Whose IP? Use whois properly please: whois IPADDRESS -h whois.ripe.net On 14 Dec 2009, at 11:02, Choice Hosting Support wrote:
Hello Support
Our hosting servers seem to be receiving bank phishing spam mail from one of your IP addresses. Could you please look into this?
We have included the headers of one of these mails below.
If you have any questions, please feel free to contact us.
Kind Regards
Stephen Waters www.ChoiceHosting.co.za
Tel. 0878 058 729 Email: support@choicehosting.co.za
Return-path: <internet@absa.co.za> Envelope-to: support@choicehosting.co.za Delivery-date: Mon, 14 Dec 2009 07:16:33 +0200 Received: from mx.bsslaw.net ([194.154.196.196]) by host.choiceserver1.com with esmtp (Exim 4.69) (envelope-from <internet@absa.co.za>) id 1NK3IK-0007rG-Fv for support@choicehosting.co.za; Mon, 14 Dec 2009 07:16:29 +0200 Received: from MAIL-SERVER.BSSLAW.local (Not Verified[192.168.10.1]) by mx.bsslaw.net with MailMarshal (v6,7,2,8378) id <B4b25ca050000>; Mon, 14 Dec 2009 06:15:49 +0100 Received: from User ([41.28.112.10]) by MAIL-SERVER.BSSLAW.local with Microsoft SMTPSVC(6.0.3790.3959); Mon, 14 Dec 2009 06:15:48 +0100 From: "ABSA ONLINE"<internet@absa.co.za> Subject: {Spam?} {Disarmed} ACCOUNT NOTIFICATION Date: Mon, 14 Dec 2009 05:16:12 -0000 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Message-ID: <NODE01PXCFbN4TZyabY000001c6@MAIL-SERVER.BSSLAW.local> X-OriginalArrivalTime: 14 Dec 2009 05:15:48.0833 (UTC) FILETIME=[7F60F510:01CA7C7C] X-Choicehosting-MailScanner-Information: Please contact the ISP for more information X-Choicehosting-MailScanner-ID: 1NK3IK-0007rG-Fv X-Choicehosting-MailScanner: Found to be clean X-Choicehosting-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=11.434, required 5, FORGED_MUA_OUTLOOK 4.20, FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00, HTML_IMAGE_ONLY_28 1.52, HTML_MESSAGE 0.00, MIME_HTML_ONLY 1.67, MISSING_HEADERS 1.58, SPF_SOFTFAIL 0.65, SUBJ_ALL_CAPS 1.81) X-Choicehosting-MailScanner-SpamScore: sssssssssss X-Choicehosting-MailScanner-From: internet@absa.co.za
-----Original Message----- From: ABSA ONLINE [mailto:internet@absa.co.za] Sent: 14 December 2009 07:16 Subject: {Spam?} {Disarmed} ACCOUNT NOTIFICATION
Absa Bank Group<http://www.absa.co.za/absacoza/images/homepage/logo_btm.gif> function checkForm() { var valid = false; if (document.form01.sq.value == '') { alert("Please type the word(s) you wish to search for."); } else { valid = true; } return valid; }
INTRODUCING: Absa New Secure Server
We have been warning customers to upgrade to our new server. Fraudsters have devised a new method of defrauding customers. With this new fraud scheme they use the traditional method of identity theft (phishing), Hacking into customers online banking, to avoid phishing and identity theft we advice you login to our secure server
Go straight to your Absa for procedures to follow:
Click Here to continue <http://marionlodge.sproductions.co.za/catalog/pub/get_ready/absa.htm> Absa Bank will not be responsible for loss of funds to hackers as a result of failure to comply with this important new directives. We are committed to serving you better. Bank and stay safe online.Security Management Absa Bank Group
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your absa Online account and choose the "Help" link on any page.
absa bank Email ID # 1009
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845