hxxp://tr.im/4jkmt
To;
hxxp://dot-opt-out.com/Email-sms/Main_Page.html
A quick look shows this particular fraudster has quite the colorful history, showing fingers in pies such as Waledac and illegal pharma, amongst other things;
db.aa419.org/fakebanksview.php?key=48997
http://www.phishtank.com/technical_details.php?phish_id=1486320
http://knujon.com/domains/pillrxshop24.com.html
http://lastwatchdog.com/wp/wp-content/uploads/100815_Microsoft_Waledac_motion.pdf (PDF)
Email content (I've replaced the "http" with "hxxp"):
Greetings,
My name is Giovanni Fiorellino and I am a marketing manager of an advertising agency. Should your business of selling products or services require services of an advertising agency, we are glad to offer you our help. We can help you to make sure that your products and\or services are well-known around the globe help you build loyalty, trust, and brand awareness and ensure that your commercial message is delivered to millions of potential or current customers in your target country markets, providing you and your clients with the assurance you need.
It iv very easy to get a consultancy from us, simply fill in the form on our website
hxxp://tr.im/4jkmt
Looking forward to hearing from you.
Best regards,
Giovanni Fiorellino
My name is Giovanni Fiorellino and I am a marketing manager of an advertising agency. Should your business of selling products or services require services of an advertising agency, we are glad to offer you our help. We can help you to make sure that your products and\or services are well-known around the globe help you build loyalty, trust, and brand awareness and ensure that your commercial message is delivered to millions of potential or current customers in your target country markets, providing you and your clients with the assurance you need.
It iv very easy to get a consultancy from us, simply fill in the form on our website
hxxp://tr.im/4jkmt
Looking forward to hearing from you.
Best regards,
Giovanni Fiorellino
Return-Path: <maudeao10@list.ru>
Delivered-To: <adb@[REMOVED]>
Received: from [REMOVED]
by [REMOVED] (Dovecot) with LMTP id IV2ZBPi7b1LBewAA4wGEVw
for <adb@[REMOVED]>; Tue, 29 Oct 2013 20:06:33 +0000
Received: from [REMOVED]
by [REMOVED] with LMTP id lUSuMeUQcFK+IAAAiShP7w
; Tue, 29 Oct 2013 20:06:33 +0000
X-Spam-Flag: YES
X-Spam-Score: 13.873
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.873 tagged_above=-9999 required=1.3
tests=[BAYES_50=0.8, CK_HELO_DYNAMIC_SPLIT_IP=0.152,
CK_HELO_GENERIC=0.25, HELO_DYNAMIC_IPADDR2=3.607,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
RAZOR2_CHECK=0.922, RCVD_IN_BL_SPAMCOP_NET=1.347,
RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, SPF_SOFTFAIL=0.665,
TVD_RCVD_IP=0.001, URIBL_BLOCKED=0.001] autolearn=spam
Received: from [38.168.37.67] (helo=xnovtawdabfiaek.zyvtanrbgcsauyr.ua)
by 114-36-46-48.dynamic.hinet.net with esmtpa (Exim 4.69)
(envelope-from )
id 1MMW2X-1497dk-JY
for adb@[REMOVED]; Wed, 30 Oct 2013 04:06:39 +0800
From: =?koi8-r?B?IvDB18XMIOTB19nEz9ci?= <maudeao10@list.ru>
To: <adb@[REMOVED]>
Subject: RE: Advertising quote request
Date: Wed, 30 Oct 2013 04:06:39 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: jivszbzbb 24
Message-ID: <6112801139.RRBHMOZG437240@ydmzyhb.jdhdmhlllgqrijf.org>
Delivered-To: <adb@[REMOVED]>
Received: from [REMOVED]
by [REMOVED] (Dovecot) with LMTP id IV2ZBPi7b1LBewAA4wGEVw
for <adb@[REMOVED]>; Tue, 29 Oct 2013 20:06:33 +0000
Received: from [REMOVED]
by [REMOVED] with LMTP id lUSuMeUQcFK+IAAAiShP7w
; Tue, 29 Oct 2013 20:06:33 +0000
X-Spam-Flag: YES
X-Spam-Score: 13.873
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.873 tagged_above=-9999 required=1.3
tests=[BAYES_50=0.8, CK_HELO_DYNAMIC_SPLIT_IP=0.152,
CK_HELO_GENERIC=0.25, HELO_DYNAMIC_IPADDR2=3.607,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
RAZOR2_CHECK=0.922, RCVD_IN_BL_SPAMCOP_NET=1.347,
RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982, SPF_SOFTFAIL=0.665,
TVD_RCVD_IP=0.001, URIBL_BLOCKED=0.001] autolearn=spam
Received: from [38.168.37.67] (helo=xnovtawdabfiaek.zyvtanrbgcsauyr.ua)
by 114-36-46-48.dynamic.hinet.net with esmtpa (Exim 4.69)
(envelope-from )
id 1MMW2X-1497dk-JY
for adb@[REMOVED]; Wed, 30 Oct 2013 04:06:39 +0800
From: =?koi8-r?B?IvDB18XMIOTB19nEz9ci?= <maudeao10@list.ru>
To: <adb@[REMOVED]>
Subject: RE: Advertising quote request
Date: Wed, 30 Oct 2013 04:06:39 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: jivszbzbb 24
Message-ID: <6112801139.RRBHMOZG437240@ydmzyhb.jdhdmhlllgqrijf.org>
No comments:
Post a Comment