Steve/sewell
Well-Known Member
- Joined
- Jan 23, 2010
- Messages
- 6,108
- Reaction score
- 5
- Points
- 0
Hello all,
This can happen to any of us who have an email account which is all of us. I was able to track where the email was really sent from and it is this IP address 217.118.81.22 which is from the Russian Federation (RU) in region Eastern Europe which originates in the Host name: user-22.81.118.217.in-addr.arpa
Here is the tracing web page I used after finding the IP address embedded in my email supposedly from Red. http://en.utrace.de/?query=217.118.81.22
Additionally a droid mobile phone 1359395309.72038.androidMobile@web120006.mail.ne1.yahoo.com was used to send the malicious email and attached link to Yahoo . Please do not open the email as it will appear harmless to your NORTON or which ever virus software you use including updated spyware or malware programs you have working for you. The email puts a trojan backdoor entry port for the hacker to gain easy entry into your desk top portal allowing infiltration into your computer which could lead to monetary losses to you should your online banking info be compromised.
I have hidden my email address below in the full headers link from you hacking SOBs on this website in case it is one of you!!! [8D] Who would have thought Red and Agnes Matthews were really the Rosenberg's proteges. Red a Russian Spy.......sat it aint so....[8|] Here are the full headers returned to me of the sent email. It took 1 second to arrive at my email address housed at Yahoo headquarters at 701 1st Ave Sunnyvale, CA 94089 from the other side of the globe at IP Address: 217.118.81.22 from ISP:VimpelCom from the Rostov-on-don (RU Region: Reds Email was hacked from a Russian military base!! using a droid phone!!! I am not kidding.
Here is the translation of the physical address of the site in Russia the email was sent from http://translate.google.com/#ru/en/%D0%BA%D1%80%D0%B0%D1%81%D0%BD%D0%BE%D0%B0%D1%80%D0%BC%D0%B5%D0%B9%D1%81%D0%BA%D0%B0%D1%8F%20%D1%83%D0%BB%D0%B8%D1%86%D0%B0 RED ARMY STREET
From Red Matthews Mon Jan 28 09:48:29 2013
X-Apparently-To: c----st----@yahoo.com via 98.138.85.180; Mon, 28 Jan 2013 09:48:30 -0800
Return-Path: <bottlemysteries@yahoo.com>
X-YahooFilteredBulk: 98.138.91.56
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG: yNKilawWLDvRco.4HXIKCPtdebROLT1udS8n2QCjiY4BmMsC XCnVAdFk.tunCXVHZ0hVpozkEFtGLIp8bzPC7SF9TrBUdn9kA7ZPhGh6D92J W_vbcSWiB7ukA0YPeuv4vZ7GYz1tZ6O_P0IsqUxfyBsHOt7qF8I0OXvbcGSI kvI7BgfWhmsMiCSH161VpZGBYj_6zpcdQqrOy_sTec8fC3av3NuJ6MfoNSRz 3P3xrzHOa03J.GI.o6D.JOdUDx6R.Z4OKYz1rS1Qsq2EuT6yzxAUChrqJRgx OEwQX7KkfRe2WDg2XCY6rr4W9na6qA8VSjWtXTtRA2ZYSAZdtVVs88VTKjkU nFtj9xCRKRVztGSJk7tE0kuUA1zWjAOD6ErSC.Q.hWgGW9tr4kusPplxixRK z1lSQ.VtOhk2DudyqatLM1o1a43lW5tQlQhN83FEe8tesaIxW5Au0kKZafVl _HwIrAElX6KhiEieOErJAunbf77u61jOhmZviw8FCrtD11el2ZFy_e4HhxOq gFvncKSzooDcGhNY_2ifugt7tvRYpPB9.ha960AG5YwadeVeo0TQ9mXHtF59 SCV_eQnEy_dWnaTu5mq8zy9Zkld.r0f9MhB3JioMC_hQXMc5gkd6mDsFzgOv dgKx6tHYSXFTblCAJCFKwniTy6IYuPUJZogNoyAwecBYKZ7nImF7RfPjaAre zfhjFKcc_iUNsENRMiQg6W_PMxTHVe.ngGcGb6Z9egU07tPdUHG6kUhOkg0m .nZetW9in5gntBTuzn6upXhBsc13U7N_A0.AgDBpN2cmTK3axxTE0ccUc6V3 p.qI1e8ScLCsAp_Q2WAqKs1n5Fl2WQFGeqQ.ZERQi52aR0Za3XPL4trtyUC5 VPJgqTAxLEoKPf5T53ZnoHsRmbqSk3pdC4qvqRcx8YdLiyqDWbYe4AvTSnTV oYVrPpzxSOczOkbNLn50flKZeaLxhtK_YdEwTjuMOqo9IXnJF_aTYDPSY3_7 HpehAK8ykL0p6nAI5x2B0Jnekr7NGuDKYFsJfh3Fb5_eWdQAa.6x0AJbsVdI 1i7Du.KxKlE4cfJw1UjHMSkk_B53mHS7iJH1ukvpnoodatOfPndmQfW9ch1k rsboGlrGGoOV2DofvWALq2Dh9CnKdeLhKXXWriwvm8evX6DBbaDBwhQ5XKaD fnfToRfnMGScmXuMEME2P15HmqBYaMvGi.sncjJbOOr47tzJZcL9uyBWlEFk .gmmY0PaFYCFg88e3RyC0ctzNQtFNTvXpGFFPvFsnl7236CRmjRaWNhJoOEB BTTuYJkfMYn9.4P6n4xvnKYejhV2JT1i2_G_HwxGYB7RP5Zz
X-Originating-IP: [98.138.91.56]
Authentication-Results: mta1398.mail.gq1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO nm19-vm1.bullet.mail.ne1.yahoo.com) (98.138.91.56) by mta1398.mail.gq1.yahoo.com with SMTP; Mon, 28 Jan 2013 09:48:30 -0800
Received: from [98.138.90.49] by nm19.bullet.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
Received: from [98.138.89.160] by tm2.bullet.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
Received: from [127.0.0.1] by omp1016.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 767188.31202.bm@omp1016.mail.ne1.yahoo.com
Received: (qmail 76260 invoked by uid 60001); 28 Jan 2013 17:48:29 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1359395309; bh=cWWERGSiKN8Yc0+13r6BuxFRRovPPl1Nu155pMUJR+0=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID
ate:From:Subject:To:MIME-Version:Content-Type; b=YZxZpbLOY2yqVEL6ojWO4prXNYouwcnE4ZW9Wguou3WLshS9y0ESebMMZ6dL3qeFdKhbAE9PYnDCcQMumLstvg2dO+va3WWs7FDdjCr0pDLOONlMHgju+tXjutoRWyRdsfQz4NgBAD5JAXr3W683LqEEqD6/Ch1yXlv//E6GfLE=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-IDate:From:Subject:To:MIME-Version:Content-Type; b=ttt4jjHqcKrsOSnRTWn6mewfo0di9m1MBlTOOQb86Yg9m86f00xxWXI5XCB7dcpNpyq7ImKG9dAsLXU+iZVbpiBwKPwRodMBFVixpiC0m7VanbrzJzUoCOPC8xcjreSS9b1y5Vb1CuVO7Kfrmfg6bGMCEuAzBbsRSmfG7q/varM= ;
X-YMail-OSG: X1ptpUYVM1my8AyTNVbtHKRHdn32aezUbS3RZJfgfcJjFo3 q.AFdeqS1usifEq.K37s8UY3Yyd7VvRMWOxJHciNaLtALDyjU4GmHsr42LGP iM9fc7gY2S5wMwyBVyuvR15XQkQwD9RpzByyyo8mnNc5dOTPP1ggysTMhfX7 FYWnkrB6YqAjFYV6aFCwM24iLmEIa.D7Tn38MU.wpvDYA.e8kzW.cuKZGVcF 9sZfrfigXKiiCQGbVVhDdGfnN5DMYI6BWvKU19HzIrYVM7Ncu811OfseRVB0 XpD6p2F7mCMYt0rUot7untq9qZgDloMoSVN96OZMoyYW5Nlvy9AFZWT9l7HT eQaM.4MtuN2LNOwTt7kTo8tz.4__yd18KMfAQF4JWUVQmZ5hkleW4xUm8N_Y btf1m7DMObEzoTmEoviES666nWzIFd2BoNMABZ1huuMjULDeHC6CE0H_ZLGj 5k0_QlMczeA7Om1c.i48BpcOIH3T4_sPvTNkw3hskwOepmWZYqx_YvVOPlov Ce4udqxArvuzJA_BHjVNiopPYreKu
Received: from [217.118.81.22] by web120006.mail.ne1.yahoo.com via HTTP; Mon, 28 Jan 2013 09:48:29 PST
X-Mailer: YahooMailWebService/0.8.131.499
Message-ID: <1359395309.72038.androidMobile@web120006.mail.ne1.yahoo.com>
Date: Mon, 28 Jan 2013 09:48:29 -0800 (PST)
From: This sender is DomainKeys verified
Red Matthews <bottlemysteries@yahoo.com>
View contact details
Subject: hi Steve
To: Steve <c----st----@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1454997657-1875793391-1359395309=:72038"
Content-Length: 444
Compact Headers
