phishing e-mail

---------- Forwarded message ----------
From: Georgia LANE <richardsonsyrufevi98@hotmail.com>
Date: 2010/4/17
Subject: It?sE asy ToFin dGrea t Dis countsI nOurO n li nePha rmacy
To: paul.evans4@virgin.net

— Скрыть цитируемый текст —

http://gaveleavefrom.com ToHear Wh atMorgan Was SayingAb out TheLoca tionO fReserve Cava lryUnit s. En dToTheT umbleOf Speculat ionT hatM om e ntar ilyH adHeldT heKin g
Fl ask, F orT iercelH adTol dConallT hatT h eDrugsOn lyAff ec tedThos eOf

---

Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. See how.

==================


On DNS lookup Note Belarusian source and Chinese hosting

Address lookup

canonical name	gaveleavefrom.com.
aliases
addresses	61.132.172.122

Domain Whois record

Queried whois.internic.net with "dom gaveleavefrom.com"...

Domain Name: GAVELEAVEFROM.COM
   Registrar: INTERNET.BS CORP.
   Whois Server: whois.internet.bs
   Referral URL: http://www.internet.bs
   Name Server: NS1.MARCOE.RU
   Name Server: NS2.MARCOE.RU
   Status: clientTransferProhibited
   Updated Date: 17-apr-2010
   Creation Date: 15-apr-2010
   Expiration Date: 15-apr-2011

>>> Last update of whois database: Sat, 17 Apr 2010 22:13:23 UTC <<<

Queried whois.internet.bs with "gaveleavefrom.com"...

Domain gaveleavefrom.com

Date Registered: 2010-4-15
Date Modified: 2010-4-17
Expiry Date: 2011-4-15

DNS1: ns1.marcoe.ru
DNS2: ns2.marcoe.ru

Registrant
    Nikolay Vukolov  mops@5mx.ru
    1st Magistralnaya str. d.22 kv.53
    123007 Moskva
    Russia

Administrative Contact
    Nikolay Vukolov  mops@5mx.ru
    1st Magistralnaya str. d.22 kv.53
    123007 Moskva
    Russia
    Tel: +7.4956211281

Technical Contact
    Nikolay Vukolov  mops@5mx.ru
    1st Magistralnaya str. d.22 kv.53
    123007 Moskva
    Russia
    Tel: +7.4956211281

Registrar: Internet.bs Corp.
Registrar's Website : http://www.internetbs.net/

Network Whois record

Queried whois.apnic.net with "61.132.172.122"...

inetnum:      61.132.128.0 - 61.132.255.255
netname:      CHINANET-AH
country:      CN
descr:        CHINANET Anhui province network
descr:        Data Communication Division
descr:        China Telecom
admin-c:      CH93-AP
tech-c:       AT318-AP
status:       ALLOCATED NON-PORTABLE
changed:      wanglinlin2@anhuitelecom.com 20060718
mnt-by:       MAINT-CHINANET
mnt-lower:    MAINT-CHINANET-AH
source:       APNIC

role:         ANHUI TELECOM
address:      305 Changjiang West Road
address:      Hefei Anhui China
country:      CN
phone:        +86 0551 5185089
fax-no:       +86 0551 5185500
e-mail:       wanglinlin2@anhuitelecom.com
trouble:      send spam reports to abuse@ah163.com
trouble:      and abuse reports to abuse@ah163.com
trouble:      Please include detailed information and
trouble:      times in GMT+8:00
admin-c:      LW604-AP
tech-c:       LW604-AP
nic-hdl:      AT318-AP
remarks:      http://www.ah163.net
notify:       wanglinlin2@anhuitelecom.com
mnt-by:       MAINT-CHINANET-AH
changed:      wanglinlin2@anhuitelecom.com 20060323
source:       APNIC

person:       Chinanet Hostmaster
nic-hdl:      CH93-AP
e-mail:       anti-spam@ns.chinanet.cn.net
address:      No.31 ,jingrong street,beijing
address:      100032
phone:        +86-10-58501724
fax-no:       +86-10-58501724
country:      CN
changed:      dingsy@cndata.com 20070416
mnt-by:       MAINT-CHINANET
source:       APNIC

DNS records

DNS query for 122.172.132.61.in-addr.arpa returned an error from the server: NameError

name	class	type	data	time to live
gaveleavefrom.com	IN	SOA	server: ns1.gaveleavefrom.com email: admin.gaveleavefrom.com serial: 2009000000 refresh: 600 retry: 900 expire: 1209600 minimum ttl: 43200	600s	(00:10:00)
gaveleavefrom.com	IN	NS	ns1.gaveleavefrom.com	600s	(00:10:00)
gaveleavefrom.com	IN	NS	ns2.gaveleavefrom.com	600s	(00:10:00)
gaveleavefrom.com	IN	MX	preference: 10 exchange: mail.gaveleavefrom.com	600s	(00:10:00)
gaveleavefrom.com	IN	A	61.132.172.122	600s	(00:10:00)

Traceroute

Tracing route to gaveleavefrom.com [61.132.172.122]...

hop

rtt

rtt

rtt

ip address

fully qualified domain name

1

1

1

1

70.84.211.97

61.d3.5446.static.theplanet.com

2

3

0

0

70.87.254.1

po101.dsr01.dllstx5.theplanet.com

3

0

0

0

70.85.127.105

po51.dsr01.dllstx3.theplanet.com

4

0

0

0

70.87.253.9

et3-1.ibr04.dllstx3.theplanet.com

5

0

0

0

4.71.122.1

te-3-4.car4.dallas1.level3.net

6

13

1

1

4.69.145.116

ae-73-70.ebr3.dallas1.level3.net

7

35

35

35

4.69.132.77

ae-3-3.ebr2.losangeles1.level3.net

8

45

51

53

4.69.132.13

ae-2-2.ebr2.sanjose1.level3.net

9

52

54

53

4.69.134.222

ae-92-92.csw4.sanjose1.level3.net

10

46

46

46

4.68.18.198

ae-44-99.car4.sanjose1.level3.net

11

47

47

48

4.71.114.102

china-telec.car4.sanjose1.level3.net

12

253

253

253

202.97.51.149

13

242

241

241

202.97.33.53

14

243

242

243

202.97.33.61

15

262

261

260

202.97.39.22

16

259

259

260

61.191.33.130

17

262

263

262

61.190.250.38

18

249

248

250

61.132.172.122

Trace complete

Service scan

FTP - 21

220 (vsFTPd 2.0.4) 500 OOPS: vsf_sysutil_recv_peek: no data 500 OOPS: child died

SMTP - 25

Error: ConnectionRefused

HTTP - 80

Error: TimedOut

POP3 - 110

Error: ConnectionRefused

IMAP - 143

Error: ConnectionRefused

==================
Just filter China block

61.132.128.0 - 61.132.255.255