RSS

Tag Archives: Phishing Attacks

Spam Sender

WARNING – PHISHING ATTACK / SPAM / MALWARE

If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <info@locationvisit.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <info@locationvisit.com>
X-YahooFilteredBulk: 5.78.137.215
Received-SPF: pass (domain of locationvisit.com designates 5.78.137.215 as permitted sender)
X-Originating-IP: [5.78.137.215]
Authentication-Results: mta1291.mail.ac4.yahoo.com from=locationvisit.com; domainkeys=neutral (no sig); from=locationvisit.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mp-cgo-fdl.k.pr.locationvisit.com) (5.78.137.215) by mta1291.mail.ac4.yahoo.com with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from mp-cgo-fdl.k.pr.locationvisit.com (mp-cgo-fdl.k.pr.locationvisit.com [5.78.137.215]]) by mp-cgo-fdl.k.pr.locationvisit.com id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <info@locationvisit.com>)
Message-Id: <20130327032599.5020D9DE7@locationvisit.com>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes info@locationvisit.com
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <info@sitesupermart.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Return-Path: info@cooltourdance.com
X-YahooFilteredBulk: 197.238.136.176
Received-SPF: pass (domain of cooltourdance.com designates 197.238.136.176 as permitted sender)
X-Originating-IP: [197.238.136.176]
Authentication-Results: mta1099.mail.gq1.yahoo.com from=; domainkeys=neutral (no sig); from=sitesupermart.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ton-cgm-dpn.cso.fhr.cooltourdance.com) (197.238.136.176) by mta1099.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ton-eeq-dpn.cso.fhr.sitesupermart.com (ton-eeq-dpn.cso.fhr.sitesupermart.com [197.238.228.176]]) by ton-eeq-dpn.cso.fhr.sitesupermart.com id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <info@sitesupermart.com>)
Message-Id: <20130326329072.A1BBF0C4F@sitesupermart.com>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?= info@sitesupermart.com
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware: http://anubis.iseclab.org/?action=result&task_id=18e3f89b0e02989e46166fa&#8230;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (159.135.84.108)
Originating Network(s): flrsbx.com
Date Received: 2/1/2013
Click Link: click.lvingguide.in (Yet another spam from Carlos Sanchez)
Location: jump.zeromargin.com
Received From:
Redirect:
Return Path: locationvisit.com
Contents of Spam:
From: View My Pic’s <info@locationvisit.com>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “

locationvisit.com — Direct Deposit <info@travelcardsite.com> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from flrsbx.com in Mt. Laurel, New Jersey 159.135.234.244 Click link is click.supertuhan.in

From LendingTree
Return-Path: <info@vacationsend.com> info@vacationsend.com
X-YahooFilteredBulk: 170.25.74.9
Received-SPF: pass (domain of vacationsend.com designates 170.25.74.9 as permitted sender)
X-Originating-IP: [170.25.74.9]
Authentication-Results: mta1086.mail.gq1.yahoo.com from=clickbigcity.com; domainkeys=neutral (no sig); from=clickbigcity.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO sy-oi-t.coa.fl.vacationsend.com) (170.25.74.9) by mta1086.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from sy-ei-t.com.ddn.clickbigcity.com (sy-ei-t.com.ddn.clickbigcity.com [176.116.24.9]]) by sy-ei-t.com.ddn.clickbigcity.com id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <info@clickbigcity.com>)
Message-Id: <20130326071504.A33A005BC@clickbigcity.com>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree info@clickbigcity.com
654c9fea4ab25d58bef7c104e2f74a8cd734dc7a@clickbigcity.com
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe

Advertisements
 

Tags: , , , , , , , , , , , , ,

“Norton From Symantec”

WARNING – NORTON PHISHING ATTACK

To view legitimate emails and addresses from Norton, go to Norton Support Center. When you receive an email norton@nortonfromsymantec.com then just delete it or post it for others to see.

Subject Line: You are at risk for cybercrime without Norton security

Come back to Norton and save $45.* Buy now.

Unsubscribe | View Online
Don’t Get Hacked!
Get Protected and Save $45

BUY NOW

Offer Expires 3/28/2013

Hello Porky Pig Porky Pig,
With cyber attacks on the rise, we hope you’ve found alternative
protection. It’s possible though, that your computer may have already
been breached. Don’t compromise on your PC security. Come back to
the #1 rated online security.

Norton™ Internet Security (Includes Antivirus)
Advanced Internet and antivirus protection for anywhere you go and anything you do online.
Reg. $79.99 Save 56% off now
ONLY $34.99*

BUY NOW
60-Day Money-Back
Guarantee

Unlimited and Free Updates with Active Subscription

1-Year Protection
for 3 PCs
Windows® 8/7/XP/Vista

Norton Support Legal Information Return Policy Privacy Policy Unsubscribe
*AV-Test GmbH, Real World and Remediation Test, August 2012; http://www.norton.com/avtest2013 PassMark Software, 2013 Consumer Security Products Performance Benchmarks, November 2012. http://www.passmark.com/ftp/totalprotectionsuites-nov2012.pdf both commissioned by Symantec

**Savings based on MSRP. Plus tax (if applicable). Limited time offer in the U.S. for only downloadable product through the Symantec online store. Offer cannot be combined with any other offers or discounts. Box image used for illustrative purposes only. With this service you receive the right to use this product on 3 PCs during the service period, which begins upon initial installation and activation. This renewable service includes protection updates and new product features as available throughout the service period, subject to acceptance of the Symantec License Agreement included with this product and available for review at http://www.symantec.com. Product features may be added, modified, or removed during the service period.

Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com.

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Norton, and Norton 360 are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Windows and Windows Vista are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.

Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043

A_BLST_NAM_US_EXP_2013_03_LOEM_Pre2yrs_Mobile_G_B

Return-Path: <norton@nortonfromsymantec.com>
Received-SPF: pass (domain of nortonfromsymantec.com designates 12.130.137.84 as permitted sender)
X-Originating-IP: [12.130.137.84]
Authentication-Results: mta1379.mail.gq1.yahoo.com from=nortonfromsymantec.com; domainkeys=fail (bad sig); from=nortonfromsymantec.com; dkim=permerror (bad sig)
Received: from 127.0.0.1 (EHLO om-norton.rsys1.com) (12.130.137.84) by mta1379.mail.gq1.yahoo.com with SMTP; Thu, 14 Mar 2013 05:36:47 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=symantec; d=nortonfromsymantec.com; h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:Reply-To:Subject:List-Unsubscribe:To:Message-ID; i=norton@nortonfromsymantec.com; bh=2Q7D8ig5agC6PtOD4EJ5U6oPUEo=; b=B2OiLf+HBOPKM6DUlj0rCJtzLOQC70sVwFM5feIHeLr5HgKTDMqgBBBNZAFAac7FUyWAOb+8puG5 qWEIuHzGlg==
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=symantec; d=nortonfromsymantec.com; b=ZwnC03s1h1idf1D+DGo9ceg0EzUJOSJHAjprx58sYgoLH2gtm5rqWlKcmtilG7xdSvcwhnExaSRK Tx7Nt5K7Ug==;
Received: by om-norton.rsys1.com id h8725u162boh for <deleted@yahoo.com>; Thu, 14 Mar 2013 05:36:22 -0700 (envelope-from <norton@nortonfromsymantec.com>)
From: “Norton” norton@nortonfromsymantec.com
Reply-To: Norton reply@nortonfromsymantec.com
Subject: You are at risk for cybercrime without Norton security
List-Unsubscribe: <https://response.nortonfromsymantec.com/servlet/optout?lRtHgmLJDATUUDUEihkrRLQihlLKFRHohhDJhtEa&gt;, <mailto:unsubscribe-E4iMnbe3RZyRmLQ_UZsROOlpiYkgn98IGsAWh03JyTJB60J7Ois3dK6U75nzixcQYtW0NbMSSMUv-z0aAi-nwj2P5nlbhgZeGp4@imh.rsys4.com?subject=List-Unsubscribe>
X-cid: symantec.7011.1
X-sgxh1: ihjsPLzfihkLKT
X-valueof-PSN: P8HB6QWBXFRV
X-valueof-SEGMENT: NIS_G
X-valueof-COUNTRY_ISO: US
X-valueof-PRODUCT: NIS
X-valueof-VENDOR: ING DIRECT
Message-ID: <0.0.33.47B.1CE20B0890A54A4.0@om-norton.rsys1.com>

Subject Line: Hurry! Get the Top Ranked Protection for Less

Come back to Norton and save $45.* Buy now.

Unsubscribe | View Online
Last Chance to Save $45!
Offer Expires on Thursday, March 28!

GET PROTECTED NOW
Hello Porky Pig Porky Pig,
Don’t compromise on your PC security. Come back to the #1 rated
online protection. We even offer a 60-day money-back guarantee.
Hurry back. This limited-time offer expires Thursday, March 28, 2013.

Norton™ Internet Security (Includes Antivirus)
Advanced Internet and antivirus protection for anywhere you go and anything you do online.
Reg. $79.99 Save 56% off now
ONLY $34.99*

BUY NOW
60-Day Money-Back
Guarantee

Unlimited and Free Updates with Active Subscription

1-Year Protection
for 3 PCs
Windows® 8/7/XP/Vista

Norton Support Legal Information Return Policy Privacy Policy Unsubscribe
*AV-Test GmbH, Real World and Remediation Test, August 2012; http://www.norton.com/avtest2013 PassMark Software, 2013 Consumer Security Products Performance Benchmarks, November 2012. http://www.passmark.com/ftp/totalprotectionsuites-nov2012.pdf both commissioned by Symantec

**Savings based on MSRP. Plus tax (if applicable). Limited time offer in the U.S. for only downloadable product through the Symantec online store. Offer cannot be combined with any other offers or discounts. Box image used for illustrative purposes only. With this service you receive the right to use this product on 3 PCs during the service period, which begins upon initial installation and activation. This renewable service includes protection updates and new product features as available throughout the service period, subject to acceptance of the Symantec License Agreement included with this product and available for review at http://www.symantec.com. Product features may be added, modified, or removed during the service period.

Please do not reply to this message. If you require Customer Service or Technical Support, please go to the Symantec Web site for contact information at http://www.symantec.com.

Copyright © 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, Norton, and Norton 360 are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Windows and Windows Vista are trademarks or registered trademarks of Microsoft Corporation. Other names may be trademarks of their respective owners.

Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043

A_BLST_NAM_US_EXP_2013_03_LOEM_Pre2yrsRemail_Mobile_G_B1

Return-Path: <norton@nortonfromsymantec.com>
Received-SPF: pass (domain of nortonfromsymantec.com designates 12.130.137.84 as permitted sender)
X-Originating-IP: [12.130.137.84]
Authentication-Results: mta1222.mail.sk1.yahoo.com from=nortonfromsymantec.com; domainkeys=fail (bad sig); from=nortonfromsymantec.com; dkim=permerror (bad sig)
Received: from 127.0.0.1 (EHLO om-norton.rsys1.com) (12.130.137.84) by mta1222.mail.sk1.yahoo.com
Received: by om-norton.rsys1.com id h9bv0g160a8p 05:32:56 -0700 (envelope-from <norton@nortonfromsymantec.com>)
From: “Norton” <norton@nortonfromsymantec.com>
Reply-To: Norton From Symantec reply@nortonfromsymantec.com
Subject: Hurry! Get the Top Ranked Protection for Less
List-Unsubscribe: <https://response.nortonfromsymantec.com/servlet/optout?lRtHgmLJDATZBDUEihkrRLQihlLKFRHohhDJhtEa&gt;, <mailto:unsubscribe-E0vyvEZfhVe_O2oAFS-_GXnFMRDhiaHhMLjkVw55_GWJ0mnQn-ICwLjkAHvIjIhpLiMx7ss85iy-wKBqtyQGoOrZo8NKPESqeFs@imh.rsys4.com?subject=List-Unsubscribe>
X-cid: symantec.7068.1
X-sgxh1: ihjsPLzfihkLKT
X-valueof-PSN: P8HB6QWBXFRV
X-valueof-SEGMENT: NIS_G
X-valueof-COUNTRY_ISO: US
X-valueof-PRODUCT: NIS
X-valueof-VENDOR: ING DIRECT
Message-ID: <0.1.23.16D.1CE26303751A4AC.0@om-norton.rsys1.com>

Norton From Symantec norton@nortonfromsymantec.com

 

Tags: , , , , ,

Suspicious Spoofed Craigslist Email

SUSPICIOUS FAKE CRAIGSLIST EMAIL – PHISHING ATTACK

01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank qdbfwp@hotmail.com

EMAIL: Hi Am very interested in your item posted on craigslist : https://post.craigsIist.org/k/EEEYZLFl4hGbaqXZBYzI7A/vh279?s=tou This is the same spoofed link from the previous emails. The actual URL is goo.gl/aiNwi 

is it still available?

HEADER DETAILS:

Return-Path: <qdbfwp@hotmail.com>
X-YahooFilteredBulk: 209.86.89.63
Received-SPF: softfail (transitioning domain of hotmail.com does not designate 209.86.89.63 as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: [209.86.89.63]
Authentication-Results: mta1160.mail.gq1.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-junco.atl.sa.earthlink.net) (209.86.89.63) by mta1160.mail.gq1.yahoo.com with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [71.237.118.147] (helo=User) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <qdbfwp@hotmail.com>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
Reply-To: qdbfwp@hotmail.com
From: Eduard Frank<qdbfwp@hotmail.com>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <E1TyPZx-0002jO-Fi@elasmtp-junco.atl.sa.earthlink.net>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.237.118.147

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use:
http://www.craigslist.org/about/terms.of.use.html This was a spoofed link with the actual URL being goo.gl/aiNwi
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below:
http://www.craigslist.org/about/ctd/repost.html This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.
——————————————————————————

Date: 1327114516
PostID: 24177504

HEADER DETAILS:

Return-Path: <dycsbl@craiglist-accounts.com>
X-YahooFilteredBulk: 209.86.89.69
Received-SPF: temperror (encountered temporary error during SPF processing of domain of craiglist-accounts.com)
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: [209.86.89.69]
Authentication-Results: mta1220.mail.sk1.yahoo.com from=craiglist-accounts.com; domainkeys=neutral (no sig); from=craiglist-accounts.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by mta1220.mail.sk1.yahoo.com with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [72.172.204.128] (helo=User) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <dycsbl@craiglist-accounts.com>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
Reply-To: dycsbl@craiglist-accounts.com
From: Craigslist <dycsbl@craiglist-accounts.com>
Subject: flagged & removed 24177504
Message-ID: <E1Ty7Nq-0004nx-4X@elasmtp-mealy.atl.sa.earthlink.net>
0da15bcd0e72a23c13bbd08df6cfe9269ef193a6bfc3dd48c25deae7748207c3a2f7e1f2b096e1d07ef9f80aaf77e5a4350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.172.204.128

dycsbl@craiglist-accounts.com 72.172.204.128 <> 209.86.89.69

 

Tags: , , , , , , , , , , , , , , , ,

 
%d bloggers like this: