SCAMS | EMAIL | PHONE | MAP | TAGS | EMAIL ANALYSIS | IP LOCATOR
Click to go to Scammed.by homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD


Scam email #250412 - Your user is part of the hitwheeste spoof design to spoof and sent us spam: Kopie van: Buibra Buibra

Email info

The email was sent on 2018-05-16 10:39:13 and appeared to be from dylankhoolim@gmail.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to dylankhoolim@gmail.com which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam

Your email is part of the hitwheese spoof attack.
Until your email, we have never heard of your site before.
Gobi.com.sg was hit with hitwheeste ddos attack meant to overwhelm our email server which is a repository for our cake orders and gmail correspondences.
For more on what we have found out on the attack http://zifsoft.com/2018/04/28/hitwheeste-ddos/
We would appreciate if you could help us look into this. Your email was triggered by a fake registration. Please check your forms.
Hitwheeste ddos attack starts with unsecured forms (ours was ninja forms) and unchallenged comments. you should take steps to secure them
-----------------------------------------------------------
---original email header---
Delivered-To: dylankhoolim@gmail.com
Received: by 2002:ac8:1403:0:0:0:0:0 with SMTP id k3-v6csp6462214qtj;
Tue, 15 May 2018 23:07:57 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZoSB8842AguaHhIED8lL0SLXwIwhykUlQdlHGhUXsdIPAif984SFHTiC8kHIP94OSSyg+jB
X-Received: by 2002:a50:a743:: with SMTP id h61-v6mr21516569edc.80.1526450877630;
Tue, 15 May 2018 23:07:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526450877; cv=none;
d=google.com; s=arc-20160816;
b=dMbg/tgcPq/aic4EJkN6ZLlrR4T5eTFlpOfyuUCMDKYkEXzgUsv+IS3dhG3T7Ia8Y2
XqNHq+y80LBa0h6ScTxE38u05/VZIPgoFjLexToux0NJaQiSm1fzOn/TznLl+jM/32U4
Q9u4U95viq2nHvASrvVT6TWJ6sLT7yGe4gBWWsybvwWxv20Tm58XFvsLv6Cnkcuc3o62
iGh10BH25JRH8vCEGzhXTn8pHBzGm4X3PhlXy3g8Mt3YhI/K+O5/qvNS4a9NqLENtYEr
VMiPr4RQyaljVSVgcu1EVFESo7fAaEo9iQ3kiATH3n984RGSknUF3cTggddAq1lALuc5
fivA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:message-id:subject:reply-to:from:to:date
:arc-authentication-results;
bh=O1mFxbSSa+kfvhmp5nW031UQuz3squMwIu9c4hv4OjY=;
b=FWg3OGNcHi9yMPi6kgdx3uT2IEPCyYjh0RW12XxCV2VAmFNYZEKyZ0XdIVGQ06knjq
kt4tlWvOo89IgK/wkZ/sVzbLU9FMlkKMK8r4Pxn8kLb1F8EdJQT3IuquvijH5S2eEOeU
3m+ThLpDQQr9HQMxYgRXWY0thwPQPDCwzftZhIGDrO+CzmIeam57nA+1puykiKSgDblc
IbEsP0IrwAcdXk0vZN22xKDg41Wa9cfGRFIt5O9EyB7GealRHp9RLatzjWPfP8hnbQPm
Jz5dHEcEamApZv0k6v0B3MznmyIqDnHuALmupW2eFSlUSNNFiHY72QpDtJwxGA9kKCDV
XKyg==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of webmaster@biblionetdrenthe.nl designates 212.178.214.92 as permitted sender) smtp.mailfrom=webmaster@biblionetdrenthe.nl
Return-Path:
Received: from mail.biblionetdrenthe.nl (mail.biblionetdrenthe.nl. [212.178.214.92])
by mx.google.com with ESMTPS id q10-v6si2254590edk.369.2018.05.15.23.07.57
for
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 15 May 2018 23:07:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of webmaster@biblionetdrenthe.nl designates 212.178.214.92 as permitted sender) client-ip=212.178.214.92;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of webmaster@biblionetdrenthe.nl designates 212.178.214.92 as permitted sender) smtp.mailfrom=webmaster@biblionetdrenthe.nl
Received: from bibliotheekroden.nl (10.0.4.203) by BNDEXCH01.pbcdrenthe.local
(10.0.110.42) with Microsoft SMTP Server id 14.3.351.0; Wed, 16 May 2018
08:07:57 +0200
Date: Wed, 16 May 2018 06:07:57 +0000
To:
From: Biblionet Drenthe
Reply-To: piomiabomb
Subject: Kopie van: Buibra Buibra
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Return-Path: webmaster@biblionetdrenthe.nl
X-EXCLAIMER-MD-CONFIG: 9e495410-4b92-4657-b639-f5ac374250a0
X-Loop: 1

-----------------------------------------------------------
Dit is een kopie van het volgende bericht dat door u gestuurd is aan Contact Biblionet Drenthe via Biblionet Drenthe

Dit is een e-mailbericht via https://bibliotheekroden.nl/ van:
piomiabomb

Midas Geld smiled, turned so his wife couldnt see him wink, then assuming a serious face, draped an arm over Hales shoulders and drew him aside, waving to the other men to join him.
Lets look at the view and then we can dance again. I love it. When were dancing close together it feels as if were one body with four legs.
Ive always been embarrassed.
buy cake online As his head didnt hurt, despite the stitches, Mort couldnt see why he should remain in the Gymnasium staffroom. Fystie had once explained the layout of the place, so he set off to see if he could find the spot where he could see and not be seen when Leo was performing. It wasnt difficult. Loud dance music led him to a door that opened into a small area shielded from the main space by movable screens. He peeped around the edge and discovered he was directly behind the stage on which jazzercise instructors performed. He caught his breath in astonishment. Leo was naked. Taut bare bronzed buttocks flexed as he leaped and did amazingly high kicks, copied more or less faithfully by his class. Mort wasnt shocked, he was thrilled, aroused, and unconsciously fondled his erection through his shorts.

SpamAssassin Report (spam score: 8)


 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 1.0 MISSING_HEADERS        Missing To: header                                
 1.8 MISSING_SUBJECT        Missing Subject: header                           
 0.5 MISSING_MID            Missing Message-Id: header                        
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no   
                            Subject: text                                     
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers



Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)

Comments

Where the scam probably came from



theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer