[Bpf-cybersecurity] Fwd: Phishing ad nauseam by sociopath
Marilson
marilson.mapa at gmail.com
Fri Dec 13 03:49:32 EST 2019
Ms. Roy, the adventitious idea embedded in the phrase you use on social
networking has been beautifully synthesized by Socrates: "I only know that
I know nothing." deparlemonde, which world?
Yes, Ms. Roy, there is another definition of "subsidies" that *"does not
involve giving out money"*. In my native language, Portuguese, any set of
information or data that underlies a work, a policy, a thesis, a lecture, a
book, a movie, etc., are subsidies. For example: “Abordagens de Melanie
Klein (psiquiatra austríaca) podem referenciar outros contos, os quais
fornecem *subsídios* para que se possam analisar fatores”. (Nicolau
Gregorin - Michaelis)
Or in the language of Shakespeare: *...slowly, his breathing became easier
and the panic in his mind subsided. The Dark Side Of The Moon by Willian
Corlett.
If IGF is low on money, it should be used for the benefit of the people and
not for companies with illicit practices. You have used the correct phrase
that explains the worthlessness of subsidies (data, ideas) created to
maintain the criminal but lucrative status quo: "voluntary contributions
from States and Stakeholders"
>From States: public money from taxpayers; those who pay taxes to be safe.
Security they never had, don't have and won't have, if it's up to you.
>From Stakeholders: a filter is required here; there are companies that buy
God and everyone; they buy public agents with bribes, buy politicians with
donations for election campaigns; they buy the media with advertising and
put their executives in organizations that make policies that will ensure
the status quo is maintained. May the gods or hackers help us!
Are you a socialist? Social Democrat? If you were a free market advocate,
you would understand that our concern is to produce wealth and not to use
the money of others. The Iron Lady put this into practice, raised the
sinking island, and portrayed this situation in a nutshell: *"Socialism
lasts until others' money runs out."* Same in Germany with the Free Market
of Ludwig (Mises) Erhard, in France with Jacques Rueff, in Japan with
native conservatives and ultra-conservative American advisers, and in
Reagan's USA.
Ms. Roy, this is the second time you suggest I go somewhere else. Which
bothers you the most, the contradictory or the evidence of the crimes that
all of you insist on not considering and refuse to discuss? Read the last
message from Dr. Timothy K. Asiedu, a professional with an impressive
academic background and many years of cyber security experience:
*"...since Cyber Security issues are growing at an alarming rate
globally." *
Growing at an alarming rate... Well Ms. Roy, you have at your disposal
extremely skilled technicians from Microsoft, Google, Akamai... drafts and
more drafts, meetings and more meetings, years and more years ... and? Who
do you think you fool? Why still growing at an alarming rate? With this
pitiful historique what right do you have to suggest that I go somewhere
else? Prove that my evidence is false. Show me that I am wrong to call
criminals the ones you insist on isolating from cyber security issues.
Your message is a jumble of sarcasm, but sarcasm is for smart people. Try
to argue, it doesn't hurt.
Militant manner?! No problem. Millor Fernandes, a respected Brazilian
cartoonist and playwright, said: "I don't trust anyone who lives at the
expense of his ideal."
Are you paid to "defend" the Internet?
Marilson
Em qui., 12 de dez. de 2019 às 05:50, <Chrystiane.Roy at international.gc.ca>
escreveu:
> Hi Marlison,
>
>
>
> Can I ask what you mean by: “IGF intends to elaborate subsidies” as you
> write at the bottom of your e-mail?
>
>
>
> IGF has hardly any money to organise its one annual meeting because it is
> funded from voluntary contributions from States and Stakeholders (i.e. not
> exactly peanuts, but not much more).
>
> So where would they get the money to hand out “subsidies”?
>
> Or is there another definition of “subsidies” that exists which does not
> involve giving out money?
>
>
>
> Otherwise, on the other parts of your message, have you ever considered
> taking it to ITU Study Group 2 or Study Group 17, in their standardisation
> sector? Lots of countries talking about similar stuff there (perhaps in a
> less militant manner, but still) and trying to find solutions to it.
>
>
>
> Thanks for the clarification on “subsidies” otherwise,
>
> C.
>
>
>
> *De :* Marilson <marilson.mapa at gmail.com>
> *Envoyé :* 12 décembre 2019 02:35
> *À :* Timothy Asiedu <kwadwotasiedu at gmail.com>
> *Cc :* Bpf-cybersecurity at intgovforum.org
> *Objet :* Re: [Bpf-cybersecurity] Fwd: Phishing ad nauseam by sociopath
>
>
>
> Dr. Asiedu, in fact security incidents vary greatly from one region to
> another. They vary so much that they should be grounds for criticism for
> you. Let me cite two examples among hundreds who I have denounced and filed
> during more than six years:
>
>
>
> 1- Only from 11-10-2019 until 09-12-2019 I archived 118 messages **Advance
> Fee Scam** from scammers of "your zone 5" - Burkina Faso, Benin, Togo,
> Nigeria, Dhl Company of B. Faso. US officials say this theft is a major
> financial resource for some governments "in your zone." If you believe
> Americans are overreacting you should criticize. Otherwise you should
> criticize your governments and especially the providers involved in this
> cheating. Providers who have known these criminals for more than two
> decades and refuse to suspend the lucrative contract even when they are
> denounced with evidence. If this is not a reason to criticize I suggest
> changing profession. By the way, you're using the same domain and IP
> address of some scammers from those 118 messages that tried to steal my
> money: **mail-sor-f65.google(dot)com 209.85.220.65**. It is Google's most
> lucrative domain and preferred by criminals for anonymity guaranteed by the
> estelionate's accomplices. With this domain you run the risk of being
> confused with a scammer.
>
>
>
> 2- Let's just stay with the malware I reported in this original message:
> ** Trojan.WinLNK.Agent **. Recalling that the original message I posted
> here on the 9th of this month is proof that the main scammers are the ISPs
> themselves protected and hidden by Registrars and ICANN.
>
>
>
> *"Malware of this family contains links for downloading malicious files,
> or the path for launching a different malicious executable file, designed
> to destroy, block, modify, or copy data, as well as interfere with the
> operation of computers or computer networks."* (Kaspersky)
>
>
>
> Note the Geographical distribution of attacks during 2016. (Kaspersky)
>
>
> Country % of users attacked
> worldwide
> 1 India 13.70
> 2 Algeria 10.06
> 3 Vietnam 7.20
> 4 Bangladesh 4.30
> 5 Mexico 3.48
> 6 Brazil 3.09
> 7 Kazakhstan 2.81
> 8 Morocco 2.33
> 9 Saudi Arabia 2.26
> 10 Kenya 2.22
>
>
>
> Now,look in this list for the USA, Canada or some Europe country...
>
> They are not under attack but the providers that hosting and distributing
> the scam are of those countries that are not under attack such as, Google,
> Endurance ICANN (why not?), Clouflare, Hostinger, Zoho, Namecheap,
> WhoisGuardian Protected, Yandex, Krek, Net-art, Ovh, etc, etc, etc. And
> most of them refuse to punish the criminal client who is most often the
> Provider itself. Ask Mr. Guterres Human Rights what he has been doing about
> it.
>
>
>
> Here we must make a reflection. There was a time when settlers came to
> distant lands and said, "Let's stay and pretend it's ours." But they did it
> personally, live, at risk of retaliation, disease, and widespread
> discomfort. Today, virtual settlers exploit and rob everyone with the
> internet in their comfortable and secure homes and offices. It is a
> cowardly society, rotten and unethical. These Internet companies, ICANN,
> RIRs, Registrars and ISPs make up the GGM21C, the Great Global Mafia of the
> 21st Century. Never in the history of mankind have so few done so much harm
> to so many.
>
>
>
> Tell me Dr. Asiedu, are you a virtual colonizer or a virtual colonized?
>
>
>
> Want to read a joke? IGF intends to elaborate subsidies for a cyber
> security policy without imposing ethics on the companies that will
> administer IoT, AI and Big Data... May the gods or hackers help us.
>
>
>
> Marilson
>
>
>
>
>
>
>
> Em qua., 11 de dez. de 2019 às 08:19, Timothy Asiedu <kwadwotasiedu@
> gmail. com> escreveu:
>
> Dear Marilson,
>
>
>
> Thank you very much for the reply.
>
>
>
> In fact I must say that I am the type who does not like criticizing about
> Security incidences, because based
>
> on my experiences I have come to realize that some Security incidences can
> vary from one regional
>
> environment to the other. There may be certain incidences I have heard or
> experienced in Africa and may not be common
>
> in US or Europe. But whatever policies , practices or procedures I have
> written about in my book or researches are
>
> issues or cases I have experienced practically during my role as
> Information Security Coordinator / Manager with DHL Ghana Ltd (i.e. www.
> dhl. com)
>
> , from 1997-2002 and training/education/consulting programs. From 1994
> -1997, I was the Systems Administrator of the same organization, DHL Ghana
> Ltd.
>
> During my role with DHL Ghana Ltd., I used to support the other technical
> officers in our zone 5 ( i.e. DHL Benin, Togo, Liberia, Burkina Faso and
> Niger).
>
>
>
> Best regards,
>
>
>
>
>
> Timothy K. Asiedu , PhD
>
> Author's page: www. amazon. com/author/timothy.asiedu
>
>
>
>
>
>
>
>
>
> On Wed, Dec 11, 2019 at 1:44 AM Marilson <marilson.mapa@ gmail. com>
> wrote:
>
> Dr. Asiedu, I am sorry if my version of the reasons for so much Internet
> crime does not match the version of those who make it an income motive.
> Millor Fernandes, a respected Brazilian cartoonist and playwright, said: *"I
> distrust every idealist who profits from his ideal."*
>
>
>
> Assessments such as yours have set cyber security policies that have never
> worked, are not working, and will never work because they are designed with
> the basic purpose of maintaining a criminal but profitable status quo. When
> these policies require ethical behavior from Internet companies, imposing
> severe punishments on those who do not abide by their AUPs, ToSs, ASPs,
> Codes of Conduct and Contracts, the Internet will perpetuate its threatened
> freedom and will no longer be that muddy sea where greedy sociopaths
> illegal enrichment themselves. The incompetent who cannot survive without
> illicit acts will break down. And be damned those who live at the expense
> of the threats that plague the Internet.
>
>
>
> Kind regards
>
> Marilson
>
>
>
>
>
> Em ter., 10 de dez. de 2019 às 05:59, Timothy Asiedu <kwadwotasiedu@
> gmail. com> escreveu:
>
> Dear Marilson,
>
>
>
> Thank you for the update.
>
>
>
> Kind regards,
>
>
>
>
>
> Timothy K. Asiedu
>
> Author's page: www. amazon. com/author/timothy.asiedu
>
>
>
>
>
> On Mon, Dec 9, 2019 at 4:39 AM Marilson <marilson.mapa@ gmail. com> wrote:
>
>
>
> ---------- Forwarded message ---------
> De: *Marilson* <marilson.mapa@ gmail. com>
> Date: seg., 9 de dez. de 2019 às 01:22
> Subject: Fwd: Phishing ad nauseam by sociopath
> To: <abuse@ hostinger. com>
> Cc: <bpf-cybersecurity@ intgovforum. org>, <globalsupport@ icann. org>,
> US Department of Justice <contact@ usdoj. gov>, <feedback@ naag. org>,
> <abuse@ namecheap. com>, <guardian.readers@ theguardian. com>, <tips@
> nytimes. com>, WikiLeaks <sunshinepress@ this. is>, <adm@ weblink. com.
> br>, <info@ nic. br>
>
>
>
> FUNDAMENTAL RIGHTS ARE NOT ABSOLUTE TO THE POINT OF PROTECTING ILLICIT ACTS
>
> Theft of money, theft of personal and financial data, crime of larceny by
> fraud and damage to computer operating systems do not combine with any kind
> of secrecy. Fundamental rights are not absolute to the extent of
> safeguarding unlawful acts. Let me repeat so that the bastards do not say
> they did not read: Fundamental rights are not absolute to the point of
> protecting illicit acts. Any magistrate, judge, prosecutor, lawyer,
> politician or businessman who does not agree with this, belive, he has a
> skeleton in the closet.
>
>
>
> Scam with domains with the extension <.com (dot)>> abound my mail. All
> were reported with evidence. But Registrar and Host - Namecheap and
> Cloudflare - refuse to comply with their agreements, AUPs, ToSs and Code of
> Conduct that prohibit such unlawful activity. They are accomplices.
>
>
>
> I decided to report the latest scam with extension <.com(dot)de> without
> copying the report to anyone. I knew that by doing so I would awaken the
> worst in people. Said and done. With the arrogance that characterizes
> sociopathy and the certainty of impunity Hostinger responded to the
> complaint by asking for evidence to prove the scam. But the report sent
> contained full header, scam URL, final URL, VirusTotal links for malware
> identification by 11 scanners, domains, IP addresses and all providers
> involved in the scam (see below). But Hostinger had to mock the complaint.
>
> Warning that I knew they were being dishonest I resubmitted all the data
> but required scammer identification. After all, *fundamental rights are
> not absolute to the point of protecting illicit acts*. Hostinger replied
> that "*the reported domain name is currently pointing to Cloudflare"*.
>
>
>
> WHAT WAS DONE: Hostinger used two domains to send scam with
> **Trojan.WinLNK.Agent** malware:
>
> <contasjurisp. com> and <gerenteempresarial. com. de>
>
> Hosting registered <contasjurisp. com> with false data and told a truth to
> tell a lie when writing that "*the reported domain name is currently
> pointing to Cloudflare". *What Hostinger did not say is that they hired
> Cloudflare which offers reverse proxy and all WHOIS would point to
> Cloudflare. Hostinger hid behind Cloudflare to stay hidden in the use of
> Trojans. *Cloudflare has confirmed by email that the Hosting Provider is
> Hostinger*. Hostinger is committing various crimes such as attempted
> theft and property damage (Computer Fraud and Abuse Act), invasion of
> privacy and ideological falsehood. Notice the WHOIS records from the
> registrar:
>
>
>
> Domain contasjurisp. com
> IP addresses:104.27.160.184
> Registrar: HOSTINGER
> Registrant Name: zilda elenir - DOES NOT EXIST
> Registrant Street: calos lanser - DOES NOT EXIST
> Registrant City: novo hamburgo
> Registrant State/Province: RS
> Registrant Postal Code: 96222-642 - IT IS NOT FROM NOVO HAMBURGO
>
> Registrant Email: zilda-elenir900@ protonmail. com - IT IS FAKE -
> DomainIsWellKnownDea - *"At ProtonMail, privacy is our business model -
> GDPR"*
>
>
>
> Ask ICANN, which has a contract prohibiting illicit activity, why they
> admit this garbage and dirty stuff of Registrars. I have asked several
> times and the answer has always been "out of scope". That has always been
> the answer of GGM21C's Godfather, the Great Global Mafia of the 21st
> Century.
>
> The solution is very simple: just be decent. When someone reports a
> scammer with evidence, identify him and cancel the contract. Or continue to
> be accomplices and hiding the mobster colleagues.
>
> You who have acted in bad faith in drafting and approving the GDPR,
> remember this: FUNDAMENTAL RIGHTS ARE NOT ABSOLUTE TO THE POINT OF
> PROTECTING ILLICIT ACTS. This immoral defense of anonymity that the
> Providers make is only explained by the need to hide themselves when using
> scam. Natural and legal persons of good, spend fortunes promoting
> themselves.
>
>
>
> Even more immoral is the attitude of people who are paid to defend the
> population and use the same harmful expression "out of scope" so as not to
> have to demand decency and ethics from companies. I'm talking about Best
> Practice Forum on Cybersecurity of IGF-UN, the National Association of
> Attorneys General, US Department of Justice and the like around the world.
