SCAMS | EMAIL | PHONE | MAP | TAGS | EMAIL ANALYSIS | IP LOCATOR
Click to go to Scammed.by homepage
Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD


Scam email #250444 - Your user is part of the hitwheeste spoof design to spoof and sent us spam: Kopie von: Proorkek Proorkek

Email info

The email was sent on 2018-05-16 14:31:19 and appeared to be from hand@ergolind.de but this address could have been spoofed.
If you replied to this email, your reply would have been sent to hand@ergolind.de which was the scammer's actual email address.
It was probably sent from in Unknown, United Kingdom

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Your content is below the advert

The scam

Your email is part of the hitwheese spoof attack.
Until your email, I have never heard of your site before.
Gobi.com.sg was hit with hitwheeste ddos attack meant to overwhelm our email server which is a repository for our cake orders and gmail correspondences.
For more on what we have found out on the attack http://zifsoft.com/2018/04/28/hitwheeste-ddos/
We would appreciate if you could help us look into this. Your email was triggered by a fake registration. Please check your forms.
Hitwheeste ddos attack starts with unsecured forms (ours was ninja forms) and unchallenged comments. you should take steps to secure them
-----------------------------------------------------------
---original email header---
Return-Path:
X-Original-To: info@gobi.com.sg
Delivered-To: x14518238@homiemail-mx28.g.dreamhost.com
Received: from cg4-p00-ob.smtp.rzone.de (cg4-p00-ob.smtp.rzone.de [81.169.146.193])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by homiemail-mx28.g.dreamhost.com (Postfix) with ESMTPS id F316320049024
for ; Tue, 15 May 2018 23:48:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1526453325;
s=strato-dkim-0002; d=ergolind.de;
h=X-RZG-SCRIPT:Message-ID:Subject:Reply-To:From:To:Date:
X-RZG-CLASS-ID:From:Subject:Sender;
bh=/TCPITQXKJarXnKTo/QCTffpvCtF3bFUCXYCQBMx/r8=;
b=n0koX5sjufEreceu0mb9VTgPyapGIEwInXLxaEWj1kP7C/DMydl8nRk68RAQcULiIm
sA4C+YoFV5zA79j55jh60qggxDKJn3wITKz7mot527L2XsmqOnfvnj+eZ4RIWn7nCKCs
1adEOJUH5NdpUZZq9znwjLtG4g8Te3DdYa3MlJV3T/A8u/toK//t/NJqIPS/PpVfuOdE
qtyAuHiofvApCFcuAd57KOUI9i0eK1qfrsAr0IhuMl9PT0bIEiqyJ2MSdTSyVAYdQ5j4
7wlYSuoZYnOBY7hm2WFT93KNpmBQdLpi8scTxIQkxmrKnSpAKGSb+1XaMfTP8k6cNB20
JPkg==
X-RZG-CLASS-ID: cg00
Received: from slivikin.store.d0m.de ([192.168.42.179])
by chrootmail.store (RZmta 43.8 OK)
with ESMTP id v0b8f0u4G6mjWia
for ;
Wed, 16 May 2018 08:48:45 +0200 (CEST)
Received: (from Unknown UID 1808388@localhost)
by post.webmailer.de (8.13.7/8.13.7) id w4G6mjS6029161;
Wed, 16 May 2018 06:48:45 GMT
X-Authentication-Warning: slivikin: Unknown UID 1808388 set sender to hand@ergolind.de using -f
Date: Wed, 16 May 2018 08:48:45 +0200
To: info@gobi.com.sg
From: ergolind
Reply-To: Houssy
Subject: Kopie von: Proorkek Proorkek
Message-ID: <4abd6f26c2ed25dc511d49521f7a6e70@www.ergolind.de>
X-Mailer: PHPMailer 5.2.16 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
X-RZG-SCRIPT: ":P28WfFC8JrA0JY4UkyfhUWv+YuCloWhyOLkm/T5wMizR3elno5RekV59cjIoF7vF8dC3ozgPgVjn9wadI1RMu6E2fqXcZ1e3qlgrJ62MWeN7RcBLIWouhfyjHI0CdLBQgTbw"

-----------------------------------------------------------
Dieses ist eine Kopie der folgenden Nachricht, die an Ergolind via ERGOLIND Margit Koch gesendet wurde:

Dies ist eine Mailanfrage via http://www.ergolind.de/ von:
Houssy

Good lad. And if anyone is stupid enough to arrange a funeral for me, refuse to go. Itll only make you sad and not help you cope. I wont be there to see and theyll probably get an idiot witchdoctor to say insanities about god and heaven and all that crap, like they did with that nasty bully. No child should have to listen to that nonsense, it undermines sanity. Keep me in your head and heart as I am, not as Ill be when Im dead, and in that way well always be together.
Im her son and shes dead. Fell out the window while watching the lightning show. Ended up in the rubbish bins below. Ive just seen her.
buy cake online Ah Yes...that would have been Sybil. Shes no lightweight I can tell you. But it was doggerel, not a poem. It went like this:

SpamAssassin Report (spam score: 8)


 pts rule                   description                                       
---- ---------------------- --------------------------------------------------
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP   
 1.0 MISSING_HEADERS        Missing To: header                                
 1.8 MISSING_SUBJECT        Missing Subject: header                           
 0.5 MISSING_MID            Missing Message-Id: header                        
 2.3 EMPTY_MESSAGE          Message appears to have no textual parts and no   
                            Subject: text                                     
 1.4 MISSING_DATE           Missing Date: header                              
 1.0 MISSING_FROM           Missing From: header                              
-0.0 NO_RECEIVED            Informational: message has no Received headers    
 0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822 headers



Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)

Comments

Where the scam probably came from



theScamBaiter freight bait archive, theFailure Cole baits   theFAILURE freight bait from theScamBaiter - Cole v2.0   theFAILURE freight bait from theScamBaiter - Rebait at Cole's   theFAILURE freight bait from theScamBaiter - the Martins Cole saga   theFAILURE Butch Driveshaft telemarketer phone baiting   theFAILURE freight bait from theScamBaiter - Anus Laptops commercial made by scammer   theFAILURE freight bait from theScamBaiter - script of Anus Laptops commercial made by scammer