Beware: Interswitch Nigeria Limited scam mail – http://greatdiscounts.asia/store

Yet another InterSwitch Nigeria scam mail:

interswitch_5oct2009

 

This: http://bittindown.has.it links to: http://greatdiscounts.asia/store/images/update.htm, with screenshot below:

interswitch_5oct2009_1

the header is:

X-KWF-FilterProgress: *
Return-path: <nobody@p22.ich-6.com>
Received: from p22.ich-6.com (p22.ich-6.com [209.62.43.114])
    by <mydomainname.com> (<mydomainname.com>)
    (MDaemon PRO v10.1.0)
    with ESMTP id md50000169120.msg
    for <me@t@<mydomainname.com>>; Sat, 03 Oct 2009 17:21:13 +0100
Authentication-Results: <mydomainname.com>
    spf=neutral smtp.mail=nobody@p22.ich-6.com;
    x-ip-ptr=pass dns.ptr=p22.ich-6.com (ip=209.62.43.114)
X-Spam-Level: **
X-Spam-Status: No, score=2.70 required=5.0
X-Spam-Report:
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    *  1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
X-Spam-Processed: <mydomainname.com>, Sat, 03 Oct 2009 17:21:13 +0100
    (processed during SMTP session)
X-MDPtrLookup-Result: pass dns.ptr=p22.ich-6.com (ip=209.62.43.114) (<mydomainname.com>)
X-MDDK-Result: neutral (<mydomainname.com>)
X-MDDKIM-Result: neutral (<mydomainname.com>)
X-Rcpt-To: me@t@<mydomainname.com>
X-MDRcpt-To: me@t@<mydomainname.com>
X-MDRemoteIP: 209.62.43.114
X-Return-Path: nobody@p22.ich-6.com
X-Envelope-From: nobody@p22.ich-6.com
X-MDaemon-Deliver-To: me@t@<mydomainname.com>
Received: from nobody by p22.ich-6.com with local (Exim 4.69)
    (envelope-from <nobody@p22.ich-6.com>)
    id 1Mu7M2-00044v-GI
    for me@t@<mydomainname.com>; Sat, 03 Oct 2009 11:21:06 -0500
To: me@t@<mydomainname.com>
Subject: Upgrade Your ATM Card Details
X-PHP-Script: greatdiscounts.asia/store/images/dvd1/Beta.php for 41.219.230.30
From: InterSwitch Nigeria Limited <online@interswitch.com>
Reply-To: ""
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Mu7M2-00044v-GI@p22.ich-6.com>
Date: Sat, 03 Oct 2009 11:21:06 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – p22.ich-6.com
X-AntiAbuse: Original Domain – <mydomainname.com>
X-AntiAbuse: Originator/Caller UID/GID – [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain – p22.ich-6.com

Note all the highlighted portions above.

Info for Domain name: ich-6.com

Domain name: ich-6.com

Administrative Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   +1.4252740657
   Fax: +1.4256960234
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Technical Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   +1.4252740657
   Fax: +1.4256960234
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Registrant Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   Fax:
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Status: Locked

Name Servers:
   NS1.ICH-6.COM
   NS2.ICH-6.COM
Creation date: 01 Mar 2005 00:14:39
Expiration date: 01 Mar 2010 00:14:00

source: click here

Info for Ip address: 209.62.43.114

IP Information for 209.62.43.114

IP Location:     United States Dallas Theplanet.com Internet Services Inc
Resolve Host:     p22.ich-6.com
IP Address:     209.62.43.114         
SSL Cert:    plesk SSL Certificate has expired.
Reverse IP:     405 other sites hosted on this server.
Blacklist Status:     Clear
OrgName:    ThePlanet.com Internet Services, Inc.
OrgID:      TPCM
Address:    315 Capitol
Address:    Suite 205
City:       Houston
StateProv:  TX
PostalCode: 77002
Country:    US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange:   209.62.0.0 – 209.62.127.255
CIDR:       209.62.0.0/17
OriginAS:   AS13749,  AS13884,  AS21844,  AS30315
OriginAS:   AS36420
NetName:    NETBLK-THEPLANET-BLK-EV1-16
NetHandle:  NET-209-62-0-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:   
RegDate:    2007-03-19
Updated:    2008-02-28

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName:   The Planet Abuse
OrgAbusePhone:  +1-281-714-3560
OrgAbuseEmail: 

OrgNOCHandle: THEPL-ARIN
OrgNOCName:   The Planet NOC
OrgNOCPhone:  +1-281-714-3555
OrgNOCEmail: 

OrgTechHandle: TECHN33-ARIN
OrgTechName:   Technical Support
OrgTechPhone:  +1-214-782-7800
OrgTechEmail: 

== Additional Information From rwhois://rwhois.theplanet.com:4321 ==

network:Class-Name:network
network:ID:EVRY-BLK-16
network:Auth-Area:209.62.0.0/17
network:Network-Name:TPIS-BLK-209-62-43-0
network:IP-Network:209.62.43.112/29
network:IP-Network-Block:209.62.43.112 – 209.62.43.119
network:Organization-Name:NV Avid Corp.
network:Organization-City:Lachine
network:Organization-State:QU
network:Organization-Zip:H8S 2S2
network:Organization-Country:CAN
network:Description-Usage:customer
network:Server-Pri:ns1.ev1servers.net
network:Server-Sec:ns2.ev1servers.net
network:Tech-Contact;I:
network:Admin-Contact;I:
network:Created:20090622
network:Updated:20090623

source: click here

Info for IP address: 41.219.230.30 – a Starcomms Nigeria IP address:

IP Information for 41.219.230.30

IP Location:     Nigeria     Lagos     Assigned To Lagos Dial-pool Customers
Resolve Host:     dial-pool69.lg.starcomms.net
IP Address:     41.219.230.30            
Blacklist Status:     Clear
inetnum:        41.219.230.0 – 41.219.230.255
netname:        ORG-SA57-AFRINIC-20050513
descr:          Assigned to Lagos dial-pool customers
country:        NG
admin-c:        NS4-AFRINIC
tech-c:         CM9-AFRINIC
status:         Assigned PA
mnt-by:         STARCOMMS-MNT
mnt-lower:      STARCOMMS-MNT
source:         AFRINIC # Filtered
parent:         41.219.192.0 – 41.219.255.255

person:         NAVNEET SINGH
address:        Plot 1261, Bishop Kale Close, off Saka Tinubu
address:        Victoria Island, Lagos, Nigeria
phone:          +234-1-804-1234
fax-no:         +234-1-811-0301
e-mail:        
nic-hdl:        NS4-AFRINIC
source:         AFRINIC # Filtered

person:         Catalin Miclaus
address:        Plot 1261C, Bishop Kale Close, off Saka Tinubu
phone:          +234-1-8041234
fax-no:         +234-1-8110301
e-mail:        
nic-hdl:        CM9-AFRINIC
source:         AFRINIC # Filtered

source: click here

Advertisements

10 responses

  1. Excellent notable analytical eyesight with regard to fine detail
    and can anticipate issues prior to they take place.

  2. Thanks , I have recently been looking for info about this topic for a long
    time and yours is the greatest I’ve found out till now. But, what concerning the conclusion? Are you certain in regards to the source?

  3. Currently the firm supplies them to tens of thousands of
    families around the world and manufactures over 50, 000 stairlifts annually.

    An Acorn Stair lift can make your complete house
    accessible for you again and can assist you to move up and down
    with safety and comfort whenever you need.

  4. Qld gets the highest solar technology creation of any area in Australia, thanks both
    strong government help & great climate.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: