[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Phish Scam Edition.
Return-Path: <aw-secure@paypal.com>
Received: from x-svr.com (62.141.56.136) by studio42.com with ESMTP (Eudora
Internet Mail Server 3.2.10) for <webmaster@studio42.com>;
Fri, 1 Aug 2008 21:33:59 -0700
Received: from User (bnc1.otakubox.de [80.237.153.15]) (authenticated bits=0)
by x-svr.com (8.12.11.20060308/8.12.11) with ESMTP id m724UeOx007966;
Sat, 2 Aug 2008 06:30:43 +0200
Message-Id: <200808020430.m724UeOx007966@x-svr.com>
Reply-To: <aw-secure@paypal.com>
From: "PayPal Security Measures"<aw-secure@paypal.com>
Subject: Please Update Your Account !!!
Date: Sat, 2 Aug 2008 07:31:11 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0121_01C2A9A6.2B874762"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
To: undisclosed-recipients:;
PayPal
[studio42@flatus studio42]$ host 62.141.56.136
136.56.141.62.in-addr.arpa domain name pointer ns.x-svr.com.
[studio42@flatus studio42]$ whois 62.141.56.136@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '62.141.56.0 - 62.141.63.255'
inetnum: 62.141.56.0 - 62.141.63.255
netname: DE-KEYWEB-I
descr: Keyweb AG IP Network
country: DE
admin-c: KWAG-RIPE
tech-c: KWAG-RIPE
status: ASSIGNED PA
mnt-by: KEYWEB-MNT
source: RIPE # Filtered
person: Hostmaster Day
address: Keyweb AG
address: Neuwerkstr. 45/46
address: 99084 Erfurt
address: Germany
phone: +49-361-658530
abuse-mailbox: abuse@keyweb.de
fax-no: +49-361-6585366
nic-hdl: KWAG-RIPE
mnt-by: KEYWEB-MNT
source: RIPE # Filtered
% Information related to '62.141.48.0/20AS31103'
route: 62.141.48.0/20
descr: Keyweb AG IP Network
origin: AS31103
mnt-by: KEYWEB-MNT
source: RIPE # Filtered
Yawn. Another broken German server.
Who tried to exploit it?
[studio42@flatus studio42]$ host 80.237.153.15
15.153.237.80.in-addr.arpa domain name pointer bnc1.otakubox.de.
[studio42@flatus studio42]$ whois 80.237.153.15@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '80.237.153.0 - 80.237.153.127'
inetnum: 80.237.153.0 - 80.237.153.127
remarks: INFRA-AW
netname: HE-DS-153-CGN2-NET
descr: Hosteurope GmbH
descr: koeln@hosteurope.de
country: DE
admin-c: HER4-RIPE
tech-c: HER
status: ASSIGNED PA
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered
role: Host Europe Ripehandle
address: Hansestr. 109
address: 51149 Koeln
phone: +49 2203 1045 0
abuse-mailbox: net-abuse@hosteurope.de
admin-c: DART
admin-c: FLX
admin-c: WIRR
admin-c: SHAF
admin-c: HONK
tech-c: DART
tech-c: FLX
tech-c: WIRR
tech-c: SHAF
tech-c: HONK
nic-hdl: HER
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered
person: Uwe Braun
address: Hansestr. 109
address: 51149 Koeln
phone: +49 2203 1045 7000
nic-hdl: HER4-RIPE
source: RIPE # Filtered
mnt-by: ONE2ONE-MNT
% Information related to '80.237.128.0/17AS20773'
route: 80.237.128.0/17
descr: DE-HEC-80-237-128
origin: AS20773
member-of: AS20773:RS-HOSTEUROPE
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered
% Information related to '80.237.152.0/21AS20773'
route: 80.237.152.0/21
descr: DE-HER-CGN2-80-237-152
origin: AS20773
member-of: AS20773:RS-HOSTEUROPE
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered
Nope. This is most likely the originally abused machine. Spammer not located.
