Click to go to homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD

Scam email #250420 - Your user is part of the hitwheeste spoof design to spoof and sent us spam: Kopie von: Vafamosy Vafamosy

Email info

The email was sent on 2018-05-16 10:49:16 and appeared to be from but this address could have been spoofed.
If you replied to this email, your reply would have been sent to which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam

Your email is part of the hitwheese spoof attack.
Until your email, we have never heard of your site before. was hit with hitwheeste ddos attack meant to overwhelm our email server which is a repository for our cake orders and gmail correspondences.
For more on what we have found out on the attack
We would appreciate if you could help us look into this. Your email was triggered by a fake registration. Please check your forms.
Hitwheeste ddos attack starts with unsecured forms (ours was ninja forms) and unchallenged comments. you should take steps to secure them
---original email header---
Received: from ( [])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by (Postfix) with ESMTPS id 9FAB82004BF50
for ; Tue, 15 May 2018 23:23:22 -0700 (PDT)
Received: from ([]) by (mreue007 []) with ESMTPA (Nemesis) id
0LdyNE-1eVEwu0ejs-00pxEV for ; Wed, 16 May 2018 08:23:20
Received: from (IP may be forged by CGI script)
by with HTTP
id 1Jpham-1eP4Wr2kfq-00tmXi; Wed, 16 May 2018 08:23:19 +0200
X-Sender-Info: <>
Precedence: bulk
Subject: Kopie von: Vafamosy Vafamosy
Date: Wed, 16 May 2018 08:23:19 +0200
From: "Petra D. Ernst"
Reply-To: Jerela
X-Priority: 3
X-Mailer: PHPMailer 5.2.1 (
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
X-Provags-ID: V03:K1:cC4CpgoBLxHoBwYvU9jvNlS0TTvHaeBqidIcUbQ7mRkSbWaCpSA
X-UI-Out-Filterresults: notjunk:1;V01:K0:YmItrmOs/Sk=:H0T7iUjI0VJbzJ+W9ZzOQs

Dieses ist eine Kopie der folgenden Nachricht, die an Petra D. Ernst via Petra D. Ernst gesendet wurde:

Dies ist eine Mailanfrage via von:

But... our wallets. Our keys!
buy cake online Twenty minutes before lunch Mrs. Kind helped Fystie set up his portable CD player; Mr. Brawn cleared the largest room; Miss Glee supervised footwear and excess clothing removal, and Mrs. Dominint told them Mort was going to lead them in a jazzercise class just like the ones his stepfather took in the town gymnasium where Miss Glee went. The atmosphere became tense with excitement.

SpamAssassin Report (spam score: 8)

 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
 1.0 MISSING_HEADERS        Missing To: header                                
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 0.5 MISSING_MID            Missing Message-Id: header                        
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no   
                            Subject: text                                     
 1.8 MISSING_SUBJECT        Missing Subject: header                           
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers

Please be careful with the links in the above email - strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)


Where the scam probably came from

theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer