An
Email with the Subject "Dear vendor" was
received in one of Scamdex's honeypot email accounts on Thu, 02 Aug 2018 10:34:57 -0400
and has been classified as a Generic Scam Email.
The sender shows as Root User <root@localhost>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
winpaymentuserachdearthe item
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] => Array
(
[0] =>
[1] =>
)
[delivered-to:] => newblood@scamdex.com
[received:] => Array
(
[0] => from edie.newsblaze.comby edie.newsblaze.com with LMTP id IJXwGJEWY1uFPwAApOa+twfor ; Thu, 02 Aug 2018 10:34:57 -0400
[1] => from server.smartplan.my ([43.252.214.195]:36764)by edie.newsblaze.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)(Exim 4.91)(envelope-from )id 1flEgq-0004A3-4sfor SubmittedEmails@scamdex.com; Thu, 02 Aug 2018 10:34:57 -0400
[2] => from million by server.smartplan.my with local (Exim 4.91)(envelope-from )id 1flBg5-0001IA-VQfor SubmittedEmails@scamdex.com; Thu, 02 Aug 2018 19:21:58 +0800
)
[envelope-to:] => SubmittedEmails@scamdex.com
[delivery-date:] => Thu, 02 Aug 2018 10:34:57 -0400
[dkim-signature:] => v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=million.my; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:From:Date:Subject:To:Sender:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;bh=ztgsJOIZiPbNAOF69DwRuac3VmIgwiIGGTD/cG94wpw=; b=ufBxmBvRw+cQS5n43OdKU9vaHJHAjYD26Nu4MDCKvb4WzbbKloxWCMFCENJXzhNiB7HmlRHySCoceDEgYDnTBmeU92SScg0a230NryW+0SazMqpuK6mpWjuFEG0QS3qKipehLBJf/uX0XRr3wf31/AXwrIDQG9S7WnMBCzdyWGnv1U+cwynrZ5FlzeL0dPc1VnsftctapSApBMmiuz1gcoxXwVf9vw2U5s0LU1fH5CKvo3xNxhouwMEpwotfQizlKS+i1Vpzj5ZRGUQHR32G0gEHst3qLXi+jNnWOSStIKiuZhsoixd8X3VGd9CMLki+67TKgRrAx1/k4b55PErLhw==;
[to:] => SubmittedEmails@scamdex.com
[subject:] => Dear vendor
[x-php-script:] => www.million.my/program/index.php for 88.99.15.85
[date:] => Thu, 2 Aug 2018 19:21:57 +0800
[from:] => Root User
[message-id:] =>
[x-mailer:] => Leaf PHPMailer 2.7 (leafmailer.pw)
[mime-version:] => 1.0
[content-type:] => multipart/mixed;boundary="b1_c8ec1f35839011cf68b0e590a12301eb"
[content-transfer-encoding:] => 8bit
[x-antiabuse:] => Array
(
[0] => This header was added to track abuse, please include it with any abuse report
[1] => Primary Hostname - server.smartplan.my
[2] => Original Domain - scamdex.com
[3] => Originator/Caller UID/GID - [513 526] / [47 12]
[4] => Sender Address Domain - server.smartplan.my
)
[x-get-message-sender-via:] => server.smartplan.my: authenticated_id: million/only user confirmed/virtual account not confirmed
[x-authenticated-sender:] => server.smartplan.my: million
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
Dear vendor
We are interested in placing order for following items in the attached PO with regular packing.
Please offer your availability, best prices, discount and terms of payment for the items in attached file.
View | Download
Thanks/Regards
Cindi Gao
660 W.Artesia Blvd.
Compton, CA 90220
Dear vendor
We are interested in placing order for following items in the attached PO with regular packing.
Please offer your availability, best prices, discount and terms of payment for the items in attached file.
View | Download
Thanks/Regards
Cindi Gao
660 W.Artesia Blvd.
Compton, CA 90220
