SCAMS | EMAIL | PHONE | MAP | TAGS | EMAIL ANALYSIS | IP LOCATOR
Click to go to Scammed.by homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD


Scam email #250435 - XLSvirus

Email info

The email was sent on 2018-05-16 12:40:40 and appeared to be from shuenfuh@gmail.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to shuenfuh@gmail.com which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam

 
138.197.72.196 / 199.19.104.155 used your network to sent virus (po th91652.xls) via fake email shuenfuh@gmail.com
-----------------------------------------------------------
please see scam email header details below:
return-path: <shuenfuh@gmail.com>
x-original-to: info@gobi.com.sg
delivered-to: x14518238@homiemail-mx28.g.dreamhost.com
received: from dunim.com (unknown [138.197.72.196])
 (using tlsv1.2 with cipher dhe-rsa-aes128-sha (128/128 bits))
 (no client certificate requested)
 by homiemail-mx28.g.dreamhost.com (postfix) with esmtps id 8e18f2004985e
 for <info@gobi.com.sg>; wed 16 may 2018 02:04:33 -0700 (pdt)
received: from [199.19.104.155] (helo=user)
 by dunim.com with esmtpa (exim 4.82)
 (envelope-from <shuenfuh@gmail.com>)
 id 1fisis-0004ea-nm; wed 16 may 2018 09:00:34 +0000
reply-to: <msemenenko8@gmail.com>
from: shuenfuh wang <shuenfuh@gmail.com>
to: wendyyang0127@gmail.com
subject: re:po 916521th
date: wed 16 may 2018 05:01:08 -0400
mime-version: 1.0
content-type: multipart/mixed;
 boundary= ----=_nextpart_000_00a0_01c2a9a6.25027f8e
x-priority: 3
x-msmail-priority: normal
x-mailer: microsoft outlook express 6.00.2600.0000
x-mimeole: produced by microsoft mimeole v6.00.2600.0000
message-id: <e1fisis-0004ea-nm@dunim.com>
 
 
-----------------------------------------------------------
 spammer's domain details:
ip address:  138.197.72.196
country:   ususa - new york
network name: digitalocean-16
owner name:  digitalocean  llc
cidr:   138.197.0.0/16
from ip:   138.197.0.0
to ip:   138.197.255.255
allocated:  yes
contact name: digitalocean  llc
address:   101 ave of the americas  10th floor  new york
email:   noc@digitalocean.com
abuse email:  abuse@digitalocean.com
phone:   +1-347-875-6044

 rest/nets;q=138.197.72.196?
 
 
netrange:  138.197.0.0 - 138.197.255.255
cidr:   138.197.0.0/16
netname:   digitalocean-16
nethandle:   net-138-197-0-0-1
parent:   net138 (net-138-0-0-0-0)
nettype:   direct allocation
originas:  
organization:  digitalocean  llc (do-13)
regdate:   2016-01-26
updated:   2016-04-12
ref:    rest/net/net-138-197-0-0-1
 
 
 
orgname:   digitalocean  llc
orgid:   do-13
address:   101 ave of the americas
address:   10th floor
city:   new york
stateprov:   ny
postalcode:  10013
country:   us
regdate:   2012-05-14
updated:   2017-07-03
comment:   http://www.digitalocean.com
comment:   simple cloud hosting
ref:    rest/org/do-13
 
 
orgabusehandle: abuse5232-arin
orgabusename:  abuse  digitalocean
orgabusephone:  +1-347-875-6044
orgabuseemail:  abuse@digitalocean.com
orgabuseref:  rest/poc/abuse5232-arin
 
orgtechhandle: noc32014-arin
orgtechname:  network operations center
orgtechphone:  +1-347-875-6044
orgtechemail:  noc@digitalocean.com
orgtechref:  rest/poc/noc32014-arin
 
orgnochandle: noc32014-arin
orgnocname:  network operations center
orgnocphone:  +1-347-875-6044
orgnocemail:  noc@digitalocean.com
 
ip address: 199.19.104.155
country: ususa - maine
network name: volumedrive
owner name: luke doward
cidr: 199.19.111.147/32 199.19.111.152/29 199.19.111.160/32 199.19.111.148/30
from ip: 199.19.111.147
to ip: 199.19.111.160
allocated: yes
contact name: volumedrive
address: 99 birley street warrington
email: info@volumedrive.com
abuse email: abuse@volumedrive.com
phone: +1-570-565-9829
rest/nets;q=199.19.104.155?
 
 
netrange: 199.19.104.0 - 199.19.111.255
cidr: 199.19.104.0/21
netname: volumedrive
nethandle: net-199-19-104-0-1
parent: net199 (net-199-0-0-0-0)
nettype: direct allocation
originas: as46664
organization: volumedrive (volum-2)
regdate: 2011-10-07
updated: 2017-06-13
ref: rest/net/net-199-19-104-0-1
 
 
orgname: volumedrive
orgid: volum-2
address: 1143 northern blvd
city: clarks summit
stateprov: pa
postalcode: 18411
country: us
regdate: 2008-08-26
updated: 2017-12-05
ref: rest/org/volum-2
 
 
orgtechhandle: volum1-arin
orgtechname: volumedrive poc
orgtechphone: +1-570-565-9829
orgtechemail: info@volumedrive.com
orgtechref: rest/poc/volum1-arin
 
orgabusehandle: volum2-arin
orgabusename: volumedrive abuse
orgabusephone: +1-570-565-9829
orgabuseemail: abuse@volumedrive.com
orgabuseref: rest/poc/volum2-arin
 
 
 
 
 
 
netrange: 199.19.111.147 - 199.19.111.160
cidr: 199.19.111.147/32 199.19.111.152/29 199.19.111.160/32 199.19.111.148/30
netname: volumedrive
nethandle: net-199-19-111-147-1
parent: volumedrive (net-199-19-104-0-1)
nettype: reassigned
originas: as46664
customer: luke doward (c02976340)
regdate: 2012-05-12
updated: 2017-06-13
comment: used for vps services.
ref: rest/net/net-199-19-111-147-1
 
 
custname: luke doward
address: 99 birley street
city: warrington
stateprov: merseyside
postalcode: wa12 9un
country: gb
regdate: 2012-05-12
updated: 2012-05-12
ref: rest/customer/c02976340
 
orgtechhandle: volum1-arin
orgtechname: volumedrive poc
orgtechphone: +1-570-565-9829
orgtechemail: info@volumedrive.com
orgtechref: rest/poc/volum1-arin
 
orgabusehandle: volum2-arin
orgabusename: volumedrive abuse
orgabusephone: +1-570-565-9829
orgabuseemail: abuse@volumedrive.com
 
 
-----------------------------------------------------------
spoofer's domain details:
 
-----------------------------------------------------------
scammer's domain details:
 
-----------------------------------------------------------
bait site's domain details:
 
-----------------------------------------------------------
original mail:
 
hello sir
 
could we have these asap.
 
 
please confirm earliest delivery date
 
 
regards
 
shuenfuh wang
 
finance and purchasing
 
head office
bka technology co. ltd
address: 100/3 thesabansongkrow rd. lardyao jatujak bangkok 10900 thailand
telephone & fax
tel : (662) 954-3454
email:shuenfuh@gmail.com
fax : (662) 591-7892
gmail-abuse@google.com; securiy@google.com
 
 
 
 



please see scam email header details below:
Return-Path: <shuenfuh@gmail.com>
X-Original-To: info@gobi.com.sg
Delivered-To: x14518238@homiemail-mx28.g.dreamhost.com
Received: from dunim.com (unknown [138.197.72.196])
        (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
        (No client certificate requested)
        by homiemail-mx28.g.dreamhost.com (Postfix) with ESMTPS id 8E18F2004985E
        for <info@gobi.com.sg>; Wed, 16 May 2018 02:04:33 -0700 (PDT)
Received: from [199.19.104.155] (helo=User)
        by dunim.com with esmtpa (Exim 4.82)
        (envelope-from <shuenfuh@gmail.com>)
        id 1fIsIS-0004eA-NM; Wed, 16 May 2018 09:00:34 +0000
Reply-To: <msemenenko8@gmail.com>
From: "shuenfuh wang"<shuenfuh@gmail.com>
To: wendyyang0127@gmail.com
Subject: Re:PO 916521TH
Date: Wed, 16 May 2018 05:01:08 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_00A0_01C2A9A6.25027F8E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <E1fIsIS-0004eA-NM@dunim.com>

 

