--- hypronix <hypronix@yahoo.com> wrote:

> From hypronix Mon Jul 18 01:42:50 2005
> Received: from [inferno] by web40702.mail.yahoo.com via HTTP; Mon,
> 18 Jul 2005 01:42:50 PDT
> Date: Mon, 18 Jul 2005 01:42:50 -0700 (PDT)
> From: hypronix <>
> Subject: Fwd: Account investigation warning [Sat, 16 Jul 2005 17:44:24
> -0300]
> To: abuse@thrunet.com
> CC: Report@doshelp.com, emailhoax@abnamro.com
> Bcc: this.blog
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="0-1059165754-1121676170=:3036"
> Content-Transfer-Encoding: 8bit
> Content-Length: 11679
>
> Please consider the following site as it is phishing information from
> customers of LaSalle Bank:
>
> http://211.59.14.67:680/rock/la
>
> The IP was traced in the range owned by Thrunet.com so I feel it is your
> company's responsibility to remove this website.
>
> [code]
>
> root@inferno root # whois 211.59.14.67
> query: 211.59.14.67
>
> # ENGLISH
>
> KRNIC is not a ISP but a National Internet Registry similar to APNIC.
> The followings are information of the organization that is using the
> IPv4
> address.
>
> IPv4 Address : 211.59.14.0-211.59.14.255
> Network Name : THRUNET-INFRA
> Connect ISP Name : THRUNET
> Connect Date : 20031218
> Registration Date : 20040922
>
> [ Organization Information ]
> Organization ID : ORG35266
> Org Name : Thrunet Co., Ltd.
> State : SEOUL
> Address : Thrunet IDC B/D, 1338-5, Seocho-2dong, Seocho-ku
> Zip Code : 137-072
>
> {rest of `whois` query response removed}
>
> root@inferno root # traceroute 211.59.14.67
> traceroute to 211.59.14.67 (211.59.14.67), 64 hops max, 52 byte packets
> 1 gw.freeshell.org (192.94.73.62) 0.561 ms 0.456 ms 0.434 ms
> 2 sl-gw28-fw-6-1-0-TS12.sprintlink.net (160.81.88.133) 7.793 ms
> 4.217
> ms sl-gw28-fw-6-1-0-TS22.sprintlink.net (160.81.88.169) 4.172 ms
> 3 sl-bb20-fw-2-0.sprintlink.net (144.232.12.161) 4.765 ms 11.605 ms
> 4.328 ms
> 4 sl-st21-dal-13-0.sprintlink.net (144.232.20.81) 13.704 ms 20.444
> ms
> 5.519 ms
> 5 so1-1-0-2488M.ar1.DAL2.gblx.net (208.51.134.33) 8.669 ms 22.219 ms
>
> 5.216 ms
> 6 so3-0-0-2488M.ar3.PAO2.gblx.net (67.17.94.97) 63.463 ms 48.682 ms
> 61.869 ms
> 7 ANC-Korea-Thrunet-Co-MOVE.ge-6-0-0.ar3.PAO2.gblx.net (67.17.163.22)
> 47.251 ms 48.811 ms 46.915 ms
> 8 211.110.7.101 (211.110.7.101) 200.778 ms 182.630 ms 184.053 ms
> 9 210.117.126.25 (210.117.126.25) 209.756 ms 201.706 ms 194.725 ms
> 10 210.117.121.130 (210.117.121.130) 184.155 ms 195.527 ms 221.298
> ms
> 11 210.117.121.169 (210.117.121.169) 225.086 ms 228.391 ms 195.173
> ms
> 12 dom1-incheon1.thrunet.com (210.117.127.162) 202.972 ms 197.256 ms
> 196.719 ms
> 13 210.221.6.54 (210.221.6.54) 196.707 ms 196.231 ms 206.281 ms
> 14 211.59.14.67 (211.59.14.67) 205.825 ms 192.363 ms 215.165 ms
>
> {traceroute information obtained through a remote shell}
>
> [/code]
>
> I thank you in advance for the steps taken in removing this thread from
> the Internet. This e-mail has also been CC-ed to ABNA MRO to allow them
> to
> take necessary steps as they see fit.
>
>
> Note: forwarded message attached.
>

BLOGGER NOTE: I had to re-fwd the e-mail because I keep forgetting that
Blogger doesn't accept attachments of sorts... sorry for the formatting
mishaps and whatnot.

____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs