![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jecook posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryCut, because it's kinda long, but well worth it.
From the email file as of about ten minutes ago.. ::snicker::
I was expecting it to be like what I've done with china, and have it fall into a large black hole. Apparently, since I copied B.O.A.'s abuse team (whom I have not heard from, oddly enough) someone took direct action. So imagine my surprise when I get a response like this. I sent a reply all thanking them for the fast response.
From: "[Indonesian abuse pitbull]" <noc@immediavisi.[foo]>
To: "Network Management Center PT. Indointernet", mlg@[mangled].id, "Yours Truly", abuse@ipowerweb.[munge], abuse@bankofamerica.[bank], hostmaster[barf]indo.net.id, "IT Lady", [Network engineer], [bossman]
Date: tonight
Subject: Re: Scam originating from your systems...
dear ALL,
we was non-active this URL since yesterday.
best regards,
------------------
Salam
[Indonesian abuse pitbull]
-----Original Message-----
From: "Network Management Center PT. Indointernet"
To: mlg@[mangle].id
Cc: "Yours Truly (Y.T.)", abuse@ipowerweb.[munge],
abuse@bankofamerica.[bank], hostmaster[barf]indo.net.id, 'IT Lady', [Network Engineer (N.E.)], [bossman]
Date: tomorrow morning, sort of
Subject: Re: Scam originating from your systems...
> Dear Team Malang,
>
> Berikut log serupa.
>
> Salam,
> NMC
>
>
>
> (Y.T.) wrote:
>
> >Good morning!
> >
> >I have received the following message. Please take appropriate action
> as
> >below:
> >
> >Bank of America: You've probably seen this several million times
> before,
> >this is a notification.
> >ipowerweb.[munge]: Someone is sending messages from YOUR servers. Please
> >investigate.
> >Indo.net.id: There is a user operating a information collection site
> with
> >IP address of 202.159.121.26 posing as a United States corporation
> with
> >intent to deceive and defraud people. Please investigate.
> >IT Department: FYI, no action required.
> >
> >Thank you for your time and attention.
> >
> >
> >
> >
> >
> >>Return-path: <nobody@host60.ipowerweb.com>
> >>Received: from host60.ipowerweb.com ([66.235.195.160])
> >> by [mail server] ([ip munged])
> >> with SMTP (Manglesmurf PRO)
> >> for <[mangled]>; Sun, 04 Dec 2005 07:23:06 -0700
> >>Received: from nobody by host60.ipowerweb.com with local (Exim 4.43)
> >> id 1EiurN-0004Ez-Qp
> >> for [addy munged]; Sun, 04 Dec 2005 06:29:01 -0800
> >>To: (Y.T.)
> >>Subject: Protect and Update Your Online Banking Information
> >>From: <service@bankofamerica.com>
> >>Reply-To: servicenoaction@bankofamerica.com
> >>MIME-Version: 1.0
> >>Content-Type: text/html
> >>Content-Transfer-Encoding: 8bit
> >>Message-Id: <e1eiurn-0004ez-qp@host60.ipowerweb.com>
> >>Date: Sun, 04 Dec 2005 06:29:01 -0800
> >>X-AntiAbuse: This header was added to track abuse, please include it
> with
> >>
> >>
> >any abuse report
> >
> >
> >>X-AntiAbuse: Primary Hostname - host60.ipowerweb.com
> >>X-AntiAbuse: Original Domain - [dorf]
> >>X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> >>X-AntiAbuse: Sender Address Domain - host60.ipowerweb.com
> >>X-Source:
> >>X-Source-Args:
> >>X-Source-Dir:
> >>X-MDRcpt-To: (Y.T.)
> >>X-MDRemoteIP: 66.235.195.160
> >>X-Return-Path: nobody@host60.ipowerweb.com
> >>X-Mangle-Deliver-To: (Y.T.)
> >>
> >>
> >
> >
> >http:
> //www.diperta-jatim.go.id/application/https/bankofamerica.com/cgi-
> >bin/ias/MbrezU2xs8o0u_LYXs2iLSUyHCYJF6hVvHqksi1580602/1/bofa/ibd/IAS/p
> resent
> >ation/sso.login.controller.htm
> >
> >
[Signiture snipped]
From the email file as of about ten minutes ago.. ::snicker::
I was expecting it to be like what I've done with china, and have it fall into a large black hole. Apparently, since I copied B.O.A.'s abuse team (whom I have not heard from, oddly enough) someone took direct action. So imagine my surprise when I get a response like this. I sent a reply all thanking them for the fast response.
From: "[Indonesian abuse pitbull]" <noc@immediavisi.[foo]>
To: "Network Management Center PT. Indointernet", mlg@[mangled].id, "Yours Truly", abuse@ipowerweb.[munge], abuse@bankofamerica.[bank], hostmaster[barf]indo.net.id, "IT Lady", [Network engineer], [bossman]
Date: tonight
Subject: Re: Scam originating from your systems...
dear ALL,
we was non-active this URL since yesterday.
best regards,
------------------
Salam
[Indonesian abuse pitbull]
-----Original Message-----
From: "Network Management Center PT. Indointernet"
To: mlg@[mangle].id
Cc: "Yours Truly (Y.T.)", abuse@ipowerweb.[munge],
abuse@bankofamerica.[bank], hostmaster[barf]indo.net.id, 'IT Lady', [Network Engineer (N.E.)], [bossman]
Date: tomorrow morning, sort of
Subject: Re: Scam originating from your systems...
> Dear Team Malang,
>
> Berikut log serupa.
>
> Salam,
> NMC
>
>
>
> (Y.T.) wrote:
>
> >Good morning!
> >
> >I have received the following message. Please take appropriate action
> as
> >below:
> >
> >Bank of America: You've probably seen this several million times
> before,
> >this is a notification.
> >ipowerweb.[munge]: Someone is sending messages from YOUR servers. Please
> >investigate.
> >Indo.net.id: There is a user operating a information collection site
> with
> >IP address of 202.159.121.26 posing as a United States corporation
> with
> >intent to deceive and defraud people. Please investigate.
> >IT Department: FYI, no action required.
> >
> >Thank you for your time and attention.
> >
> >
> >
> >
> >
> >>Return-path: <nobody@host60.ipowerweb.com>
> >>Received: from host60.ipowerweb.com ([66.235.195.160])
> >> by [mail server] ([ip munged])
> >> with SMTP (Manglesmurf PRO)
> >> for <[mangled]>; Sun, 04 Dec 2005 07:23:06 -0700
> >>Received: from nobody by host60.ipowerweb.com with local (Exim 4.43)
> >> id 1EiurN-0004Ez-Qp
> >> for [addy munged]; Sun, 04 Dec 2005 06:29:01 -0800
> >>To: (Y.T.)
> >>Subject: Protect and Update Your Online Banking Information
> >>From: <service@bankofamerica.com>
> >>Reply-To: servicenoaction@bankofamerica.com
> >>MIME-Version: 1.0
> >>Content-Type: text/html
> >>Content-Transfer-Encoding: 8bit
> >>Message-Id: <e1eiurn-0004ez-qp@host60.ipowerweb.com>
> >>Date: Sun, 04 Dec 2005 06:29:01 -0800
> >>X-AntiAbuse: This header was added to track abuse, please include it
> with
> >>
> >>
> >any abuse report
> >
> >
> >>X-AntiAbuse: Primary Hostname - host60.ipowerweb.com
> >>X-AntiAbuse: Original Domain - [dorf]
> >>X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
> >>X-AntiAbuse: Sender Address Domain - host60.ipowerweb.com
> >>X-Source:
> >>X-Source-Args:
> >>X-Source-Dir:
> >>X-MDRcpt-To: (Y.T.)
> >>X-MDRemoteIP: 66.235.195.160
> >>X-Return-Path: nobody@host60.ipowerweb.com
> >>X-Mangle-Deliver-To: (Y.T.)
> >>
> >>
> >
> >
> >http:
> //www.diperta-jatim.go.id/application/https/bankofamerica.com/cgi-
> >bin/ias/MbrezU2xs8o0u_LYXs2iLSUyHCYJF6hVvHqksi1580602/1/bofa/ibd/IAS/p
> resent
> >ation/sso.login.controller.htm
> >
> >
[Signiture snipped]