-----------------------------------------------------------<em1> ; questions@spamdex.co.uk; [censored]; info@onlinethreatalerts.com; emailscamalerts@gmail.com ; noc@digitalocean.com; abuse@digitalocean.com; info@volumedrive.com; abuse@volumedrive.com; shuenfuh@gmail.com; gmail-abuse@google.com;; securiy@google.com<em2> 

138.197.72.196 / 199.19.104.155 used your network to sent virus (po th91652.xls) via fake email shuenfuh@gmail.com
-----------------------------------------------------------
please see scam email header details below:
return-path: <shuenfuh@gmail.com>
x-original-to: info@gobi.com.sg
delivered-to: x14518238@homiemail-mx28.g.dreamhost.com
received: from dunim.com (unknown [138.197.72.196])
 (using tlsv1.2 with cipher dhe-rsa-aes128-sha (128/128 bits))
 (no client certificate requested)
 by homiemail-mx28.g.dreamhost.com (postfix) with esmtps id 8e18f2004985e
 for <info@gobi.com.sg>; wed 16 may 2018 02:04:33 -0700 (pdt)
received: from [199.19.104.155] (helo=user)
 by dunim.com with esmtpa (exim 4.82)
 (envelope-from <shuenfuh@gmail.com>)
 id 1fisis-0004ea-nm; wed 16 may 2018 09:00:34 +0000
reply-to: <msemenenko8@gmail.com>
from: shuenfuh wang <shuenfuh@gmail.com>
to: wendyyang0127@gmail.com
subject: re:po 916521th
date: wed 16 may 2018 05:01:08 -0400
mime-version: 1.0
content-type: multipart/mixed;
 boundary= ----=_nextpart_000_00a0_01c2a9a6.25027f8e
x-priority: 3
x-msmail-priority: normal
x-mailer: microsoft outlook express 6.00.2600.0000
x-mimeole: produced by microsoft mimeole v6.00.2600.0000
message-id: <e1fisis-0004ea-nm@dunim.com>
 
 
-----------------------------------------------------------
 spammer's domain details:
ip address:  138.197.72.196
country:   ususa - new york
network name: digitalocean-16
owner name:  digitalocean  llc
cidr:   138.197.0.0/16
from ip:   138.197.0.0
to ip:   138.197.255.255
allocated:  yes
contact name: digitalocean  llc
address:   101 ave of the americas  10th floor  new york
email:   noc@digitalocean.com
abuse email:  abuse@digitalocean.com
phone:   +1-347-875-6044

 rest/nets;q=138.197.72.196?
 
 
netrange:  138.197.0.0 - 138.197.255.255
cidr:   138.197.0.0/16
netname:   digitalocean-16
nethandle:   net-138-197-0-0-1
parent:   net138 (net-138-0-0-0-0)
nettype:   direct allocation
originas:  
organization:  digitalocean  llc (do-13)
regdate:   2016-01-26
updated:   2016-04-12
ref:    rest/net/net-138-197-0-0-1
 
 
 
orgname:   digitalocean  llc
orgid:   do-13
address:   101 ave of the americas
address:   10th floor
city:   new york
stateprov:   ny
postalcode:  10013
country:   us
regdate:   2012-05-14
updated:   2017-07-03
comment:   http://www.digitalocean.com
comment:   simple cloud hosting
ref:    rest/org/do-13
 
 
orgabusehandle: abuse5232-arin
orgabusename:  abuse  digitalocean
orgabusephone:  +1-347-875-6044
orgabuseemail:  abuse@digitalocean.com
orgabuseref:  rest/poc/abuse5232-arin
 
orgtechhandle: noc32014-arin
orgtechname:  network operations center
orgtechphone:  +1-347-875-6044
orgtechemail:  noc@digitalocean.com
orgtechref:  rest/poc/noc32014-arin
 
orgnochandle: noc32014-arin
orgnocname:  network operations center
orgnocphone:  +1-347-875-6044
orgnocemail:  noc@digitalocean.com
 
ip address: 199.19.104.155
country: ususa - maine
network name: volumedrive
owner name: luke doward
cidr: 199.19.111.147/32 199.19.111.152/29 199.19.111.160/32 199.19.111.148/30
from ip: 199.19.111.147
to ip: 199.19.111.160
allocated: yes
contact name: volumedrive
address: 99 birley street warrington
email: info@volumedrive.com
abuse email: abuse@volumedrive.com
phone: +1-570-565-9829
rest/nets;q=199.19.104.155?
 
 
netrange: 199.19.104.0 - 199.19.111.255
cidr: 199.19.104.0/21
netname: volumedrive
nethandle: net-199-19-104-0-1
parent: net199 (net-199-0-0-0-0)
nettype: direct allocation
originas: as46664
organization: volumedrive (volum-2)
regdate: 2011-10-07
updated: 2017-06-13
ref: rest/net/net-199-19-104-0-1
 
 
orgname: volumedrive
orgid: volum-2
address: 1143 northern blvd
city: clarks summit
stateprov: pa
postalcode: 18411
country: us
regdate: 2008-08-26
updated: 2017-12-05
ref: rest/org/volum-2
 
 
orgtechhandle: volum1-arin
orgtechname: volumedrive poc
orgtechphone: +1-570-565-9829
orgtechemail: info@volumedrive.com
orgtechref: rest/poc/volum1-arin
 
orgabusehandle: volum2-arin
orgabusename: volumedrive abuse
orgabusephone: +1-570-565-9829
orgabuseemail: abuse@volumedrive.com
orgabuseref: rest/poc/volum2-arin
 
 
 
 
 
 
netrange: 199.19.111.147 - 199.19.111.160
cidr: 199.19.111.147/32 199.19.111.152/29 199.19.111.160/32 199.19.111.148/30
netname: volumedrive
nethandle: net-199-19-111-147-1
parent: volumedrive (net-199-19-104-0-1)
nettype: reassigned
originas: as46664
customer: luke doward (c02976340)
regdate: 2012-05-12
updated: 2017-06-13
comment: used for vps services.
ref: rest/net/net-199-19-111-147-1
 
 
custname: luke doward
address: 99 birley street
city: warrington
stateprov: merseyside
postalcode: wa12 9un
country: gb
regdate: 2012-05-12
updated: 2012-05-12
ref: rest/customer/c02976340
 
orgtechhandle: volum1-arin
orgtechname: volumedrive poc
orgtechphone: +1-570-565-9829
orgtechemail: info@volumedrive.com
orgtechref: rest/poc/volum1-arin
 
orgabusehandle: volum2-arin
orgabusename: volumedrive abuse
orgabusephone: +1-570-565-9829
orgabuseemail: abuse@volumedrive.com
 
 
-----------------------------------------------------------
spoofer's domain details:
 
-----------------------------------------------------------
scammer's domain details:
 
-----------------------------------------------------------
bait site's domain details:
 
-----------------------------------------------------------
original mail:
 
hello sir
 
could we have these asap.
 
 
please confirm earliest delivery date
 
 
regards
 
shuenfuh wang
 
finance and purchasing
 
head office
bka technology co. ltd
address: 100/3 thesabansongkrow rd. lardyao jatujak bangkok 10900 thailand
telephone & fax
tel : (662) 954-3454
email:shuenfuh@gmail.com
fax : (662) 591-7892
gmail-abuse@google.com; securiy@google.com
 
 
 
 



-----------------------------------------------------------Original mail:
 
Hello Sir ,
 
Could we have these asap.
 
 
Please confirm earliest delivery date
 
 
Regards
 
shuenfuh wang
 
Finance and Purchasing
 
Head Office
BKA TECHNOLOGY CO., LTD
Address: 100/3 Thesabansongkrow Rd., Lardyao, Jatujak, Bangkok 10900, Thailand
Telephone & Fax
TEL : (662) 954-3454
EMAIL:shuenfuh@gmail.com
FAX : (662) 591-7892




Attachment content - PO TH91652.XLS:



ClamAV for Windows - Antivirus report:

Known viruses: 6508224 Engine version: 0.99.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.20 MB Data read: 0.07 MB (ratio 2.74:1) Time: 21.704 sec (0 m 21 s)

SpamAssassin Report (spam score: 5.7)


 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
0.20 MB                     Data read: 0.07 MB (ratio 2.74:1) Time: 21.704 sec
                            (0 m 21 s) [...]                                  
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 1.0 MISSING_HEADERS        Missing To: header                                
-0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20% [score:  
                            0.1211]                                           
 1.8 MISSING_SUBJECT        Missing Subject: header                           
 0.5 MISSING_MID            Missing Message-Id: header                        
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers



Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)

Comments

Where the scam probably came from



theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer