Serge-Lingerie.com Online Dating Spam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
X-Apparently-To: x
X-Originating-IP: [76.13.13.75]
Authentication-Results: mta125.mail.re2.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 76.13.13.75 (HELO n5b.bullet.mail.ac4.yahoo.com) (76.13.13.75)
by mta125.mail.re2.yahoo.com with SMTP; Sat, 05 Jul 2008 03:18:31 -0700
Received: from [76.13.13.25] by n5.bullet.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 02:11:56 -0000
Received: from [76.13.10.168] by t4.bullet.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 10:18:28 -0000
Received: from [127.0.0.1] by omp109.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 10:18:28 -0000
X-Yahoo-Newman-Id: 463112.64943.bm@omp109.mail.ac4.yahoo.com
Received: (qmail 54090 invoked by uid 60001); 5 Jul 2008 10:18:27 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
b=mfYdWLQVRloJyiKLkDB+hf3JWP3qMvpJtwOa8p1388+yQXCs7jAlYER2k/E+cUHg3LLJKdFuwWLUMYWJsm+GWpcxkb...
lZX2UeY7WIiIJg8nDHzyLQpKsEb9MGnHlVS6W/SoAnQQJNZ7t5Fj0=;
Received: from [91.193.91.170] by web59912.mail.ac4.yahoo.com via HTTP; Sat, 05 Jul 2008 03:18:27 PDT
X-Mailer: YahooMailWebService/0.7.199
Date: Sat, 5 Jul 2008 03:18:27 -0700 (PDT)
From: Mildred Taylor <mildredtaylor80490@yahoo.com>
Reply-To: mildredtaylor80490@yahoo.com
Subject: hello
To: x
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-715777129-1215253107=:53965"
X-Originating-IP: [76.13.13.75]
Authentication-Results: mta125.mail.re2.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 76.13.13.75 (HELO n5b.bullet.mail.ac4.yahoo.com) (76.13.13.75)
by mta125.mail.re2.yahoo.com with SMTP; Sat, 05 Jul 2008 03:18:31 -0700
Received: from [76.13.13.25] by n5.bullet.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 02:11:56 -0000
Received: from [76.13.10.168] by t4.bullet.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 10:18:28 -0000
Received: from [127.0.0.1] by omp109.mail.ac4.yahoo.com with NNFMP; 05 Jul 2008 10:18:28 -0000
X-Yahoo-Newman-Id: 463112.64943.bm@omp109.mail.ac4.yahoo.com
Received: (qmail 54090 invoked by uid 60001); 5 Jul 2008 10:18:27 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Message-ID;
b=mfYdWLQVRloJyiKLkDB+hf3JWP3qMvpJtwOa8p1388+yQXCs7jAlYER2k/E+cUHg3LLJKdFuwWLUMYWJsm+GWpcxkb...
lZX2UeY7WIiIJg8nDHzyLQpKsEb9MGnHlVS6W/SoAnQQJNZ7t5Fj0=;
Received: from [91.193.91.170] by web59912.mail.ac4.yahoo.com via HTTP; Sat, 05 Jul 2008 03:18:27 PDT
X-Mailer: YahooMailWebService/0.7.199
Date: Sat, 5 Jul 2008 03:18:27 -0700 (PDT)
From: Mildred Taylor <mildredtaylor80490@yahoo.com>
Reply-To: mildredtaylor80490@yahoo.com
Subject: hello
To: x
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-715777129-1215253107=:53965"
Body:
|
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Russian Girl Online Dating Spam - New profileOnline Dating Porn Spam - Eva Edison BLEW YOU A KISS
Online Dating Spam - Beautiful Russian Women - RussianBrides.com
Online Pharmaceutical Spam with Policy Restricitions Being Lifted
Canadian Pharmacy Spam - Worlds best pain killers here
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
"Hello, here is my link, please click it and buy my stuff!"
At the time of publishing this spam example, dorothy1810.earlene.info redirected to serge-lingerie.com. Apart from the lingerie, the site also contained links to the following websites:
Online Dating: www.a1-date.com
Registrant according to whois.enom.com:
a1-date
andrei morozoff
1631 Hollywood Blvd
Hollywood, FL 33020
US
Online Dating: urbanconnectionsuk.com
Registrant according to whois.enom.com:
Anita Charms
Anita Antonova
1631 Hollywood Blvd.
Hollywood, FL 33020
US
Online Diploma: www.dalloway-school.com
Registrant according to who.godaddy.com:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Online Diploma: www.alpha-school.com
Registrant according to whois.enom.com:
Alpha
Anita Antonova
1631 Hollywood Blvd
Hollywood, S 33020
US
Interesting enough, a WhoIs lookup for serge-lingerie.com revealed the following:
Spamvertised Site: www.serge-lingerie.com
Registrant according to who.godaddy.com:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
But even more interesting is the WhoIs information of the gateway site earlene.info:
Gateway Site: www.serge-lingerie.com
Registrant according to who.godaddy.com:
Sergey Pelotkin
Zimbabwe st.
Zimbab, 789830
Zimbabwe
So you have a lingerie site with links to online dating and online diploma sites, with Sergey Pelotkin, owner of the gateway site, living in Zimbabwe street in the city Zimbab in the country of Zimbabwe. What a bizarre combination?