SCAMS | EMAIL | PHONE | MAP | TAGS | EMAIL ANALYSIS | IP LOCATOR
Click to go to Scammed.by homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD


Scam email #250437 - ShaininVirus

Email info

The email was sent on 2018-05-16 14:15:54 and appeared to be from mehedi@shaningroup.net but this address could have been spoofed.
If you replied to this email, your reply would have been sent to mehedi@shaningroup.net which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam


37.48.86.41 used your network to sent virus (bank details & proforma invoice.r00) via fake email mehedi@shaningroup.net
-----------------------------------------------------------
please see scam email header details below:
return-path: <mehedi@shaningroup.net>
x-original-to: info@gobi.com.sg
delivered-to: x14518238@homiemail-mx28.g.dreamhost.com
received: from shaningroup.net (aer-hosted.rapidrdp.com [37.48.86.41]) by homiemail-mx28.g.dreamhost.com (postfix) with esmtp id 53ebe20049859 for <info@gobi.com.sg>; wed 16 may 2018 02:18:17 -0700 (pdt)
from: regina <mehedi@shaningroup.net>
to: info@gobi.com.sg
subject: info@gobi.com.sg re: confirm bank details and invoice
date: 16 may 2018 11:18:15 +0200
message-id: <20180516111815.fe081ac3024c3bc5@shaningroup.net>
mime-version: 1.0
content-type: multipart/mixed;
boundary= ----=_nextpart_000_0012_d433fba4.7968ca32


-----------------------------------------------------------
spammer's domain details:
ip address: 37.48.86.41
country: nlnetherlands
network name: nl-leaseweb-20120124
owner name: leaseweb netherlands b.v.
cidr: 37.48.64.0/18
from ip: 37.48.64.0
to ip: 37.48.127.255
allocated: yes
contact name: leaseweb nl noc
address: luttenbergweg 8 1101 ec amsterdam
email: ripe@nl.leaseweb.com
abuse email: abuse@nl.leaseweb.com.
phone:
information related to '37.48.64.0 - 37.48.127.255'
abuse contact for '37.48.64.0 - 37.48.127.255' is 'abuse@nl.leaseweb.com'

inetnum: 37.48.64.0 - 37.48.127.255
netname: nl-leaseweb-20120124
country: nl
org: org-ob3-ripe
admin-c: lswn1-ripe
tech-c: lswn1-ripe
status: allocated pa
remarks: please send all abuse notifications to the following email address: abuse@nl.leaseweb.com. to ensure proper processing of your abuse notification please visit the website http://www.leaseweb.com/abuse for notification requirements. all police and other government agency requests must be sent to subpoenas@nl.leaseweb.com.
notify: ripe@network.leaseweb.com
mnt-by: ripe-ncc-hm-mnt
mnt-by: leaseweb-nl-mnt
mnt-lower: leaseweb-nl-mnt
mnt-domains: leaseweb-nl-mnt
mnt-routes: leaseweb-nl-mnt
created: 2012-01-24t10:32:05z
last-modified: 2017-11-16t10:27:09z


organisation: org-ob3-ripe
org-name: leaseweb netherlands b.v.
org-type: lir
address: postbus 93054
address: 1090bb
address: amsterdam
address: netherlands
phone: +31203162880
fax-no: +31203162890
e-mail: ripe@ocom.com
admin-c: lswn1-ripe
admin-c: spw1-ripe
abuse-c: lwad-ripe
mnt-ref: ripe-ncc-hm-mnt
mnt-ref: leaseweb-nl-mnt
mnt-by: ripe-ncc-hm-mnt
mnt-by: leaseweb-nl-mnt
created: 2004-04-17t11:42:05z
last-modified: 2017-11-16t10:29:40z


role: leaseweb nl noc
address: luttenbergweg 8 1101 ec amsterdam
e-mail: ripe@nl.leaseweb.com
admin-c: spw1-ripe


-----------------------------------------------------------
spoofer's domain details:
domain name: shaningroup.net
registry domain id: 115909424_domain_net-vrsn registrar whois server: whois.publicdomainregistry.com registrar url: http://www.publicdomainregistry.com updated date: 2018-04-04t04:04:49z creation date: 2004-04-03t11:17:42z registrar registration expiration date: 2019-04-03t10:17:42z
registrar: pdr ltd. d/b/a publicdomainregistry.com registrar iana id: 303 domain status: clienttransferprohibited https://icann.org/eppclienttransferprohibited
registry registrant id: not available from registry registrant name: a.k.m shamsuzzaman registrant organization: dhakacom limited registrant street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka registrant city: dhaka registrant state/province: dhaka registrant postal code: 1212 registrant country: bd registrant phone: +880.1713396444 registrant phone ext:
registrant fax: +880.8819221
registrant fax ext:
registrant email: zaman@dhakacom.com
registry admin id: not available from registry admin name: a.k.m shamsuzzaman admin organization: dhakacom limited admin street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka admin city: dhaka admin state/province: dhaka admin postal code: 1212 admin country: bd admin phone: +880.1713396444 admin phone ext:
admin fax: +880.8819221
admin fax ext:
admin email: zaman@dhakacom.com
registry tech id: not available from registry tech name: a.k.m shamsuzzaman tech organization: dhakacom limited tech street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka tech city: dhaka tech state/province: dhaka tech postal code: 1212 tech country: bd tech phone: +880.1713396444 tech phone ext:
tech fax: +880.8819221
tech fax ext:
tech email: zaman@dhakacom.com
name server: ns1.dhakacom.com
name server: ns2.dhakacom.com
dnssec: unsigned
registrar abuse contact email: abuse-contact@publicdomainregistry.com
registrar abuse contact phone: +1.2013775952
-----------------------------------------------------------
scammer's domain details:

-----------------------------------------------------------
bait site's domain details:

-----------------------------------------------------------
original mail:
dear sir


2nd reminder


kindly confirm attached bank details and invoice for the payment that was instructed by your customer for the overdue settlement because we received a different bank details and its not
corresponding with the bank details in the invoice have called
your office but its not going through .

please confirm and get back to us asap

i await your soonest reply


best regards

regina maroni
account manager



bar chambers ground floor
regional tax office
shahrah-e-kamal ataturk
karachi-74200
phone: 021-49211792 0345-3070590







please see scam email header details below:
Return-Path: <mehedi@shaningroup.net>
X-Original-To: info@gobi.com.sg
Delivered-To: x14518238@homiemail-mx28.g.dreamhost.com
Received: from shaningroup.net (aer-hosted.rapidrdp.com [37.48.86.41])
by homiemail-mx28.g.dreamhost.com (Postfix) with ESMTP id 53EBE20049859
for <info@gobi.com.sg>; Wed, 16 May 2018 02:18:17 -0700 (PDT)
From: "Regina" <mehedi@shaningroup.net>
To: info@gobi.com.sg
Subject: info@gobi.com.sg RE: CONFIRM BANK DETAILS AND INVOICE
Date: 16 May 2018 11:18:15 +0200
Message-ID: <20180516111815.FE081AC3024C3BC5@shaningroup.net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_D433FBA4.7968CA32"


----------------------------------------------------------- ; questions@spamdex.co.uk; [censored]; info@onlinethreatalerts.com; emailscamalerts@gmail.com ; ripe@nl.leaseweb.com; abuse@nl.leaseweb.com.; subpoenas@nl.leaseweb.com.; ripe@network.leaseweb.com; ripe@ocom.com; zaman@dhakacom.com; abuse-contact@publicdomainregistry.com
37.48.86.41 used your network to sent virus (bank details & proforma invoice.r00) via fake email mehedi@shaningroup.net
-----------------------------------------------------------
please see scam email header details below:
return-path: <mehedi@shaningroup.net>
x-original-to: info@gobi.com.sg
delivered-to: x14518238@homiemail-mx28.g.dreamhost.com
received: from shaningroup.net (aer-hosted.rapidrdp.com [37.48.86.41]) by homiemail-mx28.g.dreamhost.com (postfix) with esmtp id 53ebe20049859 for <info@gobi.com.sg>; wed 16 may 2018 02:18:17 -0700 (pdt)
from: regina <mehedi@shaningroup.net>
to: info@gobi.com.sg
subject: info@gobi.com.sg re: confirm bank details and invoice
date: 16 may 2018 11:18:15 +0200
message-id: <20180516111815.fe081ac3024c3bc5@shaningroup.net>
mime-version: 1.0
content-type: multipart/mixed;
boundary= ----=_nextpart_000_0012_d433fba4.7968ca32


-----------------------------------------------------------
spammer's domain details:
ip address: 37.48.86.41
country: nlnetherlands
network name: nl-leaseweb-20120124
owner name: leaseweb netherlands b.v.
cidr: 37.48.64.0/18
from ip: 37.48.64.0
to ip: 37.48.127.255
allocated: yes
contact name: leaseweb nl noc
address: luttenbergweg 8 1101 ec amsterdam
email: ripe@nl.leaseweb.com
abuse email: abuse@nl.leaseweb.com.
phone:
information related to '37.48.64.0 - 37.48.127.255'
abuse contact for '37.48.64.0 - 37.48.127.255' is 'abuse@nl.leaseweb.com'

inetnum: 37.48.64.0 - 37.48.127.255
netname: nl-leaseweb-20120124
country: nl
org: org-ob3-ripe
admin-c: lswn1-ripe
tech-c: lswn1-ripe
status: allocated pa
remarks: please send all abuse notifications to the following email address: abuse@nl.leaseweb.com. to ensure proper processing of your abuse notification please visit the website http://www.leaseweb.com/abuse for notification requirements. all police and other government agency requests must be sent to subpoenas@nl.leaseweb.com.
notify: ripe@network.leaseweb.com
mnt-by: ripe-ncc-hm-mnt
mnt-by: leaseweb-nl-mnt
mnt-lower: leaseweb-nl-mnt
mnt-domains: leaseweb-nl-mnt
mnt-routes: leaseweb-nl-mnt
created: 2012-01-24t10:32:05z
last-modified: 2017-11-16t10:27:09z


organisation: org-ob3-ripe
org-name: leaseweb netherlands b.v.
org-type: lir
address: postbus 93054
address: 1090bb
address: amsterdam
address: netherlands
phone: +31203162880
fax-no: +31203162890
e-mail: ripe@ocom.com
admin-c: lswn1-ripe
admin-c: spw1-ripe
abuse-c: lwad-ripe
mnt-ref: ripe-ncc-hm-mnt
mnt-ref: leaseweb-nl-mnt
mnt-by: ripe-ncc-hm-mnt
mnt-by: leaseweb-nl-mnt
created: 2004-04-17t11:42:05z
last-modified: 2017-11-16t10:29:40z


role: leaseweb nl noc
address: luttenbergweg 8 1101 ec amsterdam
e-mail: ripe@nl.leaseweb.com
admin-c: spw1-ripe


-----------------------------------------------------------
spoofer's domain details:
domain name: shaningroup.net
registry domain id: 115909424_domain_net-vrsn registrar whois server: whois.publicdomainregistry.com registrar url: http://www.publicdomainregistry.com updated date: 2018-04-04t04:04:49z creation date: 2004-04-03t11:17:42z registrar registration expiration date: 2019-04-03t10:17:42z
registrar: pdr ltd. d/b/a publicdomainregistry.com registrar iana id: 303 domain status: clienttransferprohibited https://icann.org/eppclienttransferprohibited
registry registrant id: not available from registry registrant name: a.k.m shamsuzzaman registrant organization: dhakacom limited registrant street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka registrant city: dhaka registrant state/province: dhaka registrant postal code: 1212 registrant country: bd registrant phone: +880.1713396444 registrant phone ext:
registrant fax: +880.8819221
registrant fax ext:
registrant email: zaman@dhakacom.com
registry admin id: not available from registry admin name: a.k.m shamsuzzaman admin organization: dhakacom limited admin street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka admin city: dhaka admin state/province: dhaka admin postal code: 1212 admin country: bd admin phone: +880.1713396444 admin phone ext:
admin fax: +880.8819221
admin fax ext:
admin email: zaman@dhakacom.com
registry tech id: not available from registry tech name: a.k.m shamsuzzaman tech organization: dhakacom limited tech street: navana tower (7th floor) 45 gulshan south, circle-1 dhaka tech city: dhaka tech state/province: dhaka tech postal code: 1212 tech country: bd tech phone: +880.1713396444 tech phone ext:
tech fax: +880.8819221
tech fax ext:
tech email: zaman@dhakacom.com
name server: ns1.dhakacom.com
name server: ns2.dhakacom.com
dnssec: unsigned
registrar abuse contact email: abuse-contact@publicdomainregistry.com
registrar abuse contact phone: +1.2013775952
-----------------------------------------------------------
scammer's domain details:

-----------------------------------------------------------
bait site's domain details:

-----------------------------------------------------------
original mail:
dear sir


2nd reminder


kindly confirm attached bank details and invoice for the payment that was instructed by your customer for the overdue settlement because we received a different bank details and its not
corresponding with the bank details in the invoice have called
your office but its not going through .

please confirm and get back to us asap

i await your soonest reply


best regards

regina maroni
account manager



bar chambers ground floor
regional tax office
shahrah-e-kamal ataturk
karachi-74200
phone: 021-49211792 0345-3070590







-----------------------------------------------------------Original mail:
Dear Sir,


2ND REMINDER


Kindly confirm attached bank details and invoice for the payment that was instructed by your customer for the overdue settlement because we received a different bank details and its not corresponding with the bank details in the invoice , have called your office but its not going through .

please confirm and get back to us asap

I await your soonest reply


Best Regards

Regina maroni
Account Manager



Bar Chambers, Ground Floor,
Regional Tax Office,
Shahrah-e-Kamal Ataturk,
Karachi-74200
Phone: 021-49211792, 0345-3070590



Attachment content - Bank Details & Proforma Invoice.r00:



ClamAV for Windows - Antivirus report:

Known viruses: 6508224 Engine version: 0.99.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.28 MB Data read: 0.28 MB (ratio 1.01:1) Time: 21.484 sec (0 m 21 s)

SpamAssassin Report (spam score: 5.7)


 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
0.28 MB                     Data read: 0.28 MB (ratio 1.01:1) Time: 21.484 sec
                            (0 m 21 s) [...]                                  
 1.0 MISSING_HEADERS        Missing To: header                                
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
-0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20% [score:  
                            0.1371]                                           
 0.5 MISSING_MID            Missing Message-Id: header                        
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
 1.8 MISSING_SUBJECT        Missing Subject: header                           
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers



Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)

Comments

Where the scam probably came from



theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer