Page 1 of 2 12 LastLast
Results 1 to 25 of 47

Thread: Odd scam alert

  1. #1
    Join Date
    Jul 2007
    Location
    Tech Belt
    Posts
    8,160

    Odd scam alert

    I've noticed a rather odd "copyright infringement" notice in my inbox today and the headers pretty much gave it away.

    Code:
    Return-path: <roebben@adv-roebbenvelkeneers.be>
    Envelope-to: <<snip>>
    Delivery-date: Fri, 27 May 2011 13:07:37 -0400
    Received: from s01.gt-networks.be ([94.103.146.92])
        (envelope-from <roebben@adv-roebbenvelkeneers.be>)
        id 1QQ0Vb-0003BG-Bp
        for <<snip>>; Fri, 27 May 2011 13:07:37 -0400
    Received: from apache by s01.gt-networks.be with local (Exim 4.76)
        (envelope-from <roebben@adv-roebbenvelkeneers.be>)
        id 1QQ0VZ-0006P0-1z
        for <<snip>>; Fri, 27 May 2011 19:07:33 +0200
    To: <<snip>>
    Subject: Cease and desist copyright infrigement!
    X-PHP-Script: adv-roebbenvelkeneers.be/ad/sendme.php for 82.195.232.218
    From: Andrew Webber - Arizonakey.com <andrew.webber@arizonakey.com>
    Reply-To: 
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1QQ0VZ-0006P0-1z@s01.gt-networks.be>
    Date: Fri, 27 May 2011 19:07:33 +0200
    Dear Sir,

    Attached is a list of the copyrighted material you are infriging on.
    We are the proprietors of all copyrighted material that is being fringed upon on your companies webste.
    We have reserved all rights regarding these trademarked files.
    Permission was neither asked nor granted to reproduce our copyrighted material, therefore what your company is doing constitutes infringement of our rights. In terms of the Copyright Statutes, we are entitled to an injunction against your continued infringement, as well as to recover damages from you for the loss we have suffered as a result of your infringing conduct.

    In the circumstances, we demand that you immediately:

    1. remove all infringing content and notify us in writing that you have done so;

    2. pay a licensing fee in the amount of 160,000 USD;

    3. immediately cease the use and distribution of copyrighted material;

    We await to hear from you by.

    This is written without prejudice to our rights, all of which are hereby expressly reserved.

    Yours faithfully,
    CEO Andrew Webber
    www.arizonakey.com
    If you see such e-mail, disregard it / throw it away.
    Nothing here right now.

  2. #2
    Thanks for the heads up!

  3. #3
    We received the same email earlier too.

    Edit: just received it again only with an added attachment as they forgot to add it the first time.
    HostXNow - Shared Web Hosting | Semi Dedicated Hosting | Enterprise Reseller Hosting | VPS Hosting

  4. #4
    Join Date
    Mar 2009
    Location
    NL
    Posts
    594
    Same here. Attachment doesn't work (only pdf image) with openoffice
    YISP - High Bandwidth dedicated servers and colocation in YISP-AS(Amsterdam)!

    Website: http://www.yisp.nl
    Contact: info "(AT)" yisp.nl

  5. #5
    Join Date
    Jan 2008
    Location
    Jax, FL
    Posts
    2,707
    Yeah, I received it as well... But to my personal email account that is not published anywhere o.O

  6. #6
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,645
    Quote Originally Posted by MattS View Post
    I've noticed a rather odd "copyright infringement" notice in my inbox today and the headers pretty much gave it away.

    Code:
    Return-path: <roebben@adv-roebbenvelkeneers.be>
    Envelope-to: <<snip>>
    Delivery-date: Fri, 27 May 2011 13:07:37 -0400
    Received: from s01.gt-networks.be ([94.103.146.92])
        (envelope-from <roebben@adv-roebbenvelkeneers.be>)
        id 1QQ0Vb-0003BG-Bp
        for <<snip>>; Fri, 27 May 2011 13:07:37 -0400
    Received: from apache by s01.gt-networks.be with local (Exim 4.76)
        (envelope-from <roebben@adv-roebbenvelkeneers.be>)
        id 1QQ0VZ-0006P0-1z
        for <<snip>>; Fri, 27 May 2011 19:07:33 +0200
    To: <<snip>>
    Subject: Cease and desist copyright infrigement!
    X-PHP-Script: adv-roebbenvelkeneers.be/ad/sendme.php for 82.195.232.218
    From: Andrew Webber - Arizonakey.com <andrew.webber@arizonakey.com>
    Reply-To: 
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1QQ0VZ-0006P0-1z@s01.gt-networks.be>
    Date: Fri, 27 May 2011 19:07:33 +0200
    If you see such e-mail, disregard it / throw it away.
    I got them too. Weird.
    AS395558

  7. #7
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,040
    you guys have directadmin by any chance?

    the email list DB was hacked 2 days back

    I also got the email on 2 email accounts. one of them private, the other not private but also not used for things like registrations.

  8. #8
    We got it too - first time without attachment. Second one with an attached 'Document.doc' which has an embedded exe disguised to look like a pdf. Bad spelling, mistakes etc, obviously a scam. I have alerted the arizonakey.com website.
    * www.valuevps.co.uk - Quality VPS's at affordable prices in the UK | Telephone: +44 (0)1325 586003
    * Full and part cabinets - Dedicated Servers - Colocation - cPanel Hosting - Windows VPS - DirectAdmin Hosting - Reseller Accounts

  9. #9
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,040
    incidently both MSE and nod32 say there is no malware but I am going to submit the file regardless.

  10. #10
    Join Date
    Apr 2001
    Location
    Paradise
    Posts
    12,052
    Got the same too, and I do have an account with DA.
    Shared Web Hosting - Reseller Hosting - Semi-Dedicated Servers - SolusVM/XEN VPS
    LiteSpeed Powered - R1Soft Continuous Data Protection - 24/7 Chat/Email/Helpdesk Support
    Cpanel/WHM - Softaculous - R1soft Backup - Litespeed - Cloudlinux -Site Builder- SSH support - Account Migration
    DowntownHost LLC - In Business since 2001- West/Center/East USA - Netherlands - Singapore

  11. #11
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,645
    Quote Originally Posted by Chrysalis View Post
    you guys have directadmin by any chance?

    the email list DB was hacked 2 days back

    I also got the email on 2 email accounts. one of them private, the other not private but also not used for things like registrations.
    I do indeed have DirectAdmin account. Tsk tsk..
    AS395558

  12. #12
    Quote Originally Posted by Jedito View Post
    I do have an account with DA.
    So do I...
    HostXNow - Shared Web Hosting | Semi Dedicated Hosting | Enterprise Reseller Hosting | VPS Hosting

  13. #13
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,800
    Quote Originally Posted by Chrysalis View Post
    you guys have directadmin by any chance?

    the email list DB was hacked 2 days back

    I also got the email on 2 email accounts. one of them private, the other not private but also not used for things like registrations.
    Yep, I have a DA account. It's most likely the same attacker. These emails were sent to 3 of my addresses and DA is the only place I've used all 3 to communicate with in the past.

    Crafty to use a subject that most web hosts would care about -- copyright infringing files on our servers.

  14. #14
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,645
    Quote Originally Posted by WickedFactor View Post
    Yep, I have a DA account. It's most likely the same attacker. These emails were sent to 3 of my addresses and DA is the only place I've used all 3 to communicate with in the past.

    Crafty to use a subject that most web hosts would care about -- copyright infringing files on our servers.
    I opened the email + attachment on my phone for lols..

    Its just a 2 year old blackberry, I could use a new phone anyway
    AS395558

  15. #15
    Join Date
    Mar 2002
    Location
    Mobile, AL USA
    Posts
    325
    I just got it too. Pretty sure this is from DirectAdmin hack from yesterday. This sucks.
    Nik Martin
    nfina Technologies, Inc.
    +1.251.243.0043 x1003
    Server Hardware, Storage, and Turnkey systems for Service Providers

  16. #16
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,800
    Thanks Dougy for informing DA of this thread. Was just about to do the same.

  17. #17
    Join Date
    Jan 2002
    Location
    UK
    Posts
    1,040
    yeah I think its DA related since you all confirming.

    Both my email address's I guess are on there, one defenitly is, will need to check the other.

  18. #18
    Join Date
    Mar 2002
    Location
    Mobile, AL USA
    Posts
    325
    Oh, this may be VERY BAD:

    Looking at the mail headers, is this:

    adv-roebbenvelkeneers.be/ad/sendme.php

    That site: adv-roebbenvelkeneers.be
    is a directadmin site. The hackers may have compromised WAAAAY more than we thought
    Nik Martin
    nfina Technologies, Inc.
    +1.251.243.0043 x1003
    Server Hardware, Storage, and Turnkey systems for Service Providers

  19. #19
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,645
    Quote Originally Posted by ServerCorps View Post
    Oh, this may be VERY BAD:

    Looking at the mail headers, is this:

    adv-roebbenvelkeneers.be/ad/sendme.php

    That site: adv-roebbenvelkeneers.be
    is a directadmin site. The hackers may have compromised WAAAAY more than we thought
    That could also just as equally be FUD.
    AS395558

  20. #20
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,800
    I could be wrong, but wouldn't that indicate an insecure php mailer script that was being used to relay? I don't think that domain being hosted on a DA server means that DA itself was compromised.

  21. #21
    Join Date
    Jan 2010
    Location
    San Francisco
    Posts
    1,800
    Different header on the later email w/ attachment:

    Return-Path: <andrew.webber@arizonakey.com>
    Delivered-To: <snip>
    Received: (qmail 18076 invoked by uid 0); 27 May 2011 18:34:17 -0000
    Received: from bbdns1.dnsx1.com.au (69.50.198.190)
    by <snip> with (DHE-RSA-AES256-SHA encrypted) SMTP; 27 May 2011 18:34:16 -0000
    Received: from localhost ([127.0.0.1]:42045 helo=bbdns1.dnsx1.com.au)
    by bbdns1.dnsx1.com.au with esmtp (Exim 4.69)
    (envelope-from <andrew.webber@arizonakey.com>)
    id 1QQ1rT-0006j3-3y
    for <snip>; Sat, 28 May 2011 04:34:15 +1000
    Content-Type: multipart/mixed; boundary="===============1632328096=="
    MIME-Version: 1.0
    Subject: Cease and desist copyright infrigement!
    To: Recipients <andrew.webber@arizonakey.com>
    From: Andrew Webber - Arizonakey.com<andrew.webber@arizonakey.com>
    Date: Sat, 28 May 2011 04:34:13 +1000
    X-Mailer: sendmail

  22. #22
    Join Date
    Mar 2002
    Location
    Mobile, AL USA
    Posts
    325
    Quote Originally Posted by Dougy View Post
    That could also just as equally be FUD.
    I hope so!
    Headers:
    Code:
    Delivered-To: xxxxxx@servercorps.com
    Received: by 10.52.156.169 with SMTP id wf9cs74230vdb;
            Fri, 27 May 2011 10:17:47 -0700 (PDT)
    Received: by 10.227.168.132 with SMTP id u4mr2328399wby.50.1306516666461;
            Fri, 27 May 2011 10:17:46 -0700 (PDT)
    Return-Path: <roebben@adv-roebbenvelkeneers.be>
    Received: from s01.gt-networks.be (s01.gt-networks.be [94.103.146.92])
            by mx.google.com with ESMTPS id fe21si3953255wbb.84.2011.05.27.10.17.45
            (version=TLSv1/SSLv3 cipher=OTHER);
            Fri, 27 May 2011 10:17:46 -0700 (PDT)
    Received-SPF: pass (google.com: domain of roebben@adv-roebbenvelkeneers.be designates 94.103.146.92 as permitted sender) client-ip=94.103.146.92;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of roebben@adv-roebbenvelkeneers.be designates 94.103.146.92 as permitted sender) smtp.mail=roebben@adv-roebbenvelkeneers.be
    Received: from apache by s01.gt-networks.be with local (Exim 4.76)
    	(envelope-from <roebben@adv-roebbenvelkeneers.be>)
    	id 1QQ0fS-0002RU-Io
    	for xxxxx@servercorps.com; Fri, 27 May 2011 19:17:46 +0200
    To: xxxxxx@servercorps.com
    Subject: Cease and desist copyright infrigement!
    X-PHP-Script: adv-roebbenvelkeneers.be/ad/sendme.php for 82.195.232.218
    From: Andrew Webber - Arizonakey.com <andrew.webber@arizonakey.com>
    Reply-To: 
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1QQ0fS-0002RU-Io@s01.gt-networks.be>
    Date: Fri, 27 May 2011 19:17:46 +0200
    Last edited by nik martin; 05-27-2011 at 03:27 PM. Reason: added headers
    Nik Martin
    nfina Technologies, Inc.
    +1.251.243.0043 x1003
    Server Hardware, Storage, and Turnkey systems for Service Providers

  23. #23
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    5,073
    Got 3 over here on the same email we contacted DA on for licensing.

    Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  24. #24
    Join Date
    Mar 2009
    Posts
    3,816
    If anyone has the PDF, upload it to virustotal.com and http://wepawet.iseclab.org and link a result page please

  25. #25
    Join Date
    May 2010
    Location
    The Netherlands
    Posts
    1,418
    Yes, i have received it too! It is scam. Do not open it. I'll contact directadmin now!

    Edit: contacted DirectAdmin.
    Last edited by HostSlim-R; 05-27-2011 at 03:35 PM.
    ★★★★★
    HostSlim - Premium Managed Hosting Solutions
    Dedicated & Premium Hosting - Premium Network - 1.6Tbps DDoS Protection Available - OWN DATACENTER NETHERLANDS
    Resell Whitelabel Dedicated Servers - Twitter: @HostSlim - www.HostSlim.eu - Facebook: @HostSlimBV

Page 1 of 2 12 LastLast

Similar Threads

  1. SCAM Alert ***
    By Gusvision in forum Reseller Hosting
    Replies: 52
    Last Post: 04-26-2010, 10:25 PM
  2. scam alert
    By moreilly in forum Web Hosting Lounge
    Replies: 4
    Last Post: 02-26-2008, 12:52 AM
  3. Scam Alert!!!
    By dtheehost in forum Reseller Hosting
    Replies: 18
    Last Post: 02-12-2005, 02:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •