Example Of CRIMINAL FRAUD, Pepetrated By Spam,
& How easy it is to spot & deal with
We Could Automatically Counter Attack & Disable Criminal Sites ....
http://www.berklix.com/deter/
-------------------------------------------
To: hostmaster@paypal.com
cc: hostmaster@NETPIA.COM
Subject: Dear users of PayPal services (fwd)
To: hostmaster@paypal.com
cc: hostmaster@NETPIA.COM ( registrar of criminal fraud domain intnaray.net )
(bcc'd a few friends)
Please get NETPIA.COM (registrar of intnaray.net) to kill domain
intnaray.net as it's base of financial fraud (see spam below).
(of course it might be intnaray.net has been stolen by virus invasion,
but whatever - kill it it's operating criminaly ! )
Criminals are using a different port on
http://blog.intnaray.net:8000/.cgi-bin/paypal/ which stops viewing
behind a proxy. However using lynx - a text mode browser on a live
server not behind a proxy, (perhaps so it'll get mostly small
individual users, who dont have any corporate IT proxy operator
help desk to turn to for advice).
Annexes:
- Fraud web page
- Owner of criminal or stolen domain
- Original spam with full envelope of headers
===========
Sign Up | Log In | Help
Welcome Send Money Request Money Merchant Tools Auction Tools
Member Log-In Forgot your email address?
Forgot your password?
Email Address ____________________
Password ____________________ Log In
Join PayPal Today
Now Over
96.2 million accounts
Learn more about
PayPal Worldwide
Send money to anyone with an email address in 45 countries.
PayPal is free to use.
Your information is kept secure.
Learn about sending payments through PayPal. Free eBay tools make
selling easier.
PayPal works hard to help protect sellers.
PayPal simplifies shipping and tracking.
Earn cashback with PayPal Preferred Rewards. Accept credit cards on
your website using PayPal.
Compare our solutions to merchant accounts and gateways
Low fees make PayPal the affordable choice.
Learn why PayPal is good for business.
About | Accounts | Fees | Privacy | Security Center | Contact Us |
User Agreement | Developers | Jobs | Buyer Credit | Referrals | Shops
| Mass Pay
Truste
About SSL Certificates
Copyright 1999-2006 PayPal. All rights reserved.
Information about FDIC pass-through insurance
Truste Better Business Bureau Online
===========
Here's the address of the criminal domain operator: (from whois)
===========
Domain Name: INTNARAY.NET
Registrar: NETPIA.COM, INC.
Whois Server: whois.ibi.net
Referral URL: http://www.ibi.net
Name Server: NS2.INTNARAY.NET
Name Server: NS.INTNARAY.NET
Status: ACTIVE
EPP Status: ok
Updated Date: 16-Nov-2005
Creation Date: 01-Dec-1999
Expiration Date: 01-Dec-2008
Registrant:
INTLAB co., ltd
Domain Name: intnaray.net
Registrar: NETPIA.COM, INC.(http://www.ibi.net)
Administrative Contact:
Park Jeong Eon ad@intlab.co.kr
503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR
+82.0234529950
Technical Contact:
Park Jeong Eon ad@intlab.co.kr
503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR
+82.0234529950
Billing Contact:
Park Jeong Eon ad@intlab.co.kr
503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR
+82.0234529950
Record created on........: 02-Dec-1999 EDT.
Record expires on........: 02-Dec-2008 EDT.
Record last updated on...: 16-Nov-2005 EDT.
Domain Name Servers in listed order:
NS.INTNARAY.NET 211.43.212.68
NS2.INTNARAY.NET 211.43.212.69
===========
- ------- Forwarded Message
From security@paypal.com Tue Aug 22 23:40:06 2006
Return-Path: <security@paypal.com>
Received: from protrans-2j0zg8 ([66.199.27.132])
by ................. (8.13.6/8.13.6) with ESMTP id k7MLdvIB080651
for <.....................>; Tue, 22 Aug 2006 21:39:59 GMT
(envelope-from security@paypal.com)
Received: from User ([89.114.40.173]) by protrans-2j0zg8 with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 22 Aug 2006 16:39:48 -0500
Reply-To: <no-reply@paypal.com>
From: "PayPal Security"<security@paypal.com>
Subject: Dear users of PayPal services
Date: Wed, 23 Aug 2006 00:39:50 +0300
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Message-ID: <PROTRANS-2J0ZG8ZvVc0000020d@protrans-2j0zg8>
X-OriginalArrivalTime: 22 Aug 2006 21:39:48.0484 (UTC) FILETIME=[7DEB4440:01C6C633]
<FONT face="Courier New" size=2>Dear PayPal,<BR><BR>We recently noticed one or more
attempts to log in to your PayPal account<BR>from a foreign IP address.<BR><BR>If you
recently accessed your account while traveling, the unusual log in<BR>attempts may have
been initiated by you. However, if you did not initiate<BR>the log ins, please visit
PayPal as soon as possible to verify your<BR>identity:<BR><BR><A class=m1
href="http://blog.intnaray.net:8000/.cgi-bin/paypal/" target=_blank><FONT
face="Courier New" color=#0066cc size=2>https://www.paypal.com/us/cgi-bin/webscr?
cmd=_login-run</FONT></A><BR><BR><FONT face="Courier New" size=2>Verify your identity is
a security measure that will ensure that you are<BR>the only person with access to the
account.<BR><BR>Thanks for your patience as we work together to protect your
account.<BR><BR>Sincerely,<BR>PayPal<BR>------------------------------------------------
- - ----------------
<BR>
PROTECT YOUR PASSWORD<BR><BR> NEVER give your password to anyone and ONLY
log in at<BR></FONT><A class=m1 href="http://blog.intnaray.net:8000/.cgi-bin/paypal/" target=_blank><FONT face="Courier New" color=#0066cc
size=2>https://www.paypal.com/</FONT></A><FONT face="Courier New" size=2>. Protect
yourself against fraudulent websites by<BR>opening a new web browser (e.g. Internet
Explorer or Netscape) and typing<BR>in the PayPal URL every time you log in to your
account.<BR>----------------------------------------------------------------
<BR><BR>Please do not reply to this e-mail. Mail sent to this
address cannot be<BR>answered. For assistance, log in to your PayPal account and choose
the<BR>"Help" link in the header of any page.<BR></FONT><BR><FONT
face="Courier New" size=2>PayPal Email ID PP321</FONT></FONT>
- ------- End of Forwarded Message