This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] spam-phishing
- Next message (by thread): [anti-abuse-wg] Call for Content for the RIPE 71 AA-WG Meeting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marilson
marilson.mapa at gmail.com
Mon Sep 7 08:11:05 CEST 2015
The hosting is public but is not anonymous. The Whois information is public but your customers are conveniently kept anonymous. The rating used to identify domains - liNNN-NNN.member.linode.com - it was meant to practice spam and crime. Your boss raised a company of tens of millions of dollars stepping on the neck of the people. He's a sociopath. Marilson From: Abuse Sent: Saturday, September 05, 2015 11:37 PM To: Marilson Cc: abuse at name.com ; registryabuse at rightside.co ; spam at uce.gov Subject: Re: spam-phishing Hello Marlison, When identifying the owners of those IP addresses, please take into account that Linode is a VPS (Virtual Private Server) hosting provider. The IP addresses we own are registered to the owners of the company, but are then allocated to customers of our hosting service. Due to the nature of public hosting, it is possible for some malicious users to slip through from time to time. Our Abuse Department works diligently to prevent and stop malicious activity from occurring on our platform. Please note that we take the integrity of our network very seriously and do everything within our power to prevent such activity from occurring. Please do not hesitate to contact us if any further abuse occurs. We will address the issue with any and all customers and systems involved in the abusive behavior. If you have any questions or concerns regarding this situation, please feel free to reach out to us at any time. Kind Regards, Tim Linode Abuse Team On 9/5/15 9:33 PM, Marilson wrote: Oh really? This customer has been terminated as of yesterday?! Well, well, well! Do you terminated with Christopher Aker? With the Linode CEO Christopher S. Aker?? The owner and registrant of li1275-114.members.linode.com and li994-31.members.linode.com ? With stupid sociopath who does not stop sending spam with virus to my address? I’m touched by size detachment and social attitude so magnanimous. I must believe that you also terminated with the owner and registrant of the domain li1409-91.members.linode.com Tom Asaro, right? https://blog.linode.com/2006/11/05/linodecom-welcomes-tom-asaro/ Look what Whois PDR says about 45.79.176.114 (li1275-114.members.linode.com) : “Query terms are too ambiguous. Please refine query.” kkkkkkkkkkkkkkkk For GeekTools, members.linode.com is: “Bad server (Verisign), retrying lookup.” Tell me Tim of abuse team, do you like fairy tales? Don’t you feel ashamed to write a bullshit that size? There is nothing dumber than underestimate people's intelligence. Yours bosses are a bunch of sociopaths who respond to complaints by sending spam with virus to those who denounce them. Tim, you said too: “It appears they were utilizing a new account.” Tell me sharp boy, how many domains Linode has? This is better than stand up comic! Tim, in due course I will write the biography of Mr. Christopher S. Aker - with 3 paragraphs - and send for you to read. I'll explain how he managed to create the Linode and because he has the habits and hobbies he has, and because he is uncle. See you! Marilson From: Abuse Sent: Saturday, September 05, 2015 7:31 AM To: Marilson Cc: abuse at name.com ; registryabuse at rightside.co ; spam at uce.gov Subject: Re: spam-phishing Hello, Thank you for bringing this to our attention. This customer has been terminated as of yesterday. It appears they were utilizing a new account. If you have any questions or concerns, please don't hesitate to ask. Regards, Tim Linode Abuse Team Abuse at Linode.com On 9/5/15 6:19 AM, Marilson wrote: Well motherfuckers, pay attention – respect is not for whom wants is for whom deserve! In August 27 you said: “We will take the necessary actions to ensure that this is resolved in a timely manner.” Liars! Fucking sociopaths! In August 15 you said: “The customer that was associated with this iP address has been removed as our client.” Liars! Fucking sociopaths! In July 28 you said: “We have informed the client, and are investigating.” Liars! Fucking sociopaths! Your customers - lixxxx-xxx.members.linode.com - continue sending spam with virus with the complicity of you from Linode, Name, Rightside and FTC-UCE, bunch of scoundrels, bunch of arrogants, bunch of psychopaths. If you will respond to my complaints by sending virus I will send my complaints with appropriate insults to your immoral behavior. Idiot, don't be so stupid! Do you think I'll click to see a "picture" hidden on purpose? Stupid, arrogant and sociopath. HEADER – THE EVIDENCE Delivered-To: marilson.mapa at gmail.com Received: by 10.103.27.68 with SMTP id b65csp482081vsb; Wed, 2 Sep 2015 20:24:31 -0700 (PDT) X-Received: by 10.140.29.3 with SMTP id a3mr2770719qga.97.1441250671628; Wed, 02 Sep 2015 20:24:31 -0700 (PDT) Return-Path: mailto:www-data at li1275-114.members.linode.com Received: from localhost ([2600:3c03::f03c:91ff:fec8:ffbc]) by mx.google.com with ESMTP id l15si28378023qkh.74.2015.09.02.20.24.31 for mailto:marilson.mapa at gmail.com; Wed, 02 Sep 2015 20:24:31 -0700 (PDT) Received-SPF: neutral (google.com: 2600:3c03::f03c:91ff:fec8:ffbc is neither permitted nor denied by best guess record for domain of www-data at li1275-114.members.linode.com) client-ip=2600:3c03::f03c:91ff:fec8:ffbc; Authentication-Results: mx.google.com; spf=neutral (google.com: 2600:3c03::f03c:91ff:fec8:ffbc is neither permitted nor denied by best guess record for domain of www-data at li1275-114.members.linode.com) smtp.mailfrom=www-data at li1275-114.members.linode.com Received: by localhost (Postfix, from userid 33) id 70F9B25916; Thu, 3 Sep 2015 03:23:13 +0000 (UTC) To: marilson.mapa at gmail.com Subject: Promoção férias de montão master-card, você e sua família com tudo pago. X-PHP-Originating-Script: 0:LIV.php MIME-Version: 1.0 From: <> Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Message-Id: <20150903032313.70F9B25916 at localhost> Date: Thu, 3 Sep 2015 03:23:13 +0000 (UTC) TEXT Sent: Thursday, September 03, 2015 12:23 AM To: marilson.mapa at gmail.com Subject: Promoção férias de montão master-card, você e sua família com tudo pago. From: Sokhumpheak Thong Sent: Thursday, August 27, 2015 4:45 AM To: Marilson Subject: Re: spam-phishing Hello, Thank you for the report. We will take the necessary actions to ensure that this is resolved in a timely manner. Regards, Soh Linode LLC On 27 Aug, 2015, at 1:51 am, Marilson <marilson.mapa at gmail.com> wrote: Tell me gentlemen of Linode, do you have some client who does not practice crime? Your client was removed – see below August 15 - or one of the domains that belongs to your client has been blocked? Shame on you!!! ID BY DBIP IP address 45.33.44.31 Address type IPv4 Hostname li994-31.members.linode.com ISP Linode Timezone America/New_York (UTC-4) HEADER Delivered-To: marilson.mapa at gmail.com Received: by 10.28.150.202 with SMTP id y193csp4128745wmd; Wed, 26 Aug 2015 18:52:45 -0700 (PDT) X-Received: by 10.68.243.103 with SMTP id wx7mr2645647pbc.60.1440640364697; Wed, 26 Aug 2015 18:52:44 -0700 (PDT) Return-Path: <root at 45.33.44.31> Received: from localhost ([2600:3c01::f03c:91ff:fec8:8323]) by mx.google.com with ESMTP id xn7si855608pab.189.2015.08.26.18.52.44 for <marilson.mapa at gmail.com>; Wed, 26 Aug 2015 18:52:44 -0700 (PDT) Received-SPF: neutral (google.com: 2600:3c01::f03c:91ff:fec8:8323 is neither permitted nor denied by best guess record for domain of root at 45.33.44.31) client-ip=2600:3c01::f03c:91ff:fec8:8323; Authentication-Results: mx.google.com; spf=neutral (google.com: 2600:3c01::f03c:91ff:fec8:8323 is neither permitted nor denied by best guess record for domain of root at 45.33.44.31) smtp.mailfrom=root at 45.33.44.31 Received: by localhost (Postfix, from userid 0) id B622A42A37; Thu, 27 Aug 2015 01:42:33 +0000 (UTC) content-type: text/html Subject: SAC - Ultimo Aviso de Bloqueio From: SAC at sacseg.com.br To: marilson.mapa at gmail.com Message-Id: <20150827014316.B622A42A37 at localhost> Date: Thu, 27 Aug 2015 01:42:33 +0000 (UTC) TEXT – hiperlink removed From: SAC at sacseg.com.br Sent: Wednesday, August 26, 2015 10:42 PM To: marilson.mapa at gmail.com Subject: SAC - Ultimo Aviso de Bloqueio Clique aqui ou em Mostrar Imagens deste email para Visualizar este e-mail por Completo. From: Jermaine Chism Sent: Saturday, August 15, 2015 9:48 AM To: Marilson Cc: abuse at linode.com ; abuse at name.com ; spam at uce.gov ; submit.snA38em0rJTkVJ7B at spam.spamcop.net ; registryabuse at rightside.co Subject: Re: spam-phishing Hello, The customer that was associated with this iP address has been removed as our client. If you need additional assistance regarding this, please let us know. Kind Regards, Jermaine Linode Support On Aug 15, 2015, at 8:34 AM, Marilson <marilson.mapa at gmail.com> wrote: At Tuesday, July 28, 2015 3:15 AM you said: “We have informed the client, and are investigating. Thank you, Samantha Linode Abuse Department” Yesterday I received the same phishing hosted by li1409-91.members.linode.com. Is phishing your specialty? HEADER Delivered-To: marilson.mapa at gmail.com Received: by 10.27.37.212 with SMTP id l203csp1170367wll; Fri, 14 Aug 2015 00:20:23 -0700 (PDT) X-Received: by 10.112.136.201 with SMTP id qc9mr35541330lbb.94.1439536822882; Fri, 14 Aug 2015 00:20:22 -0700 (PDT) Return-Path: <www-data at localhost> Received: from localhost (li1409-91.members.linode.com. [139.162.142.91]) by mx.google.com with ESMTP id 9si8495710wjt.113.2015.08.14.00.20.22 for <marilson.mapa at gmail.com>; Fri, 14 Aug 2015 00:20:22 -0700 (PDT) Received-SPF: neutral (google.com: 139.162.142.91 is neither permitted nor denied by best guess record for domain of www-data at localhost) client-ip=139.162.142.91; Authentication-Results: mx.google.com; spf=neutral (google.com: 139.162.142.91 is neither permitted nor denied by best guess record for domain of www-data at localhost) smtp.mailfrom=www-data at localhost Date: Fri, 14 Aug 2015 00:20:22 -0700 (PDT) Message-Id: <55cd96b6.6902c20a.d7991.ffff81d5SMTPIN_ADDED_MISSING at mx.google.com> Received: by localhost (Postfix, from userid 33) id 4237B12C60; Fri, 14 Aug 2015 06:01:47 +0000 (UTC) To: marilson.mapa at gmail.com Subject: NFe*Boleto X-PHP-Originating-Script: 0:Pll_llP.php From: 294236 marillacmoreira <marillaine at terra.com.br TEXT -----Mensagem Original----- From: 294236 marillacmoreira Sent: Friday, August 14, 2015 4:20 AM To: marilson.mapa at gmail.com Subject: NFe*Boleto > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marillaura at terra.com.br > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marillianobre at bol.com.br > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marillyn_damazio at yahoo.com.br > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marilofm at bol.com.br XXXXXXXXXXXXXXXXXXXXXXXXXXXX MANY OTHERS XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marilseg at terra.com.br > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: 294236 marillacmoreira <marilson.mapa at gmail.com > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Message-Id: <20150814060147.4237B12C60 at localhost> Date: Fri, 14 Aug 2015 06:01:47 +0000 (UTC) <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>GrupoAcol</title></head><body><big style="font-family: Arial Narrow;">Brasilia, 14 de Agosto de 2015</big><br> *************************************<br> <big style="font-family: Arial Narrow;">Mensagem eletronica nao responda - Noreply</big><br> <big style="font-family: Arial Narrow;">_____________________________________<br> Anexo,<br> <br> Protocolo - Compras e Prestacao de servicos<br> <br> </big><big style="font-family: Arial Narrow;">Anexo: </big><big style="font-family: Arial Narrow;"><a href="http://j.mp/GrupoAcolBrasil-DF">NF-e Boleto</a> ( 345 Kb )</big><big style="font-family: Arial Narrow;"><span style="font-weight: bold;"><br> <br> </span>Tabela de Codigos ANP - 320103002</big><small style="font-family: Arial Narrow;"><br> </small><big style="font-family: Arial Narrow;"><span style="font-weight: bold;"></span><br> NFe-Boleto - Emissao 12/08/2015<br> NFe-Boleto - Vencimento 12/09/2015<br> NFe-Boleto - Valor - R$ 1.254,26</big><br style="font-family: Arial Narrow;"> <big style="font-family: Arial Narrow;"><big></big></big><br> <h2 class="company-section hidden-xs hidden-sm" style="margin: 0px 0px 20px; font-family: 'Source Sans Pro',Tahoma,sans-serif; font-weight: 600; line-height: 1.1; color: rgb(0, 153, 0); font-size: 20px; font-style: normal; font-variant: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px; background-color: rgb(255, 255, 255);">Contatos do Grupo Acol</h2> <p class="company-card" style="margin: 0px 0px 10px; line-height: 1; color: rgb(51, 51, 51); font-family: Tahoma,Arial; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px; background-color: rgb(255, 255, 255);"><span class="company-card-item company-card-group hidden-xs hidden-sm" itemprop="name" style="font-size: 13px; display: block; line-height: 1.4;"><span class="Apple-converted-space"> </span><b style="font-weight: bold;">Grupo Acol</b></span><br class="company-card-split" style=""><span class="company-card-item company-card-group" style="font-size: 13px; display: block; line-height: 1.4;"><span class="Apple-converted-space"> </span><b style="font-weight: bold;">Endereço:</b></span><span class="company-card-content" style="display: block; padding-left: 25px; line-height: 1.4;"><span itemprop="address" itemscop e="" itemtype="http://schema.org/PostalAddress"><span itemprop="streetAddress">QNM 25 CJ H lt 5 lj 1 - Ceilandia Sul</span><span class="Apple-converted-space"> </span><br style=""><span itemprop="postalCode">72215-258</span><span class="Apple-converted-space"> </span><span itemprop="addressRegion">Ceilandia</span></span><span class="company-card-coords" style="font-size: 11px; display: block; color: rgb(153, 153, 153); margin-top: 3px;">Distrito Federal, Ceilândia, Ceilândia Sul</span></span><br class="company-card-split" style=""><span id="company-card-phone" class="company-card-item clearfix" data-phone="(61)3371-0369" style="font-size: 13px; display: block; line-height: 1.4;"><span class="company-card-item-label" style="float: left;"><span class="Apple-converted-space"> </span><b style="font-weight: bold;">Telefone:</b></span><span class="company-card-item-value phone open" itemprop="telephone" style="overflow: hidden; float: left; margin-left: 5px; width: auto; wh ite-space: nowrap;">(61) 3371-0369</span></span></p> From: Marilson Sent: Tuesday, July 28, 2015 3:05 AM To: abuse at linode.com Cc: crime.internet at dpf.gov.br ; spam at uce.gov ; mail-abuse at cert.br ; mail-abuse at nic.br Subject: spam-phishing Sirs, Your client, zedocarmoreis at yahoo.com.br , is practicing phishing. Please don't provide him the tools and means to spamming. Thanks Marilson HEADER Delivered-To: marilson.mapa at gmail.com Received: by 10.27.37.212 with SMTP id l203csp1414307wll; Mon, 27 Jul 2015 12:33:27 -0700 (PDT) X-Received: by 10.66.163.201 with SMTP id yk9mr70446240pab.63.1438025606013; Mon, 27 Jul 2015 12:33:26 -0700 (PDT) Return-Path: <www-data at outlook.com> Received: from outlook.com (li857-126.members.linode.com. [139.162.15.126]) by mx.google.com with ESMTP id sl3si46313086pab.135.2015.07.27.12.33.24 for <marilson.mapa at gmail.com>; Mon, 27 Jul 2015 12:33:26 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning www-data at outlook.com does not designate 139.162.15.126 as permitted sender) client-ip=139.162.15.126; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning www-data at outlook.com does not designate 139.162.15.126 as permitted sender) smtp.mail=www-data at outlook.com; dmarc=fail (p=NONE dis=NONE) header.from=yahoo.com.br Date: Mon, 27 Jul 2015 12:33:26 -0700 (PDT) Message-Id: <55b68786.6390420a.bc2ff.7ed3SMTPIN_ADDED_MISSING at mx.google.com> Received: by outlook.com (Postfix, from userid 33) id 5DF82DACD; Mon, 27 Jul 2015 19:33:24 +0000 (UTC) To: marilson.mapa at gmail.com Subject: Cielo Fidelidade - Você possui pontos para resgatar X-PHP-Originating-Script: 0:egyox3fxpm2u8btje5b9n2ssjk.php From: Cielo Resgatar Pontos 802689 mink.shop <zedocarmoreis at yahoo.com.br IP address 139.162.15.126 Address type IPv4 Hostname li857-126.members.linode.com ISP Linode Timezone America/New_York (UTC-4) Local time 02:04:12 Country United States TEXT -----Mensagem Original----- From: Cielo Resgatar Pontos 802689 mink.shop Sent: Monday, July 27, 2015 4:33 PM To: marilson.mapa at gmail.com Subject: Cielo Fidelidade - Você possui pontos para resgatar > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <sahamba at hotmail.com > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <fhoamaral at zipmail.com.br > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <thaiscloss at hotmail.com > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <amorese at gmail.com > MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <rafaelrosass at gmail.com XXXXXXXXXXXXXXX MANY OTHERS XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 From: Cielo Resgatar Pontos 802689 mink.shop <marilson.mapa at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20150907/a10afb9b/attachment.html>
- Next message (by thread): [anti-abuse-wg] Call for Content for the RIPE 71 AA-WG Meeting
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]