Saturday, July 14, 2007

SunTrust Bank phishing attempt

From: businessservice.ref73250944520406.nf@suntrust.com
Subject: SunTrust Bank: please confirm your online banking records! (message id: 83603923766)
Date: July 14, 2007 8:55:46 PM GMT+01:00
To: [someone else's email]
Return-Path:
Received: ... from 23.pool85-59-64.dynamic.orange.es (23.pool85-59-64.dynamic.orange.es [85.59.64.23]) by [isp] (Xserve/smtpin49/MantshX 4.0) with SMTP id l6EJtk2u014914; Sat, 14 Jul 2007 12:55:48 -0700 (PDT)
Received: from never.kellychen.com (manley.kellychen.com [14.88.204.68]) by kerio.com with SMTP id 2HVQ0190FT for [that other user's email]; Sat, 14 Jul 2007 12:55:43 -0800
Message-Id: <200707141955.l6EJtk2u014914@mac.com>
Mime-Version: 1.0
X-Mailer: Microsoft Internet Mail 4.70.1155
Content-Type: multipart/alternative; boundary=--1UZQ6E4EO_WCCZXUU2IVA361
X-Priority: 3 (Normal)
X-User_Ip: 24.114.1.202
User-Agent: Microsoft Internet Mail 4.70.1155
Original-Recipient: [my email]

Dear SunTrust Bank customer,

SunTrust Client Service Team requests you to complete Online Treasury Customer Form.

This procedure is obligatory for all business and corporate clients of SunTrust Bank.

Please click hyperlink below to access Online Treasury Customer Form.

http://onlinetreasurymanager-id7365548.suntrust.com/ibswebsuntrust/cmserver/customer.cfm

Thank you for choosing SunTrust Bank for your business needs.

Please do not respond to this email.

This mail generated by an automated service.


__________________________________________________________________________

0x99, 0x3, 0x3796, 0x1, 0x3 media hex U1L S5Z rev 8PG RAR 9UD U3Y 0x23, 0x596 tmp: 0x874, 0x54937793, 0x9, 0x09224268, 0x0008, 0x3, 0x14, 0x64292480, 0x9571, 0x94, 0x07166475, 0x37, 0x607, 0x3, 0x852 0x4, 0x9011 0x20, 0x00634897, 0x601, 0x9038, 0x015, 0x70250798, 0x25986704, 0x27075584, 0x547, 0x07, 0x6 rev: 0x5384, 0x29, 0x35, 0x74, 0x57, 0x3, 0x378, 0x69679773 07FX: 0x515 64J1: 0x6417, 0x31, 0x92, 0x1702, 0x04186070

exe: 0x3638, 0x0280, 0x679, 0x2, 0x66, 0x845, 0x95393472, 0x74, 0x59, 0x4 interface: 0x13 HIR: 0x296, 0x561, 0x7138 common ZLB S48I 65F JGTP. U3MK: 0x6292, 0x998, 0x6 0x10491729, 0x0, 0x055, 0x12164091, 0x6 rcs HVYR 3M9 WW1 define 0JA QZ2: 0x063, 0x692, 0x484, 0x59 start: 0x1, 0x4156, 0x44, 0x8562, 0x3912, 0x78828520, 0x267, 0x38, 0x616, 0x31, 0x510, 0x58918884 0x2591, 0x9, 0x82503509

120: 0x06, 0x425, 0x2186, 0x5782, 0x5467, 0x1014, 0x7, 0x3, 0x3221, 0x295, 0x79464507, 0x091, 0x25949962, 0x2953, 0x84039376 0x6947, 0x8, 0x205, 0x60003283, 0x39960848 R5Q: 0x6541, 0x71549568, 0x41812577, 0x2721, 0x45349447, 0x507, 0x96555838, 0x224, 0x7483, 0x2, 0x7, 0x715, 0x65, 0x69218234 0x6, 0x15770665, 0x84, 0x30, 0x82403901, 0x287, 0x3606, 0x32, 0x93 0NJ 62R0 XFEP TED function SVH IYKW EE38 root0x5442, 0x6 0x1, 0x019, 0x9, 0x6450, 0x9, 0x154, 0x723, 0x142 KR1: 0x52, 0x13, 0x8, 0x83, 0x65 H7JL, NGR. ACZ9: 0x22, 0x682, 0x4


All random numbers on small white character to not make it visible.
The link where this "SunTrust Bank" points to gives the following registrant info :

Domain Name: GOLCOWD.BIZ
Domain ID: D19103697-BIZ
Sponsoring Registrar: REGISTER.COM
Registrant ID: 3343322C9CF42696
Registrant Name: Jeff Mills
Registrant Address1: 1255 Marlborough st. Apt. A
Registrant City: Philadelphia
Registrant State/Province: PA
Registrant Postal Code: 19125
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.2679976940
Registrant Email: jeffmills@whoever.com
Same contact info for Administrative and Technical contacts.
Domain Registration Date: Fri Jul 13 18:14:18 GMT 2007
Domain Expiration Date: Sat Jul 12 23:59:59 GMT 2008

Sunday, July 08, 2007

Nnoemd.com - Kuvayev strikes again

And Alex Rodrigez aka Leo Kuvayev strikes again.

From: oldbluemoses.com@gregsart.com
Subject: Need S0ftware?
Date: June 24, 2007 6:09:56 PM GMT+01:00
To: [my email]

OEM software means: no DVD/CD, no packing case, no booklets and no overhead cost!
So OEM software is synonym for lowest price.

Buy directly from the manufacturer, pay for software ONLY and save 75-90%!

Check our discounts and special offers! Find software for home and office!
Different platforms. World leading manufacturers. Instant download.
----
HOT ITEMS

Windows XP Pro + SP2 $49
MS Office Enterprise 2OO7 $79
Adobe Acrobat 8 Pro $79
Microsoft Windows Vista Ult $79
Macromedia Studio 8 $99
Adobe Premiere 2.O $59
Corel Grafix Suite X3 $59
Adobe Illustrator CS2 $59
Macromedia Flash Prof 8 $49
Adobe Photoshop CS2 V9.0 $69
Macromedia Studio 8 $99
Autodesk Autocad 2007 $129
Adobe Creative Suite 2 $149
http://dst.nnoemd.com/? [someletters]
----
Top items for Mac:
Adobe Acrobat Pro 7 $69
Adobe After Effects $49
Macromedia Flash Pro 8 $49
Adobe Creative Suite 2 Prem $149
Ableton Live 5.0.1 $49
Adobe Photoshop CS $49
http://dst.nnoemd.com/-software-for-mac-.php? [someletters]
----
Popular eBooks:
Home Networking For Dummies 3rd Edition $10
Windows XP Gigabook For Dummies $10
Adobe CS2 All in One Desk Reference For Dummies $10
Adobe Photoshop CS2 Classroom in a Book(Adobe Press) $10
----
Find more by these manufacturers:
Microsoft...Mac...Adobe...Borland...Macromedia...IBM
http://dst.nnoemd.com/? [someletters]
----

None of us feel tricking Lady
No, but I assure you, that wil
Is there something else bother
Brenna wasnt about to tell her
I wasnt very hungry tonight, s


nnoemd.com resolves to

Registrar: BIZCN.COM, INC.
Registrant Contact:
-
Alex Rodrigez domains@preved.cd
+358-30-5563 fax:
po box 445
Laapentranta Laapentranta 12700
fi


Of which the address is invalid, the phone / fax number is more than just invalid...

The registrant register details :

BIZCN.COM resolves to

Domain name: bizcn.com

Registrant Contact:
XiaMen BizCn Computer & Network CO.,LTD
Bizcn Bizcn postmaster@bizcn.com
+86.5922577888 fax: +86.5922577111
1F - 4F, Software Technology Service Builing, Xiamen Software Park
Xiamen Fujian 361000
cn


Selling OEM software is, needless to remind I hope, illegal. I hope they finally catch this spammer. Here more about this spammer, mr Kuvayev. ICQ = 101859176

leo kuvayev aka alex rodrigez

katizhalthh - loan spammers

From: MAILER-DAEMON@[my isp]
Subject: Returned mail: see transcript for details
Date: July 3, 2007 7:35:53 AM GMT+01:00
To: [my email]

The original message was received at Mon, 2 Jul 2007 23:35:46 -0700 (PDT)
from ppp-124.120.199.216.revip2.asianet.co.th [124.120.199.216]

----- The following addresses had permanent fatal errors -----
< some user >
(reason: 550 5.1.1 unknown or illegal alias: some user )
(expanded from: < some user >)

----- Transcript of session follows -----
... while talking to smtp-bounce.isp.com.:
DATA
<<< 550 5.1.1 unknown or illegal alias: some user
550 5.1.1 < some user >... User unknown
<<< 554 5.5.0 No recipients have been specified.
Reporting-MTA: dns; isp
Received-From-MTA: DNS; ppp-124.120.199.216.revip2.asianet.co.th
Arrival-Date: Mon, 2 Jul 2007 23:35:46 -0700 (PDT)

Final-Recipient: RFC822; some user
Action: failed
Status: 5.1.1
Remote-MTA: DNS; smtp-bounce.isp.com
Diagnostic-Code: SMTP; 550 5.1.1 unknown or illegal alias: [ some user ]
Last-Attempt-Date: Mon, 2 Jul 2007 23:35:53 -0700 (PDT)

From: "Wilda" < my email >
Date: July 3, 2007 7:38:53 AM GMT+01:00
To: "Concetta" < some user >
Subject: astounding loans for the usa!

Hello, Your refinance application has been accepted.
We are ready to give you a loan.
There is no obligation and this is a FREE quote
(o)Debt Consolidation.
(o)Refinancing.
(o)Second Mortgage.
(o)Equity Line of Credit.
(o)First Purchase.
Visit here for more information Expect to be contacted within 24 Hours.
http://katizhalthh.com


So the spammer has forged MY email address for at least some outgoing emails again.

Of the site that is being advertised, we can get the following :

Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Domain name: katizhalthh.com

Registrant Contact:
PrivateDomainRegistrations
Gary Reed (garyreed07@fastmail.net)
+1.6047678695
Fax: +1.5555555555
150-3495 Cambie Street
Vancouver, BC V5Z 4R3
CA


Illegal phone numbers. And namecheap.com isn't the first time on the list ..

Anatrim spam - rlcco.com

From: cvelasqu@hopecollective.com
Subject: Thanks for the awesome product and the great service. Anatrim.
Date: July 8, 2007 12:54:44 PM GMT+01:00
To: [my email]
Return-Path:
Received: .. [122.128.152.59] by smtp.secureserver.net; Sun, 08 Jul 2007 02:54:44 -0900
Message-Id: <01c7c10b$56b9d9d0$3b98807a@cvelasqu>
Mime-Version: 1.0
X-Mimeole: Produced By Microsoft MimeOLE V6.00.3790.1830
X-Mailer: Microsoft Outlook Express 6.00.3790.1830
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C7C156.C6A181D0"
X-Priority: 3
X-Msmail-Priority: Normal
Original-Recipient: [my email]

I was originally amazed that the first two pills I took of Anatrim, almost immediately took my cravings away. Now 4 weeks later, 3 belt holes later, I have become an advocate for this awesomely powerful, natural supplement! Due to the incredible surge in popularity of Anatrim, many new products are flooding the market claiming to be of top quality.
http://holenem.net
Anatrim contains the absolute highest quality ingredients available- you simply won’t find a more complete product of this kind, anywhere.



Of which

Domain Name: HOLENEM.NET
Registrar: 1-877NAMEBID.COM LLC DBA "1-877NAMEBID.COM"
Whois Server: whois.1-877namebid.com
Referral URL: http://www.1-877namebid.com

Registration Service Provided By: 1-877NAMEBID.COM LLC
Contact: +1.8776263243
Website: http://1-877NameBid.com

Registrant:
N/A
eugene lopez (penmanshif@mad.scientist.com)
3210 killarney
el paso
Texas,79925
US
Tel. +7.9155920373

Creation Date: 05-Jul-2007
Expiration Date: 05-Jul-2008


Of which at least phone number is invalid. If the person is in Texas, his phone number should not be a Russian one. Or is this just a new try for Alex Kuvayev aka Alex Rodrigez?
And on the site that this spam was linked to, typically no phone number and no address for contacting them, other than the website. And sure, buying it from Texas .. with a Russian phone number...

http://1-877namebid.com offers bulk registration and bulk domain transfers so for that domain

[whois.myorderbox.COM]
Registration Service Provided By: DOMAINSTOBESEEN.COM
Contact: +1.4235100030

Domain Name: 1-877NAMEBID.COM

Registrant:
R. Lee Chambers Company LLC
Richard (chambers@rlcco.com)
Post Office Box Ten
Ooltewah
TN,37363-0010
US
Tel. +000.0000000

Creation Date: 19-Mar-2004
Expiration Date: 19-Mar-2009

Domain servers in listed order:
ns1.1-877namebid.com
ns2.1-877namebid.com


And of domaintobeseen.com

[whois.myorderbox.com]
Registration Service Provided By: 1-877NAMEBID.COM LLC
Contact: +1.8776263243
Website: http://1-877NameBid.com

Domain Name: DOMAINSTOBESEEN.COM

Registrant:
1-877NameBid.com LLC
Richard L. Chambers (chambers@rlcco.com)
6441 Bonny Oaks Drive
Suite C
chattanooga
TN,37416-3537
US
Tel. +1.4235100030


Looking at the email address of the registrant, maybe we find some more - at least http://www.rlcco.com seems to be a historic website of this R Lee Chambers. Rlcco.com gives also the same exact registrant details - R Lee Chambers, with phone number of 00000 ....

At least rlcco.com has something entertaining .. the source.

< meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
< title>RLCCO.COM - Global Reach...Web Savvy

< meta name="GENERATOR" content="Microsoft FrontPage 4.0">
< meta name="ProgId" content="FrontPage.Editor.Document">


We have the winner.