* (On 5 Oct 19:45)(Off 5 Oct) Policy Enforcement of ******* LTSV-****-********* at 216.32.94.219 for Hack Site
ID:
***-*****-***
Status:
closed
Priority:
unassigned
Opened:
Thu Oct 05 2006 03:41PM
Last Msg:
Thu Oct 12 2006 07:52PM
Due:
Fri Oct 06 2006 03:41PM
Thu Oct 05 2006 02:38PM by abuse@abuse.savvis.net
Dear Administrator,
It has come to our attention that you, or one of your clients, are
hosting a phishing site at the below URL:
http://www.freehax.com/post.php?t=v&h=2023&i=1
This content is a violation of the SAVVIS AUP
(http://www.savvis.net/customer/aup.html)
Accordingly you have 1 hour to disable access to the phishing site in
question or face immediate null routing of the IP involved and possible
suspension of your service and termination of your contract without
further notice.
Sincerely,
SAVVIS Abuse Team - Mitchell-05
Email: abuse@abuse.savvis.net / Case # 822180
Address: 1 SAVVIS Pkwy, Town & Country, MO 63017
Phone: 1-888-638-6771
**This message contains information which may be confidential and/or
privileged. Unless you are the intended recipient (or authorized to
receive for the intended recipient), you may not read, use, copy or
disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the
sender by reply e-mail at abuse@abuse.savvis.net and delete the message
and any attachment(s) thereto without retaining any copies.**
-------- Original Message --------
Subject: [CMTD4767] OpsSec Countermeasures Reply
Date: Thu, 5 Oct 2006 15:18:43 -0400
From: AOL OpsSec Countermeasures <antiphishing@aol.net>
To: abuse@layeredtech.com, abuse@savvis.net
The following message is a reply to your previous email regarding:
http://www.freehax.com/post.php?t=v&h=2023&i=1
Confidential AOL information is being hosted at the below URL. Please
remove the content or ask the site owners to remove it. thanks
SAVVIS Abuse Team - Mitchell-05
Email: abuse@abuse.savvis.net / Case # 822180
Address: 1 SAVVIS Pkwy, Town & Country, MO 63017
Phone: 1-888-638-6771
**This message contains information which may be confidential and/or
privileged. Unless you are the intended recipient (or authorized to
receive for the intended recipient), you may not read, use, copy or
disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the
sender by reply e-mail at abuse@abuse.savvis.net and delete the message
and any attachment(s) thereto without retaining any copies.**
-------- Original Message --------
Subject: CRITICAL – Layered Technologies – SAVVIS Case 822180 – PHISH
site – 1 Issue – 216.32.94.219
Date: Thu, 05 Oct 2006 14:38:26 -0500
From: SAVVIS Abuse <abuse@abuse.savvis.net>
Reply-To: abuse@abuse.savvis.net
To: Layered Technologies Abuse & Policy Enforcement Department
<abuse@layeredtech.com>
Dear Administrator,
It has come to our attention that you, or one of your clients, are
hosting a phishing site at the below URL:
http://www.freehax.com/post.php?t=v&h=2023&i=1
This content is a violation of the SAVVIS AUP
(http://www.savvis.net/customer/aup.html)
Accordingly you have 1 hour to disable access to the phishing site in
question or face immediate null routing of the IP involved and possible
suspension of your service and termination of your contract without
further notice.
Sincerely,
SAVVIS Abuse Team - Mitchell-05
Email: abuse@abuse.savvis.net / Case # 822180
Address: 1 SAVVIS Pkwy, Town & Country, MO 63017
Phone: 1-888-638-6771
**This message contains information which may be confidential and/or
privileged. Unless you are the intended recipient (or authorized to
receive for the intended recipient), you may not read, use, copy or
disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the
sender by reply e-mail at abuse@abuse.savvis.net and delete the message
and any attachment(s) thereto without retaining any copies.**
-------- Original Message --------
Subject: [CMTD4767] OpsSec Countermeasures Reply
Date: Thu, 5 Oct 2006 15:18:43 -0400
From: AOL OpsSec Countermeasures <antiphishing@aol.net>
To: abuse@layeredtech.com, abuse@savvis.net
The following message is a reply to your previous email regarding:
http://www.freehax.com/post.php?t=v&h=2023&i=1
Confidential AOL information is being hosted at the below URL. Please
remove the content or ask the site owners to remove it. thanks
Thu Oct 05 2006 03:49PM by savvis-abuse@layeredtech.com
To: abuse@abuse.savvis.net
We apologize for the delay.
