Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[phish] [UCE] [email] [VA] Your PayPal Account Could be Suspended

1 view
Skip to first unread message

Shmuel (Seymour J.) Metz

unread,
Jul 20, 2005, 8:00:29 AM7/20/05
to
The following fraudulent (identity theft) junk E-mail was sent to me
by your customer. Please deal with him. Thank you. I am sending this
both to the domains shown in the header data and to their upstream
providers, as listed in WHOIS.

AG, FTC: this fraudulent (identity theft) spam, with forged header
data, violates S877, the you CAN-SPAM act of 2003.

layeredtech: the identity theft spam was sent from
122.177.36.72.reverse.layeredtech.com [72.36.177.122] in your IP
space.

Patriot.net: please block 72.36.177/24; please consider blocking a
wider range.

Red Universitaria Nacional: identity theft spam site
http://146.83.210.6/paypal-updates/index.html is in your IP space.

If the header or INTERNIC information identifying you was a forgery, I
recommend that you take appropriate steps to prevent that misuse of
your domain name. Likewise if someone was bouncing their message
traffic off of your port 25 without authorization. IANAL, but several
court cases suggest that you may have good cause for legal action.
Should you decide to pursue litigation against the sender, I will be
willing to sign an affidavit that I did in fact receive the message
that I am forwarding.

If you were the victim of relay rape, you may want to take a look at
www.sendmail.org, http://relays.osirusoft.com/mtafix/,
hexadecimal.uoregon.edu/antirelay/ and
anti-relay.unicom.com/anti-relay/ for information on blocking spam
relays.

If you are the customer, your bulk E-mail constitutes postage-due
advertising, which is unethical and not a good way to earn customer
good will. In several court cases, judges have held it to constitute
theft of service and trespass. I demand that you remove me from all
present and future mailing lists, and will take appropriate steps if I
receive any further junk E-mail from you.

BWwhois --shift 1 --stripdisclaimer LAYEREDTECH.COM
BW whois 3.4 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2003 William E. Weinman
Request: LAYEREDTECH.COM
whois server for *.com is whois.crsnic.net ...
connected to whois.crsnic.net [198.41.3.54:43] ...
connected to whois.bulkregister.com [216.147.95.26:43] ...

Layered Technologies Inc
18816 Preston Road
Dallas, Texas 75287
US

Domain Name: LAYEREDTECH.COM

Administrative Contact:
Todd Abrams in...@layeredtech.com
Layered Technologies
18816 Preston Road Suite 100
Dallas, Texas 75252
US
Phone: 972-398-7998
Fax:
Technical Contact:
Todd Abrams in...@layeredtech.com
Layered Technologies
18816 Preston Road Suite 100
Dallas, Texas 75252
US
Phone: 972-398-7998
Fax:
Billing Contact:
Todd Abrams in...@layeredtech.com
Layered Technologies
18816 Preston Road Suite 100
Dallas, Texas 75252
US
Phone: 972-398-7998
Fax:

Record updated on 2005-04-01 06:25:19
Record created on 2003-04-08
Record expires on 2006-04-08
Database last updated on 2005-07-20 06:58:11 EST

Domain servers in listed order:

NS1.ALLNEO.COM 216.185.99.200
NS2.ALLNEO.COM 216.185.99.201

TransferGuard LOCK Status => ENABLED

NSLOOKUP -type=any 72.36.177.122
Server: monroe.patriot.net
Address: 209.249.176.5

: spam site 72.36.177.122 is at 72.36.177.122 in your IP space.
BWwhois --shift 1 --stripdisclaimer 72.36.177.122
BW whois 3.4 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2003 William E. Weinman
Request: 72.36.177.122
using netblock server whois.arin.net
connected to whois.arin.net [192.149.252.44:43] ...
default_host=whois.crsnic.net, w_host=whois.arin.net,
domain=72.36.177.122
query key: 72.36.177.122

OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 18816 Preston Road
Address: Suite #100
City: Dallas
StateProv: TX
PostalCode: 75252
Country: US

ReferralServer: rwhois://rwhois.layeredtech.com:4321

NetRange: 72.36.128.0 - 72.36.223.255
CIDR: 72.36.128.0/18, 72.36.192.0/19
NetName: LAYERED-TECH-
NetHandle: NET-72-36-128-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.LAYEREDTECH.COM
NameServer: NS2.LAYEREDTECH.COM
Comment: Please send all abuse complaints to
Comment: ab...@layeredtech.com
Comment: Please send all network queries to n...@layeredtech.com
RegDate: 2005-02-22
Updated: 2005-04-26

TechHandle: JPS66-ARIN
TechName: Suo-Anttila, Jeremy Paul
TechPhone: +1-972-398-7998
TechEmail: j...@layeredtech.com

OrgAbuseHandle: LAT-ARIN
OrgAbuseName: LT Abuse Team
OrgAbusePhone: +1-972-398-7998
OrgAbuseEmail: ab...@layeredtech.com

OrgNOCHandle: LIT-ARIN
OrgNOCName: LT IP-Network Team
OrgNOCPhone: +1-972-398-7998
OrgNOCEmail: ip...@layeredtech.com

OrgTechHandle: LNT3-ARIN
OrgTechName: LT NOC Team
OrgTechPhone: +1-972-398-7998
OrgTechEmail: ip...@layeredtech.com

# ARIN WHOIS database, last updated 2005-07-19 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
connected to rwhois.layeredtech.com [216.39.90.21:4321] ...
default_host=whois.crsnic.net, w_host=rwhois.layeredtech.com,
domain=72.36.177. 122
query key: 72.36.177.122
Registrar: rwhois.layeredtech.com
%rwhois V-1.5:003eff:00 nictool.layeredtech.com (by Network
Solutions, Inc. V-1 .5.7.3)
%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok


NSLOOKUP -type=any 146.83.210.6
Server: monroe.patriot.net
Address: 209.249.176.5

: spam site 146.83.210.6 is at 146.83.210.6 in your IP space.
BWwhois --shift 1 --stripdisclaimer 146.83.210.6
BW whois 3.4 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2003 William E. Weinman
Request: 146.83.210.6
connected to whois.arin.net [69.25.34.144:43] ...
connected to whois.lacnic.net [200.160.2.15:43] ...

% 2005-07-20 07:59:02 (BRT -03:00)

inetnum: 146.83/16
status: assigned
owner: Red Universitaria Nacional
ownerid: CL-RUNA1-LACNIC
responsible: Claudia Inostroza
address: Canada, 239, Providencia
address: 6640806 - Santiago -
country: CL
phone: +56 02 3370300 []
owner-c: CIM2
tech-c: CIM2
inetrev: 146.83/16
nserver: TERMINUS.REUNA.CL
nsstat: 20050715 AA
nslastaa: 20050715
nserver: NS.REUNA.CL
nsstat: 20050715 AA
nslastaa: 20050715
created: 19910128
changed: 20010222

nic-hdl: CIM2
person: Claudia Inostroza Mardones
e-mail: n...@REUNA.CL
address: Canada, 239, Providencia
address: 6640806 - Santiago -
country: CL
phone: +56 02 3370300 []
created: 20040621
changed: 20040621

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.

--
-----------------------------------------------------------
"Shmuel (Seymour J.) Metz" <Shmue...@Patriot.net>
-----------------------------------------------------------


-----------------------------------------------------
-- Beginning of forwarded message
-----------------------------------------------------
Received: by jefferson.patriot.net (mbox shmuel)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Tue Jul 19 22:15:58 2005)
X-From_: acc-c...@paypal.com Tue Jul 19 18:36:38 2005
Return-Path: <acc-c...@paypal.com>
Received: from local.aquinox.co.uk (IDENT:U2FsdGVkX19eqVX/G5KxASC2Trjk7...@122.177.36.72.reverse.layeredtech.com [72.36.177.122] (may be forged))
by jefferson.patriot.net (8.12.10/8.12.3) with ESMTP id j6JMacRg016762
for <shm...@patriot.net>; Tue, 19 Jul 2005 18:36:38 -0400
Message-Id: <200507192236....@jefferson.patriot.net>
Received: from [212.118.25.186] (port=2000 helo=comp)
by local.aquinox.co.uk with esmtpa (Exim 4.51)
id 1Dv0oJ-0001Fq-SP; Tue, 19 Jul 2005 23:43:38 +0100
From: "PayPal Security Validation" <acc-c...@paypal.com>
Subject: Your PayPal Account Could be Suspended
To: lilho...@aol.com
Content-Type: text/html;iso-8859-1
Reply-To: acc-c...@paypal.com
Date: Wed, 20 Jul 2005 01:35:59 +0300
X-Priority: 3
X-Library: Indy 8.0.25
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - local.aquinox.co.uk
X-AntiAbuse: Original Domain - patriot.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - paypal.com
X-Source:
X-Source-Args:
X-Source-Dir:

<html dir="rtl">

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Important Alert</title>
</head>

