by Terminator5
Mon Mar 19, 2012 12:31 pm
B2B Alibaba Purchase Scam with Fake Website under development .
www.motioninvestmentinc.com
Active page , www.motioninvestmentinc.com/Re-EscrowPayment/index.php contains a generic email phishing page .
Source IP Address 41.15.217.169
South Africa
Begin Scam Email:
Dear Customer,
Your have received a B2B express escrow payment.
You now have to view and confirm this email to receive the amount in your account.
Click here to view your payment.
If you have any purchasing requirements in the future, please do not hesitate to contact me for help.
It's easy. Just provide the following information:
1. Product Name:
2. Min. Order Quantity:
3. Annual Purchase Volume:
4. Detailed Purchasing Requirements:
5. Product Photo: Please attach it with your email to us
To submit your purchasing request to us, you can also
I will help to match you with the right supplier as soon as I receive the information above. Thank you.
Wishing you the very best of business,
Horatio
Alibaba.com Sourcing Assistant
This email was sent automatically please do not respond.
End Scam Email
Header Details:
Delivered-To: xxxxxx
Received: by 10.180.101.135 with SMTP id fg7csp2520wib;
Mon, 19 Mar 2012 02:04:37 -0700 (PDT)
Received: by 10.68.234.41 with SMTP id ub9mr37757050pbc.106.1332147876300;
Mon, 19 Mar 2012 02:04:36 -0700 (PDT)
Return-Path: <[email protected]>
Received: from icarus.vdpwebsites.com.au (icarus.vdpwebsites.com.au. [203.98.84.170])
by mx.google.com with ESMTPS id p3si16023227pbb.106.2012.03.19.02.04.35
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 19 Mar 2012 02:04:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 203.98.84.170 as permitted sender) client-ip=203.98.84.170;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 203.98.84.170 as permitted sender) [email protected]
Received: from apache by icarus.vdpwebsites.com.au with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1S9YW1-0004UY-B1
for xxxxxx; Mon, 19 Mar 2012 09:04:33 +0000
To: xxxxxx
Subject: Your Payment
X-PHP-Script: betterwebbusinesses.netmate.co/wp-conte ... [email protected] for 41.15.217.169
From: Horatio Enot <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Mon, 19 Mar 2012 09:04:33 +0000
www.motioninvestmentinc.com
Active page , www.motioninvestmentinc.com/Re-EscrowPayment/index.php contains a generic email phishing page .
Source IP Address 41.15.217.169
South Africa
Begin Scam Email:
Dear Customer,
Your have received a B2B express escrow payment.
You now have to view and confirm this email to receive the amount in your account.
Click here to view your payment.
If you have any purchasing requirements in the future, please do not hesitate to contact me for help.
It's easy. Just provide the following information:
1. Product Name:
2. Min. Order Quantity:
3. Annual Purchase Volume:
4. Detailed Purchasing Requirements:
5. Product Photo: Please attach it with your email to us
To submit your purchasing request to us, you can also
I will help to match you with the right supplier as soon as I receive the information above. Thank you.
Wishing you the very best of business,
Horatio
Alibaba.com Sourcing Assistant
This email was sent automatically please do not respond.
End Scam Email
Header Details:
Delivered-To: xxxxxx
Received: by 10.180.101.135 with SMTP id fg7csp2520wib;
Mon, 19 Mar 2012 02:04:37 -0700 (PDT)
Received: by 10.68.234.41 with SMTP id ub9mr37757050pbc.106.1332147876300;
Mon, 19 Mar 2012 02:04:36 -0700 (PDT)
Return-Path: <[email protected]>
Received: from icarus.vdpwebsites.com.au (icarus.vdpwebsites.com.au. [203.98.84.170])
by mx.google.com with ESMTPS id p3si16023227pbb.106.2012.03.19.02.04.35
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 19 Mar 2012 02:04:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 203.98.84.170 as permitted sender) client-ip=203.98.84.170;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 203.98.84.170 as permitted sender) [email protected]
Received: from apache by icarus.vdpwebsites.com.au with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1S9YW1-0004UY-B1
for xxxxxx; Mon, 19 Mar 2012 09:04:33 +0000
To: xxxxxx
Subject: Your Payment
X-PHP-Script: betterwebbusinesses.netmate.co/wp-conte ... [email protected] for 41.15.217.169
From: Horatio Enot <[email protected]>
Reply-To: [email protected]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Mon, 19 Mar 2012 09:04:33 +0000
Daniel 8 :25
