SCAMS | EMAIL | PHONE | MAP | TAGS | EMAIL ANALYSIS | IP LOCATOR
Click to go to Scammed.by homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD


Scam email #250411 - Your user is part of the hitwheeste spoof design to spoof and sent us spam: Fitness and Body Image Contact Confirmation

Email info

The email was sent on 2018-05-16 10:34:59 and appeared to be from dylankhoolim@gmail.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to dylankhoolim@gmail.com which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam

Your email is part of the hitwheese spoof attack.
Until your email, we have never heard of your site before.
Gobi.com.sg was hit with hitwheeste ddos attack meant to overwhelm our email
server which is a repository for our cake orders and gmail correspondences.
For more on what we have found out on the attack
http://zifsoft.com/2018/04/28/hitwheeste-ddos/
We would appreciate if you could help us look into this. Your email was
triggered by a fake registration. Please check your forms.
Hitwheeste ddos attack starts with unsecured forms (ours was ninja forms)
and unchallenged comments. you should take steps to secure them
-----------------------------------------------------------
---original email header---
Delivered-To: dylankhoolim@gmail.com
Received: by 2002:ac8:1403:0:0:0:0:0 with SMTP id k3-v6csp6436845qtj;
Tue, 15 May 2018 22:35:32 -0700 (PDT)
X-Google-Smtp-Source:
AB8JxZp6Sa7oPO4oecVk5SkbtyMnMS1btPweeVJrCk603zH2VPM+oyWJvGLH6M8YESw4YVfRxxd2
X-Received: by 2002:a65:4204:: with SMTP id
c4-v6mr14522176pgq.26.1526448932829;
Tue, 15 May 2018 22:35:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t26448932; cv=none;
d=google.com; s=arc-20160816;
b=Xtqtk0zuGz8490Ybqdhk1mrtgxT3L7rI0/GfcyG/FxwM3qCwVVFNWOxq7tvXairmyN

g0yHFkmLnERuRYwCVnudMQ+RB7GjjWomC/Wq5sz2yM5Pf/4k0Q8fC6zOMsAWT3KKah0e

zdk4P4FukIgM6UBJWvUIoMZ7w83TBRWITRbGpbjYfmrZTtIHvcCxHocULrXpL1ipogSP

3ie+TGzNxw2tYqbpOrTYA86ef21v2CSYJnPULwH6THKNIUbjNK4SewJNb3n/vmcha09C

Q+nr+eLIW3n2s4xqmUcZP3xd4pVHvmbkfUmfnrl7dlqxRtA8SLcCD40OUPt85hFy6hOn
X9WA=ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=from:subject:to:message-id:date:arc-authentication-results;
bh=KOXb+5Clf1g3Vaq/81LPHGApZMdXR+7KEDDoLeZ9plU=;
b=yNjk8ETVIEtdUIY691kgMyeKIPY87PfafOhBSmDnfJgUTyMpjc4NX2pWq4OWpnbFwZ

buLDXxrLa5N0hKYa2iCrlKvALMvrOkL5kaF8PnBOua3mMJ6VZN0bK9pmQ3u7pAQKoGLf

rvWjo2+2h3hOD3Ie1bvsYjEtNR+YpMkOouSca3RfdgDJZ/J5Nbli9E3ldSbVFLQniYNu

jmgPVPfEKPcIku/m9FQwiiREG+yeBgOswwO+z20d3xgHa5r8zK2Kms1AxXNRXHqJUtHJ

BuIvdxT7FFQ7Um0RHs9XwIrPwGh1L7noEOZDUJr80CQ/ZBs2IviqVwDmmVZljO0NUmZF
M1LA=ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of p0080117@fitnessandbodyimage.com
designates 69.168.83.3 as permitted sender)
smtp.mailfrom=p0080117@fitnessandbodyimage.com
Return-Path: <p0080117@fitnessandbodyimage.com>
Received: from mailx.dns-solutions.net (mailx.dns-solutions.net.
[69.168.83.3])
by mx.google.com with SMTP id
w15-v6si1929717plp.7.2018.05.15.22.35.32
for <dylankhoolim@gmail.com>;
Tue, 15 May 2018 22:35:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of p0080117@fitnessandbodyimage.com
designates 69.168.83.3 as permitted sender) client-ipi.168.83.3;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of p0080117@fitnessandbodyimage.com
designates 69.168.83.3 as permitted sender)
smtp.mailfrom=p0080117@fitnessandbodyimage.com
Received: (qmail 51399 invoked from network); 15 May 2018 23:35:32 -0600
Date: 15 May 2018 23:35:32 -0600
Message-ID: <20180516053532.51396.qmail@mailx.dns-solutions.net>
X-STrace: 7030303830313137
To: dylankhoolim@gmail.com
Subject: Fitness and Body Image Contact Confirmation
From:

-----------------------------------------------------------
Dear raxeva,
Thank you for sending us your comments.
If you have asked us to contact you, we will be using the following
information:

E-mail: dylankhoolim@gmail.com
Telephone: 86926618373
FAX:

If any of this information is incorrect, please visit
http://www.fitnessandbodyimage.com/contact.htm
and correct it. We thank you for taking the time to help us be a better
serve your health needs.
We will be getting back with you promptly.

Sincerely,
Darin

SpamAssassin Report (spam score: 8)


 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 1.0 MISSING_HEADERS        Missing To: header                                
 0.5 MISSING_MID            Missing Message-Id: header                        
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no   
                            Subject: text                                     
 1.8 MISSING_SUBJECT        Missing Subject: header                           
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers



Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)

Comments

Where the scam probably came from



theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer