[Bpf-cybersecurity] Fwd: Phishing ad nauseam by sociopath

Marilson marilson.mapa at gmail.com
Sun Dec 8 23:31:53 EST 2019 

---------- Forwarded message ---------
De: Marilson <marilson.mapa@ gmail. com>
Date: seg., 9 de dez. de 2019 às 01:22
Subject: Fwd: Phishing ad nauseam by sociopath
To: <abuse@ hostinger. com>
Cc: <bpf-cybersecurity@ intgovforum. org>, <globalsupport@ icann. org>, US
Department of Justice <contact@ usdoj. gov>, <feedback@ naag. org>, <abuse@
namecheap. com>, <guardian.readers@ theguardian. com>, <tips@ nytimes.
com>, WikiLeaks <sunshinepress@ this. is>, <adm@ weblink. com. br>, <info@
nic. br>


FUNDAMENTAL RIGHTS ARE NOT ABSOLUTE TO THE POINT OF PROTECTING ILLICIT ACTS

Theft of money, theft of personal and financial data, crime of larceny by
fraud and damage to computer operating systems do not combine with any kind
of secrecy. Fundamental rights are not absolute to the extent of
safeguarding unlawful acts. Let me repeat so that the bastards do not say
they did not read: Fundamental rights are not absolute to the point of
protecting illicit acts. Any magistrate, judge, prosecutor, lawyer,
politician or businessman who does not agree with this, belive, he has a
skeleton in the closet.

Scam with domains with the extension <.com (dot)>> abound my mail. All were
reported with evidence. But Registrar and Host - Namecheap and Cloudflare -
refuse to comply with their agreements, AUPs, ToSs and Code of Conduct that
prohibit such unlawful activity. They are accomplices.

I decided to report the latest scam with extension <.com(dot)de> without
copying the report to anyone. I knew that by doing so I would awaken the
worst in people. Said and done. With the arrogance that characterizes
sociopathy and the certainty of impunity Hostinger responded to the
complaint by asking for evidence to prove the scam. But the report sent
contained full header, scam URL, final URL, VirusTotal links for malware
identification by 11 scanners, domains, IP addresses and all providers
involved in the scam (see below). But Hostinger had to mock the complaint.
Warning that I knew they were being dishonest I resubmitted all the data
but required scammer identification. After all, *fundamental rights are not
absolute to the point of protecting illicit acts*. Hostinger replied that "*the
reported domain name is currently pointing to Cloudflare"*.

WHAT WAS DONE: Hostinger used two domains to send scam with
**Trojan.WinLNK.Agent** malware:
<contasjurisp. com>  and  <gerenteempresarial. com. de>
Hosting registered <contasjurisp. com> with false data and told a truth to
tell a lie when writing that "*the reported domain name is currently
pointing to Cloudflare". *What Hostinger did not say is that they hired
Cloudflare which offers reverse proxy and all WHOIS would point to
Cloudflare. Hostinger hid behind Cloudflare to stay hidden in the use of
Trojans. *Cloudflare has confirmed by email that the Hosting Provider is
Hostinger*. Hostinger is committing various crimes such as attempted theft
and property damage (Computer Fraud and Abuse Act), invasion of privacy and
ideological falsehood. Notice the WHOIS records from the registrar:

Domain contasjurisp. com
IP addresses:104.27.160.184
Registrar: HOSTINGER
Registrant Name: zilda elenir  -  DOES NOT EXIST
Registrant Street: calos lanser -  DOES NOT EXIST
Registrant City: novo hamburgo
Registrant State/Province: RS
Registrant Postal Code: 96222-642 - IT IS NOT FROM NOVO HAMBURGO
Registrant Email: zilda-elenir900@ protonmail. com - IT IS FAKE -
DomainIsWellKnownDea - *"At ProtonMail, privacy is our business model -
GDPR"*

Ask ICANN, which has a contract prohibiting illicit activity, why they
admit this garbage and dirty stuff of Registrars. I have asked several
times and the answer has always been "out of scope". That has always been
the answer of GGM21C's Godfather, the Great Global Mafia of the 21st
Century.
The solution is very simple: just be decent. When someone reports a scammer
with evidence, identify him and cancel the contract. Or continue to be
accomplices and hiding the mobster colleagues.
You who have acted in bad faith in drafting and approving the GDPR,
remember this: FUNDAMENTAL RIGHTS ARE NOT ABSOLUTE TO THE POINT OF
PROTECTING ILLICIT ACTS. This immoral defense of anonymity that the
Providers make is only explained by the need to hide themselves when using
scam. Natural and legal persons of good, spend fortunes promoting
themselves.

Even more immoral is the attitude of people who are paid to defend the
population and use the same harmful expression "out of scope" so as not to
have to demand decency and ethics from companies. I'm talking about Best
Practice Forum on Cybersecurity of IGF-UN, the National Association of
Attorneys General, US Department of Justice and the like around the world.

*Rodrigo da Costa Wiethorn *Head of Hostinger Brazil and *Demi Getschko*
President of NIC.br, you are both responsible for Hostinger's activity in
Brazil and will be held responsible for the crimes Hostinger practices.

A warning to mobsters: If you think your grandchildren will get home at
4:00 PM after an exhausting work day that started at 10:00 AM, will print a
pizza and watch a movie on the wall or ceiling, you are dreaming. This will
not happen because the queue of unemployed will move next door them.

Marilson


---------- Received message ---------
De: Hostinger Abuse <abuse-tracker@ hostinger. com>
Date: sáb., 7 de dez. de 2019 às 04:20
Subject: Re: Phishing ad nauseam by sociopath
To: Marilson <marilson.mapa@ gmail. com>

Hi,

Thank you for your report. The reported domain name has been suspended.

Hostinger Abuse Department
abuse@ hostinger. com
https:// www. hostinger. com

*------------------------------*
---------- Forwarded message ---------
De: Marilson <marilson.mapa@ gmail. com>
Date: sex., 6 de dez. de 2019 às 22:52
Subject: Re: Phishing ad nauseam by sociopath
To: Hostinger Abuse <abuse-tracker@ hostinger. com>
Cc: US Department of Justice <contact@ usdoj. gov>, info@ cec-zev. eu <info@
cec-zev. eu>, <feedback@ naag. org>, <globalsupport@ icann. org>,
<guardian.readers@ theguardian. com>, WikiLeaks <sunshinepress@ this. is>,
<abuse@ namecheap. com>

Hostinger wrote:  *"The reported domain name is currently pointing to
Cloudflare."*

What a f**k is that? No one else has ethics? Will all of you who run the
internet keep on stealing the planet's population until when? How long will
government authorities allow such illegal activities?

You from Hostinger acting as sociopaths asked me to prove that the message
was scam. Something that even retarded can know. I did what you asked for
though knowing that you were acting dishonestly. And  you give me in
response exactly what I informed you in my message sent on 12-05-2019:

I wrote on Dec 5, 2019:
*Originating IP address: 5.53.125.27*

*Originating hostmane: traype7.gerenteempresarial. com. de*
*Network owner: Selectel Ltd*

*Domain: gerenteempresarial. com. de*
*IP address: 104.31.92.45*
*Host Company: Cloudflare Inc*

Who do you think you are fooling? Your answers are so stupid that they
reveal the certainty of impunity. I also informed you on 12-05-2019:
I wrote on Dec 5, 2019:
*"Scam URL: http:// 4siae80eseo8e.contasjurisp.
com/5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)*
*This URL downloads .zip file: Bombei-ro05.12.2019_01.09.39.1239 which
instals malware.*


*Domain contasjurisp. comIP addresses:104.27.160.184*
*Registrar: HOSTINGER*
*Registrant Name: zilda elenir  -  DOES NOT EXIST*
*Registrant Street: calos lanser -  DOES NOT EXIST*
*Registrant City: novo hamburgo *
*Registrant State/Province: RS *
*Registrant Postal Code: 96222-642 - IT'S NOT FROM NOVO HAMBURGO*

*Mr. Arnas, your customer is committing various crimes such as ideological
falsehood, attempted theft and invasion of privacy. Unregistering is your
contractual and legal obligation. What about identifying a criminal? Is a
criminal entitled to anonymity? If the actual registrant is Cloudflare or
Namecheap would you have the decency to say?"*

Stop acting like whores and tell us WHO_is your client that is committing
crime with the domain *<accountsjurisp. com>* registered with you.
*And answer why your customer is still active if he's a denounced criminal?*

If you refuse to provide this information, I will have no doubt that you
are protecting your Cloudflare or Namecheap colleagues to whom I have
already sent multiple reports from their criminal customers with
*<.com(dot)de>* extension domains. These two companies host and register
the scammer that keeps sending his scams. And this mafia does nothing. It
is always useless denounce scammers or spammers. They don't even forbid the
scammer to use my email. Go be arrogant like that in hell! Keep using my
email and I will use adjectives that you deserve. And the world will know
who you are.

Can you from the US Department of Justice, NAAG and the European Center for
Consumer Protection answer why a criminal accused with evidence is not
suspended and identified? Why are these damned companies are not required
to respect their contracts that prohibit illegal activities? Why do these
companies not respect their AUPs, ToSs and Codes of Conduct? Why denounced
bandits with evidence are entitled to anonymity? Why do these providers
provide their services to terrorists? Remember that the damage these
providers cause to humanity is infinitely greater than the damage done by
terrorists, then? Do we have to seek help from mercenaries or hackers to
protect us from those we pay to protect us?

