RSS

“Dr. Kwesi EDMalik.”

28 Oct

Employment (Business) Scam – Nigerian 419 Scammer

NOTE: Project Honey Pot has detected malicious behavior with the IP Address (58.211.138.27) associated with this scammer. Additional information posted at end of this post.

Name/Email-Address: Kwesi EDMalik <> achizitii@primariacovasna.ro <> kwesied.malik@voila.fr
Subject: Business Partnership
Email: Dear Friend,
 I know that this message will come to you as a surprise, I am the Auditing and Accounting section manager with a Bank here in Accra Ghana which the name will be introduce to you. I Hope that you will not expose or betray this trust and confident that I am about to repose on you for the mutual benefit of our both families. I need your urgent assistance in transferring the sum of($10.5)Million to your account within 10 or 14 banking days. This money has been dormant for years in our Bank without claim, I want the bank to release the money to you as the nearest person to our deceased customer late Kipkalya Kones. who died in plane crash Six-seater Cessna crashed in western Kenya since 10 June 2008.
 
You can read more about the crash through this website:     http://edition.cnn.com/2008/WORLD/africa/06/10/kenya.crash/index.html
 
I don’t want the money to go into government treasury as an abandoned fund. So this is the reason why I am contacting you so that the bank can release the money to you as the next of kin to the deceased customer. Please I would like you to keep this proposal as atop secret and delete it if you are not interested. Upon receipt of your reply, I will give you full details on how the business will be executed and also note that you will have 40% of the above mentioned sum if you agree to handle this business with me.
 
I am expecting your urgent response as soon as you receive my message.
 
Best Regard,
 Dr. Kwesi EDMalik.
 
HEADER:
Return-Path:   <achizitii@primariacovasna.ro>
X-YahooFilteredBulk:   202.123.2.16
Received-SPF:   none (domain of primariacovasna.ro does not designate permitted sender hosts)
X-YMailISG:   .Z.SqFMWLDuW0E474YOI52xevJuOZipRmrKTgD1gQFwpq6uO t3C3k3VRbX.gDsBPJ8.8xxCbkw9N.Ol_tyut4wqxVqQVFQGUUbZ.wZcRTI_W MaF7K7NeC9yJCqe_eAyxre.qtz4nUJP058YKonDIHHnljfHtLevbaaHg7L3v wdELHFRdd_l20xa1B3yCqjt6q4ko8wNxJ9lur7r2T049nWFdAsn6gB1AwUHT rEqEZWPHB57v94q31wWXZTjMTZk0uP4dq6zoW.H_hlGcwuouHH6ovzDetBZi fXitUaTg75lSxiYOpzSRZQ7DOfBZzFq4TkuEB9boYYawJUira5nqVUr8mRIL OmYp0pMr9wpkYMwebNxUCNVzprcqcrzmrFYFNWOE7zAeuz8Hib83p0UcFFGC uAoPh8H5Wll7j.VNvYHQ60CmVgevzPCXGcy6vqrXSAO8S9nRL7jiDEB6.iHB V.TonraT.Lu3dVVgHDFanHWWIV2HxsjeBviphL.u2s0t7l7p5.lPqGVTITk1 GUfFOIcze_y3G0piauFl.BXthQECCfiFTWKwSpnKIEbASe.LHNs.XJBQpGIu Dv4OeC88OM4Db2b5.tCzBfo69PyPoKDl1UTvTQIp2ISeMBjJvbbg5rO.v2AC XrE_7mPGotbdHy5FgBwjeBXvPolzBf0nMbWjTsgKvc8RV0CacrNshe6_iR1c WtbtoE4dwjR3Ar2u0PWAJeug3MlJkZJr8VeY1PW0ScD3.OZ.53kGi2bQ4uX5 AlAtntJzOT1820BYgh1HoLKRZhkPIr5sEyrvJQTv2lXqzcnGUOL5bahaKk3U 90.1aDWHO6gae0mla84L0pVzKUWVVvVBs7TNmjv64qdHVd2C3pz8U6nxwNj1 JrCQOoV0._ZxacnkhHN_ileYpZKotPQPqA.Y7SH5vnW6K4nS1LozZEyb71Kd nxKfAmcu2DED7.F2MAkiyYGY5.3GwxYvKt2JSDgnN6NBAKZN_YOmg.uFNvZF JhQMoyfhcJg3CICSPj0oeH_3gcz3sqzYgusN2PlPjV21XwcHT6jZZIiE1KUL m3PW4HVzyohE4qirpRrnKd1kXgaEw5yNy66UfW8_BmjT35vTPXeNp79kOMAJ UcbvcHkIiLyPJ5rFdVzQ39fR3gaRAj1LkO1o1vsJt5IieRe13_iR2JD67.YJ jWhIugRnSJ.3jugQv3h9HLL8mEiuGn9tq1LGjm1QShBwV5w3cmtn4ZQLOKX_ u9NgSS7gYJV0ZumkHLMVhR.ylBJB_T4TeL8vKp9vROjzxQBVgA_5wjdBmvpW LngyLkqEyVabwcGD2kt0H92u4dUHvhs4kzEJg_OQUz1bvgKMQ0Plr7561IVa qC5jy45DuSaHPJV_oNfXBxVf.IftafmRt0pe_lqS6AEn1VO9a1jENUIFOqh8 2Rp4U2tzdQi0nW1MM4hh_Au2RN9UBpaxQoZmhj4IvpU4WvDzliYrmOUyRGxq tnoon_tfTc2arfAjEWU2D8v_nC3DpmDw8Z1gduU2b4fPce5oCUpccw79h52m f.ECZT9H1aU_nuQ1ox6.bSgD.unq7DdlLnUmtxmJqpiI9mWbIEOnk04df70f 1N4m1ecVKypzxQUdkWNyeze0k8pDbizgcS4XeYX5gnW4B6iaFweIyBIWvS4H 8oMAjfv8zpcVqcaGffx_TMoFjDegdXgp8SAG95w0oA4F6fsVRtaf.6EAnHAX H_zzSBv7Ucuewy_ZdOVlYqcRSZ97PxqXgQCWO_DuM.ZSqbtbuvWneFohDLOE YrW5.xoNuugDcef992N4yv2UjI.tsqlVK6nlb0O7BeZnhVBGQ857REwFbZLz mkcM7BRaAQNN7kfSsmXEl0ta95mrtvtUyOC6kg1U1U3mwxcxeYWsgDZCBAmr P._RVjoWtcVJ
X-Originating-IP:   [202.123.2.16]
Authentication-Results:   mta1186.mail.gq1.yahoo.com from=primariacovasna.ro; domainkeys=neutral (no sig); from=primariacovasna.ro; dkim=neutral (no sig)
Received:   from 127.0.0.1 (EHLO smtp1.intnet.mu) (202.123.2.16) by mta1186.mail.gq1.yahoo.com with SMTP; Sun, 21 Oct 2012 04:01:36 -0700
Message-Id:   <11500a$9f9g56@smtpauth.intnet.mu>
Received:   from unknown (HELO User) ([58.211.138.27]) by smtpauth.intnet.mu with ESMTP; 20 Oct 2012 22:20:39 +0400
Reply-To:   <kwesied.malik@voila.fr>
From:  
“Dr. Kwesi EDMalik.”<achizitii@primariacovasna.ro>  
Subject:   Business Partnership
Date:   Sat, 20 Oct 2012 19:21:29 +0100
MIME-Version:   1.0
Content-Type:   text/html; charset=”Windows-1251″
Content-Transfer-Encoding:   7bit
X-Priority:   3
X-MSMail-Priority:   Normal
X-Mailer:   Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:   Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Length:   1865

Other usernames/email-addresses associated with 58.211.138.27 IP address is:

ip 58.211.138.27 email krofeverail@gsmadil.com user veharvasapo  

ip 58.211.138.27 email butoliirail@gsmadil.com user durecesap  

Other IPs, Email addresses and names/usernames that are also associated with this scammers IP address:

Sample Spam URLs & Keywords Posted From 58.211.138.27
Domain: vitarumors.com
URL: http://vitarumors.com/forums/index.php?topic=80951.new#new
Domain: fx-profit.info
URL: http://fx-profit.info/index.php/topic
Domain: thedarkcity.co
URL: http://thedarkcity.co/viewtopic.php?f=4&t=255875
Domain: quankhu7.heliohost.org
URL: http://quankhu7.heliohost.org/phpbb202/viewtopic.php?p=9309#9309
Domain: microdark.kicks-ass.net
URL: http://microdark.kicks-ass.net/forum/viewtopic.php?f=10&t=41398
Domain: rxdoctoronline.com
URL: http://rxdoctoronline.com/pictname/lasix.jpg
Domain: rxdoctoronline.com
URL: http://rxdoctoronline.com/buy-lasix-se.html
Domain: autoulger.de
URL: http://autoulger.de/forum/index.php?topic=86251.new#new
Domain: www.forum-komputery.pl
URL: http://www.forum-komputery.pl/viewtopic.php?f=12&t=169288
Domain: www.paulpattarapon.com
URL: http://www.paulpattarapon.com/board/index.php?topic=32830.new#new
Domain: leagueofbugs.com
URL: http://leagueofbugs.com/forum/viewtopic.php?f=6&t=29439
Domain: www.explorer-rf.com
URL: http://www.explorer-rf.com/forum/index.php?/topic/5775-k%c3%b8bet-k%c3%b8b-propranolol-orden/
Domain: rxdoctoronline.com
URL: http://rxdoctoronline.com/pictname/cipro.jpg
Domain: rxdoctoronline.com
URL: http://rxdoctoronline.com/buy-cipro-dk.html
Domain: developer.teradata.com
URL: http://developer.teradata.com/user/where-can-i-buy-accutane
Keywords: buy cheap fedex lisinopril
58.211.138.27’s User Agent Strings
Mozilla/0.91 Beta (Windows)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en]
Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; FDM)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Win64; AMD64)
Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; AskTbCFTP2V5/5.14.1.20007)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MRA 5.6 (build 03392); Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WebMoney Advisor; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729)
Mozilla/4.76 [en] (Windows NT 5.0; U)
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0
Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 WebMoney Advisor
Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Mozilla/5.0 (Windows NT 6.0) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
Example Messages Sent From 58.211.138.27
From:”���� ���^��” <nv56qady7t@softbank.ne.jp>
Subject: =?ISO-2022-JP?B?GyRCOiMkOSQwM=?=
From:”‹àŠÛ K” <8yk4w59pio@docomo.ne.jp>
Subject: =?ISO-2022-JP?B?GyRCIXk4PUxyPXc7UkJ=?
From:”�d�� ����” <zqz7ehyjcb@hotmail.com>
Subject: カラオケ?ご飯?それと
From:”���I ���D��” <jcly0now@i.softbank.jp>
Subject: =?ISO-2022-JP?B?GyRCIiglOyVDJS8lOSVaJUMlSEp=?
From:”–{��R –ƒŽ��”ü” <tm8gew0ndp@softbank.ne.jp>
Subject: 女盛りの豊熟とした奥さ
From:”��û ‚ä‚è” <xc3ptmowbn@yahoo.com>
Subject: 女盛りの豊熟とした奥さ
From:”ŒF��J ŽÑ—F—œ” <vacfqztuxx@docomo.ne.jp>
Subject: 貴方の時間をお金で買わ
From:””ó��û ‚©‚·‚Ý” <dgmixogdsz@yahoo.com>
Subject: 史上初!!先振込みの逆
From:”‘q–{ ”ü•äŽq” <kvaahh2ajl@ezweb.ne.jp>
Subject: 私のお願いを聞いて下さ
From:”���� ���T” <mjux2po1vh@hotmail.com>
Subject: 私のお願いを聞いて下さ
From:”¬â ”Ž��ü” <ildg2rwcgy@livedoor.com>
Subject: あなたの時間を売ってく
From:”‘åé “ñ��ü” <e1pu7yjppq@docomo.ne.jp>
Subject: 『男性スタッフ』緊急募
From:”�e�c �鍁” <hyx4mgn2mb@softbank.ne.jp>
Subject: 一夜にしてお金持ちにな
From:”���C��DVD�ƊE�ň��l�I” <fqppxvzmtmhdfi@softbank.n
Subject: 600���i���^�n�[�h�f�B�X�N���Ɣ̔��J�n�I 1��������1
From:”���C��DVD�ƊE�ň��l�I” <oatxqbpytrne@ezweb.ne.jp>
Subject: 600���i���^�n�[�h�f�B�X�N���Ɣ̔��J�n�I 1��������1
From:”���i ����” <15aozqix@i.softbank.jp>
Subject: =?ISO-2022-JP?B?QlMvQ1MbJEIkTkE0JUElYyVzJU0layQsOC=?
From:”ˆä��º @” <xkxr96fw@mail.goo.ne.jp>
Subject: 夢のカードが、今なら特
From:”�É� �D�S�q” <wktqfco1et@mail.goo.ne.jp>
Subject: =?ISO-2022-JP?B?GyRCJUYlbCVTJE4lQSVjJXMlTSVrJHIbKE=?
From:”�X ��” <w3jtyg7evl@msn.com>
Subject: =?ISO-2022-JP?B?GyRCJUYlbCVTJE4lQSVjJXMlTSVrJHIbKE=?
From:”Ž™��Ê —y‰Ä” <ugp0zehvow@hotmail.com>
Subject: =?ISO-2022-JP?B?GyRCJUYlbCVTJE4lQSVjJXMlTSVrJHIbKE=?
From:”�g�� �q��” <smc0al8tqq@willcom.com>
Subject: リピーター続出!話題の
From:”’†Œ´ ƒnƒi” <nr103poy@softbank.ne.jp>
Subject: スカパー!全有料チャン
From:”’·��c —��‰Ô” <euwqk4xa1g@mail.goo.ne.jp>
Subject: 【半永久】半永久的に使
From:”Lon ����” <yploetxdfu@goomeil.com>
Subject: dlgbohgu@yahoo.co.jp
From:”Terry �m��” <spayczctzo@yahoo.co.jp>
Subject: uerrenngsojr@yahoo.co.jp
Example User Names Used By 58.211.138.27
User-name: avone.w.corre
User-name: blanceolatemalisa02
User-name: _c_betzen
User-name: ckie_m_emuka
User-name: e_c_betzen
User-name: elffulfillingestell1998
User-name: e_tessner
User-name: g3489
User-name: istan_c_cabanela
User-name: lida.cler
User-name: loset2544
User-name: ne.c.perchinski
User-name: oliaceousstillings
User-name: onella_bywaters
User-name: ooblanceolatemalisa02
User-name: oset2544
User-name: oshenita_scheib
User-name: raticinfant2000
User-name: rg3489
User-name: ristan_c_cabanela
User-name: serviciosradio
User-name: _tessner
User-name: tolavone.w.corre
User-name: tooblanceolatemalisa02
User-name: vone.w.corre

User-name: delda.cler

Associated Harvesters
207.150.196.51 | HS
69.77.186.118 | H
207.150.196.48 | HS
66.232.125.137 | HS
207.150.196.49 | HS
207.150.194.26 | HS
207.150.196.55 | HS
60.236.78.185 | H
219.66.235.62 | H
123.114.236.33 | HS
61.209.182.171 | H
210.170.195.191 | H
211.3.203.87 | H
60.47.1.29 | H
61.198.209.248 | H
58.1.137.191 | H
220.102.212.9 | H
218.43.45.194 | H
211.3.201.184 | H
211.3.128.74 | H
61.209.182.88 | H
61.12.154.89 | HS
124.100.242.218 | H
61.201.27.78 | H
60.236.76.181 | H
220.148.187.74 | H
211.3.148.194 | H
60.42.120.21 | H
211.3.148.18 | H
61.192.191.152 | H
61.12.159.237 | H
222.148.25.174 | H
219.66.191.142 | H
210.165.110.217 | H
64.69.46.209 | HS
222.148.24.249 | H
220.209.92.10 | H
220.212.123.61 | H
210.159.162.152 | H
220.212.121.156 | H
218.43.35.206 | H
61.116.197.113 | H
60.35.184.189 | H
61.86.239.65 | H
60.238.228.252 | H
221.191.100.238 | H
211.3.202.189 | H
220.148.187.127 | H
211.3.150.2 | H
58.156.55.142 | H
220.212.123.58 | H
61.12.159.10 | H
222.149.220.4 | H
202.225.40.40 | H
211.3.151.203 | H
219.167.11.209 | H
210.197.231.40 | H
221.187.26.77 | H
61.116.197.82 | H
211.3.197.133 | H
61.192.190.164 | H
220.145.66.254 | H
211.3.201.254 | H
211.3.197.244 | H
221.188.23.31 | H
222.145.168.248 | H
220.210.165.136 | H
211.3.202.95 | H
211.3.201.3 | H
61.201.27.254 | H
222.148.27.140 | H
58.93.58.112 | H
211.3.150.130 | H
61.120.171.99 | H
211.3.150.218 | H

NIGERIAN SCAMMER – Bradley Meyers bradleymeyers769@yahoo.com.hk – Subject: Best Regards

If a IP, Email, Email Address, User-name, etc brought you here then you’re most likely dealing with a Nigerian Scammer and should stop all communication and report all information to a Anti-Scam website. It’s important not to rub it in the scammcrs face because s/he can easily get another free account to do there dirty work. Instead, quietly report the scam – Going to projecthoneypot.org is a great database to leave information at.

Advertisements
 

Tags: , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: