Jump to content

Recommended Posts

OMG.  I am infected.  Scam email tells me so and the link in the message redirects to https://store.malwarebytes.com/342/purl-bundle-aff-1011-20poff?x-clickref=1101lxXvP9W2

Mail headers show that it's not from 625v3daaylqhyl2@875yzalz8g1m8xf.com but rather from info@vice4.menards.com

Someone at Malwarebytes should stop paying this outfit for fraudulent sales lead tactics.  Raw message source follows.  Mkay, bye.

Delivered-To: xxxxxx@gmail.com
Received: by 2002:a05:7010:5ea7:b0:386:4752:7c18 with SMTP id bz39csp601272mdb;
        Fri, 17 Nov 2023 11:29:39 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGCIhTMp8B1cFQ8LBkd2hDz5Ppm+UIveqddcL/2jxIQKa1obX8ua89z8WVZCKk+dVKvNnp4
X-Received: by 2002:a5d:64af:0:b0:331:3c88:6fcd with SMTP id m15-20020a5d64af000000b003313c886fcdmr4480wrp.53.1700249379187;
        Fri, 17 Nov 2023 11:29:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1700249379; cv=none;
        d=google.com; s=arc-20160816;
        b=iOL470souJdl8emgk+y91tGNH4v/PJKYbtEM6fud1vAryxijhwBhf7RhYFwAJQvtcs
         8KRbF1PXKJEom+OtPlMG1qrpjJhvy/2HW+/17pRE9xcgRqVhv01MdBAbGx4ERHRDYlf/
         aGpsDyFWX7xMqhzZRYRi3rrSKDvXOMUKAr/qsFhBCQ4xFDXyg4tBGEfAWMh+x/vLc13m
         BFXe97sPerpmPJcR+oKO5Ime7hmn0KdUgIBDQZeap/DGN8zr6bXf2oA5X1DHd06vIYpf
         R7gxjcCQxbKHCcaS8plbNyNbjJwrLGx5PcIrzOMR4xutjUcAsUqEt8jb/OnxCsBns2Dj
         hy0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:subject:to:sender:from:date:message-id;
        bh=6Ov499AteHZfTMxpHHF2fc370Hns4gvCv7lISyiPUok=;
        fh=vpKbduHqifb6gE8jXWs5zychOHmcyPxiyjFwXYSBsnw=;
        b=KtkEjATdVLcGpFzNx256bvxPf2nmtjIgLHIHnJqc8BSuES9YAm9vRriSxrxGss2p1F
         elyoeUxu4xh2QWMxhG1JIL6rSYKf8WZqmuXZdcTVa8DvNYHvmlZgqvaxzlP9uHsBlaVA
         BCaCEtKfClPIClSImP/8VaJehVS4jQFR3UbRNo+uxTncotD7x/CrBLWV15c0GstKU4fk
         ThXpGNDbI4HtbmSyiU6XjfEC1RkD5iR2x5/rtMqkFfn6YSqiWIFZqSWE9GtrxIdL0Oqy
         99s1egM4LSSQ7HyX8nQxNUvq1XVMEF4S2FO5veHgmP5mPFQhcjGsTnQrRSbVdHBfjGe8
         S1Rw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of info@vice4.menards.com designates 212.83.152.98 as permitted sender) smtp.mailfrom=Info@vice4.menards.com
Return-Path: <Info@vice4.menards.com>
Received: from leg.vnrauto.com (212-83-152-98.rev.poneytelecom.eu. [212.83.152.98])
        by mx.google.com with ESMTPS id m21-20020a056000175500b0032f7fa17d54si1427182wrf.918.2023.11.17.11.29.38
        for <xxxxxx@gmail.com>
        (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128);
        Fri, 17 Nov 2023 11:29:39 -0800 (PST)
Received-SPF: pass (google.com: domain of info@vice4.menards.com designates 212.83.152.98 as permitted sender) client-ip=212.83.152.98;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of info@vice4.menards.com designates 212.83.152.98 as permitted sender) smtp.mailfrom=Info@vice4.menards.com
Message-ID: <6557bf23.050a0220.fe276.6c84SMTPIN_ADDED_MISSING@mx.google.com>
Received: from pdr8-services-05v.prod.PYY28AGM.org (ip6-localhost ) by pdr8-services-05v (Postfix) with ESMTP id PYY28AGM for <xxxxxx@gmail.com>; Fri, 17 Nov 2023 14:27:56 -0500
Date: Fri, 17 Nov 2023 14:27:56 -0500
From:  Security.AIert   <625v3daaylqhyl2@875yzalz8g1m8xf.com>
Sender: 6B4XL7EMVEUR@5pt69i9hlvl4ksq34.seragei.uk.com
To: xxxxxx@gmail.com
Subject: Your System has been infected with ( 706 ) Botnet Malware, and vulnerable to Cyber Attacks #671975296
MIME-Version: 1.0
Content-Type: multipart/report; boundary="000000000000SGCNuB7Qm6umj710elBSQBOChHl"; report-type=delivery-status

--000000000000SGCNuB7Qm6umj710elBSQBOChHl
Content-Type: multipart/related; boundary="000000000000B0MNRUNyYR84HR9a3lf5y"

--000000000000B0MNRUNyYR84HR9a3lf5y
Content-Type: multipart/alternative; boundary="000000000000B0MNRUNyYR84HR9by1bJV"

--000000000000B0MNRUNyYR84HR9by1bJV
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Top Stories of the Day: Sep 0, 2019

103882302891885308
-----

If you believe this has been sent to you in error, please safely unsubscrib=
e
--000000000000B0MNRUNyYR84HR9by1bJV
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit+

<center>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta name="viewport" content="width=device-width;color-font:#1820169; initial-scale=1.0; maximum-scale=1.0;">
<html>
<head> 


</head>
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body style="background: #eeeeee;width:100%;font-family:arial"><br>


    <div style="text-align: center;margin:0 auto;background: #ffffff;width: 600px;">
        <a href = "https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142Gq7277335KB671975296Gq14080yE24bqr185933iE" style="text-decoration:none;font-size:60px;display:block;font-weight:600"><span style="color:#4285f4">G</span><span style="color:#ea4335">o</span><span style="color:#fbbc05">o</span><span style="color:#4285f4">g</span><span style="color:#34a853">l</span><span style="color:#ea4335">e</span></a>
        <br>

<div style="background:#fce8e7;width:100%;margin:0 auto;border:1px solid #eeeeee;border-bottom:2px solid #9e9e9e"><br>
<a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142Ls7277335FB671975296st14080iD24mmr185933Pb' style="font-size:30px;text-decoration:none;">â ï¸</a><br><br>
<a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142TO7277335Ke671975296PD14080Fg24zCr185933Xb' style="font-size:30px;font-weight:600;text-decoration:none;color:black;">Suspicious Virus Detected</a><br><br>
<a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142DA7277335KN671975296zj14080yf24qjr185933nw' style="font-size:18px;text-decoration:none;color:gray;">We have detected that your device is at high risk of being
infected with viruses. It may soon corrupt your sim card,
data, photos and contacts if no action is taken.</a><br><br>
<a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142wZ7277335Gg671975296Uc14080LM24VUr185933Rh' style="font-size:20px;font-weight:600;text-decoration:none;color:#c62121;">Learn more</a><br><br><br>


</div><br>

        <a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142kH7277335mS671975296EF14080zU24VBr185933qv' style="font-size:30px;font-weight:600;text-decoration:none;color:black;">How to remove virus</a><br><br>
<a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142Oh7277335Sq671975296lh14080FM24yUr185933GR' style="font-size:18px;text-decoration:none;color:gray;">Click the button below for your detailed security check
and further instructions.</a><br><br>
            <a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142pN7277335hy671975296Ye14080AA24WQr185933ll' style="color: white;background: #3175e0;padding: 15px;width: 250px;display: block;margin: 0 auto;font-size: 25px;text-decoration: none;font-family: Arial;border-radius:10px">Security Check</a><br><br>
<hr>
<br>

    </div>
<br> <br> 

    </center></tr>
    </CENTER>
                <br><br>

            </td>
        </tr>
    </table>
<center><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br>
if you have previously registered for this newsletter and wish to unsubscribe, 
please Click this <a href="https://storage.googleapis.com/team2pass/success/3.html#2773142xi7277335Bg671975296Wa14080FF24HYu185933Jx">"link"</a>

Or write to : 643 N. 98th Street Suite,,#155,Omaha,NE,68130
<br> 
<td style="font-family:Trebuchet MS, Geneva, sans-serif; font-size:12px; text-align:center; color:#aaaaaa;" width="600" style="text-align:center">
 If you no longer wish to receive these emails, you may unsubscribe by clicking <a href='https://storage.googleapis.com/tlouwnl/kodmayvye/anch/komaritsda.html#2773142JL7277335sj671975296Jv14080XE24YDu185933GK'>here</a><br>
 </td>
 </tr>
 </table>
 </center>


--000000000000B0MNRUNyYR84HR9by1bJV--
--000000000000B0MNRUNyYR84HR9a3lf5y--
--000000000000SGCNuB7Qm6umj710elBSQBOChHl--

<address R21sMjAyM2Rw 671975296>
 

email.jpg

  • Like 1
Link to post
Share on other sites

@MarkGd

 

Thank you.

There have been multiple recent submissions of spam'd Malwarebytes' Product Renewals and FakeAlerts that are not from Malwarebyts but are from 3rd parties seeking referral monetary gains.

PING @JPopovic

Link to post
Share on other sites

27 minutes ago, David H. Lipman said:

@MarkGd

 

Thank you.

There have been multiple recent submissions of spam'd Malwarebytes' Product Renewals and FakeAlerts that are not from Malwarebyts but are from 3rd parties seeking referral monetary gains.

PING @JPopovic

Oh, I'm certain of it.  But being in a sales industry myself, I get contacted daily by lead-gen folks and they don't work for free.  The business (me) has to pay for ad-spends or, in this case, pay the lead gen company fees for their work.  Even if Malwarebytes is not aware of the methods used to get leads or simply, in this case, direct leads right to the buy page, Malwarebytes is likely paying for lead gen and this 3rd party is unscrupulous.  Scammers don't work for free to lead marks right to your buy page is what I'm saying.  I think Malwarebytes needs to better vet who they pay for lead gen and discard this organization.  

And here's where I plug a site I've found recently to analyze email headers while trying to consolidate spam filters:  mxtoolbox.  No affiliation, but a free(mium) and useful part of a IT guy's toolbox!

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.