Example Of CRIMINAL FRAUD, Pepetrated By Spam, & How easy it is to spot & deal with We Could Automatically Counter Attack & Disable Criminal Sites .... http://www.berklix.com/deter/ ------------------------------------------- To: hostmaster@paypal.com cc: hostmaster@NETPIA.COM Subject: Dear users of PayPal services (fwd) To: hostmaster@paypal.com cc: hostmaster@NETPIA.COM ( registrar of criminal fraud domain intnaray.net ) (bcc'd a few friends) Please get NETPIA.COM (registrar of intnaray.net) to kill domain intnaray.net as it's base of financial fraud (see spam below). (of course it might be intnaray.net has been stolen by virus invasion, but whatever - kill it it's operating criminaly ! ) Criminals are using a different port on http://blog.intnaray.net:8000/.cgi-bin/paypal/ which stops viewing behind a proxy. However using lynx - a text mode browser on a live server not behind a proxy, (perhaps so it'll get mostly small individual users, who dont have any corporate IT proxy operator help desk to turn to for advice). Annexes: - Fraud web page - Owner of criminal or stolen domain - Original spam with full envelope of headers =========== Sign Up | Log In | Help Welcome Send Money Request Money Merchant Tools Auction Tools Member Log-In Forgot your email address? Forgot your password? Email Address ____________________ Password ____________________ Log In Join PayPal Today Now Over 96.2 million accounts Learn more about PayPal Worldwide Send money to anyone with an email address in 45 countries. PayPal is free to use. Your information is kept secure. Learn about sending payments through PayPal. Free eBay tools make selling easier. PayPal works hard to help protect sellers. PayPal simplifies shipping and tracking. Earn cashback with PayPal Preferred Rewards. Accept credit cards on your website using PayPal. Compare our solutions to merchant accounts and gateways Low fees make PayPal the affordable choice. Learn why PayPal is good for business. About | Accounts | Fees | Privacy | Security Center | Contact Us | User Agreement | Developers | Jobs | Buyer Credit | Referrals | Shops | Mass Pay Truste About SSL Certificates Copyright 1999-2006 PayPal. All rights reserved. Information about FDIC pass-through insurance Truste Better Business Bureau Online =========== Here's the address of the criminal domain operator: (from whois) =========== Domain Name: INTNARAY.NET Registrar: NETPIA.COM, INC. Whois Server: whois.ibi.net Referral URL: http://www.ibi.net Name Server: NS2.INTNARAY.NET Name Server: NS.INTNARAY.NET Status: ACTIVE EPP Status: ok Updated Date: 16-Nov-2005 Creation Date: 01-Dec-1999 Expiration Date: 01-Dec-2008 Registrant: INTLAB co., ltd Domain Name: intnaray.net Registrar: NETPIA.COM, INC.(http://www.ibi.net) Administrative Contact: Park Jeong Eon ad@intlab.co.kr 503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR +82.0234529950 Technical Contact: Park Jeong Eon ad@intlab.co.kr 503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR +82.0234529950 Billing Contact: Park Jeong Eon ad@intlab.co.kr 503, Modubil, 730-1, Yeoksam-dong, Gangnam-gu , Seoul, KR +82.0234529950 Record created on........: 02-Dec-1999 EDT. Record expires on........: 02-Dec-2008 EDT. Record last updated on...: 16-Nov-2005 EDT. Domain Name Servers in listed order: NS.INTNARAY.NET 211.43.212.68 NS2.INTNARAY.NET 211.43.212.69 =========== - ------- Forwarded Message From security@paypal.com Tue Aug 22 23:40:06 2006 Return-Path: Received: from protrans-2j0zg8 ([66.199.27.132]) by ................. (8.13.6/8.13.6) with ESMTP id k7MLdvIB080651 for <.....................>; Tue, 22 Aug 2006 21:39:59 GMT (envelope-from security@paypal.com) Received: from User ([89.114.40.173]) by protrans-2j0zg8 with Microsoft SMTPSVC(5.0.2195.6713); Tue, 22 Aug 2006 16:39:48 -0500 Reply-To: From: "PayPal Security" Subject: Dear users of PayPal services Date: Wed, 23 Aug 2006 00:39:50 +0300 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Bcc: Message-ID: X-OriginalArrivalTime: 22 Aug 2006 21:39:48.0484 (UTC) FILETIME=[7DEB4440:01C6C633] Dear PayPal,

We recently noticed one or more attempts to log in to your PayPal account
from a foreign IP address.

If you recently accessed your account while traveling, the unusual log in
attempts may have been initiated by you. However, if you did not initiate
the log ins, please visit PayPal as soon as possible to verify your
identity:

https://www.paypal.com/us/cgi-bin/webscr? cmd=_login-run

Verify your identity is a security measure that will ensure that you are
the only person with access to the account.

Thanks for your patience as we work together to protect your account.

Sincerely,
PayPal
------------------------------------------------ - - ----------------
                    PROTECT YOUR PASSWORD

   NEVER give your password to anyone and ONLY log in at
https://www.paypal.com/. Protect yourself against fraudulent websites by
opening a new web browser (e.g. Internet Explorer or Netscape) and typing
in the PayPal URL every time you log in to your account.
----------------------------------------------------------------     

Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.

PayPal Email ID PP321
- ------- End of Forwarded Message