I received 5 of them. I replied thinking the first two may have been legit, but then after seeing 3 more, started having questions. All also had the double message about a failed mailbox and appeared to be from gmail accounts.
I received the mail for the domains:
asteroids.info
shopathome.biz
fish.us
bartending.info
employmentagency.info
All are pretty good domains in my opinion, so there may be some selective targeting.
My header from info shows it's not from gmail, but is as follows:
Received: from [217.160.251.120] (helo=u15154901.onlinehome-server.com)...
Message-ID: <[email protected]>
Subject: shopathome.biz
From: <[email protected]>
onlinehome-server.com leads to a 1&1 web page.
Tracing back the listed IP listed as sender shows:
217.160.251.120
Record Type: IP Address
IP Location: United States - Schlund + Partner Ag
Reverse IP: Web server hosts 2 websites (reverse ip tool requires free login)
--------------------------------------------------------------------------------
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 217.160.240.0 - 217.160.255.255
netname: SCHLUND-CUSTOMERS
descr: Schlund + Partner AG
descr: NCC#1999110113
country: US
admin-c: UI-RIPE
tech-c: UI-RIPE
remarks: INFRA-AW
remarks: in case of abuse or spam, please mailto:
status: ASSIGNED PA
mnt-by: SCHLUND-MNT
changed: 20031107
source: RIPE
route: 217.160.224.0/19
descr: SCHLUND-USA
origin: AS8560
notify:
mnt-by: SCHLUND-MNT
changed: 20040611
source: RIPE
role: Schlund NCC
address: Schlund + Partner AG
address: Brauerstrasse 48
address: D-76135 Karlsruhe
address: Germany
remarks: For abuse issues, please use only
remarks: For NOC issues, please look at our AS 8560
phone: +49 721 91374 50
fax-no: +49 721 91374 20
e-mail:
admin-c: SPNC-RIPE
tech-c: SPNC-RIPE
nic-hdl: UI-RIPE
notify:
mnt-by: SCHLUND-MNT
changed: 20040512
source: RIPE
There are two domains also hosted on that IP, doghouse.com and enomaccount.com.
The whois for doghouse.com is:
Registration Service Provided By: Coordinator Inc
Contact:
Visit:
Domain name: doghouse.com
Administrative Contact:
Coordinator Inc
Yakov Yukhananov ()
+1.9175199775
Fax:
9851 Queens Blvd. 3F
Rego park, NY 11374
US
Registrant Contact:
Coordinator Inc
Yakov Yukhananov ()
+1.9175199775
Fax:
9851 Queens Blvd. 3F
Rego park, NY 11374
US
Status: Locked
Name Servers:
ns27.1and1.com
ns28.1and1.com
My feeling at this point is it's a whois mass emailing, similar to the ones the appraisal scammers are popular for. I'm not familiar with this Yakov guy, but it certainly looks to me like he's behind it or being made to appear so.
In any respect, the sender has violated several things legitimate business people shouldn't such as spamming from whois data, falsifying where the mail is from, saying they are using gmail when they are not, etc. Therefore, I don't believe it's legit until I get a cash payment into my account.
More info:
creative media whois now:
Registrant Contact:
Creative Media
Domain Administrator ()
+1.9175199775
Fax:
9851 Queens Blvd.
Rego park, NY 11374
US
Creativemedia.com whois a month ago:
Registrant Contact:
Coordinator :: We Buy Domains
Yakov Yukhananov ()
+1.9175199775
Fax:
9851 Queens Blvd. 3F
Rego park, NY 11374
US
could be that Yakov is just fishing for bargains, but I don't like the method being used.