Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday 29 October 2013

dot-opt-out.com (meishengchang@163.com), fraudster with fingers in many pies

I got an email a few minutes ago, which led via;

hxxp://tr.im/4jkmt

To;

hxxp://dot-opt-out.com/Email-sms/Main_Page.html

A quick look shows this particular fraudster has quite the colorful history, showing fingers in pies such as Waledac and illegal pharma, amongst other things;

db.aa419.org/fakebanksview.php?key=48997
http://www.phishtank.com/technical_details.php?phish_id=1486320
http://knujon.com/domains/pillrxshop24.com.html‎
http://lastwatchdog.com/wp/wp-content/uploads/100815_Microsoft_Waledac_motion.pdf (PDF)


Email content (I've replaced the "http" with "hxxp"):

Greetings,

My name is Giovanni Fiorellino and I am a marketing manager of an advertising agency. Should your business of selling products or services require services of an advertising agency, we are glad to offer you our help. We can help you to make sure that your products and\or services are well-known around the globe help you build loyalty, trust, and brand awareness and ensure that your commercial message is delivered to millions of potential or current customers in your target country markets, providing you and your clients with the assurance you need.

It iv very easy to get a consultancy from us, simply fill in the form on our website

hxxp://tr.im/4jkmt

Looking forward to hearing from you.

Best regards,

Giovanni Fiorellino



Return-Path: <maudeao10@list.ru>
Delivered-To: <adb@[REMOVED]>
Received: from [REMOVED]
    by [REMOVED] (Dovecot) with LMTP id IV2ZBPi7b1LBewAA4wGEVw
    for <adb@[REMOVED]>; Tue, 29 Oct 2013 20:06:33 +0000
Received: from [REMOVED]
    by [REMOVED] with LMTP id lUSuMeUQcFK+IAAAiShP7w
    ; Tue, 29 Oct 2013 20:06:33 +0000
X-Spam-Flag: YES
X-Spam-Score: 13.873
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.873 tagged_above=-9999 required=1.3
    tests=[BAYES_50=0.8, CK_HELO_DYNAMIC_SPLIT_IP=0.152,
    CK_HELO_GENERIC=0.25, HELO_DYNAMIC_IPADDR2=3.607,
    RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
    RAZOR2_CHECK=0.922, RCVD_IN_BL_SPAMCOP_NET=1.347,
    RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
    RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, SPF_SOFTFAIL=0.665,
    TVD_RCVD_IP=0.001, URIBL_BLOCKED=0.001] autolearn=spam
Received: from [38.168.37.67] (helo=xnovtawdabfiaek.zyvtanrbgcsauyr.ua)
    by 114-36-46-48.dynamic.hinet.net with esmtpa (Exim 4.69)
    (envelope-from )
    id 1MMW2X-1497dk-JY
    for adb@[REMOVED]; Wed, 30 Oct 2013 04:06:39 +0800
From: =?koi8-r?B?IvDB18XMIOTB19nEz9ci?= <maudeao10@list.ru>
To: <adb@[REMOVED]>
Subject: RE: Advertising quote request
Date: Wed, 30 Oct 2013 04:06:39 +0800
MIME-Version: 1.0
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: jivszbzbb 24
Message-ID: <6112801139.RRBHMOZG437240@ydmzyhb.jdhdmhlllgqrijf.org>


No comments: