NewBUXera Paid To Click Fraud Spam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
X-Message-Status: n:0
X-SID-PRA: Petros P.P <petpis2@gmail.com>
X-SID-Result: Pass
X-Message-Info: 6sSXyD95QpV20hZk0u1hNoHzCqr7KGMG0E+YGPnR5IyzAzvTf060zIweqO5MR6vPVPjwJJJfp94c9aa1vusC37T5KI1Db3...
Received: from tomts2-srv.bellnexxia.net ([209.226.175.114]) by bay0-pamc1-f11.bay0.hotmail.com with Microsoft
SMTPSVC(6.0.3790.2444);
Fri, 4 Jul 2008 04:16:37 -0700
Received: from toip42.srvr.bell.ca ([67.69.240.43])
by tomts2-srv.bellnexxia.net
(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP
id <20080704111637.FWOX1648.tomts2-srv.bellnexxia.net@toip42.srvr.bell.ca>
for <x>; Fri, 4 Jul 2008 07:16:37 -0400
Received: from toip23.srvr.bell.ca ([67.69.240.25])
by toip42.srvr.bell.ca with ESMTP; 04 Jul 2008 07:16:31 -0400
Received: from po-out-1718.google.com ([72.14.252.153])
by toip23.srvr.bell.ca with ESMTP; 04 Jul 2008 07:16:29 -0400
Received: by po-out-1718.google.com with SMTP id y22so3870089pof.4
for <x>; Fri, 04 Jul 2008 04:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from:to
:subject:mime-version:content-type;
bh=v8f8M7h9w/bqShAlbAMe4sEdmpphii6U59fhowbb0kk=;
b=r764+cZpxE3kNsNJ4HerfS1aRxdMPF4FNA0xZfrVadLouf6tTHeZsMlMZKCQ/zSRGX
Q0Fl+A7sWMUrSGH1AEIaM0xdoIfees83730prSRAccYBJDucPrSu3yKX8CposQzGqVbs
Ub8YmHPoLiyNJKU+JFjn56Kq/ZX9gbTFh77wU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:mime-version:content-type;
b=cjYp8/ni2WHc3fkaH90lKm2momNWebSJkWuDYppjX78Xq/RmSU2EizeBQD5uJrB+10
hhpFWBHQ9hADxccghTRNokfpT171JCebtcYIt5ODgOdoJoCa9ijCIirgtasv72FeLmUp
uzHevzmTo6GclOYbeqNhTUi8EKa47D1RKZdU8=
Received: by 10.140.127.13 with SMTP id z13mr278030rvc.142.1215170119685;
Fri, 04 Jul 2008 04:15:19 -0700 (PDT)
Received: by 10.141.50.5 with HTTP; Fri, 4 Jul 2008 04:15:16 -0700 (PDT)
Message-ID: <x@mail.gmail.com>
Date: Fri, 4 Jul 2008 14:15:16 +0300
From: "Petros P.P" <petpis2@gmail.com>
To: petpis@gmail.com
Subject: NewBUXera - $1 cashout
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_22370_11179278.1215170119624"
Return-Path: petpis2@gmail.com
X-OriginalArrivalTime: 04 Jul 2008 11:16:37.0782 (UTC) FILETIME=[6D0C6B60:01C8DDC7]
Body:
Anti-SPAM Notice - Removalinstruction below:
Ifyou wish to unsubscribe send an email with
the subject "delete from the list" to petpis@gmail.com
12 ads every day
You get for one click: $ 0.010
and for referral click: $ 0.015.
Minimal payout is: $ 1.00
http://www.newbuxera.com/?r=petpis
Thank you for your registration
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Secret Traffic Arbitrage Tactics Internet Marketing SpamPPC Click Fraud Spam - Medical billing & coding programs
Pharmacy Customer Notice Canadian Pharmacy Spam
Make Money In One Week Spam
Canadian Pharmacy Spam - Are Generics As Good?
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
If you wish to unsubscribe send an email with
the subject "delete from the list" to...
This spammer is so serious about CAN-SPAM compliance that he/she placed the unsubscribe links at the top of the e-mail. It is also a convenient way of attracting attention to the so-called unsubscribe e-mail address. A lot of people will immediately click on the mailto-link and curse the spammer. Keep your cool when you receive an e-mail like this, we know it is frustrating, but don't present your e-mail address on a silver tray to this spammer, a reply will only tell the spammer that your e-mail address is active.
"petpis" is the affiliate ID of this spammer. This spammer is also a member of other advertising programs similar to NewBUXera. But everywhere he/she goes, there seems to be trouble.
At the time of investigating this e-mail, the site www.newbuxera.com was showing only a Parked Domain page from Daddy.com. However Google's cache of 9 August 2008 contained the following snapshot of the site's main page (text only):
In the last two days, we have been permanently under attack of a hacker, this was the reason of all mysql errors you have seen round the page. He 'hacked' in some way the script, he has changed the admin password and then he manually changed things in database. This happened yesterday evening (6.7.) and this was the reason to the bugs like you have seen in your stats that you have been paid twice, or that nearly no referral clicks were counted and so on. We have thought, we can fix this, so we havent written any notice anywhere and we have been working on it through the whole night. Unfortunately, we werent able to fix it, this morning the site was again completely down and the hacker deleted the whole database! The only luck is, that we have made copies of the database the whole time, so dont worry, all your referrals statistics and earnings are safe!
Then he has changed the config files, we were able to hold the site online for a few times, but he was able to break it down again. After this we have finally found the backdoor, through that he got, it didnt matter that we changed XY times the database password, because he has gotten acces to the config file! So we were finally able to fix it and this morning the site was again online for half an hour. But then the site crashed down again and we have controlled the whole script and we have found out, that there is a massive amount of holes and its impossible to discover all of them!
Please, if youre going to start your own PTC, NEVER use the bux3 nulled script!!
And now a message to the hacker: We have got your IP address, we know everything about you, we know that you are the same hacker as who hacked OSB and this time we won't let you go! You have been hacking and p***ing off PTC sites for a too long time and now we will strike back!
Now we are coding our own script, we are working on it day and night, it will be online as soon as possible, with tons of new stuff and new possibilities how to earn online! It will be the most secure script ever, we wont get p***ed off by a hacker again! Dont worry about your earnings or referrals, a copy of our whole database is safely stored on our computers, so you wont lose a cent! Please be patient, we will soon be back!
As you know, we have been online only a week, but we have already made payouts for more than 1 000 USD, so trust us, we aren't a SCAM!
The site owners also need to do some work on their English. It is quite ironic to see a spamvertised site getting hacked. Perhaps petpis got p***ed when they suspended his account for spamming.
Google also had a snapshot of site's main page, as it appeared on 7 July 2008 (text only):
At NewBUXera, you get paid to click on ads and visit websites. The process is easy! You simply click a link and view a website for a few seconds to earn money. This is because all you need to do is visit the sites we provide you with. You can earn even more by referring friends.
You get for one click: $ 0.010 and for referral click: $ 0.015. Minimal payout is: $ 1.00
register...
Premium members
Every new user is "standard", but can buy a premium membership. It costs only $ 24.99 for one month or $ 59.99 lifetime. Every premium member has minimum 15 ads per day, priority payments in less than 12 hours, + 500% earnings from own clicks and + 33% earnings from referrals clicks.
You get for one click: $ 0.050 and for referral click: $ 0.020. Minimal payout is: $ 1.00
register...
Advertisers
Setting up and displaying your link for NewBUXera members to visit is fast and simple. We charge $3.99 per 1000 member visits and each visit will last at least 30 seconds. Outside visits are unlimited and included within the price. We will review your website and will have it active within 24 hours.
So if you are an advertiser you pay $3.99 per 1000 member visits and each one of those 1000 members have been paid to visit your website. That's about it, they get paid to visit your website for 30 seconds, do you really want visitors like these on your website? They are not visiting your site to buy something, they are simply visiting your site to make money. Many affiliates will probably design a bot to do all the clicking for them, so you may generate thousands of visits to your website through this "Paid To Click" program, but all your visits will be from a bunch of tin brains. Even if a human visits your website, you are unlikely to get any profitable action from a "Paid To Click" affiliate. This is click fraud at its best. You have to be out of your mind to participate in an advertising program like this.
We haven't even clicked a link yet and they are already thanking us for registering? This is what you call an optimistic spammer.