[npnog] Email from Nabilbank originating from Russia

Rohit Sigdel rsigdel at tbs.edu.np
Fri Mar 3 10:10:36 NPT 2017 

I had a similar email this morning for my credit card statement. I just
analysed the header and it is from Compass Plus Russia.


Rohit Sigdel
Asst Network Manager
ICT Community Officer
The British School
Kathmandu,Nepal
www.tbskathmandu.org
+9779801150216









On 2 March 2017 at 10:36, Indiver Badal via npnog <npnog at npnog.org> wrote:

> Hi
>
> Did anyone notice that the recent credit-card statement email received
> from Nabilbank had some interesting headers? Tried to open the attachment
> and it could not unzip. That lead me to explore into email headers and
> noticed there's a Russian IP address originating the email. Earlier emails
> would come from India - ecsmc.electra-card.com ([220.226.201.63]).
>
> They recently changed/upgraded their card systems, and Compass Plus could
> be their provider but wanted to verify.
>
> Here's part of the header:
>
> Received: from mail.nabilbank.com (mail.nabilbank.com. [202.52.237.133])
>         by mx.google.com with ESMTP id r76si12758069pfr.248.2017.02.
> 26.06.40.59
>         for <XXXX at XXXXXer.com>;
>         Sun, 26 Feb 2017 06:41:02 -0800 (PST)
> Received-SPF: pass (google.com: best guess record for domain of
> card-statement at nabilbank.com designates 202.52.237.133 as permitted
> sender) client-ip=202.52.237.133;
> Received: from VPC-TXNABIL1.pc.compassplus.ru ([91.227.244.48])
>         by mail.nabilbank.com ([10.0.18.5])
>         (MDaemon PRO v15.0.4)
>         with ESMTP id md50008951098.msg for <XXXX at XXXXXer.com>;
>         Sun, 26 Feb 2017 20:25:51 +0545
> X-Spam-Processed: mail.nabilbank.com, Sun, 26 Feb 2017 20:25:51 +0545
>         (not processed: message from trusted or authenticated source)
> X-MDRemoteIP: 91.227.244.48
> X-MDHelo: VPC-TXNABIL1.pc.compassplus.ru
> X-MDArrival-Date: Sun, 26 Feb 2017 20:25:51 +0545
> X-Return-Path: card-statement at nabilbank.com
> X-Envelope-From: card-statement at nabilbank.com
> ...
> Subject: Credit Card Statement - 26/01/2017 to 25/02/2017 -
> XXXXXXXXXXXXYYYY
>
>
> Can anyone in the list please verify that it is correct? Also, a friend of
> mine received his credit-card statement for a card he cancelled several
> years back (again originating from Russia). Did anyone else notice similar
> activities?
>
>
> Thanks
> Indiver
>
>
>
> _______________________________________________
> npnog mailing list
> npnog at npnog.org
> https://lists.npnog.org/listinfo/npnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.npnog.org/pipermail/npnog/attachments/20170303/19dfc414/attachment.html>

More information about the npnog mailing list