Hello Everyone Going through an old email account I stumbled upon an email with the following contents. --------------------------------------------------------------------- Hello! The courier company was not able to deliver your parcel by your address. Cause: Error in shipping address. You may pickup the parcel at our post office personaly! Attention! The shipping label is attached to this e-mail. Please print this label to get this package at our post office. Please do not reply to this e-mail, it is an unmonitored mailbox! Thank you. DHL Delivery Services. -------------------------------------------------------------------- Be very aware that this is NOT an email from DHL. This email contains a nasty virus. Here are the full headers ----------------------------------------------------------------------- From DHL Manager Harvey Kline Thu Jan 21 04:14:19 2010 X-Apparently-To: via 67.195.8.138; Wed, 20 Jan 2010 20:14:23 -0800 Return-Path: <calaisqce7@freecontent.com> X-YahooFilteredBulk: 123.143.134.73 X-YMailISG: clnKkz0WLDuGAPC6M3MFxeluQKzewOuiAnVOjGX1Z2EZWIVg4bp3X7sZUFP9xmRK92b1HyfOFhdnCW5iPo0upAQd0Jiojeh7LwR61B.ooioUWJRvaDt5QyNOZCZm3qJCwQDPfOmExwBPnX5mzsymEJWFME_I8ce6v_YGvgY5ucRuk14BJCbPFSGOyYiC87Rvo77Jptm3dVTl89oVV4LFwsiV9elwEagZVWTaneli1iUmfJSDl0.Pp4MYSQoTb53wcBjEuWNySVlofgeT_mBqhU5FdaA8x6dG13emnSJU X-Originating-IP: [123.143.134.73] Authentication-Results: mta156.mail.ac4.yahoo.com from=dhl.com; domainkeys=neutral (no sig); from=dhl.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO SPBOSWZ) (123.143.134.73) by mta156.mail.ac4.yahoo.com with SMTP; Wed, 20 Jan 2010 20:14:23 -0800 Received: from 123.143.134.73 by smtp.secureserver.net; Thu, 21 Jan 2010 13:14:19 +0900 From: "DHL Manager Harvey Kline" <shipping@dhl.com> To: <creativebiz@ymail.com> Subject: DHL Tracking Number 6505278899. Date: Thu, 21 Jan 2010 13:14:19 +0900 Message-ID: <000d01ca9a50$34339f60$6400a8c0@calaisqce7> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_000E_01CA9A50.34339F60" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158 Importance: Normal Content-Length: 63387 --------------------------------------------------------------- The funny thing is my email isn't even which is very odd. I shouldn't have received this email. ----------------------------------------------------------------- The who-is information is as follows Updated: 1 second ago Registrant: Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com, Gambling-Domains.com 777 Ukraine Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: FREECONTENT.COM Created on: 09-Aug-00 Expires on: 09-Aug-11 Last Updated on: 14-Dec-09 Administrative Contact: Domains, Gambling Email Masking Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com, Gambling-Domains.com 777 Ukraine +380.506922482 Fax -- +380.506922482 Technical Contact: Domains, Gambling Email Masking Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com Gambling-Domains.com, Gambling-Domains.com 777 Ukraine +380.506922482 Fax -- +380.506922482 Domain servers in listed order: NS61.DOMAINCONTROL.COM NS62.DOMAINCONTROL.COM Information Updated: Thu, 21 Jan 2010 04:57:07 UTC ----------------------------------------------------------' Being that this is a felony I will be working my best to get this domain name pulled and black-listed by every ip blacklist as well as make sure this person can never register a domain name again, and hopefully goes to jail for destruction of private property. I hope who ever sent the email got a good laugh but they are going to wish they never screwed with me. ---------------------------------------------------------- Don't open the email. -- I have informed DHL and they have put up a warning already. You have been warned.
Got same email few days back. Now a days so many fraudlent emails one can expect Everybody needs to take extra care. DON.
Further investigation shows that the email came from asia... Which really is inconvenient. But more details as follows about it. OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: 123.0.0.0 - 123.255.255.255 CIDR: 123.0.0.0/8 NetName: APNIC-123 NetHandle: NET-123-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: TINNIE.ARIN.NET NameServer: NS2.LACNIC.NET NameServer: NS-SEC.RIPE.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic-bin/whois.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming RegDate: 2006-01-06 Updated: 2009-10-08 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: I still will attempt to take the swiftest action possible
Thanks for reminding, as I received two of them today, I just wonder if that's virus or not, and I found your post in Google.
Unfortunately I just received one of these (April 2). I was going to report it to Spamcop, but then saw the DHL address and thought, hmmmm, how likely is it that DHL are spamming me? Not very.
With my address removed, here is the expanded path: Return-Path: <cherub@lostlost.com> (envelope-from <cherub@lostlost.com>) Received: from cm94.sigma91.maxonline.com.sg "Postal Support Chris Diggs" <shipping@dhl.com> Date: Fri, 2 Apr 2010 08:06:58 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0006_01CAD1F8.695D0980" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Spam-Status: Yes, score=9.3 X-Spam-Score: 93 X-Spam-Bar: +++++++++ X-Spam-Report: Spam detection software, running on the system "____" has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello! The courier service was not able to deliver your parcel at your address. Cause: Mistake in address [...] Content analysis details: (9.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?218.212.91.94>] 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [218.212.91.94 listed in zen.spamhaus.org] 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 1.4 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 0.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [218.212.91.94 listed in dnsbl.sorbs.net] 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.6126] 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS X-Spam-Flag: YES Subject: ***SPAM*** DHL Services. Get your parcel NR.9019 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - lostlost.com X-Originating-IP: 67.227.143.212 Hello! The courier service was not able to deliver your parcel at your address. Cause: Mistake in address You may pickup the parcel at our post office personally. The delivery advice is attached to this e-mail. Print this label to get this package at our post office. Please do not reply to this e-mail, it is an unmonitored mailbox! Thank you, DHL Delivery Services. DHL_label_3893.zip