The phishing is still active. I have contacted by e-mail the registrar Arsys.es/Nicline.com, the host adam.es and ixole.es, and the registrant Joan Sanchez Guardia by e-mail.
Registrar: ARSYS INTERNET, S.L. D/B/A NICLINE.COM
Status: ok
Dates: Created 06-jul-2000 Updated 01-mar-2008 Expires 06-jul-2014
DNS Servers: DNS19.SERVIDORESDNS.NET DNS20.SERVIDORESDNS.NET
I was referred to whois.nicline.com; I'm looking it up there.
Domain name: igrafic.com
Registrant:
Joan Sanchez Guardia (SROW-673116)
[email protected] roger de flor, 71
Granollers BARCELONA
08400 ES
+34 932477716 fax: +34 93247771
Administrative contact:
Ixole Activa SL (SRCO-1534422)
[email protected] Mallorca 272 4 4.
Barcelona BARCELONA
08037 ES
+34 902023236 fax: +34 902023191
Technical contact:
Ixole Activa SL (SRCO-1534423)
[email protected] Mallorca 272 4 4.
Barcelona BARCELONA
08037 ES
+34 902023236 fax:+34 902023191
Domain servers in listed order:
dns19.servidoresdns.net 217.76.128.137
dns20.servidoresdns.net 217.76.129.137
Created: 06 Jul 2000 07:44:22:000 UTC
Expires: 06 Jul 2014 07:44:22:000 UTC
Last updated: 01 Mar 2008 18:21:12:150 UTC
From - Thu Feb 04 22:45:32 2010
X-Account-Key: account4
X-UIDL: 1179582987.62522
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys: $label1
X-MSK: Off
Return-Path: <
[email protected]>
Received: from mwinf2812.orange.fr (mwinf2812 [10.232.15.40])
by mwinb7503 with LMTPA;
Thu, 04 Feb 2010 22:44:34 +0100
X-Sieve: CMU Sieve 2.3
X-Bcc: xxxxxxxxxxx
Received: from smtp28.orange.fr (localhost [127.0.0.1])
by mwinf2812.orange.fr (SMTP Server) with ESMTP id 8F4411C00088
for <
[email protected]>; Thu, 4 Feb 2010 22:44:34 +0100 (CET)
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf2812.orange.fr (SMTP Server) with ESMTP id 84A981C00092
for <
[email protected]>; Thu, 4 Feb 2010 22:44:34 +0100 (CET)
Received: from specenviro.com (mail.specenviro.com [12.68.236.122])
by mwinf2812.orange.fr (SMTP Server) with ESMTP id 3F0421C00088
for <xxxxxxxxxxxxxxxx>; Thu, 4 Feb 2010 22:44:34 +0100 (CET)
X-ME-UUID:
[email protected]Received: from User ([74.169.3.60] RDNS failed) by specenviro.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 4 Feb 2010 15:44:28 -0600
From: "Western Union"<
[email protected]>
Subject: *** SPAM ***Dear Valued Customer, your account has been limited
Date: Thu, 4 Feb 2010 16:43:57 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <
[email protected]>
X-OriginalArrivalTime: 04 Feb 2010 21:44:29.0230 (UTC) FILETIME=[3A9234E0:01CAA5E3]
To: undisclosed-recipients:;
X-me-spamlevel: high
X-me-spamrating: 95.000000
X-me-spamcause: OK, (500)(1000)gggruggvucftvghtrhhoucdtuddrvdeltddrvddtgddtgeduiecuteggodetufdouefnucfrrhhofhhilhgvmecuoffgnecuuegrihhlohhuthemuceftddtnecuogetvdeijedqtdduucdlhedttddm
X-Text-Classification: personnel
X-POPFile-Link:
http://127.0.0.1:8080/jump_to_message?view=7716<html>
<head>
<title>Untitled</title>
<meta content="Evrsoft First Page" name="GENERATOR">
</head>
<body>
<p><span><font face="Arial" size="2">Dear Valued Customer,<br>
<br></span></p>
<p>This is an official notification from Western Union. Your account access has been limited due to a login attempt failure. We will need to confirm your Credit Card CVV from your profile.</p>
<p>To continue <a href="http://www.igrafic.com/flip/.WUCOMWEB/signInActiondo/methodsave/countryCode/US/index.htm">click here</a> and remove the limitation.If not, your account with us will be suspended and deleted.<br>
<br>
Visit us to:<br>
* Send money<br>
* Check the status of your order<br>
* Search for Agent locations worldwide<br>
* Learn about other Western Union services</span><br>
<br>
We are continually improving our Web site to better serve you. Be sure to check back with us often as we add exciting new services to meet your financial needs.<br>
<br>
If you have questions or need assistance, our customer service team</span> is here to help. Email us at <a href="http://www.igrafic.com/flip/.WUCOMWEB/signInActiondo/methodsave/countryCode/US/index.htm">
[email protected]</span></a> <br>
<br>
Be sure to remember and protect your new User Name and Password. You will need your new User Name and Password next time you sign in to our site.</p>
<p>Thank you for using Western Union!<br></p> <p>------------------------------------------------------------------------------------------------------------------------------<br>
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE <a href="http://www.igrafic.com/flip/.WUCOMWEB/signInActiondo/methodsave/countryCode/US/index.htm">CONTACT US</a></font></p>
</body>
</html>
Posted: Fri Feb 05, 2010 9:55 am 
