Author Topic: Angelina Jolie  (Read 4932 times)

0 Members and 1 Guest are viewing this topic.

July 15, 2008, 03:19:59 pm
Read 4932 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Found this sitting in my junk folder;

Code: [Select]
Exported by: Outlook Export v0.1.0


From: Mail Delivery System
E-mail:Mailer-Daemon@ip-68-178-255-92.ip.secureserver.net [ 68.178.255.92 - ip-68-178-255-92.ip.secureserver.net ]
Date: 15/07/2008 15:32:07
Subject: Mail delivery failed: returning message to sender
**************************************************************************
Links
**************************************************************************

Link: http://195.190.13.98/video-nude-anjelina.avi.exe
Domain: 195.190.13.98
IP: 195.190.13.98 [ 98.13.190.195.unknown.SteepHost.Net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://195.190.13.98/1.gif
Domain: 195.190.13.98
IP: 195.190.13.98 [ 98.13.190.195.unknown.SteepHost.Net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://www.msn.com
Domain: www.msn.com
IP: 207.68.173.76 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

**************************************************************************
Text Version
**************************************************************************
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  phpbounce@itmatchonline.com
    mailbox is full: retry timeout exceeded
  bounce@itmatchonline.com
    (ultimately generated from phpbounce@itmatchonline.com)
    mailbox is full: retry timeout exceeded

------ This is a copy of the message, including all the headers. ------

Return-path: <servicesd@it-mate.co.uk>
Received: from [77.127.244.26] (helo=michael-04vhnk4)
by ip-68-178-255-92.ip.secureserver.net with smtp (Exim 4.69)
(envelope-from <servicesd@it-mate.co.uk>)
id 1KIlZW-0005PY-EB
for phpbounce@itmatchonline.com; Tue, 15 Jul 2008 07:32:07 -0700
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Message-Id: <20080715074436.61084.qmail@michael-04vhnk4>
To: <phpbounce@itmatchonline.com>
Subject: Angelina Jolie's Free Video.
From: <phpbounce@itmatchonline.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
 </head>
        <html>
<body>
<tr>
<td class=EC_container bgcolor="#F2F2F2">
<table cellpadding=0 cellspacing=0 width="100%">
<tr>
<td>
                                                                                       
                                                <div align=center> <a href="http://195.190.13.98/video-nude-anjelina.avi.exe
" target="_blank"><img src="http://195.190.13.98/1.gif" border=0 alt="Click Here!"></a> </div>
                    </td>
</tr>
<tr>
<td class=EC_legal>
<strong>About this mailing: </strong><br>
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the "Unsubscribe" link below. This will not unsubscribe
you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service
 advertised. Prices and item availability subject to change without notice.<br><br>

2008 Microsoft | <a href="http://www.msn.com" target="_blank">Unsubscribe</a> | <a href="http://www.msn.com" target="_blank">More Newsletters</a> | <a href="http://www.msn.com" target="_blank">Privacy</a><br><br>
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

               