You are rotten, and all that is rotten must be buried to end the stench.

Marilson


Em sex., 6 de dez. de 2019 às 07:12, Hostinger Abuse <abuse-tracker@
hostinger. com> escreveu:

> Hi,
>
> The reported domain name is currently pointing to Cloudflare.
>
> Please report it at https:// www.cloudflare. com/abuse/
>
> Hostinger Abuse Department
> abuse@ hostinger. com
> https:// www. hostinger. com
>

*------------------------------*
---------- Forwarded message ---------
De: Marilson <marilson.mapa@ gmail. com>
Date: qui., 5 de dez. de 2019 às 20:26
Subject: Re: Phishing ad nauseam by sociopath
To: Hostinger Abuse <abuse-tracker@ hostinger. com>


Please don't treat me like a layman and don't underestimate people's
intelligence. I spent two years at RIPE (abuse working group) two years at
ARIN (Public Policy Mailing List) and I have been for two years at IGF / UN
(BPF Cybersecurity) and have been reporting sociopaths for over six years.

All the URLs in my report are still active, but BUT you need to put the
words together to work as links. Google and Gmail flood my mail every day
with trash, but if I forward spam or scam to a scanner or provider as a
report, without turning links OFF, Gmail returns stating that I am sending
malicious files or spamming . Only criminals are entitled to commit crimes
and with anonymity guaranteed by mobsters.

Join the protocol to the domain and join the extension to the domain for
the link to be activated. Mamma Mia !!!

I don't know how my location can interfere with your assessment, but I'm in
Sao Paulo city in Brazil.

<REMOVED IMAGE>

If I forward the scam without removing formatting gmail will return it to
me. I can put the scam in a PDF file with its active links but probably its
protection system will return due to malicious file attached. In other
words, be decent and don't waste my time. I do this job as a citizen duty,
so I'm not paid.

*https:// www. virustotal.
com/gui/url/3257ed42f18c47e048ef86d75bd5a4ce568f3cbda764d24ac04116deaaca0820/detection*

Join the protocols and domain extension at the URL above and you will get
the scam URL and rating.

The zipped file changes its name but the content is the same:
Defensor543505.12.2019_18.19.05.1205.

Click on the scam URL and upload the zipped file to VirusTotal and you will
get evaluation of 11 scanners:

<REMOVED IMAGE>

Just missed you asking me to click on the contents of the zipped file. Do
it you. And since you made me waste more time than necessary I advocate the
right to know who your client is, after all, criminals are not entitled to
anonymity. Deny me that right and I will treat Hostinger, at the UN and
social media, as accomplices of criminals.

Thanks
Marilson


Em qui., 5 de dez. de 2019 às 05:45, Hostinger Abuse <abuse-tracker@
hostinger. com> escreveu:

> Hi,
>
> Thank you for contacting Hostinger Abuse department. Unfortunately, we
> failed to locate any phishing-related content on the URL listed in your
> complaint. Please provide the following details for us to investigate the
> issue deeper:
> - exact links to the abusive pages the forms to enter sensitive details
> are located at;
> - country your IP address belongs to (we will try using the corresponding
> proxy);
> - a device used to access the content;
> - (optional) screenshot of the abusive page.
>
> Thank you
>
> Hostinger Abuse Department
> abuse@ hostinger. com
> https:// www. hostinger. com



------------------------------

---------- Forwarded message ---------
De: Marilson <marilson.mapa@ gmail. com>
Date: qui., 5 de dez. de 2019 às 04:54
Subject: Phishing ad nauseam by sociopath
To: <arnas@ hostinger. com>
Cc: <abuse@ hostinger. com>


Mr. Arnas, I need your help to stop a sociopathic criminal from sending out
phishing and malware. I've reported him several times, with evidence, but
the providers hosting and sending his scams do nothing. This scammer is
registered with Hostinger:

Scam *URL: http:// 4siae80eseo8e.contasjurisp.
com/5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)*
This URL downloads .zip file: *Bombei-ro05.12.2019_01.09.39.1239* which
instals malware.

*https:// www. virustotal.
com/gui/url/3257ed42f18c47e048ef86d75bd5a4ce568f3cbda764d24ac04116deaaca0820/details
*

*https:// www. virustotal.
com/gui/file/3b59cf7d1e45a15615995f6978c51b0cdad07c286a45067a792e26d075876316/detection
* -
11 engines detected this file.

Domain contasjurisp. com
IP addresses:104.27.160.184
Registrar: *HOSTINGER*
Registrant Name: zilda elenir  -  DOES NOT EXIST
Registrant Street: calos lanser -  DOES NOT EXIST
Registrant City: novo hamburgo
Registrant State/Province: RS
Registrant Postal Code: 96222-642 - IT'S NOT FROM NOVO HAMBURGO

Mr. Arnas, your customer is committing various crimes such as ideological
falsehood, attempted theft and invasion of privacy. Unregistering is your
contractual and legal obligation. What about identifying a criminal? Is a
criminal entitled to anonymity? If the actual registrant is Cloudflare or
Namecheap would you have the decency to say?

Originating IP address: 5.53.125.27
Originating hostmane: traype7.gerenteempresarial. com. de
Network owner: Selectel Ltd
Domain: gerenteempresarial. com. de
IP address: 104.31.92.45
Host Company: Cloudflare Inc

Thanks
Marilson

*HEADER - truncated*
Delivered-To: marilson.mapa@ gmail. com
Received: by 2002:a1c:4c0f:0:0:0:0:0 with SMTP id z15csp1042308wmf;
        Wed, 4 Dec 2019 12:00:04 -0800 (PST)
X-Google-Smtp-Source:
APXvYqxELpEHz1ZXbAcebUMZnoC0ggYZeQnbBXWR4b6XzGf6BYDWgzplHWv9pgTmY2FXoQ9NqUEM
X-Received: by 2002:a2e:87ca:: with SMTP id
v10mr3220073ljj.253.1575489604766;
ARC-Authentication-Results: i=1; mx.google. com;
       dkim=pass header.i=@ traype7.gerenteempresarial. com. de
header.s=mail header.b=qiYiUh6k;
       spf=pass (google. com: domain of bombeiros@
traype7.gerenteempresarial. com. de designates 5.53.125.27 as permitted
sender) smtp.mailfrom=bombeiros@ traype7.gerenteempresarial. com. de;
       dmarc=pass (p=NONE sp=NONE dis=NONE)
header.from=traype7.gerenteempresarial. com. de
Return-Path: <bombeiros@ traype7.gerenteempresarial. com. de>
Received: from traype7.gerenteempresarial. com. de
(traype7.gerenteempresarial. com. de. [5.53.125.27])
        by mx.google. com with ESMTP id
g9si4888237ljk.77.2019.12.04.12.00.04
        for <marilson.mapa@ gmail. com>;
        Wed, 04 Dec 2019 12:00:04 -0800 (PST)
Received-SPF: pass (google. com: domain of bombeiros@
traype7.gerenteempresarial. com. de designates 5.53.125.27 as permitted
sender) client-ip=5.53.125.27;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=traype7.gerenteempresarial. com. de; s=mail; t=1575489604;
bh=yR9+/UvPPF7VyTbAl08VvfYRmtfYD18mTW1Zc+ks+nA=;
h=To:Subject:From:Date:Reply-To:From;
b=qiYiUh6kR5+qNvk3i8VKTO4SXvdqBTbVsimF+tMf6AUkG7RAt49IslZnDBYoDBlVo
Message-Id: <20191204200004.33CAB8B23F@ traype7.gerenteempresarial. com. de>

*TEXTO - formatting removed*
De: Bombeiros24145307 <bombeiros@ traype7.gerenteempresarial. com. de>
Date: qua., 4 de dez. de 2019 às 17:00
Subject: ****ULTIMO AVISO*** para sua regularizacao, com vistas a
continuidade do servicos - 34/187 -
To: <marilson.mapa@ gmail. com>

 AVISO DE VIGÊNCIA DE DOCUMENTOS VENCIDOS

Protocolo: 7530398377

Serviço: (Segurança contra incêndio)

inicio automático do protocolo : 04/12/2019

Status atual: Regularizar pendente ou VENCIDO

 Alertamos que o prazo de validade do(s) documento(s) referente ao Termo de
Colaboração nº 13882017 celebrado entre Secretaria Municipal
dos bombeiros e CENTRO SOCIAL NOSSA SENHORA, para funcionamento da CEI:
CR.P.CONV - CNPJ cadastrado para este e-mail ( marilson.mapa@ gmail. com )
que devem ser regularizados com urgência está(ão) na
situação de vencido. Encaminhe a respectiva
documentação à DIR EDUC - DIRETORIA REGIONAL DOS BOMBEIROS
 A não regularização dos itens informados pode implicar na
suspensão de seu CNPJ em 30 DIAS bem como multa previstos no Art 37 da
Lei 10.860 de 19 de Julho de 1988.

 *Ultimo documento enviado VENCIDO*
<a href="http:// 4siae80eseo8e.contasjurisp.
com/5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)">
 </a>

 - AVCB – Auto de Vistoria do Corpo de Bombeiros
 01/12/2019

Providencie a sua regularização, com vistas à continuidade
da prestação do serviço.
Atenciosamente,
SMB – Secretaria Municipal dos Bombeiros
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bpf-cybersecurity_intgovforum.org/attachments/20191209/436431d7/attachment.htm>

More information about the Bpf-cybersecurity mailing list