>
>
>
> *Rodrigo da Costa Wiethorn *Head of Hostinger Brazil and *Demi Getschko*
> President of NIC.br, you are both responsible for Hostinger's activity in
> Brazil and will be held responsible for the crimes Hostinger practices.
>
>
>
> A warning to mobsters: If you think your grandchildren will get home at
> 4:00 PM after an exhausting work day that started at 10:00 AM, will print a
> pizza and watch a movie on the wall or ceiling, you are dreaming. This will
> not happen because the queue of unemployed will move next door them.
>
>
>
> Marilson
>
>
>
>
>
> ---------- Received message ---------
> De: *Hostinger Abuse* <abuse-tracker@ hostinger. com>
> Date: sáb., 7 de dez. de 2019 às 04:20
> Subject: Re: Phishing ad nauseam by sociopath
> To: Marilson <marilson.mapa@ gmail. com>
>
>
> Hi,
>
> Thank you for your report. The reported domain name has been suspended.
>
> Hostinger Abuse Department
> abuse@ hostinger. com
> https:// www. hostinger. com
>
>
> * ------------------------------ *
>
> ---------- Forwarded message ---------
> De: *Marilson* <marilson.mapa@ gmail. com>
> Date: sex., 6 de dez. de 2019 às 22:52
> Subject: Re: Phishing ad nauseam by sociopath
> To: Hostinger Abuse <abuse-tracker@ hostinger. com>
> Cc: US Department of Justice <contact@ usdoj. gov>, info@ cec-zev. eu
> <info@ cec-zev. eu>, <feedback@ naag. org>, <globalsupport@ icann. org>,
> <guardian.readers@ theguardian. com>, WikiLeaks <sunshinepress@ this.
> is>, <abuse@ namecheap. com>
>
>
>
> Hostinger wrote: *"The reported domain name is currently pointing to
> Cloudflare."*
>
>
>
> What a f**k is that? No one else has ethics? Will all of you who run the
> internet keep on stealing the planet's population until when? How long will
> government authorities allow such illegal activities?
>
>
>
> You from Hostinger acting as sociopaths asked me to prove that the message
> was scam. Something that even retarded can know. I did what you asked for
> though knowing that you were acting dishonestly. And you give me in
> response exactly what I informed you in my message sent on 12-05-2019:
>
>
>
> I wrote on Dec 5, 2019:
>
> *Originating IP address: 5.53.125.27*
>
> *Originating hostmane: traype7.gerenteempresarial. com. de*
>
> *Network owner: Selectel Ltd*
>
> *Domain: gerenteempresarial. com. de*
>
> *IP address: 104.31.92.45*
>
> *Host Company: Cloudflare Inc*
>
>
>
> Who do you think you are fooling? Your answers are so stupid that they
> reveal the certainty of impunity. I also informed you on 12-05-2019:
>
> I wrote on Dec 5, 2019:
>
> *"Scam URL: **http:// 4siae80eseo8e.**contasjurisp. com*
> */5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)*
>
> *This URL downloads .zip file: Bombei-ro05.12.2019_01.09.39.1239 which
> instals malware.*
>
>
>
>
> *Domain contasjurisp. com IP addresses:104.27.160.184*
>
> *Registrar: HOSTINGER*
>
> *Registrant Name: zilda elenir - DOES NOT EXIST*
>
> *Registrant Street: calos lanser - DOES NOT EXIST*
>
> *Registrant City: novo hamburgo *
>
> *Registrant State/Province: RS *
>
> *Registrant Postal Code: 96222-642 - IT'S NOT FROM NOVO HAMBURGO*
>
>
>
> *Mr. Arnas, your customer is committing various crimes such as ideological
> falsehood, attempted theft and invasion of privacy. Unregistering is your
> contractual and legal obligation. What about identifying a criminal? Is a
> criminal entitled to anonymity? If the actual registrant is Cloudflare or
> Namecheap would you have the decency to say?"*
>
>
>
> Stop acting like whores and tell us WHO_is your client that is committing
> crime with the domain *<accountsjurisp. com>* registered with you.
>
> *And answer why your customer is still active if he's a denounced
> criminal?*
>
>
>
> If you refuse to provide this information, I will have no doubt that you
> are protecting your Cloudflare or Namecheap colleagues to whom I have
> already sent multiple reports from their criminal customers with
> *<.com(dot)de>* extension domains. These two companies host and register
> the scammer that keeps sending his scams. And this mafia does nothing. It
> is always useless denounce scammers or spammers. They don't even forbid the
> scammer to use my email. Go be arrogant like that in hell! Keep using my
> email and I will use adjectives that you deserve. And the world will know
> who you are.
>
>
>
> Can you from the US Department of Justice, NAAG and the European Center
> for Consumer Protection answer why a criminal accused with evidence is not
> suspended and identified? Why are these damned companies are not required
> to respect their contracts that prohibit illegal activities? Why do these
> companies not respect their AUPs, ToSs and Codes of Conduct? Why denounced
> bandits with evidence are entitled to anonymity? Why do these providers
> provide their services to terrorists? Remember that the damage these
> providers cause to humanity is infinitely greater than the damage done by
> terrorists, then? Do we have to seek help from mercenaries or hackers to
> protect us from those we pay to protect us?
>
>
>
> You are rotten, and all that is rotten must be buried to end the stench.
>
>
>
> Marilson
>
>
>
>
>
> Em sex., 6 de dez. de 2019 às 07:12, Hostinger Abuse <abuse-tracker@
> hostinger. com> escreveu:
>
> Hi,
>
> The reported domain name is currently pointing to Cloudflare.
>
> Please report it at https:// www.cloudflare. com/abuse/
>
> Hostinger Abuse Department
> abuse@ hostinger. com
> https:// www. hostinger. com
>
>
> * ------------------------------ *
>
> ---------- Forwarded message ---------
>
> De: *Marilson* <marilson.mapa@ gmail. com>
> Date: qui., 5 de dez. de 2019 às 20:26
> Subject: Re: Phishing ad nauseam by sociopath
> To: Hostinger Abuse <abuse-tracker@ hostinger. com>
>
>
>
> Please don't treat me like a layman and don't underestimate people's
> intelligence. I spent two years at RIPE (abuse working group) two years at
> ARIN (Public Policy Mailing List) and I have been for two years at IGF / UN
> (BPF Cybersecurity) and have been reporting sociopaths for over six years.
>
>
>
> All the URLs in my report are still active, but BUT you need to put the
> words together to work as links. Google and Gmail flood my mail every day
> with trash, but if I forward spam or scam to a scanner or provider as a
> report, without turning links OFF, Gmail returns stating that I am sending
> malicious files or spamming . Only criminals are entitled to commit crimes
> and with anonymity guaranteed by mobsters.
>
>
>
> Join the protocol to the domain and join the extension to the domain for
> the link to be activated. Mamma Mia !!!
>
>
> I don't know how my location can interfere with your assessment, but I'm
> in Sao Paulo city in Brazil.
>
>
>
> <REMOVED IMAGE>
>
>
>
> If I forward the scam without removing formatting gmail will return it to
> me. I can put the scam in a PDF file with its active links but probably its
> protection system will return due to malicious file attached. In other
> words, be decent and don't waste my time. I do this job as a citizen duty,
> so I'm not paid.
>
>
>
> *https:// www. virustotal.
> com/gui/url/3257ed42f18c47e048ef86d75bd5a4ce568f3cbda764d24ac04116deaaca0820/detection*
>
>
>
> Join the protocols and domain extension at the URL above and you will get
> the scam URL and rating.
>
>
> The zipped file changes its name but the content is the same:
> Defensor543505.12.2019_18.19.05.1205.
>
>
> Click on the scam URL and upload the zipped file to VirusTotal and you
> will get evaluation of 11 scanners:
>
>
>
> <REMOVED IMAGE>
>
>
>
> Just missed you asking me to click on the contents of the zipped file. Do
> it you. And since you made me waste more time than necessary I advocate the
> right to know who your client is, after all, criminals are not entitled to
> anonymity. Deny me that right and I will treat Hostinger, at the UN and
> social media, as accomplices of criminals.
>
>
>
> Thanks
>
> Marilson
>
>
>
>
>
> Em qui., 5 de dez. de 2019 às 05:45, Hostinger Abuse <abuse-tracker@
> hostinger. com> escreveu:
>
> Hi,
>
> Thank you for contacting Hostinger Abuse department. Unfortunately, we
> failed to locate any phishing-related content on the URL listed in your
> complaint. Please provide the following details for us to investigate the
> issue deeper:
> - exact links to the abusive pages the forms to enter sensitive details
> are located at;
> - country your IP address belongs to (we will try using the corresponding
> proxy);
> - a device used to access the content;
> - (optional) screenshot of the abusive page.
>
> Thank you
>
> Hostinger Abuse Department
> abuse@ hostinger. com
> https:// www. hostinger. com
>
>
>
> ------------------------------
>
>
>
> ---------- Forwarded message ---------
> De: *Marilson* <marilson.mapa@ gmail. com>
> Date: qui., 5 de dez. de 2019 às 04:54
> Subject: Phishing ad nauseam by sociopath
> To: <arnas@ hostinger. com>
> Cc: <abuse@ hostinger. com>
>
>
>
> Mr. Arnas, I need your help to stop a sociopathic criminal from sending
> out phishing and malware. I've reported him several times, with evidence,
> but the providers hosting and sending his scams do nothing. This scammer is
> registered with Hostinger:
>
>
>
> Scam *URL: **http:// 4siae80eseo8e.**contasjurisp. com*
> */5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)*
>
> This URL downloads .zip file: *Bombei-ro05.12.2019_01.09.39.1239* which
> instals malware.
>
>
>
> *https:// www. virustotal.
> com/gui/url/3257ed42f18c47e048ef86d75bd5a4ce568f3cbda764d24ac04116deaaca0820/details *
>
>
>
> *https:// www. virustotal.
> com/gui/file/3b59cf7d1e45a15615995f6978c51b0cdad07c286a45067a792e26d075876316/detection * -
> 11 engines detected this file.
>
>
>
> Domain contasjurisp. com
> IP addresses:104.27.160.184
>
> Registrar: *HOSTINGER*
>
> Registrant Name: zilda elenir - DOES NOT EXIST
>
> Registrant Street: calos lanser - DOES NOT EXIST
>
> Registrant City: novo hamburgo
>
> Registrant State/Province: RS
>
> Registrant Postal Code: 96222-642 - IT'S NOT FROM NOVO HAMBURGO
>
>
>
> Mr. Arnas, your customer is committing various crimes such as ideological
> falsehood, attempted theft and invasion of privacy. Unregistering is your
> contractual and legal obligation. What about identifying a criminal? Is a
> criminal entitled to anonymity? If the actual registrant is Cloudflare or
> Namecheap would you have the decency to say?
>
>
>
> Originating IP address: 5.53.125.27
>
> Originating hostmane: traype7.gerenteempresarial. com. de
>
> Network owner: Selectel Ltd
>
> Domain: gerenteempresarial. com. de
>
> IP address: 104.31.92.45
>
> Host Company: Cloudflare Inc
>
>
>
> Thanks
>
> Marilson
>
>
>
> *HEADER - truncated*
>
> Delivered-To: marilson.mapa@ gmail. com
> Received: by 2002:a1c:4c0f:0:0:0:0:0 with SMTP id z15csp1042308wmf;
> Wed, 4 Dec 2019 12:00:04 -0800 (PST)
> X-Google-Smtp-Source:
> APXvYqxELpEHz1ZXbAcebUMZnoC0ggYZeQnbBXWR4b6XzGf6BYDWgzplHWv9pgTmY2FXoQ9NqUEM
> X-Received: by 2002:a2e:87ca:: with SMTP id
> v10mr3220073ljj.253.1575489604766;
> ARC-Authentication-Results: i=1; mx.google. com;
> dkim=pass header.i=@ traype7.gerenteempresarial. com. de
> header.s=mail header.b=qiYiUh6k;
> spf=pass (google. com: domain of bombeiros@
> traype7.gerenteempresarial. com. de designates 5.53.125.27 as permitted
> sender) smtp.mailfrom=bombeiros@ traype7.gerenteempresarial. com. de;
> dmarc=pass (p=NONE sp=NONE dis=NONE)
> header.from=traype7.gerenteempresarial. com. de
> Return-Path: <bombeiros@ traype7.gerenteempresarial. com. de>
> Received: from traype7.gerenteempresarial. com. de
> (traype7.gerenteempresarial. com. de. [5.53.125.27])
> by mx.google. com with ESMTP id
> g9si4888237ljk.77.2019.12.04.12.00.04
> for <marilson.mapa@ gmail. com>;
> Wed, 04 Dec 2019 12:00:04 -0800 (PST)
> Received-SPF: pass (google. com: domain of bombeiros@
> traype7.gerenteempresarial. com. de designates 5.53.125.27 as permitted
> sender) client-ip=5.53.125.27;
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
> d=traype7.gerenteempresarial. com. de; s=mail; t=1575489604;
> bh=yR9+/UvPPF7VyTbAl08VvfYRmtfYD18mTW1Zc+ks+nA=;
> h=To:Subject:From:Date:Reply-To:From;
> b=qiYiUh6kR5+qNvk3i8VKTO4SXvdqBTbVsimF+tMf6AUkG7RAt49IslZnDBYoDBlVo
> Message-Id: <20191204200004.33CAB8B23F@ traype7.gerenteempresarial. com.
> de>
>
>
>
> *TEXTO - formatting removed*
>
> De: Bombeiros24145307 <bombeiros@ traype7.gerenteempresarial. com. de>
> Date: qua., 4 de dez. de 2019 às 17:00
> Subject: ****ULTIMO AVISO*** para sua regularizacao, com vistas a
> continuidade do servicos - 34/187 -
> To: <marilson.mapa@ gmail. com>
>
> AVISO DE VIGÊNCIA DE DOCUMENTOS VENCIDOS
>
>
> Protocolo: 7530398377
>
> Serviço: (Segurança contra incêndio)
>
> inicio automático do protocolo : 04/12/2019
>
> Status atual: Regularizar pendente ou VENCIDO
>
> Alertamos que o prazo de validade do(s) documento(s) referente ao Termo
> de Colaboração nº 13882017 celebrado entre Secretaria
> Municipal dos bombeiros e CENTRO SOCIAL NOSSA SENHORA, para funcionamento
> da CEI: CR.P.CONV - CNPJ cadastrado para este e-mail ( marilson.mapa@
> gmail. com ) que devem ser regularizados com urgência
> está(ão) na situação de vencido. Encaminhe a respectiva
> documentação à DIR EDUC - DIRETORIA REGIONAL DOS BOMBEIROS
> A não regularização dos itens informados pode implicar na
> suspensão de seu CNPJ em 30 DIAS bem como multa previstos no Art 37 da
> Lei 10.860 de 19 de Julho de 1988.
>
> *Ultimo documento enviado VENCIDO*
> <a href="http:// 4siae80eseo8e.contasjurisp.
> com/5NAT40PKU37/XBV7WB6M7J7A5532S10EEZE4KVP71/SMB-Vistoria_contra_incendio_(VENCIDA_860)">
> </a>
>
> - AVCB – Auto de Vistoria do Corpo de Bombeiros
> 01/12/2019
>
> Providencie a sua regularização, com vistas à continuidade
> da prestação do serviço.
> Atenciosamente,
> SMB – Secretaria Municipal dos Bombeiros
>
>
>
> --
> Bpf-cybersecurity mailing list
> Bpf-cybersecurity at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bpf-cybersecurity_intgovforum.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bpf-cybersecurity_intgovforum.org/attachments/20191213/e459afb6/attachment.htm>
More information about the Bpf-cybersecurity
mailing list