Inbox - BENEFICIARY US$10.4 MILLION IP address 194.25.134.80 seems to belong to a Suspicious (1) with threat level 25, last malicious activity 6 days

sureyahs@wjh5zt67h.homepage.t-online.de>
Received: from mailout01.t-online.de (mailout01.t-online.de [194.25.134.80])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o18I0ZqW002209
for <xxxxx@xxxxx>; Mon, 8 Feb 2010 19:00:56 +0100
Received: from fwd03.aul.t-online.de (fwd03.aul.t-online.de )
by mailout01.t-online.de with smtp
id 1NeXrk-0006QB-VU; Mon, 08 Feb 2010 18:57:45 +0100
Received: from User (GcOEwQZYrtbVS67-R2oFf8Hz7VUESamH8kp4x7pd1k3d-mITxcqxEupGOWuZtD2ts7StxXtZVU@[208.98.29.4]) by fwd03.t-online.de
with esmtp id 1NeWzb-0la0g40; Mon, 8 Feb 2010 18:01:47 +0100
Reply-To: <revpetermoses09@gmail.com>
From: "REV PETER MOSES" <sureyahs@wjh5zt67h.homepage.t-online.de>
Subject: PART PAYMENT ARREARS TOTAL US$10.4 MILLION
Date: Mon, 8 Feb 2010 09:01:46 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <1NeWzb-0la0g40@fwd03.t-online.de>
X-ID: GcOEwQZYrtbVS67-R2oFf8Hz7VUESamH8kp4x7pd1k3d-mITxcqxEupGOWuZtD2ts7StxXtZVU
X-TOI-MSGID: 8c42a937-cf50-4288-b699-b14951dc97b5
X-UIDL: 2X\!!`EZ!!R&,"!S5L"!
Old-X-EsetId: E74D982990713469F84B987C9E2678
X-EsetId: E74D982990713469F84B987C9E2678
X-EsetScannerBuild: 6559

EMAIL TRANSMISSION
To: BENEFICIARY
FROM: MR.WARREN JACK.
WIRE TRANSFER DEPARTMENT.

PART PAYMENT ARREARS TOTAL US$10.4 MILLION

Note: This e-mail may contain PRIVILEGED and CONFIDENTIAL information and
is intended only for the use of the specific individual(s) to which it is
addressed. If you are not an intended recipient of this e-mail, you are
hereby notified that any unauthorized use, dissemination or copying of his
e-mail or the information contained in it or attached to it is strictly
prohibited. If you have received this e-mail in error, please delete it
and immediately notify the person named above by reply e-mail.Thank you.
Message.

ATTN: Beneficiary,
We are pleased to inform you that we have negotiated instruction
with our correspondent Bank SKY Bank of Nigeria Plc. (SBN) to draw US$10.4
million, which represent part payment of your contract fund from their
account with us and credit in your favor in settlement of a
contract in volving the Nigeria government. The transfer is
revocable,indivisible and non-transferable.
This transaction has been secured with personal identification
computerized sealed Numbers, Contract Accreditation Pin No, Transfer
Access Code (Tag) and anti terrorist clearance certificate to enable us
identify the bonefide beneficiary and to avoid diversion of the fund to
wrong account.

Please contact the Director, Foreign Operations SKY Bank of Nigeria
Plc(SBN)REV PETER MOSES, on his telephone number+ 2348060638383 or
Email: (revpetermoses09@gmail.com) with your Telephone, fax number and Bank
details to enable us release your fund to your nominated bank account
without any further delay. If we do not receive your information for
re-confirmation from you within 7 days from date of this email the
transfer will be null and void as we have many contractors to pay.

Be it known to you that your fund will be transferred into your nominated
bank account within five working days of receiving your required
information.you are advised to act fast regarding to this subject after as
we have a limited time to conclude all payment in this FIRST quarter of
the year 2010

For further enquiry you can contact this bank with the above telephone
number. We most sincerely sorry forever inconvenience as occasion in this
matter.
Yours truly,
HSBC

WIRE TRANSFER PROCESSING DIV.
MADRID SPAIN.
MR.WARREN JACK.
Senior Managing Director
Security & Investigation
H.S.B.C

IP Check 194.25.134.80 http://www.find-ip-address.org/ip-address-locator.php

IP address 194.25.134.80 seems to belong to a Suspicious (1) with
threat level 25, last malicious activity 6 days ago

IP Address Location results for 194.25.134.80

IP Address: 194.25.134.80 WhoIs Lookup IP BlackList Lookup
Hostname: mailout01.t-online.de Reverse DNS

[See complete information about your system with our IP Information tool!]

IP Address Conversion - IP Convert for 194.25.134.80 to Hex & to Dec

IP to Dec [IP Address to decimal]: 3256452688
IP to Hex [IP Address to hexadecimal]: c2198650
IP to Bin [IP to binary]: 11000010000110011000011001010000

IP Address Lookup results for Europe

IP Address Continent: Europe
IP Continent Code:(EU)
IP Continent Population: 731,000,000
IP Continent Area: 10,180,000 km²
IP Continent Total Population: 11%
IP Continent Density People: 70.00 per km²
IP Continent Latitude: (48.69083)
IP Continent Longitude: (9.1405)

IP Location Lookup results for Germany

IP Country Name: Germany
IP Country Capital: Berlin
IP Language: German
IP Currency: Euro(€) (EUR)
IP Country Latitude: (51.5)
IP Country Longitude: (10.5)
IP Country Code: DEU (DE)

IP Location Lookup results for 194.25.134.80 in Hessen

IP Address Region: Hessen
IP Address City: Weiterstadt
IP Address Latitude: (49.9078)
IP Address Longtitude: (8.5953)

Additional IP Location information for 194.25.134.80

IP Address Organization: www.t-online.de
IP Address ISP: Deutsche Telekom AG

---

Time zone for 194.25.134.80: Europe/Berlin
Local time zone for 194.25.134.80: Europe/Berlin

Lovers Leap Collection / Влюбленные скачок / La Peña de los Enamorados

From Antequera Archidona Road

From Antequera Archidona Road
From Antequera/Granada railway line

From Antequera Los Dolmenes

From Hotel Dolmenes roundabout

From Old Antequera / Málaga road

"Lovers Leap" When approaching Antequera this landmark is one of the first views that you will have. The local legend is about an impossible love affair between a young Christian man from Antequera and a beautiful Moorish girl from nearby Archidona, who were driven to the top of the cliff by the Moorish soldiers, where, rather than renounce their love, they decide to throw themselves into the abyss. La Peña de los Enamorados (880 metres high)

"Влюбленные скачок" При приближении к этой знаменательной Антекера является одним из первых взглядов, которые Вы будете иметь. Местные легенды о невозможной любви между молодым мужчиной-христианином из Антекера и красивая девушка из мавританской поблизости Archidona, которые были изгнаны на вершину скалы мавританские солдаты, где, чем отказаться от своей любви, они решают броситься в пропасть

I started to write in Russian to show what I had hoped would be my one and only that I did not expect everything my own way and wanted to show that I was prepared to meet her half way.

You cannot always go on using a translator and in any case a translator can get jealous and distort things. Alla from the same city appreciates my efforts despite the mistakes that Google makes. This morning I drove to Antequera with Nelly Furtado (her new CD Mi Plan) and on the way stopped to take more photos of the Lovers leap. Hopefully there will be several more added

You can leave any comments on the photos you may have below

Я начал писать на русском языке, чтобы показать, на что я надеялся, будет мой единственный, что я не ждите, что все-своему и хотел показать, что я готов был встретить ее на полпути.

Вы не всегда может идти об использовании переводчиков и в любом случае переводчик может получить ревнивый и искажают вещи. Алла из этого же города ценит мои усилия, несмотря на ошибки, которые делает Google. Сегодня утром я поехал к Антекера с Нелли Фуртадо (ее новый CD Mi плана) и по пути остановился, чтобы принять более фотографий скачок Lovers. Надеюсь, там будет еще несколько добавить

Вы можете оставить любые замечания по поводу фотографий, которые, возможно, ниже

www.scenesfromspain.spain.com

Inbox - the VISA scam using an Invalid IP as with the dating scam posted today!

sábado, 06 de febrero de 2010 2:42

honeb00@sscglobal.net>
Received: from apn-77-114-100-240.dynamic.gprs.plus.pl (apn-77-114-100-240.dynamic.gprs.plus.pl [77.114.100.240 invalid IP])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o169XgaC000365
for <xxxxx@xxxxxx>; Sat, 6 Feb 2010 10:34:05 +0100
Received: from 77.114.100.240 by mail2.totalink.net; Sat, 6 Feb 2010 10:33:16 +0100
From: "VISA" <alerts@webmail02.register.com>
To: <wxxxxx@xxxxx>
Subject: your VISA 4XXX-XXXX-XXXX-XXXX: possible fraudulent transaction ID 20629567316
Date: Sat, 6 Feb 2010 10:33:16 +0100
Message-ID: <000d01caa70f$697b8090$6400a8c0@honeb00>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_000E_01CAA70F.697B8090"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Importance: Normal
X-UIDL: c*0!!c\W"!UgA"!*J;!!
Status: U
Old-X-EsetId: E74D982990713469F84B987C9E2772
X-EsetId: E74D982990713469F84B987C9E2772
X-EsetScannerBuild: 6543

Dear VISA card holder,

A recent review of your transaction history determined that your card was used at an ATM located in Uruguay, but for security reasons the requested transaction was refused. You need to complete the VISA Card Holder Form. You can do this by clicking the link below:

http://transactions.cforms.visa.com/secureapps/vdir/cholderform.php?ref=9616718483772702652828303170937091927222332718422457131478&email=xxxxx@xxxxx

VISA Cards Support

Ref: NRETZ750DPUVIDIRE3R57F8Q7VG6QIS64LBD1WMY

-------------------------------------------------------------------------------------------------------

sábado, 06 de febrero de 2010 10:33

Return-Path: <pronouncingbdb2@schoneveld.nl>
Received: from 114-36-223-253.dynamic.hinet.net (114-36-200-249.dynamic.hinet.net [114.36.200.249 invalid IP])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o161g3hD008050
for <xxxxx@xxxxx>; Sat, 6 Feb 2010 02:42:27 +0100
Message-ID: <000d01caa6cd$940baca0$6400a8c0@pronouncingbdb2>
From: "VISA" <transactions@webmail02.register.com>
To: <wxxxxx@xxxxx>
Subject: possible fraudulent transaction has been executed
Date: Sat, 6 Feb 2010 09:42:01 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01CAA6CD.940BACA0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-UIDL: _VStatus: U
Old-X-EsetId: E74D982990713469F84B987C9E2078
Old-X-EsetId: E74D982990713469F84B987C9E2078
X-EsetScannerBuild: 6543
X-EsetId: E74D982990713469F84B987C9E2772

Dear VISA card holder,

A recent review of your transaction history determined that your card was used at an ATM located in Angola, but for security reasons the requested transaction was refused. You need to complete the VISA Card Holder Form. You can do this by clicking the link below:

http://reports.cforms.visa.com/secureapps/vdir/cholderform.php?ref=802716828835478312669097163244822655604&email=xxxxx@xxxxx

VISA Cards Support

Id: NNC8N1YHMM8S49Q19E184YHLU7O8X67HS8H5U55TA5LEZ1JIHDFG28J16RGWVQ6ETS7T

this was in common witht the previous post "hi me lonenely heart!" dynamic.hinet.net. I could be the same person behind all 3 scam attempts today and suspect that he is stalking meI am forwarding both emails to VISA Europe for their action

Fraudulent emails and websites page.

Report
phishing@visa.com

Inbox - hi me lonenely heart! Invalid IP so a scam! This scammer is stalking me.

pastehem@raymondalexander.com>

Received: from 118-170-39-36 invalid IP address.dynamic.hinet.net (118-170-39-36 invalid IP address.dynamic.hinet.net 118-170-39-36 invalid IP address])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o163k5Yt012989
for <xxxxx@xxxxxx>; Sat, 6 Feb 2010 04:46:27 +0100
Received: from 118.170.39.36 by mx01.wave2wave.com; Sat, 6 Feb 2010 11:46:01 +0800
Date: Sat, 6 Feb 2010 11:46:01 +0800
From: "Mae Villalobos" <pastehem@raymondalexander.com>
X-Mailer: The Bat! (v2.00.2) Business
Reply-To: pastehem@raymondalexander.com
X-Priority: 3 (Normal)
Message-ID: <271342410.95003869965712@raymondalexander.com>
To: xxxxx@xxxxx

Subject: hi me lonenely heart!
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------A125CCFC87023479"
X-UIDL: E<<"!5p]!![U\"!?6f!! Status: RO Old-X-EsetId: E74D982990713469F84B987C9E2078 Old-X-EsetId: E74D982990713469F84B987C9E2078 X-EsetScannerBuild: 6543 X-EsetId: E74D982990713469F84B987C9E2772

To all the fine gentlemen out there!!!

What you see is what you get! So if you’ll looking for real lovin email me. I would like to meet a man that knows how to take charge and please a woman – mentally, emotionally in addition to physically. Well, just like a lot of you, I never thought I'd have to place a personal ad to find that special man but I'm very optimistic. I believe that everything happens
for a reason so who knows maybe we will make a love connection.

