RSS

“deborah56@gmail.com”

02 Dec

Malicious Spoofed Link – possible phishing attack 

THERE WAS ALSO A SPOOFED LINK WHICH HAD THE URL 44744.MOORL

EMAIL: hi 26/f/pics on cam now just verify email to video chat!

HEADER:

Return-Path: <deborah56@gmail.com>
X-YahooFilteredBulk: 80.146.246.58
Received-SPF: neutral (80.146.246.58 is neither permitted nor denied by domain of gmail.com)
X-YMailISG: qPvS.KQWLDsGJUmY3MbBzPQVwEIAW6pX9nT_FRkAs4dB_xAB cA.8cb_cGPtxKp3wDsjrND5DOE4csPHftlkVPYxNjb4yOsNa3zOht3WoPgb7 TMvSwVdUuKDhvxceMFvUmT6wTfqB9xaFBKMhGhnWa56VtA1SWtb3Gj7sZBNn LlDQLwADeZWOa6eORKaD1_yPNiVuykFq1Ak2aAvkYRq6Z4LHT4pS3SKj7fsl ncrcz34Qou7gjYbgF6WMdV7KDB2JsgNG1h7kz7fn8v4.2LmHq_ZU8xU1Nvq_ afRVjA.l7RJBlmUCaef7Fw6R5hM0lI00uN4ybgiLnzor_rpxCJ3spikN5EFQ ctqK5Q05ZGZ738KYb.Ek0Yjrtk2wr_WnJPRMup24chF7AeE1ODbTVrYAdCky 2y5NxO7pRnFiKVMEIohhYuiEukLLqsrV.lWDwY.X59akRcHbTv.NpkiZ2oJJ osk_4jF2myOT.hfR2gy2A4l6Dg1EN5vZpxNzaDpMB_gmZn0bK64mq2QVyL8E hOsVYHtBab1T8kpPEYk_JpiwT0XwDZFlYkdcViX1Hn6_R_2OOjI20mjXhWyV lgCBgo_NKWxI5Ap423vYjjBrnBlSQU1c_2Inh_sPsu3K1qvbcaYFoqBQf9MP 2xjN2BjhrNsWyYr6S2QJ.wUNgzVHNCJ4z3.lFOKqESZ.WBBRQvQLzoIw6JQQ Y1vTkzMQykpHRbCKNbXbcFZ34hDsucPisAhyh6sE8Rl2qK6eEqtO.FbN67OE 54T5tWVTSZbOhONjKMPKTCvb3gIoO6X06eMpoZ_.y0E91nd8.81OqUGA0cPN uVyO3l5RCWhO5Hdj6wAlJJD3JMYA0YmIygWwylP4iro9N9aQ30kItLr5S2x6 v_Z_bBx6br4ugDurns43R71gwoGBZHAQqwsv7nmOYx8c4M9pVGDSnRdPVMLL 31riaJUazFW3nMRvJM1XFI9LBlH8CkG62n7KFz7i9e6fuVdDslNymQkGGG95 YCXMu.RBQ_p9O3BeYrHtjQmIBUCXMv6ij27WVQAStvEQfCc-
X-Originating-IP: [80.146.246.58]
Authentication-Results: mta1361.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO rstbarracuda.rst.de) (80.146.246.58) by mta1361.mail.mud.yahoo.com with SMTP; Sat, 01 Dec 2012 18:35:37 -0800
X-ASG-Debug-ID: 1354413462-0cf271cd0001-SjFj3c
Received: from web7.rst.de (rstbarracuda.rst.de [80.146.246.58]) by rstbarracuda.rst.de with ESMTP id UZQG3AC9P35AdP3H for <deleted@yahoo.com>; Sun, 02 Dec 2012 02:57:42 +0100 (CET)
X-Barracuda-Envelope-From: deborah56@gmail.com
X-Barracuda-Apparent-Source-IP: 80.146.246.58
Received: from localhost (localhost [127.0.0.1]) by web7.rst.de (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id qB21vhhL022631 for deleted@yahoo.com Sun, 2 Dec 2012 02:57:43 +0100
MIME-Version: 1.0
X-Mailer: AtMail PHP 5.06
Message-ID: <56892.1354413463@hochrhein.de>
To: deleted@yahoo.com
Reply-To: deborah56@gmail.com
Content-Type: text/html; charset=”utf-8″
X-Origin: 108.46.239.206
Date: Sun, 2 Dec 2012 02:57:43 +0100
Subject: 26/f/pics
From: deborah56@gmail.com
X-ASG-Orig-Subj: 26/f/pics
Content-Transfer-Encoding: quoted-printable
X-Barracuda-Connect: rstbarracuda.rst.de[80.146.246.58]
X-Barracuda-Start-Time: 1354413462
X-Barracuda-URL: http://192.168.217.58:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at rst.de
X-Barracuda-Spam-Score: 1.00
X-Barracuda-Spam-Status: No, SCORE=1.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC0_MV0152, BSF_SC0_TG163b, HTML_MESSAGE, MIME_HTML_ONLY, NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.109336 Rule breakdown below pts rule name description —- ———————- ————————————————– 0.00 NO_REAL_NAME From: does not include a real name 0.00 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.00 HTML_MESSAGE BODY: HTML included in message 0.50 BSF_SC0_MV0152 Custom rule MV0152 0.50 BSF_SC0_TG163b Custom Rule TG163b
Content-Length: 275

80.146.246.58

Advertisements
 

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: