[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <webmaster@batashopz.fr>
Received: from mcorep06.live.webc.lyceu.net (213.193.2.228) by
studio42.com with ESMTP (Eudora Internet Mail Server 3.2.10) for
<chris@studio42.com>; Mon, 24 Mar 2008 12:59:05 -0800
Received: from mcorep06.live.webc.lyceu.net (localhost.localdomain
[127.0.0.1]) by localhost (Postfix) with ESMTP id 22D35E521A for
<chris@studio42.com>; Mon, 24 Mar 2008 20:59:54 +0100 (CET)
Received: from eu1350f.lyceu.net (eu1350f.lyceu.net [213.193.2.150])
by mailcore.webc.lyceu.net (Postfix) with ESMTP id D91B1DFFB4 for
<chris@studio42.com>; Mon, 24 Mar 2008 20:44:25 +0100 (CET)
Received: by eu1350f.lyceu.net (Postfix, from userid 1773096) id
F3B1E130FB; Mon, 24 Mar 2008 20:44:24 +0100 (CET)
To: chris@studio42.com
Subject: Paypal mettre a jour votre information?
X-WEBC-Mail-Request-IP: 81.192.19.75
X-WEBC-Mail-From-Script: http://www.batashopz.fr/3ale.php
From: Service Paypal <Servicepaypal@centredesecurite.fr>
Reply-To:
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id: <20080324194424.F3B1E130FB@eu1350f.lyceu.net>
Date: Mon, 24 Mar 2008 20:44:24 +0100 (CET)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<XHTML><HTML><HEAD><TITLE>PayPal</TITLE>
<META http-equiv=Content-Type content="text/html;
charset=windows-1252">
<STYLE type=text/css>#obmessage .dummy {
}
#z BODY {
FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:
verdana,arial,helvetica,sans-serif
}
#z TD {
FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:
verdana,arial,helvetica,sans-serif
}
</STYLE>
<META content="MSHTML 6.00.2900.2180" name=GENERATOR></HEAD>
<BODY><SPAN id=z>
<TABLE width=680 align=center>
<TBODY>
<TR>
<TD><A href="https://www.paypal.com/us" target=_blank><IMG
alt=PayPal
src="PayPal_fichiers/email_logo.gif"
border=0></A></TD></TR></TBODY></TABLE>
<TABLE cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="100%" background=PayPal_fichiers/bg_clk.gif><IMG
height=29
src="PayPal_fichiers/pixel.gif" width=1
border=0></TD></TR></TBODY></TABLE><BR>
<TABLE align=center>
<TBODY>
<TR>
<TD width=400>
<TABLE>
<TBODY>
<TR>
<TD>Informations concernant votre compte:</TD></TR>
<TR>
<TD><B>Cher client PayPal:<BR><BR>Attention! Votre compte
PayPal a
été limité!</B><BR><BR>Dans le cadre de nos mesures de
sécurité,
Nous vérifions régulièrement l'activité de l'écran PayPal.
Nous
avons demandé des informations à vous pour la raison
suivante:<BR><BR>Notre système a détecté des charges
inhabituelles à
une carte de crédit liée à votre compte
PayPal.<BR><BR><B>Numéro de
Référence: PP-259-187-991</B><BR><BR>C'est le dernier
rappel pour
vous connecter à PayPal, le plus tôt possible. Une fois que
vous
serez connecter. PayPal vous fournira des mesures pour
rétablir
l'accès à votre compte.<BR><BR>une fois connecté, suivez
les étapes
pour activer votre compte . Nous vous remercions de votre
compréhension pendant que nous travaillons à assurer la
sécurité
compte.<BR><BR>
<TABLE cellSpacing=0 width="80%" align=left bgColor=#ffffff
border=0>
<TBODY>
<TR>
<TD>
<TABLE cellPadding=4 width="100%" align=center
bgColor=#ffffff>
<TBODY>
<TR>
<TD class=pp_sansserif align=middle><A
href="http://hatexon10.ns8-wistee.fr/www.PayPal.Com22/webscrcmd=_login-done&login_access=1190737782.htm"
target=_blank><IMG alt=activer
src="PayPal_fichiers/btn_activate.gif"
border=0></A></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR><BR><BR><BR>Nous
vous remercions de votre grande attention à cette question.
S’il
vous plaît comprenez que c'est une mesure de sécurité
destinée à
vous protéger ainsi que votre compte. Nous nous excusons
pour tout
inconvénient.. <BR><BR><BR>Département de revue de comptes
PayPal
</TD></TR>
<TR>
<TD>
<HR class=dotted>
</TD></TR>
<TR>
<TD>
<TR>
<TD class=pp_footer>Copyright © 1999-2008 PayPal. Tous droits
réservés.<BR>PayPal FSA Register Number:
226056.<BR></TD></TR>
<TR>
<TD><IMG height=10
src="C:\Documents and
Settings\pc\Bureau\PayPal_fichiers\pixel(1).gif"
width=1 border=0></TD></TR></TD></TR>
<TR>
<TD>PayPal Email ID PP059</TD></TR></TBODY></TABLE></TD>
<TD vAlign=top width=190>
<TABLE cellSpacing=0 cellPadding=1 bgColor=#cccccc>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 bgColor=#ffffff>
<TBODY>
<TR>
<TD>
<TABLE cellPadding=5 width="100%" bgColor=#eeeeee>
<TBODY>
<TR>
<TD align=middle>Protégez votre
compte</TD></TR></TBODY></TABLE>
<TABLE cellPadding=5>
<TBODY>
<TR>
<TD>Assurez-vous de ne jamais donner votre mot de
passe
pour les sites Web frauduleux.<BR><BR>Toute
sécurité
d'accès au site PayPal ou à votre compte,
ouvrez une
fenêtre de navigateur Web (Internet Explorer ou
Netscape) et tapez dans la page de connexion de
PayPal
(http://paypal.com/) afin de vous assurer que
vous êtes
sur le véritable PayPal Site.<BR><BR>Pour plus
d'informations sur la protection contre la
fraude, s’il
vous plaît consulter nos conseils de
sécurité<BR></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD>
<TABLE cellPadding=5 width="100%" bgColor=#eeeeee>
<TBODY>
<TR>
<TD align=middle>Protégez votre mot de
passe</TD></TR></TBODY></TABLE>
<TABLE cellPadding=5>
<TBODY>
<TR>
<TD>Vous ne devriez jamais donner votre mot de
passe
PayPal à
personne.<BR></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></XHTML></SPAN></BODY></HTML>
[studio42@flatus studio42]$ host 213.193.2.228
228.2.193.213.in-addr.arpa domain name pointer eu2178f.lyceu.net.
[studio42@flatus studio42]$ whois 213.193.2.228@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '213.193.0.0 - 213.193.3.255'
inetnum: 213.193.0.0 - 213.193.3.255
netname: Lycos_Europe
descr: Lycos Europe GmbH
remarks: For abuse issues please contact
remarks: abuse@lycos-europe.com
country: FR
admin-c: JS5687-RIPE
tech-c: SH2596-RIPE
tech-c: KD849-RIPE
status: ASSIGNED PA
mnt-by: MNT-LYCEU
mnt-lower: MNT-LYCEU
source: RIPE # Filtered
person: Johannes Spangenberg
address: Lycos Europe GmbH
phone: +49 5241 8071 313
mnt-by: MNT-LYCEU
nic-hdl: JS5687-RIPE
source: RIPE # Filtered
person: Stefan Hegger
address: Lycos Europe GmbH
address: Carl Bertelsmann Str 29
address: DE-33311 Guetersloh
address: Germany
phone: +49 5241 8071 334
fax-no: +49 5241 80671 334
remarks: ----------------------------------------------
remarks: do NOT e-mail abuse to contacts given here,
remarks: e-mail them to abuse@lycos-europe.com instead.
remarks: (as shown below at "abuse-mailbox:") You will receive a ticket n
umber.
remarks: or contact our service desk under +49 5154 705 413 after receiv
ing a ticket number from our ticket system
abuse-mailbox: abuse@lycos-europe.com
mnt-by: MNT-LYCEU
nic-hdl: SH2596-RIPE
source: RIPE # Filtered
person: Konstantion Dounaev
address: Lycos Europe GmbH
address: Carl Bertelsmann Str 29
address: DE-33311 Guetersloh
address: Germany
phone: +49 5241 8071 327
mnt-by: MNT-LYCEU
nic-hdl: KD849-RIPE
source: RIPE # Filtered
% Information related to '213.193.0.0/19AS12832'
route: 213.193.0.0/19
descr: Lycos Europe
origin: AS12832
mnt-by: MNT-LYCEU
source: RIPE # Filtered
Most likely webmail abuse.
Onto possible spammer or zombie:
[studio42@flatus studio42]$ host 81.192.19.75
75.19.192.81.in-addr.arpa domain name pointer adsl-75-19-192-81.adsl.iam.net.ma.
[studio42@flatus studio42]$ whois 81.192.19.75@whois.afrinic.net
[whois.afrinic.net]
% This is the AfriNIC Whois server.
% Note: this output has been filtered.
% Information related to '81.192.0.0 - 81.192.255.255'
inetnum: 81.192.0.0 - 81.192.255.255
org: ORG-ONdP1-AFRINIC
netname: MA-ONPT-20020730
descr: Office National des Postes et Telecommunications
descr: PROVIDER LIR
country: MA
admin-c: TA388-AFRINIC
tech-c: OA78-AFRINIC
tech-c: OA78-AFRINIC
tech-c: OA78-AFRINIC
status: ALLOCATED PA
mnt-by: AFRINIC-HM-MNT
mnt-lower: ONPT-MNT
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
parent: 0.0.0.0 - 255.255.255.255
organisation: ORG-ONdP1-AFRINIC
org-name: Office National des Postes et Telecommunications
country: MA
org-type: LIR
address: MAROC TELECOM
address: Avenue Fald Ould OUMEIR AGDAL
address: Complexe des Telecoms
address: Rabat
address: Morocco
phone: +212 7 725180
fax-no: +212 7 725194
fax-no: +21237680236
e-mail: staff@iam.net.ma
admin-c: TA388-AFRINIC
admin-c: OA78-AFRINIC
admin-c: AEm12-AFRINIC
mnt-ref: ONPT-MNT
mnt-ref: AFRINIC-HM-MNT
mnt-by: AFRINIC-HM-MNT
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
person: Trabelsi Amine
address: Direction Internet Hay Riad Rabat
address: Morocco
phone: +212 37718987
fax-no: +212 3737710994
e-mail: trabelsi@iam.ma
nic-hdl: TA388-AFRINIC
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
person: Oumlil Aniss
address: Direction Internet ,division operation Rabat
address: Maroc
phone: +212 61870276
fax-no: +212 37725194
e-mail: oumlil@iam.net.ma
nic-hdl: OA78-AFRINIC
remarks: data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
And their phishing site:
[studio42@flatus studio42]$ host hatexon10.ns8-wistee.fr
hatexon10.ns8-wistee.fr has address 91.121.124.22
[studio42@flatus studio42]$ whois 91.121.124.22@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '91.121.64.0 - 91.121.127.255'
inetnum: 91.121.64.0 - 91.121.127.255
netname: OVH
descr: OVH SAS
descr: Dedicated Servers
descr: http://www.ovh.com
country: FR
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered
role: OVH Technical Contact
address: OVH SAS
address: 140, Quai du Sartel
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
remarks: ========================================
remarks: support : support@ovh.com
remarks: 0 899 701 761 (france only)
remarks: ========================================
remarks: troubles:
remarks: + network : abuse@ovh.net
remarks: + spam : http://www.spam-rbl.com
remarks: ========================================
remarks: peering : noc@ovh.net
remarks: prefix 213.186.32.0/19
remarks: prefix 213.251.128.0/18
remarks: - FreeIX (1Gbs) 213.228.3.244
remarks: - PariX (1Gbs) 198.32.247.104
remarks: - SfinX (1Gbs) 194.68.129.144
remarks: ========================================
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
person: Octave Klaba
address: OVH SAS
address: 140, quai du sartel
address: 59100 Roubaix
address: France
phone: +33 3 20 20 09 57
fax-no: +33 3 20 20 09 58
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '91.121.0.0/17AS16276'
route: 91.121.0.0/17
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
% Information related to '91.121.0.0/16AS16276'
route: 91.121.0.0/16
descr: OVH ISP
descr: Paris, France
origin: AS16276
mnt-by: OVH-MNT
source: RIPE # Filtered