<body>

<div id="message" dir="ltr">
&nbsp;<table id="table1" style="BORDER-COLLAPSE: collapse" width="100%" border="0" dir="ltr">
<tr>
<td dir="ltr">
<p dir="ltr">
<a href="http://146.83.210.6/paypal-updates/index.html">
<img alt src="http://images.paypal.com/en_US/i/logo/email_logo.gif" border="0" width="255" height="35"></a></td>
</tr>
<tr>
<td background="http://img26.exs.cx/img26/2232/ppborderemailpage1aa.gif" height="19" dir="ltr">
<p dir="ltr">&nbsp;</td>
</tr>
<tr>
<td align="middle" height="33" dir="ltr">
<table id="table2" style="BORDER-COLLAPSE: collapse" width="88%" border="0" dir="ltr">
<tr>
<td dir="ltr">
<div dir="ltr">
<div id="xptContentOuter" dir="ltr">
<div align="center" dir="ltr">
<table id="table1" cellSpacing="0" cellPadding="0" width="100%" border="0" dir="ltr">
<tr vAlign="top" dir="ltr">
<td class="righty" dir="ltr">
<div id="xptTitle" dir="ltr">
<div align="center" dir="ltr">
<table class="main" id="table2" cellSpacing="0" cellPadding="0" width="100%" border="0" dir="ltr">
<tr>
<td class="heading" width="100%" height="25" dir="ltr">
<p dir="ltr">
<font face="Arial Black" color="#003063" size="4">
Important Alert</font></td>
</tr>
<tr>
<td dir="ltr">
<p dir="ltr">
<img height="2" alt src="http://www.paypal.com/en_US/i/scr/pixel.gif" width="1" border="0"></td>
</tr>
<tr>
<td dir="ltr"><hr dir="ltr"></td>
</tr>
</table>
</div>
</div>
<div id="xptContentMain" dir="ltr">
<p dir="ltr"><font face="Verdana" size="2">Hello
Sir/Madam,</font> </p>
<p dir="ltr"><font face="Verdana" size="2">Founded in
2005, PayPal, an eBay Company, enables any individual or<br>
business with an email address to securely, easily and
quickly send and<br>
receive payments online.</font></p>
<p dir="ltr"><font face="Verdana" size="2">PayPal always
look forward for the security purpose of their clients.<br>
Therefore, PayPal is proud to announce about their new
updated secure<br>
system. We updated are new SSL servers to give our
customers a better,<br>
fast and secure service.</font></p>
<p dir="ltr"><font face="Verdana" size="2">Due to the
recent update of the servers, you are requested to please<br>
update your account info at the following link.<br>
&nbsp;</font></p>
<table id="table3" style="BORDER-COLLAPSE: collapse" borderColor="#ffdfbf" width="59%" bgColor="#ffffcc" border="2" dir="ltr">
<tr>
<td dir="ltr">
<p align="center" dir="ltr">
<span style="FONT-SIZE: 5pt"><br>
</span>
<font color="#0033cc">
<font style="FONT-SIZE: 9pt" face="Arial" color="#0033cc">
<a onclick="return ShowLinkWarning()" target="_blank" href="http://146.83.210.6/paypal-updates/index.html">
<span style="TEXT-DECORATION: none">Click here to
update your account.</span></a></font><font face="Arial" color="#0033cc" size="2"><span style="TEXT-DECORATION: none"><br>
&nbsp;</span></font></font></td>
</tr>
</table>
<font face="Verdana" size="2">
<p dir="ltr">&nbsp;</p>
<p dir="ltr"><b>Edward A. Wrick</b><br>
<i>Security Advisor<br>
PayPal.com </i></p>
<p dir="ltr">Thank you for using PayPal!<br>
The PayPal Team</font><font face="Verdana" size="1"> <br>
<br>
<font color="#808080">
--------------------------------------------------------------------------------<br>
<br>
Please do not reply to this e-mail. Mail sent to this
address cannot be answered. For assistance, log in to your
PayPal account and choose the &quot;Help&quot; link in the footer of
any page.<br>
<br>
To receive email notifications in plain text instead of
HTML, update your preferences here. <br>
<br>
<br>
<br>
PayPal Email ID PP059</font><font color="#c0c0c0"><br>
&nbsp;</font></div>
</font></td>
</tr>
</table>
<p dir="ltr"><font face="Verdana" size="2"><b>
<font color="#0033cc"><u>
<a href="http://146.83.210.6/paypal-updates/index.html">PayPal, an eBay company</a><br>
</u></font></b><br>
</font><font style="FONT-SIZE: 8pt" face="Verdana">Copyright ©
1999-2005 PayPal. All rights reserved.<br>
<u><font color="#0033cc">Information about FDIC pass-through
insurance</font></u></font></div>
</div>
</div>
</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
<!-- toctype = X-unknown -->
<!-- toctype = text -->
<!-- text -->
<div dir="ltr">
<p dir="ltr">&nbsp;</div>
<!-- END TOC -->
<p dir="ltr">The HTML graphics in this message have been displayed. [<a href="http://us.f421.mail.yahoo.com/ym/spamoptions?YY=36770&order=down&sort=date&pos=0&view=a&head=b">Edit
Preferences</a> -
<a href="javascript:Help('http://us.rd.yahoo.com/mail_us/help/?http://help.yahoo.com/help/us/mail/context/context-71.html')">
What's This?</a>]</p>
<p dir="ltr">&nbsp;</p>

</body>

</html>


-----------------------------------------------------
-- End of forwarded message
-----------------------------------------------------

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages