RSS

Tag Archives: Virus

Spam Sender

WARNING – PHISHING ATTACK / SPAM / MALWARE

If you’ve received an email similar to the ones below, do not click the links. I haven’t clicked and I searched the Internet and it appears other email users who clicked them say it contains malware / viruses so be cautious.

Health Coverage Results – BlueCross BlueShield
From: “Cobra Health Insurance Quotes” <info@locationvisit.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————

Return-Path: <info@locationvisit.com>
X-YahooFilteredBulk: 5.78.137.215
Received-SPF: pass (domain of locationvisit.com designates 5.78.137.215 as permitted sender)
X-Originating-IP: [5.78.137.215]
Authentication-Results: mta1291.mail.ac4.yahoo.com from=locationvisit.com; domainkeys=neutral (no sig); from=locationvisit.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mp-cgo-fdl.k.pr.locationvisit.com) (5.78.137.215) by mta1291.mail.ac4.yahoo.com with SMTP; Tue, 26 Mar 2013 22:47:23 -0700
Received: from mp-cgo-fdl.k.pr.locationvisit.com (mp-cgo-fdl.k.pr.locationvisit.com [5.78.137.215]]) by mp-cgo-fdl.k.pr.locationvisit.com id oIpRcRonQnJyMs; 27 Mar 2013 01:46:55 -0400 (envelope-from <info@locationvisit.com>)
Message-Id: <20130327032599.5020D9DE7@locationvisit.com>
X-Unsubscribe: 42485a0c32f2964c5c4496d739e8586dcec95c5c
From: Cobra Health Insurance Quotes info@locationvisit.com
Subject: =?UTF-8?B?SGVhbHRoIENvdmVyYWdlIFJlc3VsdHMgLSBCbHVlQ3Jvc3MgQmx1ZVNoaWVsZA==?=

$2,500 in [62 Minutes]Thursday, March 26, 2037 6:12 AM
From: “Direct Deposit” <info@sitesupermart.com>
To: undisclosed-recipients

—Click Show Images To Enable Links.———————————————————————————————————
Please click the “Not Spam” button above to visit links.
Wake Up Tomorrow With An Extra $2,500 In Your Bank Account!
Online Personal Loan Approval with NO Credit Checks
Good Credit * Bad Credit * No Credit

365 Day Loans is different in a very distinct way.
It’s fast, it’s secure and absolutely confidential.

Return-Path: info@cooltourdance.com
X-YahooFilteredBulk: 197.238.136.176
Received-SPF: pass (domain of cooltourdance.com designates 197.238.136.176 as permitted sender)
X-Originating-IP: [197.238.136.176]
Authentication-Results: mta1099.mail.gq1.yahoo.com from=; domainkeys=neutral (no sig); from=sitesupermart.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ton-cgm-dpn.cso.fhr.cooltourdance.com) (197.238.136.176) by mta1099.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:16:17 -0700
Received: from ton-eeq-dpn.cso.fhr.sitesupermart.com (ton-eeq-dpn.cso.fhr.sitesupermart.com [197.238.228.176]]) by ton-eeq-dpn.cso.fhr.sitesupermart.com id pJV10rees0AMTq; 26 Mar 2013 02:12:00 -0400 (envelope-from <info@sitesupermart.com>)
Message-Id: <20130326329072.A1BBF0C4F@sitesupermart.com>
X-R-HASH: 5e44d3b1c4b62348d7de845099ae2c46a8c60a20
From: =?ISO-8859-1?B?RGlyZWN0IERlcG9zaXQ=?= info@sitesupermart.com
Subject: =?UTF-8?B?JDIsNTAwIGluIFs2MiBNaW51dGVzXQ==?=

This site contains Malware: http://anubis.iseclab.org/?action=result&task_id=18e3f89b0e02989e46166fa&#8230;
Unsolicited Spam Originating From: Mt. Laurel New Jersey (159.135.84.108)
Originating Network(s): flrsbx.com
Date Received: 2/1/2013
Click Link: click.lvingguide.in (Yet another spam from Carlos Sanchez)
Location: jump.zeromargin.com
Received From:
Redirect:
Return Path: locationvisit.com
Contents of Spam:
From: View My Pic’s <info@locationvisit.com>
Sent: Monday, January 18, 2038 9:14 PM
Subject: WHY WAIT HAVE AN AFFAIR WITH A CHEATING WIFE TODAY “

locationvisit.com — Direct Deposit <info@travelcardsite.com> Wake Up Tomorrow With An Extra $2,500 In Your Bank Account! Unsolicited spam originating from flrsbx.com in Mt. Laurel, New Jersey 159.135.234.244 Click link is click.supertuhan.in

From LendingTree
Return-Path: <info@vacationsend.com> info@vacationsend.com
X-YahooFilteredBulk: 170.25.74.9
Received-SPF: pass (domain of vacationsend.com designates 170.25.74.9 as permitted sender)
X-Originating-IP: [170.25.74.9]
Authentication-Results: mta1086.mail.gq1.yahoo.com from=clickbigcity.com; domainkeys=neutral (no sig); from=clickbigcity.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO sy-oi-t.coa.fl.vacationsend.com) (170.25.74.9) by mta1086.mail.gq1.yahoo.com with SMTP; Mon, 25 Mar 2013 23:09:47 -0700
Received: from sy-ei-t.com.ddn.clickbigcity.com (sy-ei-t.com.ddn.clickbigcity.com [176.116.24.9]]) by sy-ei-t.com.ddn.clickbigcity.com id iQSp5KVvKzr5C5; 26 Mar 2013 02:09:08 -0400 (envelope-from <info@clickbigcity.com>)
Message-Id: <20130326071504.A33A005BC@clickbigcity.com>
X-R-HASH: 654c9fea4ab25d58bef7c104e2f74a8cd734dc7a
From: LendingTree info@clickbigcity.com
654c9fea4ab25d58bef7c104e2f74a8cd734dc7a@clickbigcity.com
Subject: =?UTF-8?B?TW9ydGdhZ2UgUmF0ZXMgYXJlIEhpc3RvcmljYWxseSBMb3chIFNlZSBJZiBZb3UgQ291bGQgU2F2ZSBXaXRoIExlbmRpbmdUcmVlIQ==?=

Mortgage Rates are Historically Low! See If You Could Save With LendingTree!

—Click Show Images To Enable Links.———————————————————————————————————
See LendingTree Advertising Disclosures

LendingTree, LLC is a duly licensed mortgage broker, as required, with its main office located at 11115 Rushmore Dr., Charlotte, NC 28277, Telephone number 1-800-555-8733. NMLS Unique Identifier #1136.

LendingTree, LLC is known as LT Technologies in Lieu of true name, LendingTree, LLC in NY. For a current list of applicable state licensing & disclosures, see the LendingTree website or call for details.

This is a commercial email from LendingTree. If you would like to unsubscribe, read our Privacy Policy or Terms of Use, or see how LendingTree is licensed.

LendingTree, LLC: Unsubscribe

 

Tags: , , , , , , , , , , , , ,

“JESSICA <3"

I’ve been getting sketchy emails (LIKE THIS ONE) sent to my spam filter lately. I have no proof of a scam or attack but whoever is behind the account, whether a person or bot, keeps trying to get me to click on suspicious links. I never click anything.

The emails are similar but the reasoning is not always the same. This email, the woman claims her husband is out of town. I wouldn’t trust it!

animated_hacker_pic

 

Click Show Images To Enable Links.———————————————————————————————————

 

Return-Path: <reply-622542697.24.332481255.2721847_10635-1@ujwohngemeinschaftdirect.in>
X-YahooFilteredBulk: 37.27.63.105
Received-SPF: pass (domain of ujwohngemeinschaftdirect.in designates 37.27.63.105 as permitted sender)
X-Originating-IP: [37.27.63.105]
Authentication-Results: mta1266.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig); from=uypartu.in; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO jonshon-mg-dbl.go.fp.ujwohngemeinschaftdirect.in) (37.27.63.105) by mta1266.mail.ac4.yahoo.com with SMTP; Tue, 29 Jan 2013 03:04:51 -0800
Message-Id: <20130129531575.9A34EF06C@uypartu.in>
From: =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= <jessica@uypartu.in>
4cf64dcfc17a00bf3c7944a6375b006d57b665ce@uypartu.in
Subject: =?UTF-8?B?TXkgaHVzYmFuZCBpcyBvdXQgb2YgdG93biA7KQ==?=

SUBJECT: My husband is out of town 😉
From =?ISO-8859-1?B?SkVTU0lDQSA8Mw==?= Mon Jan 18 19:13:42 2038 JESSICA ❤ jessica@uypartu.in

 

Tags: , , , , , , , , ,

Suspicious Spoofed Craigslist Email

SUSPICIOUS FAKE CRAIGSLIST EMAIL – PHISHING ATTACK

01/27/13, UPDATE – I received another phishing email by a supposed Craigslist user using the name Eduard Frank – I’ll will post the e-mails in order, newest to oldest, along with the header details.

I don’t have any Craigslist ads currently listed. Infact I don’t even list Craigslist Ads on the account I use to bait scammers so I was immediately suspicious when I received this Craigslist email alert. Not only are the two ‘Craigslist’ links spoofed (the actual URL is not Craigslist) — but the IP address is blacklisted on many anti-scam websites.

SUBJECT: i would like to buy your item from craigslist RECEIVED: Thursday, January 24, 2013 4:22 PM
From: Eduard Frank qdbfwp@hotmail.com

EMAIL: Hi Am very interested in your item posted on craigslist : https://post.craigsIist.org/k/EEEYZLFl4hGbaqXZBYzI7A/vh279?s=tou This is the same spoofed link from the previous emails. The actual URL is goo.gl/aiNwi 

is it still available?

HEADER DETAILS:

Return-Path: <qdbfwp@hotmail.com>
X-YahooFilteredBulk: 209.86.89.63
Received-SPF: softfail (transitioning domain of hotmail.com does not designate 209.86.89.63 as permitted sender)
X-YMailISG: f21Sl8cWLDuLkBRdjpHUdX9xerAr20OQ.qHh.cYAhFw5lSy9 InkNTHdcI2EA5oGO9s9WRGoE8X5ydhJMddl7xNfU7SS5DV.ZmEuoogthq2Mr ZvEhsMyuVJDUF.SjyE4Tc89NIsqgqTDyubXh8JCI4vlsSXzjTBeONvNIq6Kg cqZ8zxS3GmdYZWjr7H42UDM4exf6rEjAzJpgC8FAMm4ynJLZBkBoyWFfO2Ll qv.ng07yAnqBA3sFkFS_Y.CSVvZm88fwcMZlZyRi_4wzLBnT5yvTPIAuvqT5 tNs4bOiPVUJfXgqNLp7wrrOUqTjAkUqRUs66quJ6_O2JXVAoU.ZY6JoiL5EO kI0w0mTfK_Ywb.QBcTEUSmUWvqn_CQsUlSLAvyn.qxAh8Y2runI8uiQygKGz PJYlnCyv78fhIxh.nBTk_9CqekcGWowgPXwkvZapxZ5_jda.VjWRmrJQpk5Q 70.QaXHLbKcyWqGU_DdG7adHyc9kvV4EiGdecXmmVXU1qM_MUGmbhRHPkInj yzHCteTsIZesiuI0wKIPizjJTdqCC.NN.UiWyXZlMTJfPXtQTa4RlRBDDPyz Xy0ki7OZklAZBGKSTFhDY5BgR.NKTJ6XWiPXz9gttbYrBMBrNkY2HLd0zEHX 8NAX0o7PjQfXOIJ1a1EB.3ZhcDS7kWlm9ChTpiVdDLLcNq8IYZoGIXdR8X4R jHFX6pCqOPafF_ukxFRia_W66cmiyjhUISaBWM5GDA1bam3h8Q5iDQhonN0H mt38Vl9DJdp.0CCcpXnGj8EMezEmFErlX7riKAHti3bHf6B2psPM9F3Q66YD Yvev1gX2V8AXHutGkN5kqIbapmCsFrEcNlsQ6PWOa_MaF50swL7c3qegbBmB aX2qBolGvmVByMl7LRqFYxvUirxOQxoRYQgh3RsDrOckcbf6xCeNIX_BnCMK MHTpGaA4sYqPPKdCTky02qrqvsrC4jgmgJygFS.ok93p6xLaA7J18EWkLP0B 7HXxWRY4Gv70DVDXfCmC_W6S.wfF0Q96oxHXhE8eGCz32L.sDLEJ.lfp8PTT ta6RcLyAAW5spPFLk4cFqavI1kDCiU8FxlcCL0wbAWcL9MbA97xKPwuwfzTA onZcJp5qb2AhvBc2FN_LWuRAL6bE.1cit4BS_T1xjj6ZrGV9cm5KKu2Bb7tz rOMyUXhj_Jti6n0rBzP3FBJkgzc2j.vTFMrgV.gbGVH9vZRYfUui8ndHyPXU QaZMaLBHHys-
X-Originating-IP: [209.86.89.63]
Authentication-Results: mta1160.mail.gq1.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-junco.atl.sa.earthlink.net) (209.86.89.63) by mta1160.mail.gq1.yahoo.com with SMTP; Thu, 24 Jan 2013 08:23:36 -0800
Received: from [71.237.118.147] (helo=User) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <qdbfwp@hotmail.com>) id 1TyPZx-0002jO-Fi; Thu, 24 Jan 2013 11:23:05 -0500
Reply-To: qdbfwp@hotmail.com
From: Eduard Frank<qdbfwp@hotmail.com>
Subject: i would like to buy your item from craigslist
Content-Type: text/html; charset=”Windows-1251″
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <E1TyPZx-0002jO-Fi@elasmtp-junco.atl.sa.earthlink.net>
X-ELNK-Trace: 8219d692fd5468d6d780f4a490ca6956d5d4673fe7faad86623ec139337907e38e9f230fcf1cb831350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 71.237.118.147

Your posting has been flagged for removal.
Approximately 98% of postings removed are in violation of craigslist posting guidelines.
Please make sure you are abiding by all posted site rules, including our terms of use:
http://www.craigslist.org/about/terms.of.use.html This was a spoofed link with the actual URL being goo.gl/aiNwi
If you need help figuring out why your posting was flagged, try asking in our flag help forum. Include posting title, body, category, city, how often posted, any images, HTML markup, etc.
If you feel your posting was wrongly flagged down (2% of flagged ads are) please accept our apologies and feel free to repost using the link below:
http://www.craigslist.org/about/ctd/repost.html This was a spoofed link with the actual URL being goo.gI/aiNwi
Sorry for the hassle, and thanks for your understanding.
——————————————————————————

Date: 1327114516
PostID: 24177504

HEADER DETAILS:

Return-Path: <dycsbl@craiglist-accounts.com>
X-YahooFilteredBulk: 209.86.89.69
Received-SPF: temperror (encountered temporary error during SPF processing of domain of craiglist-accounts.com)
X-YMailISG: 2h.FN3sWLDsEDE8qqS_yEcqB6M1HR9h.u85ZaLiGYL.IEQuU iab6_WhytOr0v8KZup3soVlAl7qxu2RiK1epX7ek6GeXBAj6poh2cJDD.zQg jPJjyPfclZKW_NnPFDTrSWD79AqrNkBBoJ5hW__LZXlZUz.ZLpSi3ZGXK4Ge VIQygP.nLCk6NbRgJn9twOcwwHoP9j9q6on5YSGUI.nb1gYsctI_PDBGrRnF KvveQMYnrrNG4DgZdrwZSRT2Ox8yP7gB51A8WWDw8krq9Pr5un4ainmeAweF XEuXHV0gt8Ow1O0rAIxiwCKOtJWaYKiesaCJl7_h6QSFdL1PpDwAqVZXazI0 QmP3DUNfRbb71rVQF.0VNpiFdohCTjJUO6uB0YxxGT6CZ10wN1eCKhe4eSPv e8vXdS37Jh0ofSMl9amPk1N5KfTnveNm2V6cqR1pA1vlUkaA_5CyVppBKBMz jtvxdFt.RDiMZzuE77R3OHnsdEvmu4PaX64_PEj.vf._aKc738JxzsFaHmf8 TQAsQMpo.WAEdh0b_5rITS4ima44rP.6UIKfFqAc31KrxVEBY9oGXCHB9nz9 V3nDA50qbSHIIagS9ZVZTstHWy4dum2Gaz9KgGNMoR6UIhnw4H6tagKAyPPY EnTD1ypXM8jQocv6l0dsJk3azMLION2iNB9P4Ow6gtjMwkVygfgFrchDUwRs fSxZ4_itBU3TG9KdPtUCdH5wUwuxAGiVBCjLVsLlg2d694opIOVX2J40BGRH IYhXAAfbxnnbpYnzY9.FWxSe.uRNv0UKJ5R91syZw_5x.ifYmztP8ZxSubqC 4PEvO1.qavB3u4KwY4riKy.H5mmZBAKLDx1EY4pYVofWYjywCEiVOuq0.KjM VszzfJPQT3i9fvKhxDE9THio9A1vagNxw1rThbN1v0cPF7CgwE1yGIXPKv3Y DjIOVLoI7C3ubQK1AioG3t6RCfO32iPiiefv0oWc4x6LYaDv0RMeO32XiVsm qoptc3moDkfy29NJAQZXHA9oO.GwX4fjNRIliMgY8OaK6zb2XRbBdDBfdD6f IVgVhUSeYJKmYxxWOmWP.DX1Jq2aZNU3LQ5MyOV0U054Ws9MRNZKjR3BJcCi 3tgqq1kcbrPHOhkWI0hjJNFaLZY8z3qLl41wPKkkq8H0FN0.6q._GbmNGB4z twsjMemUDLkyY32h.MUaQiL.3UvRYkY7mXIsQlCwKe4BeYyY0y03rcJMb3iF FIR2s29QvuOjBD7kRTSILNW1qwInYb3kFH_ODhQTUTLlYiic9f.M_uYkGXA0 X6nSS2lFS1d2hK.XlYnYjn49yt7oY0SVNiPQ6Z9FqiXwp4cT0cKnB6NX2NE8 DZGrkmlBsrgZmJA8n_9hHwi.7CKGEmLJnqP5MgQkCuKNEz_z0l7yYw22MkJH qqeHgmb75noxVzMTDd1KtfwgGTmnVGcBzo0vvAlk588aZfVAyXwXZMCX
X-Originating-IP: [209.86.89.69]
Authentication-Results: mta1220.mail.sk1.yahoo.com from=craiglist-accounts.com; domainkeys=neutral (no sig); from=craiglist-accounts.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO elasmtp-mealy.atl.sa.earthlink.net) (209.86.89.69) by mta1220.mail.sk1.yahoo.com with SMTP; Wed, 23 Jan 2013 12:58:50 -0800
Received: from [72.172.204.128] (helo=User) by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <dycsbl@craiglist-accounts.com>) id 1Ty7Nq-0004nx-4X; Wed, 23 Jan 2013 15:57:22 -0500
Reply-To: dycsbl@craiglist-accounts.com
From: Craigslist <dycsbl@craiglist-accounts.com>
Subject: flagged & removed 24177504
Message-ID: <E1Ty7Nq-0004nx-4X@elasmtp-mealy.atl.sa.earthlink.net>
0da15bcd0e72a23c13bbd08df6cfe9269ef193a6bfc3dd48c25deae7748207c3a2f7e1f2b096e1d07ef9f80aaf77e5a4350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 72.172.204.128

dycsbl@craiglist-accounts.com 72.172.204.128 <> 209.86.89.69

 

Tags: , , , , , , , , , , , , , , , ,

Julian Thomas

Phishing Attack – MALWARE

 

EMAIL: http://theglobalviews.com/wp-content/plugins/akismet/ugoogle.html

HEADER:

Return-Path: <jthomas299@gmail.com>
Received-SPF: pass (domain of gmail.com designates 209.85.210.173 as permitted sender) dWdpbnMvYWtpc21ldC91Z29vZ2xlLmh0bWwgATABAQEB
X-YMailISG: _QbkUa4WLDtDDImGzxIRh._8UctX7E_yEakMVKzPQVFgOxU2 f8BXgO9XOACNn18iN8QwyZUxCQjglxaLxh4l1dHKsh377v_gydQ1_Y9OFsPj 0k8K9DADiuebd2j.rmz9EnAaSwF2jdtNGDrTEPGS_EZilciswFOJti5hGzmy uPfoF.AJlwdTa9vYWnC.ijOt7dkRDUrJ6cPYFkuGK9Fa7Vy6.WWkGdmAlvxp mum7F6q6e6nOeCwHLK5Hi56e2QqN3TNT3M92wT5X9GDKvxGhTR1D5JebAs0D Ta_K6z1CLwIcycuHy81fSgDvcGZjMDMdBn6TlMal02B7KUXXEjZbKSdGMbCg p9_qnbQqoKeybTscfuwT.DeaW5AhOgxNxSMJQjuQlTzbdz0oyeQDVS.NrGdY aAXwBp8.oSejmBXdtuPWsPSo1QqhkvE4xOAH0JWR4Ffdc3aMV86DzbLZ5xgb k6OmZZq.LkWDm7WlSGboqNQZcjyHFIvZHHTArW_mv4OBklvqb04bzyxSsAFY mRbtLcROkVI0MupzMJPwSQY4uqXTvfAfD2cyV2Omx6udS23Zbi5BEJZV6VZr lFsiUFuddVHiDZYzOTgYaTQYUJuxzL0pLS9XQtIMwbFBZ7HzZ9PCxx0MpvEE p5EEdb5gDPidUiFjPEd8A7seTb0bft2VCgaWgybRiBYGyvTb5mAGXw3CrxHi 5pSRqwQdVr3_YSKPxD7ziKVD6yTHRI9n8cWJ_WYwF3XJRFvyOqq7.rM5gmlN Z1LMh8k8x_wTcVKMSYdlz1ELt_4H5CWL6IQM.juI_Ag59GSfmOThO40utvLr eth5EljfPr0IhUMOChtpZnsEbGXbrCe2bQRcr.u2LVQ2NoOX_g6nb_yX_ChG UAHULyY4IvpPsG9PpQol1gfSKVp_LSXF0dxzem4Wf6jKdRkswKe3yZpFrXmF o2kEOJtCqwCrk05Z0naHjZiQ4IOHWT7nzM3oNiW1eaobvAyip1W7bZvG6chd HGiLQ8JEarox2qFrPCzTj8RDVl66byTZ4v0XN8MrkIcq7MxM1oZRibWXniOQ wn1Zj03LkieeflXlhgZNUi566Ced5zol9ousQfqUVBQeH46.5038.6aWFmv4 iM1tBAPuh9SxdV5FcHr_rCGgQ1CUYvOcWwhWHnIHACk_tvpIyXZLXSDBd5Tv 4P.FV6_D
X-Originating-IP: [209.85.210.173]
Authentication-Results: mta1259.mail.bf1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-ia0-f173.google.com) (209.85.210.173) by mta1259.mail.bf1.yahoo.com with SMTP; Sat, 10 Nov 2012 02:23:05 -0800
Received: by mail-ia0-f173.google.com with SMTP id m10so3261400iam.4 for <deleted@yahoo.com>; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=X/EcyHI7fCzBVRIZx1ZLHDvk8NTmX3HJwBi5boQXb1Q=; b=oYfe6tprlmGl4KQGlch5xN9W/sfJdTSxywTJ0RPlOyKp92uoBSeDrC7gi6Cju6EujQ VdKZO205dG3h2pX64Wt+vQiAjwONADSwU0jZ4NGFie+TzVWM9Hfs5RTrpgSDHrRr+E93 ElhMjrYS1fpk3P4LxqPgSzZQFWZV8XGwMUE24Hz16+0AAu0w7cd11I5h7d//s8sIY7MA wmKpBHSg7wxoBMdQ0gik6WGNcTFb5RTY/YF8rYv/6hQY1geA6XGjIRW0iBeUWALv9TBH G6aLZyUkbNeiqwRBsWou2dNAljQgW1UDYlDrPpu6fvSDVhDGhrPZsOjT1xHgFeLuO3xK k1dQ==
MIME-Version: 1.0
Received: by 10.50.16.144 with SMTP id g16mr3131462igd.23.1352542985776; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Received: by 10.231.11.67 with HTTP; Sat, 10 Nov 2012 02:23:05 -0800 (PST)
Date: Sat, 10 Nov 2012 11:23:05 +0100
Message-ID: <CACYsU7yNrJqyaoLs1pASkUTWyk-biOmk+-b79chG_LMtGjwWDA@mail.gmail.com>
From: Julian Thomas <jthomas299@gmail.com> Add sender to Contacts
To: julianthomas@facebook.com, mmdavis6@gmail.com, mzwx4-3270719590@sale.craigslist.org, deleted@yahoo.com, theenvycorps@gmail.com

“Julian Thomas” <jthomas299@gmail.com> 209.85.210.173

 

Tags: , , , , , , , , , ,

“Michael Brewer”

SUSPICIOUS EMAIL – Sending unknown links in emails – I don’t trust it and i’d advise you not to click on any unknown links sent by unidentified online users (or bots) (FYI, I havn’t had a Craigslist ad up in months so any emails i’m receiving by people claiming to be from Craigslist are liars.)

Hello, my name is Michael.  I am a US Marine veteran, and I was just viewing your ad on craigslist.
I would like to show you something that I believe can help you.

I didn’t believe it when my friend approached me.  
After seeing his results I decided to follow his link.
My life has changed because of it.
But don’t take my word for it. Visit my link and see for yourself.

Best Regards,
Michael Brewer
612-5597501
Here’s the link.

Link was here

I didn’t click on the link and didn’t want to post it and have someone else accidentally click it. The Link said http://networthgain(dot)com and the URL was networthgain(dot)com with no ‘http’

 

HEADER:

Return-Path: <msbrewer@gmail.com>
X-YahooFilteredBulk: 67.222.50.208
Received-SPF: neutral (67.222.50.208 is neither permitted nor denied by domain of gmail.com)
X-YMailISG: S6Vh9hcWLDubgDGy_xQOlA8KEUP57lQplXkxzdnkuUs5UTL8 IHAmaELNCB5lqzGFOk5uiGRU.rDHF4wjb849pP2PZroMduwL2hY8.ksxIG04 IjjzxTS5BJRc6bn04pfF6hvl8OavbAl3NpZcoSSUColwAiiO1fhMWBNOUc_N grTMJdWNiFrmvDGExWJaTIIlpapw82RvCqcWkE.nMMM7KX1OIQLFiEPIfL9u U0jkH5hFS52wiy7TTFfnfFGPMWMQWJXkRYUs8kohLVKvDLtsk4fg5ZwdjBko D4ZclazthTgrDeMj6ps1EqHkQVQesZk9rBGKs4wrK.zQuJj52qe26VENjFjl PZjE2RcBAS.g_dOPyyBcOtpKBawWyHz08_X42qtLaCBlcDmt2XBb7iyCf3yE XYhV1SNVLWAG1BwoAQ_ufTQOrotoQEtwbMcPPlKU2.LXyvZMCDdt9exzI7au LaedSKChCnq0bl5V1JVfM8Ub2K1Ugla2_9YgIK4wveaD7V1uKe1sGBCfGaa5 alRTJJ2zl4uwynAFwDmLEWro1SOqIgchab.FaYsfGJCU8VPfnrFv.VzLSfKl 5uEKniX.4dBvbP4SeqH84n5AzGze8hjt_KiNu1J4hp5J_Cy_48ValPe0Dk9a G4LRVcHWvoKEIv4BPWO5OoHras6XYBAuDUuZDf9pffMJlLzkHoHDyoD6V8ef JF70e8WwFK73wvj9cqOHFKvjMlzeQjUuJ6w34nfVfo5dhNNPPr6GTEA5hkaR 3k3VvU67uh2ecUQytwpal02AaqEPS2ksVwA_zwByf286er2U7Vva1CZztWog .1eecc2V6fPlTTCuNn0XdGXRaFuUUIqx81_qXKcwLEl9em_a4cc2T9yzKVtL PqMDRBlyLXbH_WAwRl5fcjr9ifrbyGtd.IorpAF7NSl4wxwaUHlWpxwo44Fs ZoSh.Sgq69SxyDrwW2YrBff5dZWNCGfdMKJP8naMy46AhWb07SAlFFxj6im. T_1V6EdBnONACh36oCI8Efa99ahNQX8bbJK3pHygTBGqb5LBUdA2bkvt6G0p mursgi3SHF053GAxCeiy8srOdJ5n8keAADLFNNpwCcuNmvWvaYXMRmw3MFow cbSbl.tUYo3.cWhOgQVTUBUq0O3.keasOT9HNv5.4zfVcm7HNe5g4bUhlUMm VNxc0U_pF4LspgcPAWVMMyHCBSRVJXZ0sHMyxAAj0FTGXBp3TKoha4ENrFe2 5wgQk.8VMBQxL83aMQBCEejwHcBwVz8QQDROc9RHs_NmpZgDQ0vSSDzttOX. fvFTVavHkYCbvPUbkVpd.j49mA–
X-Originating-IP: [67.222.50.208]
Authentication-Results: mta1173.mail.mud.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO outbound-ss-1353.hostmonster.com) (67.222.50.208) by mta1173.mail.mud.yahoo.com with SMTP; Fri, 12 Oct 2012 01:20:40 -0700
Received: (qmail 28821 invoked by uid 0); 12 Oct 2012 08:20:40 -0000
Received: from unknown (HELO box587.bluehost.com) (66.147.242.187) by soproxy1.bluehost.com with SMTP; 12 Oct 2012 08:20:40 -0000
Received: from [66.41.126.218] (port=63105 helo=Kokunai-PC) by box587.bluehost.com with esmtpa (Exim 4.76) (envelope-from <msbrewer@gmail.com>) id 1TMaU3-0001Wc-VB for deleted@yahoo.com  Fri, 12 Oct 2012 02:20:40 -0600
Message-ID: <024463a9-41194-06891390529514@kokunai-pc>
Reply-To: “Michael Brewer” <msbrewer@gmail.com>
From:
“Michael Brewer” <msbrewer@gmail.com>
To: deleted@yahoo.com
Subject: Craigslist Reply…
Date: Fri, 12 Oct 2012 03:20:14 -0500
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-Identified-User: {2654:box587.bluehost.com:exceptk3:exceptionalismofamerica.com} {sentby:smtp auth 66.41.126.218 authed with exceptk3}

ORIGINATING-IP – 67.222.50.208 Host: outbound-ss-1353.hostmonster.com

IP – 66.147.242.187 Host: box587.bluehost.com

IP – 66.41.126.218 Host: c-66-41-126-218.hsd1.mn.comcast.net

Michael Brewer — msbrewer@gmail.com —

 

Tags: , , , , , , , , , ,

Suspicious Email (possible hacker/phishing attack)

Similar suspicious emails came threw from unknown users (possible bots.) In the email was one link and the email was sent to me and dozens of other addresses. The IP’s in this email and others alike, a IP’s used by Scammers sending out fraud mail and the link are believed to be spoofed or a possible hacker/phishing attack. I havn’t clicked the link and I don’t advise you to. I posted it so it would show up in search engines incase others looked it up.

 
 
FROM: Victor Garza” <garza-victor@sbcglobal.net>
To: jsissonsinvestments@gmx.com, harveyhcho@gmail.com, generalmeuse@gmail.com, minwater2009@hotmail.com, nilamerlita@yahoo.com, porkyexposed@yahoo.com, pers-pjz28-2625231933@craigslist.org, tognar33@yahoo.com, hanzdb@yahoo.com, tagee0@aol.com, ang7maulana@yahoo.com, revitalisasidiy@telkom.net, ini_bisnis_gw@yahoo.com, benny_irawan0581@yahoo.com, wawa0926@kimo.com, dejuntaxs@yahoo.com, Bharathsabari.Venkataraj@bh.yokogawa.com, modeling@knoxvillemodels.org, patty_aiken@juno.com, utuydjamhur@yahoo.co.id, freddy_saputera@yahoo.com, herzal@windowslive.com, sssxxxp11@gmail.com, selina671@yahoo.com.tw, chrisgladdenmusic@gmail.com, sy45689@hotmail.com, daffy_dee79@yahoo.co.id, star_maxing@yahoo.cn, hannien_sans@yahoo.com
 
 
 
HEADER:
 
 

The ORIGINATING IP ADDRESS OF THE ABOVE EMAIL IS KNOWN TO SEND OUT NIGERIAN 419 SCAMS WHICH MOST LIKELY INDICATES THAT THE ABOVE EMAIL IS SOME TYPE OF SPOOFED/HACKER/PHISHING-ATTACK

Example Messages Sent From 98.138.229.103
From: Spring Investment Limited <web.office_3474.32@veri
Subjectnone/blank 
From: “Frank Jimmy Loans Co.” <web.office.003-10@rogers.
Subjectnone/blank 
From: evelyn <janniferkiss@yahoo.com>
Subject: HELLO, 
From: Nadia Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: Miss Nadia Kallon Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: gift ukeh <giftukeh@yahoo.com>
Subject: Nice To Meet You, 
From: “222222222” <222222222>
Subject: 请查收 
From: Walid Kh <walidkh52@yahoo.com>
Subject: this has been your time to shine 
From: “Mrs. Sharon Crawford”<info203932@skymail.mn>
Subject: COMPENSATION ALERT, OPEN ATTACHMENT TO READ ALERT 
From: “Mrs. Sharon Crawford”<sharoncrwfrd1191@skymail.mn
Subject: Scam Victim Compensation Alert, View Attachment Fo
From: Florin <munguu_jin@yahoo.com>
Subject: =?iso-8859-1?Q=?= 
From: “MRS. VERA DAVISON” <mrs.veradavison@gmail.com>
Subject: NOTIFICATION!!! YOUR E-MAIL I. 
From: Re majer <web1.118@att.net>
Subject: HELLO FRIEND? 
From: PREMIUM FINANCIAL HOLDINGS LIMITED <web.offfice.45
Subject: Loan Offer 3% 
From: rejoybaby maj <web69.12345@att.net>
Subject: HI It’s My Pleasure 
From: weboffice 000xxxxofficef1 <web_officefile0990@att.
Subject: Fw: PLEASE YOUR URGENT ATTENTION IS NEEDED
From: “MR. SUNNY LUCAS” <sunluccas111222@rediffmail.com>
Subject: SOUTH AFRICAN NETWORK FOR WOMEN 
From: “MRS. SUSAN SHABANGU” <shabangu100@gmail.com>
Subject: KINDLY OPEN YOUR ATTACHED FILE AND GO THROUGH IT A 
From: “General Manager”<xxxxxx32@hushmail.com>
Subject: HELLO, (VERY URGENT PLEASE !!!) 
From: “travisgalica@yahoo.com” <travisgalica@yahoo.com>
Subject: FW: Did you see what Dr Oz said last week? 

client ip 98.139.212.191

Associated Mail Server – 98.139.212.191

Project Honey Pot

The email’s IP has also been the IP of a 419 scam attempt by an online user who then reported it to scamwarners

Delivered-To: [my.redacted.address]
Received: by 10.182.51.4 with SMTP id g4csp15278obo;
Thu, 22 Mar 2012 09:07:20 -0700 (PDT)
Received: by 10.224.58.205 with SMTP id i13mr11384387qah.97.1332432439777;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Return-Path: <0desirekoende4582@att.net>
Received: from nm23-vm0.bullet.mail.bf1.yahoo.com (nm23-vm0.bullet.mail.bf1.yahoo.com. [98.139.212.191])
by mx.google.com with SMTP id c2si2125271qcd.182.2012.03.22.09.07.19;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Received-SPF: neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net) client-ip=98.139.212.191;
Authentication-Results: mx.google.com; spf=neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net)smtp.mail=0desirekoende4582@att.net; dkim=pass header.i=@att.net
Received: from [98.139.212.148] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [68.142.200.224] by tm5.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [66.94.237.118] by t5.bullet.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [127.0.0.1] by omp1023.access.mail.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 987846.4887.bm@omp1023.access.mail.mud.yahoo.com
Received: (qmail 30955 invoked by uid 60001); 22 Mar 2012 16:07:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1332432438; bh=qC9ja17T2XXp6aqesfDLGfKpznCUVeikD60t7/lfcNQ=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=y0wL2wF7Ou+MqEhEnoS2H+wWp2Qyut0bPleskdzEgWoAXVYYXWRuzHHupGsu1F4os93JLL6Dm4wBfwhq9Jj+6IMouzb7ghB9GBr4WH34IbJ40+Y0jt3Kvk7xPeKpTq/AgBIpqMVwyDdfHIIGLRNMa/Z//GwnW6XTQY3+R4odMRMDomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=att.net;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=A9AAuHEVubbzaAjLCe1F2QXM6T4rNgWGc58ZdbiN0y0ONyi3avS69FCJvwGlbvNG+fDU4BbwaEKeZ/xoqRx6qi8T5eBVdElPReyIAcxs27GttTcw9pHIey+Jmi58T/Z8p/ALnnM5qk8/mCO7KB8I96Wr5mlgBNozCw71BP+59TI=;
X-YMail-OSG: BIagEk0VM1kiihpr6_QUOCzsmXlIPZ0xTODn1dDH6rL4Uqu
YKXGlk3eS7WyDQ324tdhkrDgRb_r1xCKsPLS8IdffD7YdHDiUeZfJnmXenuX
RTbjq6F6mMAzY_MWskr9N1jhO_rMHCVrLnRv14jJqe0u3MUMtn9wv1juziRK
ej.JnAtMxZsKrDoWAs.aPCX1V7myQlhnbzsCSNwBTNyB4736ZQJ.lI2rH0dN
phxlNHy61DXsXqiorsbtqRjoLYxlJHMz3vn38iH3unqV2Vb47cBIz4dC14JP
zSYJPQXm1IATDR1cjC9w1YVq4VYB7DaIl2r_970rS8CczZ2H1aXprM7EqlDO
xZvnKodoErHLBoIxuXrcjWKBRJv78_5rzlVEEJHxpEwjqdB3w4HnMdKTjg0D
UL.MtISfulEEKis3tnsjlqmurgKXSc0wUSLyTwFHkT9QucZj5B0roeGYQZSU
l0TQ16rMLi3H00mVaeQ–
Received: from [41.82.148.87] by web180910.mail.ne1.yahoo.com via HTTP; Thu, 22 Mar 2012 09:07:18 PDT
X-Mailer: YahooMailClassic/15.0.5 YahooMailWebService/0.8.117.340979
Message-ID: <1332432438.21116.YahooMailClassic@web180910.mail.ne1.yahoo.com>
Date: Thu, 22 Mar 2012 09:07:18 -0700 (PDT)
From: desire koenders <0desirekoende4582@att.net>
Reply-To: mr.desirekoenders@yahoo.com
Subject: From Mr. Koenders Desire
To: [redacted]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”897918875-1321714197-1332432438=:21116″

From Mr.Koenders Desire
Telephone: 00221771499501
I am Mr.Koenders Desire the only son of Late Mr. & Mrs.Désiré Dallo but am here with my sister. I select you to assist me. My father was a cocoa merchant in Abidjan the economic capital of Cote d’Ivoire He was poisoned to death by his friends . But before the death , he secretly called me by his bed side and told me that he has the sum of Four million two hundred thousand United States Dollars USD ($4.200,000) deposited in bank .So am currently living in senegal to get someone that will assist me. He used my name (Koenders Desire) as the next of Kin to deposit the money. He then strongly advised me to be careful especially with his friends and our relatives.the money is kept in the bank with the view of making use of it for investment purposes after my educational carrier.. For The urgly development in this country,I have now decided to take quick actions and have this money transferred out of this country before it is too late.I am honorably seeking your assistance in the following ways Please I need your assistance in this ways.

1. Can I completely trust you? 2. What percentage of the total amount in question will be good for you after the money is transfer to your country? 3.Can you help me to come over to your country and further my educational carrier?4.Can you asure me of the confidentiality of this transaction till when this money get to your Custody,this is to ensure that nothing jeopardizes my last wish on Earth.No matter what your decision may turn to be I humbly beg you to reply to me.
Thanks and God bless you
Best regards
Mr Koenders Desire

 
Leave a comment

Posted by on 11/25/2012 in Other

 

Tags: , , , , , ,

 
%d bloggers like this: