[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <us.service@bellsouth.net>
Received: from digiplex.biz (99.190.149.2) by studio42.com with ESMTP
(Eudora Internet Mail Server 3.2.10) for <postmaster@studio42.com>;
Sun, 7 Dec 2008 14:12:11 -0800
Received: from User [94.83.161.138] by digiplex.biz with ESMTP (SMTPD-10.01)
id A9D50708; Sun, 07 Dec 2008 16:10:29 -0600
Reply-To: <us.service@bellsouth.net>
From: "US Bank"<us.service@bellsouth.net>
Subject: Dear customer,
Date: Sun, 7 Dec 2008 23.10.38 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <200812071610644.SM03924@User>
To: undisclosed-recipients:;
Dear US Bank customer,
We recently reviewed your account, and we are suspecting that your US Bank Internet Banking account may have been accessed from an unauthorized computer.
This may be due to changes in your IP address or location. Protecting the security of your account and of the US Bank network is our primary concern.
We are asking you to immediately login and report any unauthorized withdrawals, and check your account profile to make sure no changes have been made.
To protect your account please follow the instructions below:
* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
* LOG OFF AFTER USING YOUR ONLINE ACCOUNT
Please click on the following link, to verify your account activity:
http://kino-ie.net/CmdId/singon/security-center/internetBankingStatic/online.sign
We apologize for any inconvenience this may cause, and appreciate your support in helping us maintaining the integrity of the entire US Bank system.
Please login as soon as possible.
Thank you,
US Bank Security Advisor.
[studio42@flatus counter]$ host 99.190.149.2
2.149.190.99.in-addr.arpa domain name pointer adsl-99-190-149-2.dsl.hstntx.sbcgl
obal.net.
[studio42@flatus counter]$ whois 99.190.149.2@whois.arin.net
[whois.arin.net]
AT&T Internet Services SBCIS-SBIS-6BLK (NET-99-128-0-0-1)
99.128.0.0 - 99.191.255.255
CHRIS MCDERMOTT-080910100647 SBC-99-190-149-0-27-0809100729 (NET-99-190-149-0-1)
99.190.149.0 - 99.190.149.31
# ARIN WHOIS database, last updated 2008-12-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus counter]$ whois NET-99-190-149-0-1@whois.arin.net
[whois.arin.net]
CustName: CHRIS MCDERMOTT-080910100647
Address: Private Address
City: Plano
StateProv: TX
PostalCode: 75075
Country: US
RegDate: 2008-09-10
Updated: 2008-09-10
NetRange: 99.190.149.0 - 99.190.149.31
CIDR: 99.190.149.0/27
NetName: SBC-99-190-149-0-27-0809100729
NetHandle: NET-99-190-149-0-1
Parent: NET-99-128-0-0-1
NetType: Reassigned
Comment:
RegDate: 2008-09-10
Updated: 2008-09-10
RAbuseHandle: ABUSE6-ARIN
RAbuseName: Abuse - Southwestern Bell Internet
RAbusePhone: +1-800-648-1626
RAbuseEmail: abuse@sbcglobal.net
RNOCHandle: SUPPO-ARIN
RNOCName: Support - Southwestern Bell Internet Services
RNOCPhone: 800-648-1626
RNOCEmail: support@swbell.net
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: abuse@sbcglobal.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: 800-648-1626
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: 800-648-1626
OrgTechEmail: ipadmin@att.com
# ARIN WHOIS database, last updated 2008-12-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus counter]$ whois NET-99-128-0-0-1@whois.arin.net
[whois.arin.net]
OrgName: AT&T Internet Services
OrgID: SIS-80
Address: 2701 N. Central Expwy # 2205.15
City: Richardson
StateProv: TX
PostalCode: 75080
Country: US
NetRange: 99.128.0.0 - 99.191.255.255
CIDR: 99.128.0.0/10
OriginAS: AS7132
NetName: SBCIS-SBIS-6BLK
NetHandle: NET-99-128-0-0-1
Parent: NET-99-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SWBELL.NET
NameServer: NS2.SWBELL.NET
NameServer: NS3.SBCGLOBAL.NET
Comment: Contact support@swbell.net for technical support issues
Comment: For policy abuse Issues contact abuse@sbcglobal.net
Comment: For Law Enforcement Requests for Information Fax or E-mail
Comment: 130 E TRAVIS ST. Rm. 3P01, San Antonio, TX
Comment: 78205-1601
Comment: Fax Number: (210)370-1073
RegDate: 2007-08-29
Updated: 2008-03-20
RAbuseHandle: ABUSE6-ARIN
RAbuseName: Abuse - Southwestern Bell Internet
RAbusePhone: +1-800-648-1626
RAbuseEmail: abuse@sbcglobal.net
RNOCHandle: SUPPO-ARIN
RNOCName: Support - Southwestern Bell Internet Services
RNOCPhone: 800-648-1626
RNOCEmail: support@swbell.net
OrgAbuseHandle: ABUSE6-ARIN
OrgAbuseName: Abuse - Southwestern Bell Internet
OrgAbusePhone: +1-800-648-1626
OrgAbuseEmail: abuse@sbcglobal.net
OrgNOCHandle: SUPPO-ARIN
OrgNOCName: Support - Southwestern Bell Internet Services
OrgNOCPhone: 800-648-1626
OrgNOCEmail: support@swbell.net
OrgTechHandle: IPADM2-ARIN
OrgTechName: IPAdmin-SBIS
OrgTechPhone: 800-648-1626
OrgTechEmail: ipadmin@att.com
# ARIN WHOIS database, last updated 2008-12-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Ah, scummy AT&T shows up again.
Onto scammer:
[studio42@flatus counter]$ host 94.83.161.138
138.161.83.94.in-addr.arpa domain name pointer host138-161-static.83-94-b.busine
ss.telecomitalia.it.
[studio42@flatus counter]$ whois 94.83.161.138@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '94.83.161.136 - 94.83.161.143'
inetnum: 94.83.161.136 - 94.83.161.143
netname: COMUNEDICASTIGLIONEDISICILIA
descr: COMUNE DI CASTIGLIONE DI SICILIA
country: IT
admin-c: AS13300-RIPE
tech-c: AS13301-RIPE
status: ASSIGNED PA
mnt-by: INTERB-MNT
source: RIPE # Filtered
person: ANTONINO SPITALERI
address: COMUNE DI CASTIGLIONE DI SICILIA
address: VIA S. MARIA 1
address: 95012 CASTIGLIONE DI SICILIA
address: Italy
phone: +39942980237
fax-no: +39942980237
nic-hdl: AS13300-RIPE
source: RIPE # Filtered
person: ANTONINO SPITALERI
address: COMUNE DI CASTIGLIONE DI SICILIA
address: VIA S. MARIA 1
address: 95012 CASTIGLIONE DI SICILIA
address: Italy
phone: +39942980237
fax-no: +39942980237
nic-hdl: AS13301-RIPE
source: RIPE # Filtered
% Information related to '94.82.0.0/15AS3269'
route: 94.82.0.0/15
descr: INTERBUSINESS
origin: AS3269
remarks: ************************************************
remarks: * Pay attention *
remarks: * Any communication sent to email different *
remarks: * from the following will be ignored! *
remarks: * Any abuse reports, please send them to *
remarks: * abuse@business.telecomitalia.it *
remarks: ************************************************
mnt-by: INTERB-MNT
source: RIPE # Filtered
Zombie or scammer. Most likely a zombie on a broadband idiot with no router.
Onto scammer site:
[studio42@flatus counter]$ host kino-ie.net
kino-ie.net has address 204.202.9.21
[studio42@flatus counter]$ whois 204.202.9.21@whois.arin.net
[whois.arin.net]
OrgName: NTT America, Inc.
OrgID: NTTAM-1
Address: 8005 South Chester Street
Address: Suite 200
City: Centennial
StateProv: CO
PostalCode: 80112
Country: US
ReferralServer: rwhois://rwhois.gin.ntt.net:4321/
NetRange: 204.200.0.0 - 204.203.255.255
CIDR: 204.200.0.0/14
NetName: NTTA-204-200
NetHandle: NET-204-200-0-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH21.NS.GIN.NTT.NET
NameServer: AUTH22.NS.GIN.NTT.NET
NameServer: AUTH23.NS.GIN.NTT.NET
NameServer: AUTH24.NS.GIN.NTT.NET
NameServer: AUTH25.NS.GIN.NTT.NET
Comment:
Comment: Reassignment information for this block is
Comment: available at rwhois.gin.ntt.net port 4321
RegDate: 1994-12-02
Updated: 2007-06-14
RTechHandle: VIA4-ORG-ARIN
RTechName: VIPAR
RTechPhone: +1-303-645-1900
RTechEmail: vipar@us.ntt.net
OrgAbuseHandle: NAAC-ARIN
OrgAbuseName: NTT America Abuse Contact
OrgAbusePhone: +1-800-551-1630
OrgAbuseEmail: abuse@ntt.net
OrgNOCHandle: NASC-ARIN
OrgNOCName: NTT America Support Contact
OrgNOCPhone: +1-800-551-1630
OrgNOCEmail: support@us.ntt.net
OrgTechHandle: VIPAR-ARIN
OrgTechName: VIPAR
OrgTechPhone: +1-303-645-1900
OrgTechEmail: vipar@us.ntt.net
# ARIN WHOIS database, last updated 2008-12-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus counter]$ whois kino-ie.net
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: KINO-IE.NET
Registrar: GMO INTERNET, INC. DBA ONAMAE.COM AND DISCOUNT-DOMAIN.COM
Whois Server: whois.discount-domain.com
Referral URL: http://www.discount-domain.com
Name Server: NS1.SECURE.NET
Name Server: NS2.SECURE.NET
Status: ok
Updated Date: 23-mar-2007
Creation Date: 28-mar-2001
Expiration Date: 28-mar-2010
>>> Last update of whois database: Mon, 08 Dec 2008 01:47:59 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.discount-domain.com]
GMO Internet, Inc. whois server 2.0
This server only serves information on GMO Internet,Inc.-maintained domain names
For more information, please contact hostmaster@gmo.jp.
Domain Handle: 197516
Domain Name: kino-ie.net
Created On: 2001-03-28 19:06:44.0
Last Updated On: 2003-02-13 14:58:09.0
Expiration Date: 2010-03-28 05:06:44.0
Status: ACTIVE
Registrant Name: Kazuya Mochidome
Registrant Organization: Kazuya Mochidome
Registrant Street1: Honcho 2-20-9
Registrant Street2:
Registrant City: Musashino-shi Kichijoji
Registrant State: tokyo
Registrant Postal Code: 180-0004
Registrant Country: JP
Registrant Phone: 9999999999
Registrant Fax:
Registrant Email: admin@onamae.com
Admin Name: Kazuya Mochidome
Admin Organization: Kazuya Mochidome
Admin Street1: 2233
Admin Street2:
Admin City: nagasawa takane hokuto-shi
Admin State: yamanashi
Admin Postal Code: 408-0010
Admin Country: JP
Admin Phone: 0551-46-2901
Admin Fax: 0551-46-2355
Admin Email: motzidme@po.iijnet.or.jp
Billing Name: Kazuya Mochidome
Billing Organization: Kazuya Mochidome
Billing Street1: 2233
Billing Street2:
Billing City: nagasawa takane hokuto-shi
Billing State: yamanashi
Billing Postal Code: 408-0010
Billing Country: JP
Billing Phone: 0551-46-2901
Billing Fax: 0551-46-2355
Billing Email: motzidme@po.iijnet.or.jp
Tech Name: Kazuya Mochidome
Tech Organization: Kazuya Mochidome
Tech Street1: 2233
Tech Street2:
Tech City: nagasawa takane kitakoma-gun
Tech State: yamanashi
Tech Postal Code: 408-0010
Tech Country: JP
Tech Phone: 0551-46-2901
Tech Fax: 0551-46-2355
Tech Email: motzidme@po.iijnet.or.jp
Name Server: ns1.secure.net
Name Server: ns2.secure.net