</td>
</tr>
</table>
</td>
</tr>
</table>



        </div>
    </div>

          </div>
   
    </body>
</html>


**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7036.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>This message was created automatically by mail delivery software.<BR>
<BR>
A message that you sent could not be delivered to one or more of its<BR>
recipients. This is a permanent error. The following address(es) failed:<BR>
<BR>
&nbsp; phpbounce@itmatchonline.com<BR>
&nbsp;&nbsp;&nbsp; mailbox is full: retry timeout exceeded<BR>
&nbsp; bounce@itmatchonline.com<BR>
&nbsp;&nbsp;&nbsp; (ultimately generated from phpbounce@itmatchonline.com)<BR>
&nbsp;&nbsp;&nbsp; mailbox is full: retry timeout exceeded<BR>
<BR>
------ This is a copy of the message, including all the headers. ------<BR>
<BR>
Return-path: &lt;servicesd@it-mate.co.uk&gt;<BR>
Received: from [77.127.244.26] (helo=michael-04vhnk4)<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; by ip-68-178-255-92.ip.secureserver.net with smtp (Exim 4.69)<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (envelope-from &lt;servicesd@it-mate.co.uk&gt;)<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; id 1KIlZW-0005PY-EB<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for phpbounce@itmatchonline.com; Tue, 15 Jul 2008 07:32:07 -0700<BR>
Content-Return: allowed<BR>
X-Mailer: CME-V6.5.4.3; MSN<BR>
Message-Id: &lt;20080715074436.61084.qmail@michael-04vhnk4&gt;<BR>
To: &lt;phpbounce@itmatchonline.com&gt;<BR>
Subject: Angelina Jolie's Free Video.<BR>
From: &lt;phpbounce@itmatchonline.com&gt;<BR>
MIME-Version: 1.0<BR>
Content-Type: text/html; charset=&quot;UTF-8&quot;<BR>
Content-Transfer-Encoding: 7bit<BR>
<BR>
&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt;<BR>
&lt;head&gt;<BR>
&nbsp; &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;&gt;<BR>
&nbsp;&lt;/head&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;html&gt;<BR>
&lt;body&gt;<BR>
&lt;tr&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;td class=EC_container bgcolor=&quot;#F2F2F2&quot;&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;table cellpadding=0 cellspacing=0 width=&quot;100%&quot;&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;tr&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;td&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;div align=center&gt; &lt;a href=&quot;<A HREF="http://195.190.13.98/video-nude-anjelina.avi.exe">http://195.190.13.98/video-nude-anjelina.avi.exe</A><BR>
&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;<A HREF="http://195.190.13.98/1.gif">http://195.190.13.98/1.gif</A>&quot; border=0 alt=&quot;Click Here!&quot;&gt;&lt;/a&gt; &lt;/div&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/td&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/tr&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;tr&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;td class=EC_legal&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;strong&gt;About this mailing: &lt;/strong&gt;&lt;br&gt;<BR>
You are receiving this e-mail because you subscribed to MSN Featured Offers. Microsoft respects your privacy. If you do not wish to receive this MSN Featured Offers e-mail, please click the &quot;Unsubscribe&quot; link below. This will not unsubscribe<BR>
you from e-mail communications from third-party advertisers that may appear in MSN Feature Offers. This shall not constitute an offer by MSN. MSN shall not be responsible or liable for the advertisers' content nor any of the goods or service<BR>
&nbsp;advertised. Prices and item availability subject to change without notice.&lt;br&gt;&lt;br&gt;<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2008 Microsoft | &lt;a href=&quot;<A HREF="http://www.msn.com">http://www.msn.com</A>&quot; target=&quot;_blank&quot;&gt;Unsubscribe&lt;/a&gt; | &lt;a href=&quot;<A HREF="http://www.msn.com">http://www.msn.com</A>&quot; target=&quot;_blank&quot;&gt;More Newsletters&lt;/a&gt; | &lt;a href=&quot;<A HREF="http://www.msn.com">http://www.msn.com</A>&quot; target=&quot;_blank&quot;&gt;Privacy&lt;/a&gt;&lt;br&gt;&lt;br&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Microsoft Corporation, One Microsoft Way, Redmond, WA 98052<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/td&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/tr&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/table&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/td&gt;<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/tr&gt;<BR>
&lt;/table&gt;<BR>
<BR>
<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/div&gt;<BR>
&nbsp;&nbsp;&nbsp; &lt;/div&gt;<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/div&gt;<BR>
&nbsp;&nbsp;&nbsp;<BR>
&nbsp;&nbsp;&nbsp; &lt;/body&gt;<BR>
&lt;/html&gt;<BR>
</FONT>
</P>

</BODY>
</HTML>

**************************************************************************
Headers
**************************************************************************
Return-Path: <>
Delivered-To: services@it-mate.co.uk
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (smtp-in-161.livemail.co.uk [127.0.0.1])
by smtp-in-161.livemail.co.uk (Postfix) with SMTP id D0B903580D8
for <services@it-mate.co.uk>; Tue, 15 Jul 2008 15:32:34 +0100 (BST)
Received: from k2smtpout02-01.prod.mesa1.secureserver.net (k2smtpout02-01.prod.mesa1.secureserver.net [64.202.189.90])
by smtp-in-161.livemail.co.uk (Postfix) with SMTP id 55FBC3580F3
for <servicesd@it-mate.co.uk>; Tue, 15 Jul 2008 15:32:34 +0100 (BST)
Received: (qmail 1080 invoked from network); 15 Jul 2008 14:32:04 -0000
Received: from unknown (HELO ip-68-178-255-92.ip.secureserver.net) (68.178.255.92)
  by k2smtpout02-01.prod.mesa1.secureserver.net (64.202.189.90) with ESMTP; 15 Jul 2008 14:32:04 -0000
Received: from mailnull by ip-68-178-255-92.ip.secureserver.net with local (Exim 4.69)
id 1KIlZX-0005Pm-GJ
for servicesd@it-mate.co.uk; Tue, 15 Jul 2008 07:32:07 -0700
X-Failed-Recipients: phpbounce@itmatchonline.com,
  bounce@itmatchonline.com
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@ip-68-178-255-92.ip.secureserver.net>
To: servicesd@it-mate.co.uk
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1KIlZX-0005Pm-GJ@ip-68-178-255-92.ip.secureserver.net>
Date: Tue, 15 Jul 2008 07:32:07 -0700
X-Original-To: servicesd@it-mate.co.uk


Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 15, 2008, 08:45:28 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thank you.

July 16, 2008, 03:45:23 pm
Reply #2

spamislame

  • Newbie

  • Offline
  • *

  • 3
That email template ties them very closely to the spam operation behind "Canadian Pharmacy", known alternately as "Spamit" or "GlavMed."

They abuse "whitelisted" email templates to ensure deliverability, primarily only to Hotmail addresses.

http://spamtrackers.eu/wiki/index.php?title=Spamit
http://spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy

In the past (and there's an example in the Canadian Pharmacy wiki entry) they have abused email templates for Kraft Foods, and more recently MSN. But this was previously only used in spam runs for Canadian Pharmacy, never for Storm.

They're based (naturally) in Moscow. They are very much aware that they operate illegally.

SiL