[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <update@barclays.co.uk>
Received: from LincolnParkone.com (71.216.209.95) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Sat, 4 Oct 2008 02:46:35 -0700
Received: from User ([70.88.12.213]) by LincolnParkone.com with Microsoft
SMTPSVC(6.0.3790.3959); Sat, 4 Oct 2008 03:13:19 -0600
From: "Barclays-Security"<update@barclays.co.uk>
Subject: Online security !
Date: Sat, 4 Oct 2008 05:13:14 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: update@barclays.co.uk
Message-ID: <PARKONEPr1RvydZAUcd00000054@LincolnParkone.com>
X-OriginalArrivalTime: 04 Oct 2008 09:13:20.0647 (UTC) FILETIME=[72043170:01C92601]
Dear Valued Customer,
Online security - The steps we take
Ensuring your online transactions are safe and secure
As a bank we are used to thinking about security. The growth of the internet has offered greater flexibility for us all, but it also brings new risks that must be guarded against. At BARCLAYS, we use industry standard security technology and practices, focusing on three key areas: privacy, technology and identification to safeguard your account from any unauthorized access.
Online security - The steps you should take
There is much that you can do to protect yourself online. Some of these measures are simple, others may require a little time invested or following simple instructions sent by us to you by email, Phone or Post. As part of our security measures, We are introducing Secure Transact, one of the various security initiatives we are introducing this Year. To enroll in Secure Transact please Click on the link:
http://account445.boo.jp/ibank.barclays.co.uk/olb/t/LoginMember.do/
If you have any trouble clicking the link, simply copy and paste the entire link into your browser's address bar.
This email has been sent to all BARCLAYS BANK Customers, Failure to follow the Enrollment process properly will result in account suspension for security reasons.
Barclays Bank PLC. Registered in England. Registered No: 1026167. Registered Office: 1 Churchill Place, London, E14 5HP. Barclays Bank PLC adheres to the principles of the Banking Code. A copy of the Code is available on request. "The Woolwich" and "Woolwich" are trading names of Barclays Bank PLC.
[studio42@flatus studio42]$ host 71.216.209.95
95.209.216.71.in-addr.arpa domain name pointer mail.lincolnparkone.com.
[studio42@flatus studio42]$ whois 71.216.209.95@whois.arin.net
[whois.arin.net]
OrgName: Qwest Communications Corporation
OrgID: QCC-22
Address: 1801 California Street
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
NetRange: 71.208.0.0 - 71.223.255.255
CIDR: 71.208.0.0/12
NetName: QWEST-INET-118
NetHandle: NET-71-208-0-0-1
Parent: NET-71-0-0-0-0
NetType: Direct Allocation
NameServer: AUTHNS1.MPLS.QWEST.NET
NameServer: AUTHNS2.DNVR.QWEST.NET
NameServer: AUTHNS3.STTL.QWEST.NET
Comment:
RegDate: 2005-05-06
Updated: 2006-05-11
RAbuseHandle: QIA2-ARIN
RAbuseName: Qwest Abuse
RAbusePhone: +1-877-886-6515
RAbuseEmail: abuse@qwest.net
RNOCHandle: QIN-ARIN
RNOCName: Qwest IP NOC
RNOCPhone: +1-877-886-6515
RNOCEmail: support@qwestip.net
RTechHandle: QIA-ARIN
RTechName: Qwest IP Admin
RTechPhone: +1-877-886-6515
RTechEmail: ipadmin@qwest.com
OrgAbuseHandle: QIA2-ARIN
OrgAbuseName: Qwest Abuse
OrgAbusePhone: +1-877-886-6515
OrgAbuseEmail: abuse@qwest.net
OrgNOCHandle: QIN-ARIN
OrgNOCName: Qwest IP NOC
OrgNOCPhone: +1-877-886-6515
OrgNOCEmail: support@qwestip.net
OrgTechHandle: QIA-ARIN
OrgTechName: Qwest IP Admin
OrgTechPhone: +1-877-886-6515
OrgTechEmail: ipadmin@qwest.com
# ARIN WHOIS database, last updated 2008-10-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Still has learned NOTHING after being on the spam radar for years. I will have to
blacklist that very large block.
Onto the scammer or zombie:
[studio42@flatus studio42]$ host 70.88.12.213
213.12.88.70.in-addr.arpa domain name pointer 70-88-12-213-charleston-sc.hfc.com
castbusiness.net.
[studio42@flatus studio42]$ whois 70.88.12.213@whois.arin.net
[whois.arin.net]
Comcast Business Communications, Inc. CBC-CM-3 (NET-70-88-0-0-1)
70.88.0.0 - 70.91.255.255
Comcast Business Communications, Inc. CBC-CHARLESTON-2 (NET-70-88-12-0-1)
70.88.12.0 - 70.88.13.255
# ARIN WHOIS database, last updated 2008-10-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois NET-70-88-0-0-1@whois.arin.net
[whois.arin.net]
OrgName: Comcast Business Communications, Inc.
OrgID: CBCI
Address: 1800 Bishops Gate Blvd.
City: Mount Laurel
StateProv: NJ
PostalCode: 08054-4628
Country: US
NetRange: 70.88.0.0 - 70.91.255.255
CIDR: 70.88.0.0/14
NetName: CBC-CM-3
NetHandle: NET-70-88-0-0-1
Parent: NET-70-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.COMCASTBUSINESS.NET
NameServer: NS2.COMCASTBUSINESS.NET
NameServer: NS3.COMCASTBUSINESS.NET
Comment:
RegDate: 2004-08-09
Updated: 2005-10-24
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: +1-856-317-7272
OrgAbuseEmail: abuse@comcast.net
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: CNIPEO-Ip-registration@cable.comcast.com
# ARIN WHOIS database, last updated 2008-10-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Probably a zombie since Comcast encourages idiot users.
Onto scammer phish site:
[studio42@flatus studio42]$ host account445.boo.jp
account445.boo.jp has address 219.94.179.239
[studio42@flatus studio42]$ whois 219.94.179.239@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 219.94.128.0 - 219.94.255.255
netname: SAKURA
descr: SAKURA Internet Inc.
descr: 1-8-14, Minami Honmachi, Chuo-ku, Osaka 541-0054, Japan
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
status: ALLOCATED PORTABLE
remarks: Email address for spam or abuse complaints : support@sakura.ad.jp
mnt-by: MAINT-JPNIC
mnt-lower: MAINT-JPNIC
changed: hm-changed@apnic.net 20041013
changed: ip-apnic@nic.ad.jp 20070523
source: APNIC
role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
e-mail: hostmaster@nic.ad.jp
admin-c: JI13-AP
tech-c: JE53-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: hm-changed@apnic.net 20041222
changed: hm-changed@apnic.net 20050324
changed: ip-apnic@nic.ad.jp 20051027
source: APNIC
inetnum: 219.94.179.0 - 219.94.179.255
netname: SAKURA-NET
descr: SAKURA Internet Inc.
country: JP
admin-c: KT749JP
tech-c: KW419JP
remarks: This information has been partially mirrored by APNIC from
remarks: JPNIC. To obtain more specific information, please use the
remarks: JPNIC WHOIS Gateway at
remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or
remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
remarks: defaults to Japanese output, use the /e switch for English
remarks: output)
changed: apnic-ftp@nic.ad.jp 20071226
source: JPNIC
[studio42@flatus studio42]$ whois -h whois.nic.ad.jp 219.94.179.239 /e
[whois.nic.ad.jp]
[ JPNIC database provides information regarding IP address and ASN. Its use ]
[ is restricted to network administration purposes. For further information, ]
[ use 'whois -h whois.nic.ad.jp help'. To only display English output, ]
[ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information:
a. [Network Number] 219.94.179.0/24
b. [Network Name] SAKURA-NET
g. [Organization] SAKURA Internet Inc.
m. [Administrative Contact] KT749JP
n. [Technical Contact] KW419JP
p. [Nameserver] ns1.dns.ne.jp
p. [Nameserver] ns2.dns.ne.jp
[Assigned Date] 2007/12/26
[Return Date]
[Last Update] 2007/12/26 12:38:05(JST)
Less Specific Info.
----------
SAKURA Internet Inc.
[Allocation] 219.94.128.0/17
More Specific Info.
----------
No match!!
Wow, thanks for making me use your more specific NIC so I can get LESS information.
