RSS

Tag Archives: Spoofed

Suspicious Spoofed Craigslist Email

SUSPICIOUS FAKE CRAIGSLIST EMAIL – PHISHING ATTACK

01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank qdbfwp@hotmail.com

EMAIL: Hi Am very interested in your item posted on craigslist : https://post.craigsIist.org/k/EEEYZLFl4hGbaqXZBYzI7A/vh279?s=tou This is the same spoofed link from the previous emails. The actual URL is goo.gl/aiNwi 

is it still available?

HEADER DETAILS:

Return-Path: <qdbfwp@hotmail.com>
X-YahooFilteredBulk: 209.86.89.63
Received-SPF: softfail (transitioning domain of hotmail.com does not designate 209.86.89.63 as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: [209.86.89.63]
Authentication-Results: mta1160.mail.gq1.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-junco.atl.sa.earthlink.net) (209.86.89.63) by mta1160.mail.gq1.yahoo.com with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [71.237.118.147] (helo=User) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <qdbfwp@hotmail.com>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
Reply-To: qdbfwp@hotmail.com
From: Eduard Frank<qdbfwp@hotmail.com>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <E1TyPZx-0002jO-Fi@elasmtp-junco.atl.sa.earthlink.net>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.237.118.147

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use:
http://www.craigslist.org/about/terms.of.use.html This was a spoofed link with the actual URL being goo.gl/aiNwi
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below:
http://www.craigslist.org/about/ctd/repost.html This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.
——————————————————————————

Date: 1327114516
PostID: 24177504

HEADER DETAILS:

Return-Path: <dycsbl@craiglist-accounts.com>
X-YahooFilteredBulk: 209.86.89.69
Received-SPF: temperror (encountered temporary error during SPF processing of domain of craiglist-accounts.com)
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: [209.86.89.69]
Authentication-Results: mta1220.mail.sk1.yahoo.com from=craiglist-accounts.com; domainkeys=neutral (no sig); from=craiglist-accounts.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by mta1220.mail.sk1.yahoo.com with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [72.172.204.128] (helo=User) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <dycsbl@craiglist-accounts.com>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
Reply-To: dycsbl@craiglist-accounts.com
From: Craigslist <dycsbl@craiglist-accounts.com>
Subject: flagged & removed 24177504
Message-ID: <E1Ty7Nq-0004nx-4X@elasmtp-mealy.atl.sa.earthlink.net>
0da15bcd0e72a23c13bbd08df6cfe9269ef193a6bfc3dd48c25deae7748207c3a2f7e1f2b096e1d07ef9f80aaf77e5a4350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.172.204.128

dycsbl@craiglist-accounts.com 72.172.204.128 <> 209.86.89.69

 

Tags: , , , , , , , , , , , , , , , ,

“Ryan Mathews”

CRAIGSLIST SURVEY SCAM – PHISHING SCAM

THERE WAS 3 LINKS – ALL LINKS WERE SPOOFED AND THE ACTUAL URL WAS TRACK.REVFORCECPA/AFF_etc.

EMAIL: Hello,

This Is Ryan With MyPaidSurveys.com, I saw your Ad
on Craigslist. We are looking for only 100 people to
take our simple paid surveys daily…
We pay $20 to $50 per survey daily, and we pay weekly.
Click Here And Register For a Free Account
Hurry…We are only looking for a 100 people only.
Get Paid $1,000 + weekly….
Click Here And Register Now
Sincerely yours,
Ryan Mathews
Hiring Manager
MyPaidSurveys.com

HEADER:

Return-Path: <francescoreidhead@jobsearchonline.org>
X-YahooFilteredBulk: 188.121.53.2
Received-SPF: none (domain of jobsearchonline.org does not designate permitted sender hosts)
X-YMailISG: 65Fy2LsWLDsvFB3wpPW1fIW3kxoxB1YgzGNy.izUKXCPC1nT ecrJiYb4yA4PCDYRiLGXSBAWbRV9g6WnHmBywayeNzHD16Ez5y2Ki437dm1Y .X5JQP9kCb08aZYt9GkfLCG0qcF7Lmxf1rLVPQ2Nxg4tHtN6jgA8K5kUG.OR pwh2Wg8EKlSXaaqATyAoZaciOKp7O8wxpC87auN83gjhJaXgnQhpbh_Wm0TN kJ4nW_.cutAMyDpNs3ukrGE.MZ53oe16KrUfVrbJy9jCPH5FJlyXbmLQoUDI W6PssvNPexBjMiLPr09jM3ez2quCISS7hE_a7gW9nQhsFZR_gCASSdweJ5go 4cojPLBdClhGyozUCnv3coVlpKFtnX17HMmefEcSbCm5YehqOqaPTF0OjL.z PUTtz.fOyL.sXEKRQQ978DOxiatUYeCbx_RjnxSTI1UdIObtv0rp6qPWCMHD P67MBe6Mo6JDCn0jELd94faooX4.w9nx7ie8PzY7QI8bWVMhVeA3AGeehXuO j9KVa99YZoUXobquBQCEq1XD88zzRS.tjb4dXUtxxQjWLlmplMI55BW_dbou OZ76BZni6G5_1dgdKIhVNJF7PHm2sOzXcmuZO.htZvBlDwXk1BaZcTDnPgtH pmqwAR9VhCVxh7BA9C5cXqLpioCuBzjYNGCEW2R5_7.FdNsi0e4N8IuDa4mH XMtUsado.v8VDjBrn._NZ_r6zRUjpMdWzWgMMF4j0Cz52tXLIExce1MhckFP Ys1DujpC1whpah3XyaEtA2_AThxX9hRvE4WKz5oTgPg7.PjwBjOL0E2qQ8Ov DzXQCCZtZae9IykSL8p_6DCo0v9fDUnSgetUfVvkjHkQDSnMejJvJgs6HQzx WpUyhQkLMKjc6eXu9tn0Wfq86LcRdJz.xy9TbRKB5YPr8Wtv3CyqKVWpi5mH xtllJdCMUmmZu_ook6CHrlG.UX8Q1v9nqTJpIfKRLYV_yKyYWfF8RWC3l1oc uhuw9ThqtHVzfMQRq9r7D3aPV3wcbdPNpkKzp_6ysSTz1ghHt4Kh7dSNuvrV GE3s2Lob1bPy_EXZ.FIleSxmv19bB7TV5DJ3QV96JWLIG4fVbX9X1WZfZyDl uhBFbcoQWh56lHexGEnGhCze3FIF.62Q_A6P
X-Originating-IP: [188.121.53.2]
Authentication-Results: mta1137.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=vfemail.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO n1plout04-02.prod.ams1.secureserver.net) (188.121.53.2) by mta1137.mail.mud.yahoo.com with SMTP; Sun, 14 Oct 2012 15:01:51 -0700
Received: (qmail 7504 invoked from network); 14 Oct 2012 22:01:50 -0000
Received: from unknown (98.24.151.137) by n1plout04-02.prod.ams1.secureserver.net (188.121.53.2) with ESMTP; 14 Oct 2012 22:01:49 -0000
From: “Ryan Mathews” <CraigslistAdReply@vfemail.net>
Subject: Re: Ad On Craigslist
Message-ID: <57509048dfe69f428ab5af9c6a5de2ad@DeeQ-PC>
Content-Type: multipart/alternative; boundary=”—-=_NextPart_000_0001_C30A4D9F.387FF949″
Return-Path: <francescoreidhead@jobsearchonline.org>

Ryan Mathews CraigslistAdReply@vfemail.net RETURN-ADDRESS: francescoreidhead@jobsearchonline.org

RECEIVED-IP: 98.24.151.137 X-ORIGINATING-IP: 188.121.53.2

 

Tags: , , , , , , , , , , , ,

Julian Thomas

Phishing Attack – MALWARE

 

EMAIL: http://theglobalviews.com/wp-content/plugins/akismet/ugoogle.html

HEADER:

Return-Path: <jthomas299@gmail.com>
Received-SPF: pass (domain of gmail.com designates 209.85.210.173 as permitted sender) dWdpbnMvYWtpc21ldC91Z29vZ2xlLmh0bWwgATABAQEB
X-YMailISG: _QbkUa4WLDtDDImGzxIRh._8UctX7E_yEakMVKzPQVFgOxU2 f8BXgO9XOACNn18iN8QwyZUxCQjglxaLxh4l1dHKsh377v_gydQ1_Y9OFsPj 0k8K9DADiuebd2j.rmz9EnAaSwF2jdtNGDrTEPGS_EZilciswFOJti5hGzmy uPfoF.AJlwdTa9vYWnC.ijOt7dkRDUrJ6cPYFkuGK9Fa7Vy6.WWkGdmAlvxp mum7F6q6e6nOeCwHLK5Hi56e2QqN3TNT3M92wT5X9GDKvxGhTR1D5JebAs0D Ta_K6z1CLwIcycuHy81fSgDvcGZjMDMdBn6TlMal02B7KUXXEjZbKSdGMbCg p9_qnbQqoKeybTscfuwT.DeaW5AhOgxNxSMJQjuQlTzbdz0oyeQDVS.NrGdY aAXwBp8.oSejmBXdtuPWsPSo1QqhkvE4xOAH0JWR4Ffdc3aMV86DzbLZ5xgb k6OmZZq.LkWDm7WlSGboqNQZcjyHFIvZHHTArW_mv4OBklvqb04bzyxSsAFY mRbtLcROkVI0MupzMJPwSQY4uqXTvfAfD2cyV2Omx6udS23Zbi5BEJZV6VZr lFsiUFuddVHiDZYzOTgYaTQYUJuxzL0pLS9XQtIMwbFBZ7HzZ9PCxx0MpvEE p5EEdb5gDPidUiFjPEd8A7seTb0bft2VCgaWgybRiBYGyvTb5mAGXw3CrxHi 5pSRqwQdVr3_YSKPxD7ziKVD6yTHRI9n8cWJ_WYwF3XJRFvyOqq7.rM5gmlN Z1LMh8k8x_wTcVKMSYdlz1ELt_4H5CWL6IQM.juI_Ag59GSfmOThO40utvLr eth5EljfPr0IhUMOChtpZnsEbGXbrCe2bQRcr.u2LVQ2NoOX_g6nb_yX_ChG UAHULyY4IvpPsG9PpQol1gfSKVp_LSXF0dxzem4Wf6jKdRkswKe3yZpFrXmF o2kEOJtCqwCrk05Z0naHjZiQ4IOHWT7nzM3oNiW1eaobvAyip1W7bZvG6chd HGiLQ8JEarox2qFrPCzTj8RDVl66byTZ4v0XN8MrkIcq7MxM1oZRibWXniOQ wn1Zj03LkieeflXlhgZNUi566Ced5zol9ousQfqUVBQeH46.5038.6aWFmv4 iM1tBAPuh9SxdV5FcHr_rCGgQ1CUYvOcWwhWHnIHACk_tvpIyXZLXSDBd5Tv 4P.FV6_D
X-Originating-IP: [209.85.210.173]
Authentication-Results: mta1259.mail.bf1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-ia0-f173.google.com) (209.85.210.173) by mta1259.mail.bf1.yahoo.com with SMTP; Sat, 10 Nov 2012 02:23:05 -0800
Received: by mail-ia0-f173.google.com with SMTP id m10so3261400iam.4 for <deleted@yahoo.com>; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X/EcyHI7fCzBVRIZx1ZLHDvk8NTmX3HJwBi5boQXb1Q=; b=oYfe6tprlmGl4KQGlch5xN9W/sfJdTSxywTJ0RPlOyKp92uoBSeDrC7gi6Cju6EujQ VdKZO205dG3h2pX64Wt+vQiAjwONADSwU0jZ4NGFie+TzVWM9Hfs5RTrpgSDHrRr+E93 ElhMjrYS1fpk3P4LxqPgSzZQFWZV8XGwMUE24Hz16+0AAu0w7cd11I5h7d//s8sIY7MA wmKpBHSg7wxoBMdQ0gik6WGNcTFb5RTY/YF8rYv/6hQY1geA6XGjIRW0iBeUWALv9TBH G6aLZyUkbNeiqwRBsWou2dNAljQgW1UDYlDrPpu6fvSDVhDGhrPZsOjT1xHgFeLuO3xK k1dQ==
MIME-Version: 1.0
Received: by 10.50.16.144 with SMTP id g16mr3131462igd.23.1352542985776; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Received: by 10.231.11.67 with HTTP; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Date: Sat, 10 Nov 2012 11:23:05 +0100
Message-ID: <CACYsU7yNrJqyaoLs1pASkUTWyk-biOmk+-b79chG_LMtGjwWDA@mail.gmail.com>
From: Julian Thomas <jthomas299@gmail.com> Add sender to Contacts
To: julianthomas@facebook.com, mmdavis6@gmail.com, mzwx4-3270719590@sale.craigslist.org, deleted@yahoo.com, theenvycorps@gmail.com

“Julian Thomas” <jthomas299@gmail.com> 209.85.210.173

 

Tags: , , , , , , , , , ,

“Michael Brewer”

SUSPICIOUS EMAIL – Sending unknown links in emails – I don’t trust it and i’d advise you not to click on any unknown links sent by unidentified online users (or bots) (FYI, I havn’t had a Craigslist ad up in months so any emails i’m receiving by people claiming to be from Craigslist are liars.)

Hello, my name is Michael.  I am a US Marine veteran, and I was just viewing your ad on craigslist.
I would like to show you something that I believe can help you.

I didn’t believe it when my friend approached me.  
After seeing his results I decided to follow his link.
My life has changed because of it.
But don’t take my word for it. Visit my link and see for yourself.

Best Regards,
Michael Brewer
612-5597501
Here’s the link.

Link was here

I didn’t click on the link and didn’t want to post it and have someone else accidentally click it. The Link said http://networthgain(dot)com and the URL was networthgain(dot)com with no ‘http’

 

HEADER:

Return-Path: <msbrewer@gmail.com>
X-YahooFilteredBulk: 67.222.50.208
Received-SPF: neutral (67.222.50.208 is neither permitted nor denied by domain of gmail.com)
X-YMailISG: S6Vh9hcWLDubgDGy_xQOlA8KEUP57lQplXkxzdnkuUs5UTL8 IHAmaELNCB5lqzGFOk5uiGRU.rDHF4wjb849pP2PZroMduwL2hY8.ksxIG04 IjjzxTS5BJRc6bn04pfF6hvl8OavbAl3NpZcoSSUColwAiiO1fhMWBNOUc_N grTMJdWNiFrmvDGExWJaTIIlpapw82RvCqcWkE.nMMM7KX1OIQLFiEPIfL9u U0jkH5hFS52wiy7TTFfnfFGPMWMQWJXkRYUs8kohLVKvDLtsk4fg5ZwdjBko D4ZclazthTgrDeMj6ps1EqHkQVQesZk9rBGKs4wrK.zQuJj52qe26VENjFjl PZjE2RcBAS.g_dOPyyBcOtpKBawWyHz08_X42qtLaCBlcDmt2XBb7iyCf3yE XYhV1SNVLWAG1BwoAQ_ufTQOrotoQEtwbMcPPlKU2.LXyvZMCDdt9exzI7au LaedSKChCnq0bl5V1JVfM8Ub2K1Ugla2_9YgIK4wveaD7V1uKe1sGBCfGaa5 alRTJJ2zl4uwynAFwDmLEWro1SOqIgchab.FaYsfGJCU8VPfnrFv.VzLSfKl 5uEKniX.4dBvbP4SeqH84n5AzGze8hjt_KiNu1J4hp5J_Cy_48ValPe0Dk9a G4LRVcHWvoKEIv4BPWO5OoHras6XYBAuDUuZDf9pffMJlLzkHoHDyoD6V8ef JF70e8WwFK73wvj9cqOHFKvjMlzeQjUuJ6w34nfVfo5dhNNPPr6GTEA5hkaR 3k3VvU67uh2ecUQytwpal02AaqEPS2ksVwA_zwByf286er2U7Vva1CZztWog .1eecc2V6fPlTTCuNn0XdGXRaFuUUIqx81_qXKcwLEl9em_a4cc2T9yzKVtL PqMDRBlyLXbH_WAwRl5fcjr9ifrbyGtd.IorpAF7NSl4wxwaUHlWpxwo44Fs ZoSh.Sgq69SxyDrwW2YrBff5dZWNCGfdMKJP8naMy46AhWb07SAlFFxj6im. T_1V6EdBnONACh36oCI8Efa99ahNQX8bbJK3pHygTBGqb5LBUdA2bkvt6G0p mursgi3SHF053GAxCeiy8srOdJ5n8keAADLFNNpwCcuNmvWvaYXMRmw3MFow cbSbl.tUYo3.cWhOgQVTUBUq0O3.keasOT9HNv5.4zfVcm7HNe5g4bUhlUMm VNxc0U_pF4LspgcPAWVMMyHCBSRVJXZ0sHMyxAAj0FTGXBp3TKoha4ENrFe2 5wgQk.8VMBQxL83aMQBCEejwHcBwVz8QQDROc9RHs_NmpZgDQ0vSSDzttOX. fvFTVavHkYCbvPUbkVpd.j49mA–
X-Originating-IP: [67.222.50.208]
Authentication-Results: mta1173.mail.mud.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO outbound-ss-1353.hostmonster.com) (67.222.50.208) by mta1173.mail.mud.yahoo.com with SMTP; Fri, 12 Oct 2012 01:20:40 -0700
Received: (qmail 28821 invoked by uid 0); 12 Oct 2012 08:20:40 -0000
Received: from unknown (HELO box587.bluehost.com) (66.147.242.187) by soproxy1.bluehost.com with SMTP; 12 Oct 2012 08:20:40 -0000
Received: from [66.41.126.218] (port=63105 helo=Kokunai-PC) by box587.bluehost.com with esmtpa (Exim 4.76) (envelope-from <msbrewer@gmail.com>) id 1TMaU3-0001Wc-VB for deleted@yahoo.com  Fri, 12 Oct 2012 02:20:40 -0600
Message-ID: <024463a9-41194-06891390529514@kokunai-pc>
Reply-To: “Michael Brewer” <msbrewer@gmail.com>
From:
“Michael Brewer” <msbrewer@gmail.com>
To: deleted@yahoo.com
Subject: Craigslist Reply…
Date: Fri, 12 Oct 2012 03:20:14 -0500
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Identified-User: {2654:box587.bluehost.com:exceptk3:exceptionalismofamerica.com} {sentby:smtp auth 66.41.126.218 authed with exceptk3}

ORIGINATING-IP – 67.222.50.208 Host: outbound-ss-1353.hostmonster.com

IP – 66.147.242.187 Host: box587.bluehost.com

IP – 66.41.126.218 Host: c-66-41-126-218.hsd1.mn.comcast.net

Michael Brewer — msbrewer@gmail.com —

 

Tags: , , , , , , , , , ,

Suspicious Email (possible hacker/phishing attack)

Similar suspicious emails came threw from unknown users (possible bots.) In the email was one link and the email was sent to me and dozens of other addresses. The IP’s in this email and others alike, a IP’s used by Scammers sending out fraud mail and the link are believed to be spoofed or a possible hacker/phishing attack. I havn’t clicked the link and I don’t advise you to. I posted it so it would show up in search engines incase others looked it up.

 
 
FROM: Victor Garza” <garza-victor@sbcglobal.net>
To: jsissonsinvestments@gmx.com, harveyhcho@gmail.com, generalmeuse@gmail.com, minwater2009@hotmail.com, nilamerlita@yahoo.com, porkyexposed@yahoo.com, pers-pjz28-2625231933@craigslist.org, tognar33@yahoo.com, hanzdb@yahoo.com, tagee0@aol.com, ang7maulana@yahoo.com, revitalisasidiy@telkom.net, ini_bisnis_gw@yahoo.com, benny_irawan0581@yahoo.com, wawa0926@kimo.com, dejuntaxs@yahoo.com, Bharathsabari.Venkataraj@bh.yokogawa.com, modeling@knoxvillemodels.org, patty_aiken@juno.com, utuydjamhur@yahoo.co.id, freddy_saputera@yahoo.com, herzal@windowslive.com, sssxxxp11@gmail.com, selina671@yahoo.com.tw, chrisgladdenmusic@gmail.com, sy45689@hotmail.com, daffy_dee79@yahoo.co.id, star_maxing@yahoo.cn, hannien_sans@yahoo.com
 
 
 
HEADER:
 
 

The ORIGINATING IP ADDRESS OF THE ABOVE EMAIL IS KNOWN TO SEND OUT NIGERIAN 419 SCAMS WHICH MOST LIKELY INDICATES THAT THE ABOVE EMAIL IS SOME TYPE OF SPOOFED/HACKER/PHISHING-ATTACK

Example Messages Sent From 98.138.229.103
From: Spring Investment Limited <web.office_3474.32@veri
Subjectnone/blank 
From: “Frank Jimmy Loans Co.” <web.office.003-10@rogers.
Subjectnone/blank 
From: evelyn <janniferkiss@yahoo.com>
Subject: HELLO, 
From: Nadia Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: Miss Nadia Kallon Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: gift ukeh <giftukeh@yahoo.com>
Subject: Nice To Meet You, 
From: “222222222” <222222222>
Subject: 请查收 
From: Walid Kh <walidkh52@yahoo.com>
Subject: this has been your time to shine 
From: “Mrs. Sharon Crawford”<info203932@skymail.mn>
Subject: COMPENSATION ALERT, OPEN ATTACHMENT TO READ ALERT 
From: “Mrs. Sharon Crawford”<sharoncrwfrd1191@skymail.mn
Subject: Scam Victim Compensation Alert, View Attachment Fo
From: Florin <munguu_jin@yahoo.com>
Subject: =?iso-8859-1?Q=?= 
From: “MRS. VERA DAVISON” <mrs.veradavison@gmail.com>
Subject: NOTIFICATION!!! YOUR E-MAIL I. 
From: Re majer <web1.118@att.net>
Subject: HELLO FRIEND? 
From: PREMIUM FINANCIAL HOLDINGS LIMITED <web.offfice.45
Subject: Loan Offer 3% 
From: rejoybaby maj <web69.12345@att.net>
Subject: HI It’s My Pleasure 
From: weboffice 000xxxxofficef1 <web_officefile0990@att.
Subject: Fw: PLEASE YOUR URGENT ATTENTION IS NEEDED
From: “MR. SUNNY LUCAS” <sunluccas111222@rediffmail.com>
Subject: SOUTH AFRICAN NETWORK FOR WOMEN 
From: “MRS. SUSAN SHABANGU” <shabangu100@gmail.com>
Subject: KINDLY OPEN YOUR ATTACHED FILE AND GO THROUGH IT A 
From: “General Manager”<xxxxxx32@hushmail.com>
Subject: HELLO, (VERY URGENT PLEASE !!!) 
From: “travisgalica@yahoo.com” <travisgalica@yahoo.com>
Subject: FW: Did you see what Dr Oz said last week? 

client ip 98.139.212.191

Associated Mail Server – 98.139.212.191

Project Honey Pot

The email’s IP has also been the IP of a 419 scam attempt by an online user who then reported it to scamwarners

Delivered-To: [my.redacted.address]
Received: by 10.182.51.4 with SMTP id g4csp15278obo;
Thu, 22 Mar 2012 09:07:20 -0700 (PDT)
Received: by 10.224.58.205 with SMTP id i13mr11384387qah.97.1332432439777;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Return-Path: <0desirekoende4582@att.net>
Received: from nm23-vm0.bullet.mail.bf1.yahoo.com (nm23-vm0.bullet.mail.bf1.yahoo.com. [98.139.212.191])
by mx.google.com with SMTP id c2si2125271qcd.182.2012.03.22.09.07.19;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Received-SPF: neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net) client-ip=98.139.212.191;
Authentication-Results: mx.google.com; spf=neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net)smtp.mail=0desirekoende4582@att.net; dkim=pass header.i=@att.net
Received: from [98.139.212.148] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [68.142.200.224] by tm5.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [66.94.237.118] by t5.bullet.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [127.0.0.1] by omp1023.access.mail.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 987846.4887.bm@omp1023.access.mail.mud.yahoo.com
Received: (qmail 30955 invoked by uid 60001); 22 Mar 2012 16:07:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1332432438; bh=qC9ja17T2XXp6aqesfDLGfKpznCUVeikD60t7/lfcNQ=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=y0wL2wF7Ou+MqEhEnoS2H+wWp2Qyut0bPleskdzEgWoAXVYYXWRuzHHupGsu1F4os93JLL6Dm4wBfwhq9Jj+6IMouzb7ghB9GBr4WH34IbJ40+Y0jt3Kvk7xPeKpTq/AgBIpqMVwyDdfHIIGLRNMa/Z//GwnW6XTQY3+R4odMRMDomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=att.net;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=A9AAuHEVubbzaAjLCe1F2QXM6T4rNgWGc58ZdbiN0y0ONyi3avS69FCJvwGlbvNG+fDU4BbwaEKeZ/xoqRx6qi8T5eBVdElPReyIAcxs27GttTcw9pHIey+Jmi58T/Z8p/ALnnM5qk8/mCO7KB8I96Wr5mlgBNozCw71BP+59TI=;
X-YMail-OSG: BIagEk0VM1kiihpr6_QUOCzsmXlIPZ0xTODn1dDH6rL4Uqu
YKXGlk3eS7WyDQ324tdhkrDgRb_r1xCKsPLS8IdffD7YdHDiUeZfJnmXenuX
RTbjq6F6mMAzY_MWskr9N1jhO_rMHCVrLnRv14jJqe0u3MUMtn9wv1juziRK
ej.JnAtMxZsKrDoWAs.aPCX1V7myQlhnbzsCSNwBTNyB4736ZQJ.lI2rH0dN
phxlNHy61DXsXqiorsbtqRjoLYxlJHMz3vn38iH3unqV2Vb47cBIz4dC14JP
zSYJPQXm1IATDR1cjC9w1YVq4VYB7DaIl2r_970rS8CczZ2H1aXprM7EqlDO
xZvnKodoErHLBoIxuXrcjWKBRJv78_5rzlVEEJHxpEwjqdB3w4HnMdKTjg0D
UL.MtISfulEEKis3tnsjlqmurgKXSc0wUSLyTwFHkT9QucZj5B0roeGYQZSU
l0TQ16rMLi3H00mVaeQ–
Received: from [41.82.148.87] by web180910.mail.ne1.yahoo.com via HTTP; Thu, 22 Mar 2012 09:07:18 PDT
X-Mailer: YahooMailClassic/15.0.5 YahooMailWebService/0.8.117.340979
Message-ID: <1332432438.21116.YahooMailClassic@web180910.mail.ne1.yahoo.com>
Date: Thu, 22 Mar 2012 09:07:18 -0700 (PDT)
From: desire koenders <0desirekoende4582@att.net>
Reply-To: mr.desirekoenders@yahoo.com
Subject: From Mr. Koenders Desire
To: [redacted]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”897918875-1321714197-1332432438=:21116″

From Mr.Koenders Desire
Telephone: 00221771499501
I am Mr.Koenders Desire the only son of Late Mr. & Mrs.Désiré Dallo but am here with my sister. I select you to assist me. My father was a cocoa merchant in Abidjan the economic capital of Cote d’Ivoire He was poisoned to death by his friends . But before the death , he secretly called me by his bed side and told me that he has the sum of Four million two hundred thousand United States Dollars USD ($4.200,000) deposited in bank .So am currently living in senegal to get someone that will assist me. He used my name (Koenders Desire) as the next of Kin to deposit the money. He then strongly advised me to be careful especially with his friends and our relatives.the money is kept in the bank with the view of making use of it for investment purposes after my educational carrier.. For The urgly development in this country,I have now decided to take quick actions and have this money transferred out of this country before it is too late.I am honorably seeking your assistance in the following ways Please I need your assistance in this ways.

1. Can I completely trust you? 2. What percentage of the total amount in question will be good for you after the money is transfer to your country? 3.Can you help me to come over to your country and further my educational carrier?4.Can you asure me of the confidentiality of this transaction till when this money get to your Custody,this is to ensure that nothing jeopardizes my last wish on Earth.No matter what your decision may turn to be I humbly beg you to reply to me.
Thanks and God bless you
Best regards
Mr Koenders Desire

 
Leave a comment

Posted by on 11/25/2012 in Other

 

Tags: , , , , , ,

Hunter Marshell

Suspicious emails sent by Hunter Marshall using a IP/DOMAIN known for sending out scam mail

FIRST EMAIL SENT: http://edebiyatalemi.com/boybullet/70matthewbrown/ <– Believed to be a spoofed link. The actual URL doesn’t have an HTTP:// and this email was sent to dozens of people at once. The IP/DOMAIN has not only been blacklisted but is known for sending out spam/phishing. This leads me to think that these links are malicious and trying to steal information and the links are spoofed. This unknown emailer also sent the email to the following: “nbnxs-3210175843@pers.craigslist.org” <nbnxs-3210175843@pers.craigslist.org>, “ndghq-3255393928@pers.craigslist.org” <ndghq-3255393928@pers.craigslist.org>, “ngjsv-3283872977@pers.craigslist.org” <ngjsv-3283872977@pers.craigslist.org>, “NicoleClarik3@hotmail.com” <NicoleClarik3@hotmail.com>, “nkzjz-3209235157@pers.craigslist.org” <nkzjz-3209235157@pers.craigslist.org>, “p3ftm-3252808088@sale.craigslist.org” <p3ftm-3252808088@sale.craigslist.org>, “p6kbq-3215584511@sale.craigslist.org” <p6kbq-3215584511@sale.craigslist.org>, “p8fr2-3210992600@pers.craigslist.org” <p8fr2-3210992600@pers.craigslist.org>, “pers-38fq3-2698084615@craigslist.org” <pers-38fq3-2698084615@craigslist.org>, “pers-e9dqs-2704366508@craigslist.org” <pers-e9dqs-2704366508@craigslist.org>, “pers-paans-2699763453@craigslist.org” <pers-paans-2699763453@craigslist.org>, “pers-rajgk-2707076820@craigslist.org” <pers-rajgk-2707076820@craigslist.org>, “pers-rzhzy-2705029535@craigslist.org” <pers-rzhzy-2705029535@craigslist.org>, “pmfnc-3209866186@pers.craigslist.org” <pmfnc-3209866186@pers.craigslist.org>, “pmvkk-3228774589@pers.craigslist.org” <pmvkk-3228774589@pers.craigslist.org>, “porkyexposed@yahoo.com” <porkyexposed@yahoo.com>, “pwgqc-3255597543@pers.craigslist.org” <pwgqc-3255597543@pers.craigslist.org>, “pxthp-3223707014@sale.craigslist.org” <pxthp-3223707014@sale.craigslist.org>, “q74zq-3252448536@pers.craigslist.org” <q74zq-3252448536@pers.craigslist.org>, “qbnmq-3268989654@pers.craigslist.org” <qbnmq-3268989654@pers.craigslist.org>, “qd3s2-3236365959@pers.craigslist.org” <qd3s2-3236365959@pers.craigslist.org>, “qhczg-3207863319@pers.craigslist.org” <qhczg-3207863319@pers.craigslist.org>, “qq22w-3232024680@pers.craigslist.org” <qq22w-3232024680@pers.craigslist.org>, “qrwxt-3268506258@pers.craigslist.org” <qrwxt-3268506258@pers.craigslist.org>, “qzsv8-3236584232@pers.craigslist.org” <qzsv8-3236584232@pers.craigslist.org>, “qzz2p-3255572511@sale.craigslist.org” <qzz2p-3255572511@sale.craigslist.org>, “r5bmt-3207962113@pers.craigslist.org” <r5bmt-3207962113@pers.craigslist.org>, “rbender@avrmc.org” <rbender@avrmc.org>, “rgxzz-3253056010@sale.craigslist.org” <rgxzz-3253056010@sale.craigslist.org>, “rockiesbatgirl9@yahoo.com” <rockiesbatgirl9@yahoo.com>, “rrtbh-3236355552@pers.craigslist.org” <rrtbh-3236355552@pers.craigslist.org>, “s6jgc-3228760429@sale.craigslist.org” <s6jgc-3228760429@sale.craigslist.org>

SECOND EMAIL SENT: http://kora2day.com/wp-content/disoiuer.php <– Believed to be a spoofed link. Actual URL doesn’t have an http:// .. This email was sent a few days after the first email by Hunter Marshell. This email was sent to my email address along with other email addresses including alot of Craigslist email-addresses. When I look up both the originating IP and the received IP/DOMAIN, both come up blacklisted on many websites. And both have been reported by other online users. Below is a list of other messages sent from the originating IP.

Other Email addresses sent along with my email address are: “nbnxs-3210175843@pers.craigslist.org” <nbnxs-3210175843@pers.craigslist.org>, “ndghq-3255393928@pers.craigslist.org” <ndghq-3255393928@pers.craigslist.org>, “ngjsv-3283872977@pers.craigslist.org” <ngjsv-3283872977@pers.craigslist.org>, “NicoleClarik3@hotmail.com” <NicoleClarik3@hotmail.com>, “nkzjz-3209235157@pers.craigslist.org” <nkzjz-3209235157@pers.craigslist.org>, “p3ftm-3252808088@sale.craigslist.org” <p3ftm-3252808088@sale.craigslist.org>, “p6kbq-3215584511@sale.craigslist.org” <p6kbq-3215584511@sale.craigslist.org>, “p8fr2-3210992600@pers.craigslist.org” <p8fr2-3210992600@pers.craigslist.org>, “pers-38fq3-2698084615@craigslist.org” <pers-38fq3-2698084615@craigslist.org>, “pers-e9dqs-2704366508@craigslist.org” <pers-e9dqs-2704366508@craigslist.org>, “pers-paans-2699763453@craigslist.org” <pers-paans-2699763453@craigslist.org>, “pers-rajgk-2707076820@craigslist.org” <pers-rajgk-2707076820@craigslist.org>, “pers-rzhzy-2705029535@craigslist.org” <pers-rzhzy-2705029535@craigslist.org>, “pmfnc-3209866186@pers.craigslist.org” <pmfnc-3209866186@pers.craigslist.org>, “pmvkk-3228774589@pers.craigslist.org” <pmvkk-3228774589@pers.craigslist.org>, “porkyexposed@yahoo.com” <porkyexposed@yahoo.com>, “pwgqc-3255597543@pers.craigslist.org” <pwgqc-3255597543@pers.craigslist.org>, “pxthp-3223707014@sale.craigslist.org” <pxthp-3223707014@sale.craigslist.org>, “q74zq-3252448536@pers.craigslist.org” <q74zq-3252448536@pers.craigslist.org>, “qbnmq-3268989654@pers.craigslist.org” <qbnmq-3268989654@pers.craigslist.org>, “qd3s2-3236365959@pers.craigslist.org” <qd3s2-3236365959@pers.craigslist.org>, “qhczg-3207863319@pers.craigslist.org” <qhczg-3207863319@pers.craigslist.org>, “qq22w-3232024680@pers.craigslist.org” <qq22w-3232024680@pers.craigslist.org>, “qrwxt-3268506258@pers.craigslist.org” <qrwxt-3268506258@pers.craigslist.org>, “qzsv8-3236584232@pers.craigslist.org” <qzsv8-3236584232@pers.craigslist.org>, “qzz2p-3255572511@sale.craigslist.org” <qzz2p-3255572511@sale.craigslist.org>, “r5bmt-3207962113@pers.craigslist.org” <r5bmt-3207962113@pers.craigslist.org>, “rbender@avrmc.org” <rbender@avrmc.org>, “rgxzz-3253056010@sale.craigslist.org” <rgxzz-3253056010@sale.craigslist.org>, “rockiesbatgirl9@yahoo.com” <rockiesbatgirl9@yahoo.com>, “rrtbh-3236355552@pers.craigslist.org” <rrtbh-3236355552@pers.craigslist.org>, “s6jgc-3228760429@sale.craigslist.org” <s6jgc-3228760429@sale.craigslist.org>

HEADER:

Return-Path: <hunter.mashell@yahoo.com>
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts) LnBocCABMAEBAQEDdGV4dC9wbGFpbgMDMAIDdGV4dC9odG1sAwMx
X-YMailISG: 8m6IHqkWLDs.3oU5LH5YbJUF05C_830qagvefFyFN1SsSq1M 21Lmjm01GmhuYWO2i8o3CVbHF1FZ4nzHBAF_Sorh_8k19P5PiinTzTwI8Jwa .38uYiFqKUWxTYoBhGB.M9NWh.yMtR1NMMScWc8hTHWhe9.FO8m.P1ltd22q 8kq.Sd7k1uy_gEDG3CQspWgSS5cBJGQwWtcsC0D702Cr9lJLVhrza34rKkly Wa5DT.Bw_yxavqdnrFQ70SUlNNyoym4Xh1AkhOT5vU4MwZ0BnPqcgnqxv3lM smlGhiyvrKzNBbZf0QykXpSO22upZAF7tHRtSp5ZYQZmB89OA3vrkWgtq5MQ _2CpKuqYEP2ouU5Gc4eSYgt0Y_NroAK0pxF1DZBx0aLGd5tbeX5fZwzijASG 2sopsxgVbfVA22mCgaV9dB0FhslwY61RrXA_AemIwiOzzjVJ5mPkCFxNlEpk kYYs_0ln3VSOOnCcishHsLG1WjfEuL1vmQFfGa54nAnX2QbhAfdywSPsB9sB aowK977zFX7yeFPVXgJxx2USA2FeUTCFbTtHdEkBJnYzPWVfg_eop_oHVDRT nPV6CXB_co8C7pQ8pT3DkPJLLvL6wqcXUkv5xbyaw8BJQpxwfsxmNAQ38Jwp OwE9Xe1KKHxZbdXoBVLgNxUAYlxjSe0hOJ0cH4DLBZBJ_W1EUoHRXw9siwhG 9j2.V7vXjB9PAhfz8ub2g3EnVowFBUDpSj4BMiRDeVdYxSVz6xDkahXnck3g u028OTvCrNHjs4Me6Ld0UW3loobNb5JjAN7AoRGzAFz752SgsMyx8b3NmQf6 IobQi11XuOVJRRkGg27fMz8HMwl8oEXenL9dcLXdNYhR.FZX32ZNzLWOfruA VPH_KhVJVJPEW6MiF2dhDSh5dxKMBMOegu6YrQZFZa0ZT4jihX4kse.Ulzha uQQXY2i.pBpLSA4Z1crDSoAahbgeicN5qFMeJNM8AJ9ChKRXRtYxWG8EIjqB xLilg.LOE1SllnWNRg1aM03sWyGaT85_ng_NuofHXhWxIrJVhisgrE.Ff6Jq 1xMCBmdSfhZhh6zArdJHdjy0l34o9nrg9Co5IIhPG.hCShKQ7uEhjvbsefi6 WhYPNuGYQv3BbuYSpbdPNgqo3jlsSv7y5GLZ9TWi8ptPF4u5wuOeYroED2DF 7kqSLVEogRImA_9RwBq9MvfYIMQvAQ–
X-Originating-IP: [98.139.212.191]
Authentication-Results: mta1061.mail.gq1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO nm23-vm0.bullet.mail.bf1.yahoo.com) (98.139.212.191) by mta1061.mail.gq1.yahoo.com with SMTP; Sun, 18 Nov 2012 14:03:01 -0800
Received: from [98.139.215.142] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 18 Nov 2012 22:03:00 -0000
Received: from [98.139.212.235] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 18 Nov 2012 22:03:00 -0000
Received: from [127.0.0.1] by omp1044.mail.bf1.yahoo.com with NNFMP; 18 Nov 2012 22:03:00 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 399988.28509.bm@omp1044.mail.bf1.yahoo.com
Received: (qmail 84775 invoked by uid 60001); 18 Nov 2012 22:03:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1353276180; bh=ndVyovJHFOuRXWx3yCkZvqgZsA9GZf4U0QYoOVZJsZU=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=a8rRCMbRh7EldKyUf6V6bZ0p1bYqxZ7NFvFKCbVxfln9wfI731eVCcVx6Sb78yXuPa3CvQt7ro9FxPQ3SajSWFIRhCVcsjUhVS1mAA+jTprV9Zu5LxRAu/mHhXemIH/kPjCuVL9g6CnRrRx0f1YqLtHblobigrotb0/cdh7O0D0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=nUlshYW6xFdoUC+oHAhQoWIB+PmtBA4znAEgOADxUUi4YYGFmjC/iTYJV4pMyoqXM24WajRNaj7fAolTR9MFtKZTJh6lv8Md8eHyPzBWGftWMYsieKJ+tvTT899nPXYReBHZ+xklL9yP4lLO55WYiI7t5e39OTcrteQm1/mIKjE=;
X-YMail-OSG: 24fUDJwVM1mu4oNOl0zidjOV9vVTiz1yuEspcMFsCgGiFH6 oh4x5mY3HO_aT8sMtACHSoQuxb9lLkxSZU1xRtd7E.QHYWCkSJ3Z5fnjPOnI .0aPfSZ79YTavaHJWitpW5.qYVeoOa0Bp1ydr_xQ1RJ6_UCAENbgPRUBk_kq lbF696i1UJYED0mMhpYMr4qj.EEw11aAUuHCS4h1lHG6W3yBMP0qCATdwTBh aC_jmMTX9LPpH0m6NCccBQTq0Ns9gffOwlc8C.r868pf4tcCjyTL26Wbkix3 6viQYLN_oMChZJbeDOANcQX46HW4fYQL.cjcKbdsu8wQuasVhv2W7_pLLCIm cizxM507M.6dFd01SowYcIy5XrFuTlqxZktgMSxNg18EAgBuwi.vWj3wObWu 6CYNetLVSl0NQUK7N8YU78LNo_.0lsqPH7M8a9LKweCNWYefDiGqKtUHsOb9 o6Gb7CZco_c4lyhz3oSD1y8rge8lo3A1iItH022en5Y.jiBUIzzKXJ8c.86L YH8HS
Received: from [88.240.46.22] by web160305.mail.bf1.yahoo.com via HTTP; Sun, 18 Nov 2012 14:03:00 PST
X-Mailer: YahooMailWebService/0.8.123.460
Message-ID: <1353276180.78726.YahooMailNeo@web160305.mail.bf1.yahoo.com>
Date: Sun, 18 Nov 2012 14:03:00 -0800 (PST)
From: Hunter Mashell <hunter.mashell@yahoo.com>
Reply-To: Hunter Mashell <hunter.mashell@yahoo.com>
To: x8s8k-3232016651@pers.craigslist.org, pers-rajgk-2707076820@craigslist.org, porkyexposed@yahoo.com, devildog4life.hr@gmail.com, fqss9-3208471845@sale.craigslist.org, jc9vx-3236113278@pers.craigslist.org, 3dfb7-3212331409@sale.craigslist.org, pxthp-3223707014@sale.craigslist.org, 4wdzt-3167460410@sale.craigslist.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”-360795340-1627103512-1353276180=:78726″
Content-Length: 551

SECOND EMAIL – HEADER:

Return-Path: <hunter.mashell@yahoo.com>
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts) dHRoZXdicm93bi8gATABAQEBA3RleHQvcGxhaW4DAzACA3RleHQvaHRtbAMD MQ–
X-YMailISG: DaSKeHMWLDtpjAojuuC005648iMl_O1cmJgTfAmDWTBgjTyj W0K5h6q3bjKe.RoFe3pqNEaqEUieV1BOk1sAYhn1oAfwzXD8Aj1IVBreqZdZ kbeNaYICml27j0mrk9rkFcXiD2fmoCK4a16imA.sBEly5.T0mqc7xSQrTR0R yqiCyGpnUpzo2eGTFTI8wECjOLtR20l.Va3npL0thkK52lJGhAfG.fxIQmKj drHq7cL_qaBu48frGKc5zbTLNlQyiHP8rtZjw2Ov8Ckx4gGvYjrfSRFklL2o mwyJcgV5xmsaJ33Pxo4cy2Q7F0s00H7zM6LEHH.FmMvZOhKceJz29cb2KlXw kQWh4hUUtAOIzNPoY6lpSSgvMxoSKkPYMeBXIda9P75JJ2KjvYbSpcPxybmX _dNfv7fsrx9O84n4aNYg.pE42l4mewdRio_3u8RbQEBrk57bF41cyIUE9EwM eenpQxypMWRjm8mvX2DG9iXhlB7yCojwdHbGshgbWs2QEklIUu9faBOnWWj2 FYy0SNBp2e950SLrYGKLcr35j3pPt.1i6Bm_2jFhoS8G6sv3UR1_JuFtAl8f Zi4y9GFnn6kMiPSTWpr6CNxjmg0W8C1OyEqQ3kqZ5.EPAxtXcjZMTmBWXkZ9 gCLvEWba9xj7DEX89meVWSvlnNDr27xBSv0ZJj4mlSxLbkIRoqcomaKdG88L LNFVwGpvu.Zd.vJ3Z0FS1RPMc8LuO.k1pBecOEtwTKV2G2nwzxpx8inpum7r EerfYvkUHB8E0nWTYKU9o5SGoVjA3ESNP6Zu9fcaoSp5X9Kp1KAMAGRHodVw gYbXMovbsH_lUgHDSJNJ44jR0J50RqkyeJ.pMCKgl2KqMpUlBfqzcxrolnF2 fhmtemJo5IdvTqX4m0xKaIYQs6_RT2KTXgM5pvts5z58yVpC5RQajU22L3tB A6YwXQ7zVSS35li0N5e7XjEsGR0ILR3BEP1QV0.YbE1.5Hq9CZ7zjxMyQ0Me JlX.xHsthSNd1TpnbYAT2WspG89jf.4fWVN83fm8Ijh2IniCV0Ay0FJxAbc. 7Uz0xxjlPLrO_CI70o0YTZ80rWjEs3toLGIsrnbtoFbabwnd09Jyjr0YWJLS NMW65qWLLdshRY1n30MUhwul5W0qCNt8rvrbkBBR2GmsZa4ubJy61g.adZTQ yp.SljIk75abbfYU64Vy2eDgCR2ZBuBWQ4aU50JfoH_UDtdfLUpN8kfs9ZKg mA7rmw–
X-Originating-IP: [98.139.212.160]
Authentication-Results: mta1399.mail.gq1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO nm1.bullet.mail.bf1.yahoo.com) (98.139.212.160) by mta1399.mail.gq1.yahoo.com with SMTP; Sat, 17 Nov 2012 17:30:24 +0000
Received: from [98.139.212.152] by nm1.bullet.mail.bf1.yahoo.com with NNFMP; 17 Nov 2012 17:30:22 -0000
Received: from [98.139.215.254] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 17 Nov 2012 17:30:22 -0000
Received: from [127.0.0.1] by omp1067.mail.bf1.yahoo.com with NNFMP; 17 Nov 2012 17:30:22 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 948524.69397.bm@omp1067.mail.bf1.yahoo.com
Received: (qmail 15374 invoked by uid 60001); 17 Nov 2012 17:30:22 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1353173422; bh=73XBI+Vxyzj3LMifXM0eCpx4TW4CwH6qnUe6WBqbSJc=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type; b=LM8j1z0V+Y08iN2zxbsIHeCodaPWG/tMhLUpjQkevJdaeq5L4P3D+8g18nSPlbOtHYpM/AZRV+EYfwg5x6FLu16LQ65oHcEZttEg2avXsrM/Wf95mstrccxwC3koscV6H+KK7Lf0khdLLaGykhsVQfglkvFzrdER4E0LWy1ZY+Y=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:To:MIME-Version:Content-Type; b=YlvI8Yi/hqeSDlvB1gah8NEUIIrslxhIwAbPt3r1Tj5BXd16/ujgmtYvUM1/emnV4iLwEpAJ7zdKQd/S0cmThVVlCo5nvHn3dkV+/vs4Qm4DTD4wyFtBxLURe0sRVVW1ZqzOFKUpfPQRhfT4luuzDazZjXbbQpNdfZAzsiPmXyg=;
X-YMail-OSG: J6yHAxgVM1nZ5gr0kmpokRnOqMrRsATyexzx.xCuBJ2fhKQ 3PdReUQCxt4aiCtcmkCVi1mLsG2QCoQ1TkZgCJgytTyExBTASAAgNWLN5Lil RnvPLg5z7BTRxplxzYDC4GHqjhM_f0hJRTTpTiJih_Qyo.zav1BgFhbaqv8v GrikLYpfuJyGGzaWzGyArpbL8qDvZXiXHnJQrGpjiYm5QU32eHePNrKbIg.2 AVzDAhlofpwbNux2jbvrbYgbTIrW3UaRXK47.ZBj.eWYSYa9D0AYCZEe5VFf Lwh7.7XDHQGNiw5vbXmW9WeqBsT_cqg.wEjmJ.EqW89DffUDnK20Hl3jslnY Gf7Nc8ZV2vrhGhS79C8jEIdBjUp7XpO5TnFFH2w.0Bk_1JYEvQxYAga.ayxY 7978Rcrgcy3zwZ1EuGiqa3vmWp7xbTXdjUU52kJEc77o0LX5YoNoLjQGxxoM 1B9iQ1jx5sMkonWuMi.SCPK8MchlawzhcZlJic6QtNOjqWqWonlHC2JPA.CH afeabN7w83gNuTNaL
Received: from [181.14.174.37] by web160301.mail.bf1.yahoo.com via HTTP; Sat, 17 Nov 2012 09:30:22 PST
X-Mailer: YahooMailWebService/0.8.123.460
Message-ID: <1353173422.14639.androidMobile@web160301.mail.bf1.yahoo.com>
Date: Sat, 17 Nov 2012 09:30:22 -0800 (PST)
From: Hunter Mashell <hunter.mashell@yahoo.com>
To: “nbnxs-3210175843@pers.craigslist.org” <nbnxs-3210175843@pers.craigslist.org>, “ndghq-3255393928@pers.craigslist.org” <ndghq-3255393928@pers.craigslist.org>, “ngjsv-3283872977@pers.craigslist.org” <ngjsv-3283872977@pers.craigslist.org>, “NicoleClarik3@hotmail.com” <NicoleClarik3@hotmail.com>, “nkzjz-3209235157@pers.craigslist.org” <nkzjz-3209235157@pers.craigslist.org>, “p3ftm-3252808088@sale.craigslist.org” <p3ftm-3252808088@sale.craigslist.org>, “p6kbq-3215584511@sale.craigslist.org” <p6kbq-3215584511@sale.craigslist.org>, “p8fr2-3210992600@pers.craigslist.org” <p8fr2-3210992600@pers.craigslist.org>, “pers-38fq3-2698084615@craigslist.org” <pers-38fq3-2698084615@craigslist.org>, “pers-e9dqs-2704366508@craigslist.org” <pers-e9dqs-2704366508@craigslist.org>, “pers-paans-2699763453@craigslist.org” <pers-paans-2699763453@craigslist.org>, “pers-rajgk-2707076820@craigslist.org” <pers-rajgk-2707076820@craigslist.org>, “pers-rzhzy-2705029535@craigslist.org” <pers-rzhzy-2705029535@craigslist.org>, “pmfnc-3209866186@pers.craigslist.org” <pmfnc-3209866186@pers.craigslist.org>, “pmvkk-3228774589@pers.craigslist.org” <pmvkk-3228774589@pers.craigslist.org>, “porkyexposed@yahoo.com” <porkyexposed@yahoo.com>, “pwgqc-3255597543@pers.craigslist.org” <pwgqc-3255597543@pers.craigslist.org>, “pxthp-3223707014@sale.craigslist.org” <pxthp-3223707014@sale.craigslist.org>, “q74zq-3252448536@pers.craigslist.org” <q74zq-3252448536@pers.craigslist.org>, “qbnmq-3268989654@pers.craigslist.org” <qbnmq-3268989654@pers.craigslist.org>, “qd3s2-3236365959@pers.craigslist.org” <qd3s2-3236365959@pers.craigslist.org>, “qhczg-3207863319@pers.craigslist.org” <qhczg-3207863319@pers.craigslist.org>, “qq22w-3232024680@pers.craigslist.org” <qq22w-3232024680@pers.craigslist.org>, “qrwxt-3268506258@pers.craigslist.org” <qrwxt-3268506258@pers.craigslist.org>, “qzsv8-3236584232@pers.craigslist.org” <qzsv8-3236584232@pers.craigslist.org>, “qzz2p-3255572511@sale.craigslist.org” <qzz2p-3255572511@sale.craigslist.org>, “r5bmt-3207962113@pers.craigslist.org” <r5bmt-3207962113@pers.craigslist.org>, “rbender@avrmc.org” <rbender@avrmc.org>, “rgxzz-3253056010@sale.craigslist.org” <rgxzz-3253056010@sale.craigslist.org>, “rockiesbatgirl9@yahoo.com” <rockiesbatgirl9@yahoo.com>, “rrtbh-3236355552@pers.craigslist.org” <rrtbh-3236355552@pers.craigslist.org>, “s6jgc-3228760429@sale.craigslist.org” <s6jgc-3228760429@sale.craigslist.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”1332810471-999729533-1353173422=:14639″
Content-Length: 572

 

Hunter Mashell  hunter.mashell@yahoo.com <hunter.mashell@yahoo.com>

41.83.22.59 <> Associated IP <> 41.82.77.176

Example Messages Sent From 98.139.212.191
From: LOAN SERVICE <web.office23429924@att.net>
Subjectnone/blank
From: “Mr. Robin Paker” <web.offfice.19.127@att.net>
Subjectnone/blank
From: L Wells <jbwells3@yahoo.com>
Subjectnone/blank
From: MISS JENNY <missjennykipkalya@postafiok.hu>
Subject: Hello Dearest One,
From: Esther Chizizy <000333yyyzz@att.net>
Subject: hi
From: sosdf fghj <goone_55@yahoo.ca>
Subject: Hi
From: Mrs Rose Lambert <webxxvvcc@att.net>
Subject: My Dear Friend
From: Mrs Elizabeth Kamara <elizabethkamara90@hotmail.fr
Subject: Dear Beloved One
From:
Subject: CONGRATULATION: YOUR OVERDUE FUND HAS BE RELEASED
From: “Mrs. Evelyn McGregor” <officialnoticecaza1@gmail.
Subject: GOOD NEWS YOUR EMAIL HAS WON USD$1,000,000.00 !!!
From: “MR. SUNNY LUCAS” <sunluccas111222@rediffmail.com>
Subject: SOUTH AFRICAN NETWORK FOR WOMEN
From: SJPUB <kmoore1099@att.net>
Subject: PUBLISH RESEARCH STUDIES ARTIC
From: “Robert”<fbiusaorg2011@live.com>
Subject: Read attached message and respond
From: “Maria .B Raul”<incaseinhkilo@btconnect.com>
Subject: Re: Award Final Notification
From: “Mr Anthony D Loehnis”<www.offic223@hotmail.com>
Subject: Kindly check the attached message for full details
From: 張小姐
Subject: =?utf-8?B?6Lez5qiT5YO5LeWQjeeJjC3ljIUt6Yy2LS7p=?
From: Wilfred Wilson <wwilson_four@yahoo.co.th>
Subject: My mail.
From: “ROBERT S. MUELLER”<fbiinvestigatiion@live.com>
Subject: ANTI-TERRORIST AND MONEY LAUNDRY CRIMES DIVISION W
From: “nutzkicker@yahoo.com” <nutzkicker@yahoo.com>
Subject: FW: Tired of green tea? Try green COFFEE!
From: “sonofdxb@yahoo.com” <sonofdxb@yahoo.com>
Subject: FW: Forget those usual weightloss scams!
From: “From Mr. David Morris” <john.king350@yahoo.co.id>
Subject: From Mr. David Morris
From: ETISALAT COMMUNICATION <ukpess@yahoo.com>
Subject: Etisalat Award Promotion
From: Millennium Global loan Ltd <mgl1@live.co.za>
Subject: Loan at 2% reply with Name,Amount,Duration and Con
From: “Mai Leida” <shoshanasherlyn@kl.com>
Subject: Generic & Brand Cialis for $1.53/pill from TRUSTED
From: “Kiera Susanne” <hilmasachiko@wipro.com>
Subject: Buy Cheap Generic Cialis or Brand name Cialis, CIA
From: “Rolande” <georgettewilhelmina@yowzahost.com>
Subject: Buy HCG Drops Online for only $59/bottle ltqgyab
From: “Linnie” <nereidamayme@ps.ge.com>
Subject: SPECIAL OFFER : CIALIS on SALE at $1.53 !!! r6ckix
From: “Carmel Mui” <vivanelda@fusionstorm.com>
Subject: SPECIAL OFFER : CIALIS on SALE at $1.53 !!! fzesti
 
Leave a comment

Posted by on 11/25/2012 in Other

 

Tags: , , , , ,

 
%d bloggers like this: