RSS

Tag Archives: Malware

Spam Sender

WARNING – PHISHING ATTACK / SPAM / MALWARE

If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <info@locationvisit.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <info@locationvisit.com>
X-YahooFilteredBulk: 5.78.137.215
Received-SPF: pass (domain of locationvisit.com designates 5.78.137.215 as permitted sender)
X-Originating-IP: [5.78.137.215]
Authentication-Results: mta1291.mail.ac4.yahoo.com from=locationvisit.com; domainkeys=neutral (no sig); from=locationvisit.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mp-cgo-fdl.k.pr.locationvisit.com) (5.78.137.215) by mta1291.mail.ac4.yahoo.com with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from mp-cgo-fdl.k.pr.locationvisit.com (mp-cgo-fdl.k.pr.locationvisit.com [5.78.137.215]]) by mp-cgo-fdl.k.pr.locationvisit.com id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <info@locationvisit.com>)
Message-Id: <20130327032599.5020D9DE7@locationvisit.com>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes info@locationvisit.com
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <info@sitesupermart.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Return-Path: info@cooltourdance.com
X-YahooFilteredBulk: 197.238.136.176
Received-SPF: pass (domain of cooltourdance.com designates 197.238.136.176 as permitted sender)
X-Originating-IP: [197.238.136.176]
Authentication-Results: mta1099.mail.gq1.yahoo.com from=; domainkeys=neutral (no sig); from=sitesupermart.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ton-cgm-dpn.cso.fhr.cooltourdance.com) (197.238.136.176) by mta1099.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ton-eeq-dpn.cso.fhr.sitesupermart.com (ton-eeq-dpn.cso.fhr.sitesupermart.com [197.238.228.176]]) by ton-eeq-dpn.cso.fhr.sitesupermart.com id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <info@sitesupermart.com>)
Message-Id: <20130326329072.A1BBF0C4F@sitesupermart.com>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?= info@sitesupermart.com
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware: http://anubis.iseclab.org/?action=result&task_id=18e3f89b0e02989e46166fa&#8230;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (159.135.84.108)
Originating Network(s): flrsbx.com
Date Received: 2/1/2013
Click Link: click.lvingguide.in (Yet another spam from Carlos Sanchez)
Location: jump.zeromargin.com
Received From:
Redirect:
Return Path: locationvisit.com
Contents of Spam:
From: View My Pic’s <info@locationvisit.com>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “

locationvisit.com — Direct Deposit <info@travelcardsite.com> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from flrsbx.com in Mt. Laurel, New Jersey 159.135.234.244 Click link is click.supertuhan.in

From LendingTree
Return-Path: <info@vacationsend.com> info@vacationsend.com
X-YahooFilteredBulk: 170.25.74.9
Received-SPF: pass (domain of vacationsend.com designates 170.25.74.9 as permitted sender)
X-Originating-IP: [170.25.74.9]
Authentication-Results: mta1086.mail.gq1.yahoo.com from=clickbigcity.com; domainkeys=neutral (no sig); from=clickbigcity.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO sy-oi-t.coa.fl.vacationsend.com) (170.25.74.9) by mta1086.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from sy-ei-t.com.ddn.clickbigcity.com (sy-ei-t.com.ddn.clickbigcity.com [176.116.24.9]]) by sy-ei-t.com.ddn.clickbigcity.com id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <info@clickbigcity.com>)
Message-Id: <20130326071504.A33A005BC@clickbigcity.com>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree info@clickbigcity.com
654c9fea4ab25d58bef7c104e2f74a8cd734dc7a@clickbigcity.com
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe

 

Tags: , , , , , , , , , , , , ,

Suspicious Spam – Scrappers Attic

PHISHY EMAIL – I’VE RECEIVED SIMILAR EMAILS IN MY SPAM FILTER IN THE PAST. I’VE NEVER CLICKED ON ANY LINKS – POSSIBLE MALWARE OR VIRUS.

safe_or_not

Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic

Hi …!

Your friend, : YOU’ve Been Selected (Free Private Training), thought that
you would be interested in Hooked on Fishing-Fishing Title accessory sheet
from Scrappers Attic.

: YOU’ve Been Selected (Free Private Training) sent a note saying:

Our computer has randomly selected 100 people to
qualify for exclusive access today.

The spots are limited so please click the link below to see if you qualified to access the product today, before everyone else.

Your special invitation is below…

ACCESS UNIQUE INVITATION: #G52BMT

==_ http://0t.se/dollarcode

PS : Remember positions are available on a strictly first come first serve basis.

Your link will only allow 1 person to join, so please
do not pass it on to others.

ACCESS UNIQUE INVITATION: #G52BMT (Link Copy To Browsers)

==_ http://0t.se/dollarcode

List Marketers,

Theresa M. Langford
864 Henry Ford Avenue
New York, NY 10016

—————————————————————————————-

To view the product, click on the link below or copy and paste the link into
your web browser:

http://scrappersattic.net/index.php?main_page=product_info&products_id=1457&zenid=3cgturf7hnc0ual026562f72q7

Regards,

Scrappers Attic
http://scrappersattic.net/

—–
IMPORTANT: For your protection and to prevent malicious use, all emails sent
via this web site are logged and the contents recorded and available to the
store owner. If you feel that you have received this email in error, please
send an email to thescrappersattic@yahoo.com

This email address was given to us by you or by one of our customers. If you
feel that you have received this email in error, please send an email to
thescrappersattic@yahoo.com
This email is sent in accordance with the US CAN-SPAM Law in effect
01/01/2004. Removal requests can be sent to this address and will be honored
and respected.

HEADER DETAILS:

Return-Path: <do_notreply@ymail.com>
X-YahooFilteredBulk: 72.47.233.67
Received-SPF: none (domain of ymail.com does not designate permitted sender hosts)
X-YMailISG: CuuLYm0WLDsQh_nHM5WHCzP0f7_Mj.VKI6eWJQh1YZpCUKQU 5SAFelkhH2lHx1pB00UDVEzBtsRUb1DL7BGZS.tf8XZRPltztoODR1HG6Khm AngxUNqCJlprCdmpXYX2k0p2Adzyjy1ke0G_amoyMeBPxXqYu1IR9bX8cFTg tGGc9tWOjoGw7AC2c1yFfLhKkE4LaClAOIAAjyD1OdGFZBF5aijcKQ42ElZ8 1ZcbkbwGyMZXywW8H9iNxv7TpYD3PaaW14AUPewJE68buX52x7ithwTBuno7 RtAsYh7TPhgWn5hU3bmp90FuTTLu.vbdgRVYrR9ncpXyDIRJIa4Co6Qgj7E5 NnUH_kYirB.y8LQVuHNpGLhpsjL1KrSpWqqFTkRSDFinCTZPRT57U8fj1VJr eGICh2WdDqVJaqp1ZP08zMbE1CBMplm1eFPWu.jUj3xz1cJ2ABv6M3GO16fo NmqT5aldpdzAmp85IGyDC719ZSgCmIUfzjXzawGC_gq9qbucOZpceO6EA4v6 PaeTllQwCd2bfG48ZJb30JmOnsY9OS3pm9NsrJa8QeQVZOVnx_eCWkPUhKCk ZgCra_ORBqn7VLPbaigN8VwiL7NCL_vN2lrMMppQnUm9W7BudVdWfFcGKMnT ruo7Ydw_df_Y3tx.fFlPw_XmSY4PquJFRjGfcbYKLmbPWlTVwlHwsxelvt4m VwIj6PDnTzAb99xwbViUV4r7Ams8m3doHtcNy.gVriI359g0SxklbKQRCO9. 5eGQ3lyqIRNv2hspuoLcXbCdXCX9Npe54YeauRb7PRU5WB53_VoIt6gZowiC e9WYWlo_772FESIc7Qoz.ULWKgyPv7VtlhhECqPY9Ngb_5hzW9RzCltYTuD7 fW8VOTMwdHhjCgsfeAN2Q0l1uzOr54dwXuV9H3PXOl9b_eKvQBO7.SZV9z2v aBHDR8g.ZjPVjkP9Th31a1GAiYmdfoFGqV7gg_DiUIHM.W7kHuMgg34by9Mj SmxMCPpqeFO_vBLgFOuj8zz6SyeDq0R3AGsFC34HiqLP2q8_klenAY74FsjA PvcwOzipFKj9SQyRpoVTPUa26rtjOrfEewxTxX8bsQHBU5MRFux2lYgKm.bf fOaiyW0tqabfep43pgteG17ZDrurUy7tfdCwI.z6_Aq1Rl_Q.Q3zc8xrgX3D S5IOF2cwbfm5ziWlB1PtV3tZtSUzDzUHOniWf72KwTmkJOEuAkkzDtihfkoX DEShz3G_XZ1UdnP9xNOsYUelyl.fo4JMGGlwm8heS89x_Fk8CuLGFJK.2yHE UaarVQ–
X-Originating-IP: [72.47.233.67]
Received: from 127.0.0.1 (EHLO ft11i.com) (72.47.233.67) by mta1163.mail.bf1.yahoo.com with SMTP; Wed, 30 Jan 2013 03:41:38 -0800
Subject: Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic
From: “: YOU’ve Been Selected \(Free Private Training\)” <do_notreply@ymail.com>
Reply-to: “: YOU’ve Been Selected \(Free Private Training\)” <do_notreply@ymail.com>
Message-ID: <e9094b7d93592d7eebdbd819ec05e1b3@scrappersattic.net>

72.47.233.67 do_notreply@ymail.com thescrappersattic@yahoo.com RECEIVED_IP: 72.47.233.67

 
2 Comments

Posted by on 01/30/2013 in Uncategorized

 

Tags: , , , , , , , ,

“JESSICA <3"

I’ve been getting sketchy emails (LIKE THIS ONE) sent to my spam filter lately. I have no proof of a scam or attack but whoever is behind the account, whether a person or bot, keeps trying to get me to click on suspicious links. I never click anything.

The emails are similar but the reasoning is not always the same. This email, the woman claims her husband is out of town. I wouldn’t trust it!

animated_hacker_pic

 

Click Show Images To Enable Links.———————————————————————————————————

 

Return-Path: <reply-622542697.24.332481255.2721847_10635-1@ujwohngemeinschaftdirect.in>
X-YahooFilteredBulk: 37.27.63.105
Received-SPF: pass (domain of ujwohngemeinschaftdirect.in designates 37.27.63.105 as permitted sender)
X-Originating-IP: [37.27.63.105]
Authentication-Results: mta1266.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig); from=uypartu.in; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO jonshon-mg-dbl.go.fp.ujwohngemeinschaftdirect.in) (37.27.63.105) by mta1266.mail.ac4.yahoo.com with SMTP; Tue, 29 Jan 2013 03:04:51 -0800
Message-Id: <20130129531575.9A34EF06C@uypartu.in>
From: =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= <jessica@uypartu.in>
4cf64dcfc17a00bf3c7944a6375b006d57b665ce@uypartu.in
Subject: =?UTF-8?B?TXkgaHVzYmFuZCBpcyBvdXQgb2YgdG93biA7KQ==?=

SUBJECT: My husband is out of town 😉
From =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= Mon Jan 18 19:13:42 2038 JESSICA ❤ jessica@uypartu.in

 

Tags: , , , , , , , , ,

Suspicious Spoofed Craigslist Email

SUSPICIOUS FAKE CRAIGSLIST EMAIL – PHISHING ATTACK

01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank qdbfwp@hotmail.com

EMAIL: Hi Am very interested in your item posted on craigslist : https://post.craigsIist.org/k/EEEYZLFl4hGbaqXZBYzI7A/vh279?s=tou This is the same spoofed link from the previous emails. The actual URL is goo.gl/aiNwi 

is it still available?

HEADER DETAILS:

Return-Path: <qdbfwp@hotmail.com>
X-YahooFilteredBulk: 209.86.89.63
Received-SPF: softfail (transitioning domain of hotmail.com does not designate 209.86.89.63 as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: [209.86.89.63]
Authentication-Results: mta1160.mail.gq1.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-junco.atl.sa.earthlink.net) (209.86.89.63) by mta1160.mail.gq1.yahoo.com with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [71.237.118.147] (helo=User) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <qdbfwp@hotmail.com>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
Reply-To: qdbfwp@hotmail.com
From: Eduard Frank<qdbfwp@hotmail.com>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <E1TyPZx-0002jO-Fi@elasmtp-junco.atl.sa.earthlink.net>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.237.118.147

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use:
http://www.craigslist.org/about/terms.of.use.html This was a spoofed link with the actual URL being goo.gl/aiNwi
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below:
http://www.craigslist.org/about/ctd/repost.html This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.
——————————————————————————

Date: 1327114516
PostID: 24177504

HEADER DETAILS:

Return-Path: <dycsbl@craiglist-accounts.com>
X-YahooFilteredBulk: 209.86.89.69
Received-SPF: temperror (encountered temporary error during SPF processing of domain of craiglist-accounts.com)
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: [209.86.89.69]
Authentication-Results: mta1220.mail.sk1.yahoo.com from=craiglist-accounts.com; domainkeys=neutral (no sig); from=craiglist-accounts.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by mta1220.mail.sk1.yahoo.com with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [72.172.204.128] (helo=User) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <dycsbl@craiglist-accounts.com>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
Reply-To: dycsbl@craiglist-accounts.com
From: Craigslist <dycsbl@craiglist-accounts.com>
Subject: flagged & removed 24177504
Message-ID: <E1Ty7Nq-0004nx-4X@elasmtp-mealy.atl.sa.earthlink.net>
0da15bcd0e72a23c13bbd08df6cfe9269ef193a6bfc3dd48c25deae7748207c3a2f7e1f2b096e1d07ef9f80aaf77e5a4350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.172.204.128

dycsbl@craiglist-accounts.com 72.172.204.128 <> 209.86.89.69

 

Tags: , , , , , , , , , , , , , , , ,

Julian Thomas

Phishing Attack – MALWARE

 

EMAIL: http://theglobalviews.com/wp-content/plugins/akismet/ugoogle.html

HEADER:

Return-Path: <jthomas299@gmail.com>
Received-SPF: pass (domain of gmail.com designates 209.85.210.173 as permitted sender) dWdpbnMvYWtpc21ldC91Z29vZ2xlLmh0bWwgATABAQEB
X-YMailISG: _QbkUa4WLDtDDImGzxIRh._8UctX7E_yEakMVKzPQVFgOxU2 f8BXgO9XOACNn18iN8QwyZUxCQjglxaLxh4l1dHKsh377v_gydQ1_Y9OFsPj 0k8K9DADiuebd2j.rmz9EnAaSwF2jdtNGDrTEPGS_EZilciswFOJti5hGzmy uPfoF.AJlwdTa9vYWnC.ijOt7dkRDUrJ6cPYFkuGK9Fa7Vy6.WWkGdmAlvxp mum7F6q6e6nOeCwHLK5Hi56e2QqN3TNT3M92wT5X9GDKvxGhTR1D5JebAs0D Ta_K6z1CLwIcycuHy81fSgDvcGZjMDMdBn6TlMal02B7KUXXEjZbKSdGMbCg p9_qnbQqoKeybTscfuwT.DeaW5AhOgxNxSMJQjuQlTzbdz0oyeQDVS.NrGdY aAXwBp8.oSejmBXdtuPWsPSo1QqhkvE4xOAH0JWR4Ffdc3aMV86DzbLZ5xgb k6OmZZq.LkWDm7WlSGboqNQZcjyHFIvZHHTArW_mv4OBklvqb04bzyxSsAFY mRbtLcROkVI0MupzMJPwSQY4uqXTvfAfD2cyV2Omx6udS23Zbi5BEJZV6VZr lFsiUFuddVHiDZYzOTgYaTQYUJuxzL0pLS9XQtIMwbFBZ7HzZ9PCxx0MpvEE p5EEdb5gDPidUiFjPEd8A7seTb0bft2VCgaWgybRiBYGyvTb5mAGXw3CrxHi 5pSRqwQdVr3_YSKPxD7ziKVD6yTHRI9n8cWJ_WYwF3XJRFvyOqq7.rM5gmlN Z1LMh8k8x_wTcVKMSYdlz1ELt_4H5CWL6IQM.juI_Ag59GSfmOThO40utvLr eth5EljfPr0IhUMOChtpZnsEbGXbrCe2bQRcr.u2LVQ2NoOX_g6nb_yX_ChG UAHULyY4IvpPsG9PpQol1gfSKVp_LSXF0dxzem4Wf6jKdRkswKe3yZpFrXmF o2kEOJtCqwCrk05Z0naHjZiQ4IOHWT7nzM3oNiW1eaobvAyip1W7bZvG6chd HGiLQ8JEarox2qFrPCzTj8RDVl66byTZ4v0XN8MrkIcq7MxM1oZRibWXniOQ wn1Zj03LkieeflXlhgZNUi566Ced5zol9ousQfqUVBQeH46.5038.6aWFmv4 iM1tBAPuh9SxdV5FcHr_rCGgQ1CUYvOcWwhWHnIHACk_tvpIyXZLXSDBd5Tv 4P.FV6_D
X-Originating-IP: [209.85.210.173]
Authentication-Results: mta1259.mail.bf1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-ia0-f173.google.com) (209.85.210.173) by mta1259.mail.bf1.yahoo.com with SMTP; Sat, 10 Nov 2012 02:23:05 -0800
Received: by mail-ia0-f173.google.com with SMTP id m10so3261400iam.4 for <deleted@yahoo.com>; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X/EcyHI7fCzBVRIZx1ZLHDvk8NTmX3HJwBi5boQXb1Q=; b=oYfe6tprlmGl4KQGlch5xN9W/sfJdTSxywTJ0RPlOyKp92uoBSeDrC7gi6Cju6EujQ VdKZO205dG3h2pX64Wt+vQiAjwONADSwU0jZ4NGFie+TzVWM9Hfs5RTrpgSDHrRr+E93 ElhMjrYS1fpk3P4LxqPgSzZQFWZV8XGwMUE24Hz16+0AAu0w7cd11I5h7d//s8sIY7MA wmKpBHSg7wxoBMdQ0gik6WGNcTFb5RTY/YF8rYv/6hQY1geA6XGjIRW0iBeUWALv9TBH G6aLZyUkbNeiqwRBsWou2dNAljQgW1UDYlDrPpu6fvSDVhDGhrPZsOjT1xHgFeLuO3xK k1dQ==
MIME-Version: 1.0
Received: by 10.50.16.144 with SMTP id g16mr3131462igd.23.1352542985776; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Received: by 10.231.11.67 with HTTP; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Date: Sat, 10 Nov 2012 11:23:05 +0100
Message-ID: <CACYsU7yNrJqyaoLs1pASkUTWyk-biOmk+-b79chG_LMtGjwWDA@mail.gmail.com>
From: Julian Thomas <jthomas299@gmail.com> Add sender to Contacts
To: julianthomas@facebook.com, mmdavis6@gmail.com, mzwx4-3270719590@sale.craigslist.org, deleted@yahoo.com, theenvycorps@gmail.com

“Julian Thomas” <jthomas299@gmail.com> 209.85.210.173

 

Tags: , , , , , , , , , ,

“deborah56@gmail.com”

Malicious Spoofed Link – possible phishing attack 

THERE WAS ALSO A SPOOFED LINK WHICH HAD THE URL 44744.MOORL

EMAIL: hi 26/f/pics on cam now just verify email to video chat!

HEADER:

Return-Path: <deborah56@gmail.com>
X-YahooFilteredBulk: 80.146.246.58
Received-SPF: neutral (80.146.246.58 is neither permitted nor denied by domain of gmail.com)
X-YMailISG: qPvS.KQWLDsGJUmY3MbBzPQVwEIAW6pX9nT_FRkAs4dB_xAB cA.8cb_cGPtxKp3wDsjrND5DOE4csPHftlkVPYxNjb4yOsNa3zOht3WoPgb7 TMvSwVdUuKDhvxceMFvUmT6wTfqB9xaFBKMhGhnWa56VtA1SWtb3Gj7sZBNn LlDQLwADeZWOa6eORKaD1_yPNiVuykFq1Ak2aAvkYRq6Z4LHT4pS3SKj7fsl ncrcz34Qou7gjYbgF6WMdV7KDB2JsgNG1h7kz7fn8v4.2LmHq_ZU8xU1Nvq_ afRVjA.l7RJBlmUCaef7Fw6R5hM0lI00uN4ybgiLnzor_rpxCJ3spikN5EFQ ctqK5Q05ZGZ738KYb.Ek0Yjrtk2wr_WnJPRMup24chF7AeE1ODbTVrYAdCky 2y5NxO7pRnFiKVMEIohhYuiEukLLqsrV.lWDwY.X59akRcHbTv.NpkiZ2oJJ osk_4jF2myOT.hfR2gy2A4l6Dg1EN5vZpxNzaDpMB_gmZn0bK64mq2QVyL8E hOsVYHtBab1T8kpPEYk_JpiwT0XwDZFlYkdcViX1Hn6_R_2OOjI20mjXhWyV lgCBgo_NKWxI5Ap423vYjjBrnBlSQU1c_2Inh_sPsu3K1qvbcaYFoqBQf9MP 2xjN2BjhrNsWyYr6S2QJ.wUNgzVHNCJ4z3.lFOKqESZ.WBBRQvQLzoIw6JQQ Y1vTkzMQykpHRbCKNbXbcFZ34hDsucPisAhyh6sE8Rl2qK6eEqtO.FbN67OE 54T5tWVTSZbOhONjKMPKTCvb3gIoO6X06eMpoZ_.y0E91nd8.81OqUGA0cPN uVyO3l5RCWhO5Hdj6wAlJJD3JMYA0YmIygWwylP4iro9N9aQ30kItLr5S2x6 v_Z_bBx6br4ugDurns43R71gwoGBZHAQqwsv7nmOYx8c4M9pVGDSnRdPVMLL 31riaJUazFW3nMRvJM1XFI9LBlH8CkG62n7KFz7i9e6fuVdDslNymQkGGG95 YCXMu.RBQ_p9O3BeYrHtjQmIBUCXMv6ij27WVQAStvEQfCc-
X-Originating-IP: [80.146.246.58]
Authentication-Results: mta1361.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO rstbarracuda.rst.de) (80.146.246.58) by mta1361.mail.mud.yahoo.com with SMTP; Sat, 01 Dec 2012 18:35:37 -0800
X-ASG-Debug-ID: 1354413462-0cf271cd0001-SjFj3c
Received: from web7.rst.de (rstbarracuda.rst.de [80.146.246.58]) by rstbarracuda.rst.de with ESMTP id UZQG3AC9P35AdP3H for <deleted@yahoo.com>; Sun, 02 Dec 2012 02:57:42 +0100 (CET)
X-Barracuda-Envelope-From: deborah56@gmail.com
X-Barracuda-Apparent-Source-IP: 80.146.246.58
Received: from localhost (localhost [127.0.0.1]) by web7.rst.de (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id qB21vhhL022631 for deleted@yahoo.com Sun, 2 Dec 2012 02:57:43 +0100
MIME-Version: 1.0
X-Mailer: AtMail PHP 5.06
Message-ID: <56892.1354413463@hochrhein.de>
To: deleted@yahoo.com
Reply-To: deborah56@gmail.com
Content-Type: text/html; charset=”utf-8″
X-Origin: 108.46.239.206
Date: Sun, 2 Dec 2012 02:57:43 +0100
Subject: 26/f/pics
From: deborah56@gmail.com
X-ASG-Orig-Subj: 26/f/pics
Content-Transfer-Encoding: quoted-printable
X-Barracuda-Connect: rstbarracuda.rst.de[80.146.246.58]
X-Barracuda-Start-Time: 1354413462
X-Barracuda-URL: http://192.168.217.58:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at rst.de
X-Barracuda-Spam-Score: 1.00
X-Barracuda-Spam-Status: No, SCORE=1.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=4.0 tests=BSF_SC0_MV0152, BSF_SC0_TG163b, HTML_MESSAGE, MIME_HTML_ONLY, NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.109336 Rule breakdown below pts rule name description —- ———————- ————————————————– 0.00 NO_REAL_NAME From: does not include a real name 0.00 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.00 HTML_MESSAGE BODY: HTML included in message 0.50 BSF_SC0_MV0152 Custom rule MV0152 0.50 BSF_SC0_TG163b Custom Rule TG163b
Content-Length: 275

80.146.246.58

 

Tags: , , , , , ,

 
%d bloggers like this: