Return-path: <>
Envelope-to: solusito@nuna.solusitotal.com
Delivery-date: Mon, 02 Sep 2013 08:34:39 +0700
Received: from mailnull by nuna.solusitotal.com with local (Exim 4.80.1)
	id 1VGJ2N-0007S5-QY
	for solusito@nuna.solusitotal.com; Mon, 02 Sep 2013 08:34:39 +0700
X-Failed-Recipients: rizkyseluler@yahoo.co.id,
  no_reply@solusitotal.com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@nuna.solusitotal.com>
To: solusito@nuna.solusitotal.com
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1VGJ2N-0007S5-QY@nuna.solusitotal.com>
Date: Mon, 02 Sep 2013 08:34:39 +0700

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  rizkyseluler@yahoo.co.id
    (ultimately generated from no_reply@solusitotal.com)
    SMTP error from remote mail server after end of data:
    host mx-apac.mail.gm0.yahoodns.net [106.10.166.54]:
    554 Message not allowed - [PH01] Email not accepted for policy reasons.  Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]
  pipe to |/home/solusito/public_html/pipe/pipe.php
    generated by no_reply@solusitotal.com
    local delivery failed

The following text was generated during the delivery attempt:

------ pipe to |/home/solusito/public_html/pipe/pipe.php
       generated by no_reply@solusitotal.com ------

Could not exec '/home/solusito/public_html/pipe/pipe.php'

------ This is a copy of the message, including all the headers. ------

Return-path: <solusito@nuna.solusitotal.com>
Received: from solusito by nuna.solusitotal.com with local (Exim 4.80.1)
	(envelope-from <solusito@nuna.solusitotal.com>)
	id 1VGJ2D-0007Rk-Bg
	for no_reply@solusitotal.com; Mon, 02 Sep 2013 08:34:29 +0700
To: no_reply@solusitotal.com
Subject: Contact Form: Fraudulent Web Site Found on Server (http://207.7.87.183/~paranach/Frances/2da.html) [BBVAR20130901(2)]
X-PHP-Script: solusitotal.com/contact.php for 217.149.155.195
Date: Mon, 2 Sep 2013 08:34:29 +0700
From: Computer Emergency Response Team <antiphishing@s21sec.com>
Message-ID: <6af221230a9b96f4fdce8ac4a029cf83@solusitotal.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_6af221230a9b96f4fdce8ac4a029cf83"

--b1_6af221230a9b96f4fdce8ac4a029cf83
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable



To Whom It May Concern,



S21sec has been informed that there is currently a website hosted by your c=
ompany that is involved in a phishing scheme to obtain personal account inf=
ormation from the customers of our client. S21sec has received numerous com=
plaints and e-mails regarding the Web site listed below:



http://207.7.87.183/~paranach/Frances/2da.html





We enclose below the legitimate url for BBVA Argentina:

https://www.bancofrances.com.ar



According to published WHOIS and DNS data, the Web Site involved is owned a=
nd hosted by:



NetRange: 207.7.80.0 - 207.7.87.255

CIDR: 207.7.80.0/21

OriginAS: AS30496

NetName: PRIVATE-TX-3

NetHandle: NET-207-7-80-0-2

Parent: NET-207-7-80-0-1

NetType: Reallocated

RegDate: 2011-06-05

Updated: 2011-06-05

Ref: http://whois.arin.net/rest/net/NET-207-7-80-0-2



OrgName: PrivateSystems Networks TX

OrgId: PNT-5

Address: Colo4 c/o PrivateSystems Networks

Address: 3000 Irving Blvd

City: Dallas

StateProv: TX

PostalCode: 75247

Country: US

RegDate: 2011-06-03

Updated: 2011-08-23

Ref: http://whois.arin.net/rest/org/PNT-5



OrgAbuseHandle: PNA44-ARIN

OrgAbuseName: PrivateSystems Networks Abuse

OrgAbusePhone: +1-866-332-9894 

OrgAbuseEmail: abuse@privatesystems.net

OrgAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN



OrgTechHandle: NOC2915-ARIN

OrgTechName: Network Operations Center

OrgTechPhone: +1-866-332-9894 

OrgTechEmail: noc@privatesystems.net

OrgTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN



NetRange: 207.7.80.0 - 207.7.95.255

CIDR: 207.7.80.0/20

OriginAS: 

NetName: PRIVATE-3

NetHandle: NET-207-7-80-0-1

Parent: NET-207-0-0-0-0

NetType: Direct Allocation

RegDate: 2009-07-28

Updated: 2012-02-24

Ref: http://whois.arin.net/rest/net/NET-207-7-80-0-1



OrgName: PrivateSystems Networks

OrgId: KNOWN-1

Address: 1379 Dilworthtown Crossing

Address: Suite 214

City: West Chester

StateProv: PA

PostalCode: 19382

Country: US

RegDate: 2008-01-04

Updated: 2012-07-27

Ref: http://whois.arin.net/rest/org/KNOWN-1



OrgTechHandle: NOC2915-ARIN

OrgTechName: Network Operations Center

OrgTechPhone: +1-866-332-9894 

OrgTechEmail: noc@privatesystems.net

OrgTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN



OrgAbuseHandle: PNA44-ARIN

OrgAbuseName: PrivateSystems Networks Abuse

OrgAbusePhone: +1-866-332-9894 

OrgAbuseEmail: abuse@privatesystems.net

OrgAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN



OrgNOCHandle: NOC2915-ARIN

OrgNOCName: Network Operations Center

OrgNOCPhone: +1-866-332-9894 

OrgNOCEmail: noc@privatesystems.net

OrgNOCRef: http://whois.arin.net/rest/poc/NOC2915-ARIN



RTechHandle: NOC2915-ARIN

RTechName: Network Operations Center

RTechPhone: +1-866-332-9894 

RTechEmail: noc@privatesystems.net

RTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN



RNOCHandle: NOC2915-ARIN

RNOCName: Network Operations Center

RNOCPhone: +1-866-332-9894 

RNOCEmail: noc@privatesystems.net

RNOCRef: http://whois.arin.net/rest/poc/NOC2915-ARIN



RAbuseHandle: PNA44-ARIN

RAbuseName: PrivateSystems Networks Abuse

RAbusePhone: +1-866-332-9894 

RAbuseEmail: abuse@privatesystems.net

RAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN







On behalf of our client, S21sec requests that the Web site(s) listed above =
be deactivated and the domain name removed from your servers. Our client wo=
uld like you to provide S21sec with the source code, including any data col=
lected, of this Web site for analysis to help prevent further phishing sche=
mes. If any customer data has been collected, it will be forwarded to our c=
lient so that they may notify their customers regarding this issue and take=
 other appropriate actions as needed.



S21sec is the leading company specialized in computer security services. It=
 was founded in 2000 with the aim of preventing and managing organization r=
isks and people in the digital world. 



Please contact us if any further information is required to expedite the pr=
ocess of removing this Web site from service. If needed, forward this e-mai=
l and request to the appropriate contact that is able to deactivate this si=
te.

-- 

Regards,





Computer Emergency Response Team (C.E.R.T)

e-mail: antiphishing@s21sec.com

Phone number: +34 914903747

https://cert.s21sec.com

www.s21sec.com







--b1_6af221230a9b96f4fdce8ac4a029cf83
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<p><a href=3D"https://solusitotal.com/index.php" target=3D"_blank"><img src=
=3D"https://solusitotal.com/images/logo.png" alt=3D"SolusiTOTAL" border=3D"=
0"></a></p><font style=3D"font-family:Verdana;font-size:11px"><p>To Whom It=
 May Concern,<br />
<br />
S21sec has been informed that there is currently a website hosted by your c=
ompany that is involved in a phishing scheme to obtain personal account inf=
ormation from the customers of our client. S21sec has received numerous com=
plaints and e-mails regarding the Web site listed below:<br />
<br />
http://207.7.87.183/~paranach/Frances/2da.html<br />
<br />
<br />
We enclose below the legitimate url for BBVA Argentina:<br />
https://www.bancofrances.com.ar<br />
<br />
According to published WHOIS and DNS data, the Web Site involved is owned a=
nd hosted by:<br />
<br />
NetRange: 207.7.80.0 - 207.7.87.255<br />
CIDR: 207.7.80.0/21<br />
OriginAS: AS30496<br />
NetName: PRIVATE-TX-3<br />
NetHandle: NET-207-7-80-0-2<br />
Parent: NET-207-7-80-0-1<br />
NetType: Reallocated<br />
RegDate: 2011-06-05<br />
Updated: 2011-06-05<br />
Ref: http://whois.arin.net/rest/net/NET-207-7-80-0-2<br />
<br />
OrgName: PrivateSystems Networks TX<br />
OrgId: PNT-5<br />
Address: Colo4 c/o PrivateSystems Networks<br />
Address: 3000 Irving Blvd<br />
City: Dallas<br />
StateProv: TX<br />
PostalCode: 75247<br />
Country: US<br />
RegDate: 2011-06-03<br />
Updated: 2011-08-23<br />
Ref: http://whois.arin.net/rest/org/PNT-5<br />
<br />
OrgAbuseHandle: PNA44-ARIN<br />
OrgAbuseName: PrivateSystems Networks Abuse<br />
OrgAbusePhone: +1-866-332-9894 <br />
OrgAbuseEmail: abuse@privatesystems.net<br />
OrgAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN<br />
<br />
OrgTechHandle: NOC2915-ARIN<br />
OrgTechName: Network Operations Center<br />
OrgTechPhone: +1-866-332-9894 <br />
OrgTechEmail: noc@privatesystems.net<br />
OrgTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN<br />
<br />
NetRange: 207.7.80.0 - 207.7.95.255<br />
CIDR: 207.7.80.0/20<br />
OriginAS: <br />
NetName: PRIVATE-3<br />
NetHandle: NET-207-7-80-0-1<br />
Parent: NET-207-0-0-0-0<br />
NetType: Direct Allocation<br />
RegDate: 2009-07-28<br />
Updated: 2012-02-24<br />
Ref: http://whois.arin.net/rest/net/NET-207-7-80-0-1<br />
<br />
OrgName: PrivateSystems Networks<br />
OrgId: KNOWN-1<br />
Address: 1379 Dilworthtown Crossing<br />
Address: Suite 214<br />
City: West Chester<br />
StateProv: PA<br />
PostalCode: 19382<br />
Country: US<br />
RegDate: 2008-01-04<br />
Updated: 2012-07-27<br />
Ref: http://whois.arin.net/rest/org/KNOWN-1<br />
<br />
OrgTechHandle: NOC2915-ARIN<br />
OrgTechName: Network Operations Center<br />
OrgTechPhone: +1-866-332-9894 <br />
OrgTechEmail: noc@privatesystems.net<br />
OrgTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN<br />
<br />
OrgAbuseHandle: PNA44-ARIN<br />
OrgAbuseName: PrivateSystems Networks Abuse<br />
OrgAbusePhone: +1-866-332-9894 <br />
OrgAbuseEmail: abuse@privatesystems.net<br />
OrgAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN<br />
<br />
OrgNOCHandle: NOC2915-ARIN<br />
OrgNOCName: Network Operations Center<br />
OrgNOCPhone: +1-866-332-9894 <br />
OrgNOCEmail: noc@privatesystems.net<br />
OrgNOCRef: http://whois.arin.net/rest/poc/NOC2915-ARIN<br />
<br />
RTechHandle: NOC2915-ARIN<br />
RTechName: Network Operations Center<br />
RTechPhone: +1-866-332-9894 <br />
RTechEmail: noc@privatesystems.net<br />
RTechRef: http://whois.arin.net/rest/poc/NOC2915-ARIN<br />
<br />
RNOCHandle: NOC2915-ARIN<br />
RNOCName: Network Operations Center<br />
RNOCPhone: +1-866-332-9894 <br />
RNOCEmail: noc@privatesystems.net<br />
RNOCRef: http://whois.arin.net/rest/poc/NOC2915-ARIN<br />
<br />
RAbuseHandle: PNA44-ARIN<br />
RAbuseName: PrivateSystems Networks Abuse<br />
RAbusePhone: +1-866-332-9894 <br />
RAbuseEmail: abuse@privatesystems.net<br />
RAbuseRef: http://whois.arin.net/rest/poc/PNA44-ARIN<br />
<br />
<br />
<br />
On behalf of our client, S21sec requests that the Web site(s) listed above =
be deactivated and the domain name removed from your servers. Our client wo=
uld like you to provide S21sec with the source code, including any data col=
lected, of this Web site for analysis to help prevent further phishing sche=
mes. If any customer data has been collected, it will be forwarded to our c=
lient so that they may notify their customers regarding this issue and take=
 other appropriate actions as needed.<br />
<br />
S21sec is the leading company specialized in computer security services. It=
 was founded in 2000 with the aim of preventing and managing organization r=
isks and people in the digital world. <br />
<br />
Please contact us if any further information is required to expedite the pr=
ocess of removing this Web site from service. If needed, forward this e-mai=
l and request to the appropriate contact that is able to deactivate this si=
te.<br />
-- <br />
Regards,<br />
<br />
<br />
Computer Emergency Response Team (C.E.R.T)<br />
e-mail: antiphishing@s21sec.com<br />
Phone number: +34 914903747<br />
https://cert.s21sec.com<br />
www.s21sec.com<br />
<br />
</p>


--b1_6af221230a9b96f4fdce8ac4a029cf83--