Beware: Interswitch Nigeria Limited scam mail – http://greatdiscounts.asia/store
Posted by Admin on October 5, 2009
Yet another InterSwitch Nigeria scam mail:
This: http://bittindown.has.it links to: http://greatdiscounts.asia/store/images/update.htm, with screenshot below:
the header is:
X-KWF-FilterProgress: *
Return-path: <nobody@p22.ich-6.com>
Received: from p22.ich-6.com (p22.ich-6.com [209.62.43.114])
by <mydomainname.com> (<mydomainname.com>)
(MDaemon PRO v10.1.0)
with ESMTP id md50000169120.msg
for <me@t@<mydomainname.com>>; Sat, 03 Oct 2009 17:21:13 +0100
Authentication-Results: <mydomainname.com>
spf=neutral smtp.mail=nobody@p22.ich-6.com;
x-ip-ptr=pass dns.ptr=p22.ich-6.com (ip=209.62.43.114)
X-Spam-Level: **
X-Spam-Status: No, score=2.70 required=5.0
X-Spam-Report:
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
X-Spam-Processed: <mydomainname.com>, Sat, 03 Oct 2009 17:21:13 +0100
(processed during SMTP session)
X-MDPtrLookup-Result: pass dns.ptr=p22.ich-6.com (ip=209.62.43.114) (<mydomainname.com>)
X-MDDK-Result: neutral (<mydomainname.com>)
X-MDDKIM-Result: neutral (<mydomainname.com>)
X-Rcpt-To: me@t@<mydomainname.com>
X-MDRcpt-To: me@t@<mydomainname.com>
X-MDRemoteIP: 209.62.43.114
X-Return-Path: nobody@p22.ich-6.com
X-Envelope-From: nobody@p22.ich-6.com
X-MDaemon-Deliver-To: me@t@<mydomainname.com>
Received: from nobody by p22.ich-6.com with local (Exim 4.69)
(envelope-from <nobody@p22.ich-6.com>)
id 1Mu7M2-00044v-GI
for me@t@<mydomainname.com>; Sat, 03 Oct 2009 11:21:06 -0500
To: me@t@<mydomainname.com>
Subject: Upgrade Your ATM Card Details
X-PHP-Script: greatdiscounts.asia/store/images/dvd1/Beta.php for 41.219.230.30
From: InterSwitch Nigeria Limited <online@interswitch.com>
Reply-To: ""
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Mu7M2-00044v-GI@p22.ich-6.com>
Date: Sat, 03 Oct 2009 11:21:06 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – p22.ich-6.com
X-AntiAbuse: Original Domain – <mydomainname.com>
X-AntiAbuse: Originator/Caller UID/GID – [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain – p22.ich-6.com
Note all the highlighted portions above.
Info for Domain name: ich-6.com
Domain name: ich-6.com
Administrative Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ()
+1.4252740657
Fax: +1.4256960234
PMB 368, 14150 NE 20th St – F1
C/O ich-6.com
Bellevue, WA 98007
USTechnical Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ()
+1.4252740657
Fax: +1.4256960234
PMB 368, 14150 NE 20th St – F1
C/O ich-6.com
Bellevue, WA 98007
USRegistrant Contact:
Whois Privacy Protection Service, Inc.
Whois Agent ()
Fax:
PMB 368, 14150 NE 20th St – F1
C/O ich-6.com
Bellevue, WA 98007
USStatus: Locked
Name Servers:
NS1.ICH-6.COM
NS2.ICH-6.COM
Creation date: 01 Mar 2005 00:14:39
Expiration date: 01 Mar 2010 00:14:00source: click here
Info for Ip address: 209.62.43.114
IP Information for 209.62.43.114
IP Location: United States Dallas Theplanet.com Internet Services Inc
Resolve Host: p22.ich-6.com
IP Address: 209.62.43.114
SSL Cert: plesk SSL Certificate has expired.
Reverse IP: 405 other sites hosted on this server.
Blacklist Status: Clear
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: USReferralServer: rwhois://rwhois.theplanet.com:4321
NetRange: 209.62.0.0 – 209.62.127.255
CIDR: 209.62.0.0/17
OriginAS: AS13749, AS13884, AS21844, AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-16
NetHandle: NET-209-62-0-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:
RegDate: 2007-03-19
Updated: 2008-02-28OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: The Planet Abuse
OrgAbusePhone: +1-281-714-3560
OrgAbuseEmail:OrgNOCHandle: THEPL-ARIN
OrgNOCName: The Planet NOC
OrgNOCPhone: +1-281-714-3555
OrgNOCEmail:OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail:== Additional Information From rwhois://rwhois.theplanet.com:4321 ==
network:Class-Name:network
network:ID:EVRY-BLK-16
network:Auth-Area:209.62.0.0/17
network:Network-Name:TPIS-BLK-209-62-43-0
network:IP-Network:209.62.43.112/29
network:IP-Network-Block:209.62.43.112 – 209.62.43.119
network:Organization-Name:NV Avid Corp.
network:Organization-City:Lachine
network:Organization-State:QU
network:Organization-Zip:H8S 2S2
network:Organization-Country:CAN
network:Description-Usage:customer
network:Server-Pri:ns1.ev1servers.net
network:Server-Sec:ns2.ev1servers.net
network:Tech-Contact;I:
network:Admin-Contact;I:
network:Created:20090622
network:Updated:20090623source: click here
Info for IP address: 41.219.230.30 – a Starcomms Nigeria IP address:
IP Information for 41.219.230.30
IP Location: Nigeria Lagos Assigned To Lagos Dial-pool Customers
Resolve Host: dial-pool69.lg.starcomms.net
IP Address: 41.219.230.30
Blacklist Status: Clear
inetnum: 41.219.230.0 – 41.219.230.255
netname: ORG-SA57-AFRINIC-20050513
descr: Assigned to Lagos dial-pool customers
country: NG
admin-c: NS4-AFRINIC
tech-c: CM9-AFRINIC
status: Assigned PA
mnt-by: STARCOMMS-MNT
mnt-lower: STARCOMMS-MNT
source: AFRINIC # Filtered
parent: 41.219.192.0 – 41.219.255.255person: NAVNEET SINGH
address: Plot 1261, Bishop Kale Close, off Saka Tinubu
address: Victoria Island, Lagos, Nigeria
phone: +234-1-804-1234
fax-no: +234-1-811-0301
e-mail:
nic-hdl: NS4-AFRINIC
source: AFRINIC # Filteredperson: Catalin Miclaus
address: Plot 1261C, Bishop Kale Close, off Saka Tinubu
phone: +234-1-8041234
fax-no: +234-1-8110301
e-mail:
nic-hdl: CM9-AFRINIC
source: AFRINIC # Filteredsource: click here
