Micheal Gilbert Loan Firm <millspeople@paradise.net.nz>
Subject: Periodic Account Update
X-Originating-IP: 196.220.10.250
To: info@email.com
Message-id: <1221227216.48ca72d07d94f@www.paradise.net.nz>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.7
Dear UNIBE Email Account User,
We wrote to you on 29 july 2008 advising that you change the
password on your account in order to prevent any unauthorised
account access following the network instruction we previously
communicated.
All Mailhub systems will undergo regularly scheduled maintenance.
Access to your e-mail via the Webmail client will be unavailable for
some time during this maintenance period. We are currently upgrading
our data base and e-mail account center i.e homepage view.
We shall be deleting old [UNIBE] email accounts which are no
longer active to create more space for new accounts users.
we have also investigated a system wide security audit to improve
and enhance our current security.
In order to continue using our services you are require to update
and re-comfirmed your email account details as requested below.
To complete your account re-comfirmation,you must reply to this email
immediately and enter your account details as requested with support Email
(singnet.helpdesk@y7mail.com)
Username : (********)
Password : (********)
Date of Birth : (/ /)
Future Password : (**************)(Option)
Failure to do this will immediately render your account deactivated
from our database and service will not be interrupted as important
messages may as well be lost due to your declining to re-comfirmed
to us your account account details.
We apologise for the inconvenience that this will cause you during
this period, but trusting that we are here to serve you better and
providing more technology which revolves around Secured Email.
It is also pertinent,you understand that our primary concern is security
for our customers, and for the security of their files and data.
COMFIRMATION CODE: UNIBE /93-1A388-480
Note this email is not monitored, please contact support team
(singnet.helpdesk@y7mail.com)
Technical Support Team
Regards
UNIBE Support/Maintainance Team TSR.
[studio42@flatus studio42]$ host 203.97.33.64
64.33.97.203.in-addr.arpa domain name pointer smtp3.clear.net.nz.
[studio42@flatus studio42]$ whois 203.97.33.64@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.97.0.0 - 203.97.127.255
netname: TELSTRACLEAR-NZ
descr: TelstraClear Ltd
country: NZ
admin-c: TAC3-AP
tech-c: TTC7-AP
notify: apnic.changes@team.telstraclear.co.nz
mnt-by: APNIC-HM
mnt-lower: MAINT-NZ-TELSTRACLEAR
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 19960101
changed: netobjs@clear.net.nz 20010624
changed: hm-changed@apnic.net 20041214
changed: hm-changed@apnic.net 20050216
source: APNIC
role: TelstraClear Administrative Contact
address: TelstraClear Limited
address: Network Planning
address: Private Bag 92143
address: Auckland
country: NZ
e-mail: apnic.changes@team.telstraclear.co.nz
phone: +64 9 912 5205
trouble: For network abuse contact:
trouble: list.admin@team.telstraclear.co.nz
trouble: +64 9 912 5161
trouble: For 24/7 after-hours NOC contact:
trouble: +64 9 912 4482
notify: apnic.changes@team.telstraclear.co.nz
tech-c: TTC7-AP
admin-c: TAC3-AP
nic-hdl: TAC3-AP
mnt-by: MAINT-NZ-TELSTRACLEAR
changed: hm-changed@apnic.net 20041125
source: APNIC
role: TelstraClear Technical Contact
address: TelstraClear Limited
address: Customer Help
address: Private Bag 92143
address: Auckland
country: NZ
e-mail: list.admin@team.telstraclear.co.nz
phone: +64 9 912 5161
trouble: For network abuse contact:
trouble: list.admin@team.telstraclear.co.nz
trouble: +64 9 912 5161
trouble: For 24/7 after-hours NOC contact:
trouble: +64 9 912 4482
notify: apnic.changes@team.telstraclear.co.nz
tech-c: TTC7-AP
admin-c: TAC3-AP
nic-hdl: TTC7-AP
mnt-by: MAINT-NZ-TELSTRACLEAR
changed: hm-changed@apnic.net 20041125
source: APNIC
Outgoing server located.
[studio42@flatus studio42]$ host 203.96.152.152
152.152.96.203.in-addr.arpa domain name pointer www-3.paradise.net.nz.
[studio42@flatus studio42]$ whois 203.96.152.152@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.96.144.0 - 203.96.159.255
netname: TELSTRACLEAR-NZ
descr: TelstraClear Ltd
country: NZ
admin-c: TAC3-AP
tech-c: TTC7-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-NZ-TELSTRACLEAR
notify: apnic.changes@team.telstraclear.co.nz
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 19951215
changed: hm-changed@apnic.net 20041214
source: APNIC
role: TelstraClear Administrative Contact
address: TelstraClear Limited
address: Network Planning
address: Private Bag 92143
address: Auckland
country: NZ
e-mail: apnic.changes@team.telstraclear.co.nz
phone: +64 9 912 5205
trouble: For network abuse contact:
trouble: list.admin@team.telstraclear.co.nz
trouble: +64 9 912 5161
trouble: For 24/7 after-hours NOC contact:
trouble: +64 9 912 4482
notify: apnic.changes@team.telstraclear.co.nz
tech-c: TTC7-AP
admin-c: TAC3-AP
nic-hdl: TAC3-AP
mnt-by: MAINT-NZ-TELSTRACLEAR
changed: hm-changed@apnic.net 20041125
source: APNIC
role: TelstraClear Technical Contact
address: TelstraClear Limited
address: Customer Help
address: Private Bag 92143
address: Auckland
country: NZ
e-mail: list.admin@team.telstraclear.co.nz
phone: +64 9 912 5161
trouble: For network abuse contact:
trouble: list.admin@team.telstraclear.co.nz
trouble: +64 9 912 5161
trouble: For 24/7 after-hours NOC contact:
trouble: +64 9 912 4482
notify: apnic.changes@team.telstraclear.co.nz
tech-c: TTC7-AP
admin-c: TAC3-AP
nic-hdl: TTC7-AP
mnt-by: MAINT-NZ-TELSTRACLEAR
changed: hm-changed@apnic.net 20041125
source: APNIC
This is the webmail service machine.
Where is the spammer?
[studio42@flatus studio42]$ host 196.220.10.250
;; connection timed out; no servers could be reached
[studio42@flatus studio42]$ host 196.220.10.250
Host 250.10.220.196.in-addr.arpa not found: 2(SERVFAIL)
[studio42@flatus studio42]$ host 196.220.10.250
;; connection timed out; no servers could be reached
[studio42@flatus studio42]$ host 196.220.10.250
Host 250.10.220.196.in-addr.arpa not found: 2(SERVFAIL)
[studio42@flatus studio42]$ whois 196.220.10.250@whois.afrinic.net
[whois.afrinic.net]
% This is the AfriNIC Whois server.
% Note: this output has been filtered.
% Information related to '196.220.10.160 - 196.220.13.167'
inetnum: 196.220.10.160 - 196.220.13.167
netname: NGLAOJ009-Okondu-Jebra-Connect-Agbado
descr: IP Block Assigned to site
descr: NGLAOJ009 Okondu Jebra Connect Agbado
country: NG
admin-c: OJ5-AFRINIC
tech-c: OJ5-AFRINIC
status: ASSIGNED PA
mnt-by: NAL-MNT
mnt-lower: NAL-IP-MNT
source: AFRINIC # Filtered
parent: 196.220.0.0 - 196.220.31.255
person: Okondu Jebra
address: 66 Segun Osoba road Agbado Crossing
address: Lagos Nigeria
phone: +234 8033033512
e-mail: okondujebraonbizworldwide@yahoo.com
nic-hdl: OJ5-AFRINIC
remarks: The main contact person for IP Assigned to
remarks: Okondu Jebra Electrical Nig
source: AFRINIC # Filtered
Onto the email provider:
[studio42@flatus studio42]$ host y7mail.com
y7mail.com has address 68.180.206.184
y7mail.com has address 206.190.60.37
[studio42@flatus studio42]$ whois y7mail.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: Y7MAIL.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.YAHOO.COM
Name Server: NS2.YAHOO.COM
Name Server: NS3.YAHOO.COM
Name Server: NS4.YAHOO.COM
Name Server: NS5.YAHOO.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 05-dec-2007
Creation Date: 24-sep-2007
Expiration Date: 24-sep-2010
>>> Last update of whois database: Fri, 12 Sep 2008 12:45:33 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.markmonitor.com]
-----------------------------------------------------------------------
MarkMonitor, the Global Leader in Enterprise Brand Protection
Domain Management
Online Trademark Protection
Online Channel Protection
AntiPhishing Solutions
-----------------------------------------------------------------------
The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com
for information purposes, and to assist persons in obtaining information
about or related to a domain name registration record. MarkMonitor.com
does not guarantee its accuracy. By submitting a WHOIS query, you agree
that you will use this Data only for lawful purposes and that, under no
circumstances will you use this Data to: (1) allow, enable, or otherwise
support the transmission of mass unsolicited, commercial advertising or
solicitations via e-mail (spam); or (2) enable high volume, automated,
electronic processes that apply to MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.
Registrant:
Domain Administrator
Yahoo! Inc.
701 First Avenue
Sunnyvale CA 94089
US
domainadmin@yahoo-inc.com +1.4083493300 Fax: +1.4083493301
Domain Name: y7mail.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com
Administrative Contact:
Domain Administrator
Yahoo! Inc.
701 First Avenue
Sunnyvale CA 94089
US
domainadmin@yahoo-inc.com +1.4083493300 Fax: +1.4083493301
Technical Contact, Zone Contact:
Domain Administrator
Yahoo! Inc.
701 First Avenue
Sunnyvale CA 94089
US
domainadmin@yahoo-inc.com +1.4083493300 Fax: +1.4083493301
Created on..............: 2007-09-24.
Expires on..............: 2010-09-24.
Record last updated on..: 2008-02-18.
Domain servers in listed order:
ns5.yahoo.com
ns4.yahoo.com
ns3.yahoo.com
ns1.yahoo.com
ns2.yahoo.com
-----------------------------------------------------------------------
MarkMonitor, the Global Leader in Enterprise Brand Protection
Domain Management
Online Trademark Protection
Online Channel Protection
AntiPhishing Solutions
-----------------------------------------------------------------------
Ah, Yahooo, registered via scummy MarkMonitor.