We are taking immeidate action against this client. We will update you shortly.
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 03:55PM by savvis-abuse@layeredtech.com
Ticket #ADU-34132-893
From: abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
Subject: ((CRITICAL)) Policy Enforcement of ******* LTSV-****-********* at 216.32.94.219 for Hack Site
NOTES: ** This issue has been marked Critical by our upstream provider,
giving you 1 hour to remove the site. failing to do so within 1 hour
will result in a server disconnection and a review for cancellation.
Remove http://www.freehax.com/ and it's user from our network.
Dear Client,
This Policy Enforcement Notice for Acceptable Use Policy violation
available at http://www.layeredtech.com/aup.shtml is issued based on
complaints or logs attached or included below. All domains, sites,
users, or exploits causing this issue must be removed from the server
and our network. If you believe the complaints or logs are wrong or the
IP of the abuse is not your server, we will review the issue again.
You must reply to this notice within the time frame given to avoid
disconnection. Pending your reply with your comments, questions, or
actions to resolve this issue, the server is:
[] Monitored for Additional Violations
[] Accessed for Investigation, Cleaning, Hardening, or Securing
[x] Disconnected in: [] 24-Hours [] 12-Hours [] 6-Hours [] 3-Hour [x] 1-Hour [] 0-Hours
[] Required Reload Request with: [] New Client Required [] No Data Recovery [] Data Recovery Allowed
at http://support.layeredtech.com under "Open a Ticket"
[] Hard Drives Seized for Investigation
[] Null-Routed
[] Port Shutdown
[] On 30-Day Probation
[] Reviewed for Possible Cancellation
[] Cancelled
For the following reasons:
[] Child Porn C Hosting, Distributing, or Linking to Pornography Involving a Person Under Legal Age
[] Copyright L Hosting, Distributing, or Linking to Copyright Infringed Materials
[] Cracking H Brute Force Access of Secured Network Devices
[] DoS H Denial of Service Attack of Network Devices
[] Forgery M Faking an IP Address, Hostname, E-Mail Address, or Header
[] Fraud Site H Hosting or Linking to a Website Intended to Deceive the Public
[] Hacking H Circumventing Security Systems of Network Devices
[] HYIP Site M Hosting or Linking to a Website of High Yield Investment Program, Ponzi Scheme, or Pyramid Scheme
[] ID Theft H Hosting, Distributing, or Linking to Stolen Account Identification Information
[] Infection M Hosting, Distributing, or Linking to Exploits, Trojans, Viruses, or Worms
[] IRC Malicious M Malicious Use of Internet Relay Chat
[] IRC Unregistered L Internet Relay Chat Server not Registerd with Layered Technologies
[] Phishing H Identity Theft by Email Under False Pretense
[] ROKSO Spamhaus C ROKSO Blacklisting of an IP at www.spamhaus.org for Malicious Activity
[] Scanning M Probing for Vulnerabilities of Network Devices
[] Shells H Hosting Accounts Primarily for Shell Access
[] Spam Cannon E Sending High Volume Spam (UCE or UBE)
[] Spam Email L Unsolicited Commercial Email (UCE) or Unsolicited Bulk Email (UBE)
[] Spam List M Hosting, Distributing, or Linking to Email Address Lists for Spam
[] Spam Proxy C Hosting an Open Proxy Server Used for Spam
[] Spam Relay C Hosting an Open Mail Rely Used for Spam
[] Spam Hijack C Distributing Spam Through a Third Party Server Vulnerability
[] Spam Site L A Site Advertised by Spam Email or Spam Web
[] Spam Ware M Hosting, Distributing, or Linking to Software Designed for Spamming
[] Spam Web L Unsolicited, Bulk, or Forged Site Advertisement in Web Logs, Forums, or Guestbooks
[] Terrorist Site C Hosting or Linking to a Site Advocating Terrorism
[] Tools L Hosting, Distributing, or Linking to Cracking, DoS, Forgery,
Infection, or Scanning Software or Instruction
[] Trademark L Hosting, Distributing, or Linking to Trade Mark Infringed Materials
[] Wares L Hosting, Distributing, or Linking to Cracks, Hacks, KeyGens, Serials, or Pirated Software
[x] OTHER: HACK SITE C 1-HOUR
Following is a table explaining the typical times allowed for a
response from clients informing us of their active investigation into
an abuse issue. These times are not a guarantee and may be reduced on a
case-by-case basis depending on abuse history, number of current
complaints, upstream provider requirements, and other factors:
L = 24-Hour Low Issue
M = 12-Hour Medium Issue
H = 6-Hour High Issue
C = 3-Hour Critical Issue
E = 0-Hour Emergency Issue
Thank you for your cooperation,
Layered Technologies Abuse Team
Date: Thu, 05 Oct 2006 14:38:26 -0500
Dear Administrator,
It has come to our attention that you, or one of your clients, are
hosting a phishing site at the below URL:
http://www.freehax.com/post.php?t=v&h=2023&i=1
This content is a violation of the SAVVIS AUP
(http://www.savvis.net/customer/aup.html)
Accordingly you have 1 hour to disable access to the phishing site in
question or face immediate null routing of the IP involved and possible
suspension of your service and termination of your contract without
further notice.
Sincerely,
SAVVIS Abuse Team - Mitchell-05
Email: abuse@abuse.savvis.net / Case # 822180
Address: 1 SAVVIS Pkwy, Town & Country, MO 63017
Phone: 1-888-638-6771
**This message contains information which may be confidential and/or
privileged. Unless you are the intended recipient (or authorized to
receive for the intended recipient), you may not read, use, copy or
disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the
sender by reply e-mail at abuse@abuse.savvis.net and delete the message
and any attachment(s) thereto without retaining any copies.**
-------- Original Message --------
Subject: [CMTD4767] OpsSec Countermeasures Reply
Date: Thu, 5 Oct 2006 15:18:43 -0400
From: AOL OpsSec Countermeasures <antiphishing@aol.net>
To: abuse@layeredtech.com, abuse@savvis.net
The following message is a reply to your previous email regarding:
http://www.freehax.com/post.php?t=v&h=2023&i=1
Confidential AOL information is being hosted at the below URL. Please
remove the content or ask the site owners to remove it. thanks
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 04:10PM by abuse@abuse.savvis.net
Greetings Tom,
Do you have an update for me on this?
regards,
Mitchell-05
SAVVIS Security Abuse
Layered Technologies Abuse & Policy Enforcement Department wrote:
> To: abuse@abuse.savvis.net
>
> We apologize for the delay.
>
> We are taking immeidate action against this client. We will update you shortly.
>
> Thank you,
>
> Tom
> Layered Technologies
> Policy Enforcement Technician
>
> ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
>
>
>
Thu Oct 05 2006 04:21PM by abuse@abuse.savvis.net
Greetings all,
We originally sent notice on this nearly two hours ago. Please let us
know where you are on this presently. The link is still live and AOL
believes this is a "phish" site.
http://www.freehax.com/post.php?t=v&h=2023&i=1
Sincerely,
SAVVIS Abuse Team - Mitchell-05
Email: abuse@abuse.savvis.net / Case # 822180
Address: 1 SAVVIS Pkwy, Town & Country, MO 63017
Phone: 1-888-638-6771
**This message contains information which may be confidential and/or
privileged. Unless you are the intended recipient (or authorized to
receive for the intended recipient), you may not read, use, copy or
disclose to anyone the message or any information contained in the
message. If you have received the message in error, please advise the
sender by reply e-mail at abuse@abuse.savvis.net and delete the message
and any attachment(s) thereto without retaining any copies.**
-------- Original Message --------
Subject: [CMTD4767] OpsSec Countermeasures Reply
Date: Thu, 5 Oct 2006 15:18:43 -0400
From: AOL OpsSec Countermeasures <antiphishing@aol.net>
To: abuse@layeredtech.com, abuse@savvis.net
The following message is a reply to your previous email regarding:
http://www.freehax.com/post.php?t=v&h=2023&i=1
Confidential AOL information is being hosted at the below URL. Please
remove the content or ask the site owners to remove it. thanks
Thu Oct 05 2006 04:30PM by savvis-abuse@layeredtech.com
To: abuse@abuse.savvis.net
We have received 3 tickets for the same abuse issue. We have notified
the client and are allowing one hour to remove the site from our
network.
The content of the site is not a "traditional" phishing site as it is
not deceiving the public as AOL. There are posts on the site bragging
about being able to social engineer through AOL. If this were an actual
fraud site, the server would be disconnected.
We will update you on this issue as soon as the 1 hour timeframe has expired.
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 04:58PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
Server ID: ******* LTSV-****-*********
Base IP: 216.32.94.218
NOTE TO STAFF: CRITICAL DISCONNECT server for abuse issue.
NOTE TO CLIENT: Unfortunately, you have not replied to this issue in
the time given, so we are disconnecting this server at this time.
Thank you for your cooperation,
Layered Technologies Abuse Team
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 05:09PM by savvis-abuse@layeredtech.com
To: abuse@abuse.savvis.net
This server has been disconnected and will not be reconnected until the the client agrees to remove his end user and site.
PING 216.32.94.219 (216.32.94.219) 56(84) bytes of data.
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 05:36PM by imun**nospam**fair@yahoo.com
Client IP: ***.***.***.***
This is a forum, and I don't know of any posts that would qualify as
"phishing" - and I monitor it fairly closely. I was not even aware this
ticket was open until the server actually went down - please contact me
at imun**nospam**fair@yahoo.com if you need more details, I don't log in here
very often.
Are you sure that email actually came from AOL staff? There are a
number of people who would spoof emails in an attempt to see my site(s)
disconnected.
Just so there is no confusion, the domain name "freehax" is not related to hacking at all.
Let me know.
Thanks,
Tony
Thu Oct 05 2006 05:46PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
This issue has not been labeled as phishing/fraud site. This is marked
as a hack site which screenshots of various AOL hacks have been
documented along with a thread discussing how to "hack" AOL screenames.
AOL has contacted us via phone, email, and have notified our upstream
provider.
This server will NOT be reconnected until you agree to remove http://www.freehax.com and it's owner from our network.
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 06:05PM by imun**nospam**fair@yahoo.com
Client IP: ***.***.***.***
I have yet to see one working tool on the forum that has anything to do
with hacking - uploading files isn't even enabled currently. It is
quite clear that this isn't an ordinary request from the support ticked
being marked "OTHER". AOL is asking you to exercise censorship of a
forum in which users occasionally discuss their service, which is quite
unreasonable. AOL is well known for this type of action - pressuring
ISPs to censor users for petty reasons which have no legal standing.
Please respect the free speech of the forum users.
I also read through the acceptable use policy - and there is nothing
mentioned which is violated by that forum. Please reenable the server.
Thu Oct 05 2006 06:47PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
As stated in my last reply, this server will not be reconnected until
you have agreed to remove http://www.freehax.com and it's owner from
our network.
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 07:07PM by imun**nospam**fair@yahoo.com
Client IP: ***.***.***.***
Fine. Please put the server back online so I can backup the data and move it to a new hosting provider.
Thu Oct 05 2006 07:15PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
Immediately after reconnection, this site MUST be suspended while you
remove it from our network. No page can be displayed stating "down for
maintenance" or any other such page. The site must resolve to a 404
error. If this is not done, the server will be re-disconnected and
reviewed for cancellation with no data retrieval.
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 07:16PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
Server ID: ******* LTSV-****-*********
Base IP: 216.32.94.218
NOTE TO STAFF: RECONNECT server for abuse cleanup.
NOTE TO CLIENT: YOU MUST REPLY WITHIN 2 HOURS AFTER RECONNECTION WITH
YOUR ACTIONS TO RESOLVE THIS ABUSE ISSUE OR THE SERVER WILL BE
RE-DISCONNECTED WITHOUT NOTICE.
Thank you for your cooperation,
Layered Technologies Abuse Team
Thank you,
Tom
Layered Technologies
Policy Enforcement Technician
ACCEPTABLE USE POLICY at http://layeredtech.com/aup.shtml
Thu Oct 05 2006 07:38PM by imun**nospam**fair@yahoo.com
Ping statistics for 216.32.94.218:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
How long do you expect it to take before it is back online so I can begin my backups/cleanup
Thu Oct 05 2006 08:07PM by savvis-abuse@layeredtech.com
To: imun**nospam**fair@yahoo.com
This server is online.
PING 216.32.94.218 (216.32.94.218) 56(84) bytes of data.
64 bytes from 216.32.94.218: icmp_seq=1 ttl=51 time=256 ms
64 bytes from 216.32.94.218: icmp_seq=2 ttl=51 time=31.4 ms
64 bytes from 216.32.94.218: icmp_seq=3 ttl=51 time=9.54 ms
64 bytes from 216.32.94.218: icmp_seq=4 ttl=51 time=7.58 ms
64 bytes from 216.32.94.218: icmp_seq=5 ttl=51 time=5.95 ms
File attachment #1:
File attachment #2: NOTE: New ticket replies may take a few minutes to appear in the ticket history.
This support portal and the contents therein (including all posts and
responses from Layered Technologies personnel) are copyrighted, with
all rights reserved. Customers and other third parties may not screen
capture, copy, distribute, or transmit such content without Layered
Technologies prior written consent.
