FlyerTalk Forums - View Single Post - Spam Clinic - Virus spamming my contact list
Thread: Spam Clinic - Virus spamming my contact list
View Single Post
Old Apr 8, 2014, 7:39 pm
  #4  
YVR Cockroach
FlyerTalk Evangelist
 
Join Date: Nov 1999
Programs: FB Silver going for Gold
Posts: 21,811
Originally Posted by HawaiiTrvlr
I did that and the page source lists more than 200 lines of code. I am not sure what a header is but it might be in the 200 lines. I can only assume I was spoofed.
Header looks like this:
Code:
x-store-info:sbevkl2QZR7OXo7WID5ZcaZ0jeT0hTF6Pkz6VNoaPtZFKUm+W1WZD4UJRIr34kDYbiLFboa4+fuzbeCzqvL5cIPKhlTSWmN86UjRbKDWUoTIzNuPACzT6My5Qr5VlVG/ZmLnpVEC0lM=
Authentication-Results: hotmail.com; spf=pass (sender IP is 65.55.116.12; identity alignment result is pass and alignment mode is relaxed) [email protected]; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=hotmail.com; x-hmca=pass [email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: hRqkuQHzzfvDnxvOXYkbi83OdWt99/ZUZW125y24FcsMHX6wfPmIYyq9/Y5ustIAzUy19RzZdGTZeJ3X4Nvg4UHGzZa4H24eLeDlqgNItUOiYev3bvus1cYykLWEsM6CT3QFLN7YWT4wy4xVTp8F7H41hdu4cQMfceUYTNXSqMstUuqAZVpMq+U+4JgUb6HvSGVG80gNBz7F+1RZDfyAL2nbrDMq98YR
Received: from blu0-omc1-s1.blu0.hotmail.com ([65.55.116.12]) by SNT0-MC4-F15.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
	 Mon, 7 Apr 2014 17:43:38 -0700
Received: from BLU176-W34 ([65.55.116.8]) by blu0-omc1-s1.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Mon, 7 Apr 2014 17:43:37 -0700
X-TMN: [Ask4/ez4Pe/g7jKj9evrDHvy/sgeicOLz0nyIv3aAmQ=]
X-Originating-Email: {Purported sender e-mail address replaced}
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
	boundary="_fdcff0a3-7173-43d8-b397-1ba114d04d10_"
From: {purported sender address replaced}
To:  {mulitple receipient address replaced}
Subject: Fwd: (8)
Date: Tue, 8 Apr 2014 00:43:37 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 08 Apr 2014 00:43:37.0672 (UTC) FILETIME=[94458C80:01CF52C3]

--_fdcff0a3-7173-43d8-b397-1ba114d04d10_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi! http://www.qai.co.uk/_it.works?jmjvu...yr=3D581205=20

 		 	   		  =

--_fdcff0a3-7173-43d8-b397-1ba114d04d10_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 12pt=3B
font-family:Calibri
}
--></style></head>
<body class=3D'hmmessage'><div dir=3D'ltr'>Hi! <a href=3D"http://www.qai.co=
.uk/_it.works?jmjvutumu=3D7808538&katufyr=3D581205" target=3D"_blank">http:=
//www.qai.co.uk/_it.works?jmjvutumu=3D7808538&katufyr=3D581205</a> <br><br>=
 		 	   		  </div></body>
</html>=

--_fdcff0a3-7173-43d8-b397-1ba114d04d10_--
I used spamcop.net to report this spam (or used to).

Can't decipher the report as to where the above spam came from. May be a compromised account and not a harvest.
Last edited by YVR Cockroach; Apr 8, 2014 at 8:39 pm
YVR Cockroach is offline  
Reply