I am not one to go to the clubs or bars to meet the man of my dreams…. so I’m trying something new. I believe in love and I have a lot to offer that special man. I'm fun loving, outgoing, ambitious with a great sense of humor … lets face it laughter keeps you young and I love to laugh and have fun. I'm not afraid to share my feelings, I'm very
affectionate and it shows. I love staying active, in fact, I workout four days a week. I'm very close to my family and enjoy spending time with them; however, it would be nice to spend time with a special man.

I would like a man that is intelligent, attractive; (i.e there are many ways I find a man attractive) I'll be sure to let you know. One who's ambitious and will not settle for less. One who's not afraid to share his feelings, he should be strong and possess a great sense of humor. He should be one who loves to be hugged and kissed just because….. send a picture and i send one back in return please

If you would like to mail me please reply only to my personal e-mail: antennna777@gmail.com

118-170-39-36 invalid IP address so Mae Villalobos is not for real and it is a scam like yesterday´s e-mail. I suspect this scammer is stalking me for this time he did not put Mi(name of lady) but MyPhoto!
http://www.find-ip-address.org/ip-address-locator.php

Friends do not believe me! Hello! Tatyana would not use invalid ID if she/he was real A SCAM

The scammer also sent the other email. How do I know? the photo tag had "Mi" included
Too much of a coincidence?

Comment: Scanned by ESET Smart Security
Return-Path: barracudaot08@recalldesign.com>
Received: from 61-64-85-14 invalid IP address-adsl-tai.dynamic.so-net.net.tw (61-64-85-14I P address-adsl-tai.dynamic.so-net.net.tw [61.64.85.14 IP address]
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o15FqCPN004954
for <xxxxx@xxxxxx>; Fri, 5 Feb 2010 16:52:43 +0100
Received: from 61.64.85.14 by mail.synect.com; Fri, 5 Feb 2010 23:51:59 +0800
From: "Miranda Holman" <barracudaot08@recalldesign.com>
To: <xxxxx@xxxxxx>
Subject: Hello!
Date: Fri, 5 Feb 2010 23:51:59 +0800
Message-ID: <000d01caa67b$26ee2550$6400a8c0@barracudaot08>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01CAA67B.26EE2550"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
Importance: Normal

Hello!

My name is Tatyana !

I am an interesting, beautiful, kind and single young lady. I want to find my love, my half and want to marry him. I am looking for a man who will fall in love with me and I will fall in love with him. I have never been married but I dream about it. I am fond of children and I dream about a happy family with the beloved man. I am interested in music, cooking, reading, traveling and others. I know English very good and can easily speak it.

If you are interested in me please write me only to my personal e-mail: XXXXXXXXXXXXX

Please write me and I will send you my photos.

Please answer only to my personal e-mail: Shaboldaya@yahoo.com

I wait for your letter very much

Tatyana

Inbox - 2nd Virus/TROJAN email sent to me today! Re: factura

Date: Fri, 05 Feb 2010 13:48:47 +0100
From:
To:
Subject: [virus Win32/Oficla.DF Troyano] Re: factura


Buenos dias webmaster@isoarquitec.es.

A su solicitud, le envio la factura de la compra.
Gracias por su cooperacion!


__________ Alerta de ESET NOD32 Antivirus, versión de la base de firmas de virus 4838 (20100205) __________

Alerta, ESET NOD32 Antivirus ha encontrado las siguientes amenazas en este mensaje:

Factura028.zip - Win32/Oficla.DF Troyano - eliminado
Factura028.zip > ZIP > Factura028.Doc____________________________________________________________________________________.Doc.Exe - Win32/Oficla.DF Troyano - era parte de un objeto eliminado

http://www.eset.com

Inbox - UPS Delivery Problem NR 01139. the attachment contains a TROJAN

Return-Path:
Received: from dsl-243-120-226 invalid IP.telkomadsl.co.za (dsl-243-102-194.telkomadsl.co.za [41.243.102.194])
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o156MSar003608
for ; Fri, 5 Feb 2010 07:22:54 +0100
Received: from 41.243.120.226 invalid IP by mailstore1.secureserver.net; Fri, 5 Feb 2010 08:22:02 +0200
Date: Fri, 5 Feb 2010 08:22:02 +0200
From: "UPS Manager Ursula Skinner"
X-Mailer: The Bat! (v3.60.07) Professional
Reply-To: hopewell30@AnswerMove.com
X-Priority: 3 (Normal)
Message-ID: <849403296.81159917168806@answermove.com>
To: xxxx@xxxxx
Subject: UPS Delivery Problem NR 01139.
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------A711D3479E22B6"
X-UIDL: eK8!!0NI"!!GV!!G]N!!
Status: U
Old-X-EsetId: E74D982990713469F84B987C9E2072
X-EsetId: E74D982990713469F84B987C9E2072
X-EsetScannerBuild: 6533

Dear customer!

Unfortunately we were not able to deliver the package sent on the 4th of December in time
because the recipient’s address is wrong.
Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

These seem to come regularly and we have exposted them but no harm in advising our visitors again. IP Check for what it is worth as they could be using BOTS
http://www.find-ip-address.org/ip-address-locator.php
Checking withboth IP´s are invalid - this is a crime!

Do not open attachment if you do download in error. I could have erased it on my server using JBMail

Inbox - I will not be replying to this email - My name is Anastasiya or Maria Hale

andpn@ms21.hinet.net>

Received: from 93-44-40-207.ip95.fastwebnet.it (93-44-40-207.ip95.fastwebnet.it [93.44.40.207]
by mailer.ran.es (8.14.2/8.13.8) with ESMTP id o14L5lW5032392
for <xxxxxx@xxxxxx>; Thu, 4 Feb 2010 22:06:08 +0100
Received: from 93.44.40.207 by ms21a.hinet.net; Thu, 4 Feb 2010 22:06:07 +0100
From: "Maria Hale so why are you posing as Anastasiya - warning sign!" <andpn@ms21.hinet.net>
To: "<"<xxxxx@xxxxx>
Subject: Come va?
Date: Thu, 4 Feb 2010 22:06:07 +0100
Message-ID: <01caa5e6$401a5890$5dc4ff27@andpn>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000E_01CAA5E6.401A5890"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Importance: Normal
X-UIDL: W5"#!_5:!!b'b!!(X1!!
Status: U
Old-X-EsetId: E74D982990713469F84B987C9E2072
X-EsetId: E74D982990713469F84B987C9E2072
X-EsetScannerBuild: 6533

Remember a girl is not going to write to you out of the blue so it is probably a scam and quite possibly the author is a man

Ciao amico mio!

Spero di poter nome che "il mio amico"?

My name is Anastasiya.

Scusa, ho mal conoscono l'italiano.

Ho chiesto all'Ufficio conoscenza al fine di trovare il mio amore.
Mi auguro che questo ufficio mi aiutera a soddisfare il mio amore e un uomo del mio sogno.
Ho in programma, per creare una famiglia heathy amichevole con un uomo serio, che sarebbe l'amore e mi proteggera.

Se siete soli e vogliono trovare una donna amorosa si Scrivimi

e siamo in grado di associare a ogni altro.

Se siete interessati nella mia vita mi scrivi sulla mia e-mail: kerpanamila@rambler.ru

Io vi rispondo e invio i miei molte foto.

Sono una donna bella e intelligente.

Sarete felici di sapere di me.

Check IP 93-44-40-207

IP Address Location results for 93.44.40.207

IP Address: 93.44.40.207 WhoIs Lookup IP BlackList Lookup
Hostname: 93-44-40-207.ip95.fastwebnet.it Reverse DNS

[See complete information about your system with our IP Information tool!]

IP Address Conversion - IP Convert for 93.44.40.207 to Hex & to Dec

IP to Dec [IP Address to decimal]: 1563175119
IP to Hex [IP Address to hexadecimal]: 5d2c28cf
IP to Bin [IP to binary]: 1011101001011000010100011001111

IP Address Lookup results for Europe

IP Address Continent: Europe
IP Continent Code:(EU)
IP Continent Population: 731,000,000
IP Continent Area: 10,180,000 km²
IP Continent Total Population: 11%
IP Continent Density People: 70.00 per km²
IP Continent Latitude: (48.69083)
IP Continent Longitude: (9.1405)

IP Location Lookup results for Italy

IP Country Name: Italy
IP Country Capital: Rome
IP Language: Italian
IP Currency: Euro(€) (EUR)
IP Country Latitude: (42.83)
IP Country Longitude: (12.83)
IP Country Code: ITA (IT)

IP Location Lookup results for 93.44.40.207 in Campania

IP Address Region: Campania
IP Address City: Naples
IP Address Latitude: (40.8333)
IP Address Longtitude: (14.25)

Additional IP Location information for 93.44.40.207

IP Address Organization: Fastweb
IP Address ISP: Fastweb

---

Time zone for 93.44.40.207: Europe/Rome
Local time zone for 93.44.40.207: Europe/Rome