Recruiting Agency - Job Offer

Lookup failed: yaswitch.org No data

Whois query for yaswitch.org...
Results returned from whois.publicinterestregistry.net:

Domain Name: YASWITCH.ORG
Domain ID: D178530278-LROR
WHOIS Server:
Referral URL: http://www.PublicDomainRegistry.com
Updated Date: 2015-11-23T20:12:00Z
Creation Date: 2015-11-23T20:09:34Z
Registry Expiry Date: 2016-11-23T20:09:34Z
Sponsoring Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited https://www.icann.org/epp#serverTransferProhibited
Registrant ID: DI_48560652
Registrant Name: George Gomez
Registrant Organization: George Gomez
Registrant Street: 6472 Silver Glen Drive
Registrant City: Jacksonville
Registrant State/Province:
Registrant Postal Code: 32258
Registrant Country: US
Registrant Phone: +1.9048860055
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Admin ID: DI_48560652
Admin Name: George Gomez
Admin Organization: George Gomez
Admin Street: 6472 Silver Glen Drive
Admin City: Jacksonville
Admin State/Province:
Admin Postal Code: 32258
Admin Country: US
Admin Phone: +1.9048860055
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Tech ID: DI_48560652
Tech Name: George Gomez
Tech Organization: George Gomez
Tech Street: 6472 Silver Glen Drive
Tech City: Jacksonville
Tech State/Province:
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.9048860055
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: NS1.YASWITCH.ORG
Name Server: NS2.YASWITCH.ORG
DNSSEC: unsigned
>>> Last update of WHOIS database: 2015-12-30T03:46:49Z <<<

abraxis.com and abraxis.net are legitimate. Apparently you found an IP address in the headers and looked it up in whois and found that it's in Abraxas's netspace. That's not what we're looking for.

We're looking for fake domains registered by scammers, whether used for email or for websites. Please post the email you got, with complete headers, and including the fake website it advertises, or the fake domain it was sent from. If it was sent from a fake domain, but not through the fake domain's mailserver, please post the previous email you sent, to which it is the reply, with complete headers.

ETA:
ns1.yaswitch.org has address 176.126.68.81 (Hosthatch)
ns2.yaswitch.org has address 176.126.68.81

yaswitch.org is another illegitimate domain registered by the scammers, but we don't normally go after scam nameserver domains. We go after scam websites and scam email domains, and for email domains, we need evidence in the form of scam emails sent through the domain's mailserver to or from the domain. This gang uses other mailservers to send, so we need both.

lktwork.com mail is handled by 10 mx.lktwork.com.
mx.lktwork.com has address 176.126.68.81

The mailserver of lktwork.com does not appear in the headers. Please post the previous message you sent to [email protected] with complete headers.

Header
rcode: Success
id: 0 opcode: Standard query
is a response: True authoritative: False
recursion desired: True recursion avail: True
truncated: False
questions: 1 answers: 3
authority recs: 0 additional recs: 2
Questions
name class type
yaswitch.org IN ANY
Answer records
name class type data time to live
yaswitch.org IN SOA
server: ns1.yaswitch.org
email:
serial: 1451447406
refresh: 60
retry: 120
expire: 1048576
minimum ttl: 300
300s (5m)
yaswitch.org IN NS ns1.yaswitch.org 300s (5m)
yaswitch.org IN NS ns2.yaswitch.org 300s (5m)
Authority records
[none]
Additional records
name class type data time to live
ns1.yaswitch.org IN A 176.126.68.81 300s (5m)
ns2.yaswitch.org IN A 176.126.68.81 300s (5m)

-- end --

It's a money mule scam. The perpetrators are in Russia and have registered domains pretending to be various three-letter combination companies, such as KDL, MLC, and OLT.

Please post an email you sent to the fake domain, with complete headers, and the reply thereto, with complete headers. These scammers respond to email using someone else's mail server, so we need headers both ways. Also if you can find their website, post the URL.

Header
rcode: Success
id: 0 opcode: Standard query
is a response: True authoritative: False
recursion desired: True recursion avail: True
truncated: False
questions: 1 answers: 4
authority recs: 0 additional recs: 1
Questions
name class type
lkthr.com IN ANY
Answer records
name class type data time to live
lkthr.com IN SOA
server: ns1.yaswitch.org
email:
serial: 1451447705
refresh: 60
retry: 120
expire: 1048576
minimum ttl: 300
300s (5m)
lkthr.com IN NS ns1.yaswitch.org 300s (5m)
lkthr.com IN NS ns2.yaswitch.org 300s (5m)
lkthr.com IN MX
preference: 10
exchange: mx.lkthr.com
300s (5m)
Authority records
[none]
Additional records
name class type data time to live
mx.lkthr.com IN A 176.126.68.81 300s (5m)

I'm not sure what kind of header that is. I'm looking for Received headers and the like.

I'm not sure what kind of header that is. I'm looking for Received headers and the like.

That is not a header, it is who owns the domain. See that they even have their own public name server registered.
Sorry, but do you really understand public DNS infrastructure ?
The previous comment regarding abraxis.com and . net, yes, I know they are domains, BUT, they allow to channel smpt mail sessions. That is where my received emails originate from. They are responsible for spamming and as such I have already taken action against them.

Cheers

abraxis.com and abraxis.net are legitimate. Apparently you found an IP address in the headers and looked it up in whois and found that it's in Abraxas's netspace. That's not what we're looking for.

We're looking for fake domains registered by scammers, whether used for email or for websites. Please post the email you got, with complete headers, and including the fake website it advertises, or the fake domain it was sent from. If it was sent from a fake domain, but not through the fake domain's mailserver, please post the previous email you sent, to which it is the reply, with complete headers.

ETA:
ns1.yaswitch.org has address 176.126.68.81 (Hosthatch)
ns2.yaswitch.org has address 176.126.68.81

yaswitch.org is another illegitimate domain registered by the scammers, but we don't normally go after scam nameserver domains. We go after scam websites and scam email domains, and for email domains, we need evidence in the form of scam emails sent through the domain's mailserver to or from the domain. This gang uses other mailservers to send, so we need both.

No, I am a Cisco Academy CCNA Security trainer, as such I have more accurate resources to see where an email really originates. Plus I have my own mail server 24/7 in my home. I have full control and can tell you where exactly is the correct originating IP address. ns1.yaswitch.org is a public name server and the mail server from ltkh.com is running from there, and they have used abraxis.com and .net to relay since these last idiots are allowing so.

^^^ This is a scam warning site.

What can we help you with?

I got the same email:

Job Opened: full-time & halfday
Company: LKT
Job Location: Australia
Pay: 3600 AUD for partial and 5900 AUD for full-time a month
Bonuses: Available
Typical job experience needed for a job in this occupation: None required
Probation period: Paid
Resume: will be a plus

We are a worldwide goods distributor in Australia.
Minimum Requirements are easy. You just need to have personal computer with Internet access, also Excel skills (the software must be pre-installed), interpersonal and communication skills.

Principal Knowledge, Skills, and Abilities for Vacancy:
- Keeping the records of all the deals of the Company
- Cooperating effectively in writing and oral with our clients in USA, Eastern Europe and Asia
- Be active support and look for ways to help our customers
- Respond to our distribution department's requests for assistance
- Knowledge of principles and ways for sales are plus

For more more detailed information please reply to us on this email [email protected] .
Thank you for your attention!

and this is the analysis report, it comes from Vietnam course through Poland with IP address 113.163.99.151 (Hanoi, Vietnam and 141.105.16.24 (Grupa, Poland)