Slik ser meldingen ut fra Posten Norge, fra en svindler i USA.
- Svindleren lurer nok mange...
Emnefeltet i e-posten: Levering: Pakken din venter på betalingsbekreftelse.
Men her ser dere headingen på e-posten og likeså IP adressen:
Det står altså
James Douglas Entertainment- men det behøver jo ikke å stemme.
Return-Path: <support@douglasjamesent.com>
Received: from cpweb02.misshosting.no
by cpweb02.misshosting.no with LMTP
id YHQjNc6fiV/dIR8AO49wEQ
(envelope-from <support@douglasjamesent.com>); Fri, 16 Oct 2020 15:27:42 +0200
Return-path: <support@douglasjamesent.com>
Envelope-to:
bmonline@bmonline.noDelivery-date: Fri, 16 Oct 2020 15:27:42 +0200
Received: from host.skineart.com ([67.222.8.6]:46056)
by cpweb02.misshosting.no with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <support@douglasjamesent.com>)
id 1kTPlk-008ZwX-TH
for
bmonline@bmonline.no; Fri, 16 Oct 2020 15:27:42 +0200
Received: from douglasjames by host.skineart.com with local (Exim 4.93)
(envelope-from <support@douglasjamesent.com>)
id 1kTPlj-00014R-0Q
for
bmonline@bmonline.no; Fri, 16 Oct 2020 09:27:39 -0400
To:
bmonline@bmonline.noSubject: =?UTF-8?Q?Levering:_pakken_din_venter_p=C3=A5_betalingsbekreftelse_!?=
X-PHP-Script: douglasjamesent.com/wp-content/plugins/heiudes/eylxbnikyy.php for 84.247.50.36
X-PHP-Originating-Script: 518:eylxbnikyy.php
Date: Fri, 16 Oct 2020 13:27:39 +0000
From: NO# Posten Norge <support@douglasjamesent.com>
Message-ID: <9360182547b8dd14da78d6b7921aa66e@douglasjamesent.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_9360182547b8dd14da78d6b7921aa66e"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.skineart.com
X-AntiAbuse: Original Domain - bmonline.no
X-AntiAbuse: Originator/Caller UID/GID - [518 997] / [47 12]
X-AntiAbuse: Sender Address Domain - douglasjamesent.com
X-Get-Message-Sender-Via: host.skineart.com: authenticated_id: douglasjames/from_h
X-Authenticated-Sender: host.skineart.com:
support@douglasjamesent.comX-Source:
X-Source-Args: php-fpm: pool douglasjamesent_com
X-Source-Dir: douglasjamesent.com:/public_html/wp-content/plugins/heiudes
X-OutGoing-Spam-Status: No, score=0.8
X-Spam-Status: No, score=0.8
X-Spam-Score: 8
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "cpweb02.misshosting.no",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Â Â Â
Content analysis details: (0.8 points, 1000.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 CPANEL_LOTS_OF_EMPTY_LINE RAW: Spam that has large block of
empty lines
X-Spam-Flag: NO
EN hacker leker postkontor, dvs svindel- her er full info, det er bare å ta klubba med til adressen!
IP Location Info:
IP Address 67.222.8.6
Country United States
Region -
City -
ISP PrivateSystems Networks
Organization PrivateSystems Networks
Latitude 37.751
Longitude -97.822
Slik ser meldingen ut fra Posten Norge, fra en svindler i USA.
[attachment=0]Posten.jpg[/attachment]
Emnefeltet i e-posten: Levering: Pakken din venter på betalingsbekreftelse.
Men her ser dere headingen på e-posten og likeså IP adressen:
Det står altså [url=https://douglasjamesent.com/contact/]James Douglas Entertainment[/url]- men det behøver jo ikke å stemme.
Return-Path: <support@douglasjamesent.com>
Received: from cpweb02.misshosting.no
by cpweb02.misshosting.no with LMTP
id YHQjNc6fiV/dIR8AO49wEQ
(envelope-from <support@douglasjamesent.com>); Fri, 16 Oct 2020 15:27:42 +0200
Return-path: <support@douglasjamesent.com>
Envelope-to: bmonline@bmonline.no
Delivery-date: Fri, 16 Oct 2020 15:27:42 +0200
Received: from host.skineart.com ([67.222.8.6]:46056)
by cpweb02.misshosting.no with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <support@douglasjamesent.com>)
id 1kTPlk-008ZwX-TH
for bmonline@bmonline.no; Fri, 16 Oct 2020 15:27:42 +0200
Received: from douglasjames by host.skineart.com with local (Exim 4.93)
(envelope-from <support@douglasjamesent.com>)
id 1kTPlj-00014R-0Q
for bmonline@bmonline.no; Fri, 16 Oct 2020 09:27:39 -0400
To: bmonline@bmonline.no
Subject: =?UTF-8?Q?Levering:_pakken_din_venter_p=C3=A5_betalingsbekreftelse_!?=
X-PHP-Script: douglasjamesent.com/wp-content/plugins/heiudes/eylxbnikyy.php for 84.247.50.36
X-PHP-Originating-Script: 518:eylxbnikyy.php
Date: Fri, 16 Oct 2020 13:27:39 +0000
From: NO# Posten Norge <support@douglasjamesent.com>
Message-ID: <9360182547b8dd14da78d6b7921aa66e@douglasjamesent.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_9360182547b8dd14da78d6b7921aa66e"
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host.skineart.com
X-AntiAbuse: Original Domain - bmonline.no
X-AntiAbuse: Originator/Caller UID/GID - [518 997] / [47 12]
X-AntiAbuse: Sender Address Domain - douglasjamesent.com
X-Get-Message-Sender-Via: host.skineart.com: authenticated_id: douglasjames/from_h
X-Authenticated-Sender: host.skineart.com: support@douglasjamesent.com
X-Source:
X-Source-Args: php-fpm: pool douglasjamesent_com
X-Source-Dir: douglasjamesent.com:/public_html/wp-content/plugins/heiudes
X-OutGoing-Spam-Status: No, score=0.8
X-Spam-Status: No, score=0.8
X-Spam-Score: 8
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "cpweb02.misshosting.no",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Â Â Â
Content analysis details: (0.8 points, 1000.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 CPANEL_LOTS_OF_EMPTY_LINE RAW: Spam that has large block of
empty lines
X-Spam-Flag: NO
EN hacker leker postkontor, dvs svindel- her er full info, det er bare å ta klubba med til adressen!
IP Location Info:
IP Address 67.222.8.6
Country United States
Region -
City -
ISP PrivateSystems Networks
Organization PrivateSystems Networks
Latitude 37.751
Longitude -97.822