hard to believe this lol ( I removed the H in this link sent in the malicious email all of us received to avoid one of you knuckle heads on this forum from clicking on it here accidentally ttp://bit.ly/14p5Nk2 My take on these emails is the hackers in Russia are using a email Hacking BOT ( A program which attacks email address's ) which have the name RED in them.... All Red has to do is change his name to Blue Matthews anything but Red!!!! and this email will go away. In all seriousness if you have opened the email you might want to visit this site...... http://www.belarc.com/free_download.html the number one site in the world to detect and protect computers. The pay version is also part of this web site. This software protects and manages all of our Government entities. Check out the map of where the email was sent from in Russia below...... How about MR Matthews Red!!!
This can happen to any of us who have an email account which is all of us. I was able to track where the email was really sent from and it is this IP address 217.118.81.22 which is from the Russian Federation (RU) in region Eastern Europe which originates in the Host name: user-22.81.118.217.in-addr.arpa
Here is the tracing web page I used after finding the IP address embedded in my email supposedly from Red. http://en.utrace.de/?query=217.118.81.22
Additionally a droid mobile phone 1359395309.72038.androidMobile@web120006.mail.ne1.yahoo.com was used to send the malicious email and attached link to Yahoo . Please do not open the email as it will appear harmless to your NORTON or which ever virus software you use including updated spyware or malware programs you have working for you. The email puts a trojan backdoor entry port for the hacker to gain easy entry into your desk top portal allowing infiltration into your computer which could lead to monetary losses to you should your online banking info be compromised.
I have hidden my email address below in the full headers link from you hacking SOBs on this website in case it is one of you!!! [8D] Who would have thought Red and Agnes Matthews were really the Rosenberg's proteges. Red a Russian Spy.......sat it aint so....[8|] Here are the full headers returned to me of the sent email. It took 1 second to arrive at my email address housed at Yahoo headquarters at 701 1st Ave Sunnyvale, CA 94089 from the other side of the globe at IP Address: 217.118.81.22 from ISP:VimpelCom from the Rostov-on-don (RU Region: Reds Email was hacked from a Russian military base!! using a droid phone!!! I am not kidding.
Here is the translation of the physical address of the site in Russia the email was sent from http://translate.google.com/#ru/en/%D0%BA%D1%80%D0%B0%D1%81%D0%BD%D0%BE%D0%B0%D1%80%D0%BC%D0%B5%D0%B9%D1%81%D0%BA%D0%B0%D1%8F%20%D1%83%D0%BB%D0%B8%D1%86%D0%B0 RED ARMY STREET
From Red Matthews Mon Jan 28 09:48:29 2013
X-Apparently-To: c----st----@yahoo.com via 98.138.85.180; Mon, 28 Jan 2013 09:48:30 -0800
Return-Path: <bottlemysteries@yahoo.com>
X-YahooFilteredBulk: 98.138.91.56
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG: yNKilawWLDvRco.4HXIKCPtdebROLT1udS8n2QCjiY4BmMsC XCnVAdFk.tunCXVHZ0hVpozkEFtGLIp8bzPC7SF9TrBUdn9kA7ZPhGh6D92J W_vbcSWiB7ukA0YPeuv4vZ7GYz1tZ6O_P0IsqUxfyBsHOt7qF8I0OXvbcGSI kvI7BgfWhmsMiCSH161VpZGBYj_6zpcdQqrOy_sTec8fC3av3NuJ6MfoNSRz 3P3xrzHOa03J.GI.o6D.JOdUDx6R.Z4OKYz1rS1Qsq2EuT6yzxAUChrqJRgx OEwQX7KkfRe2WDg2XCY6rr4W9na6qA8VSjWtXTtRA2ZYSAZdtVVs88VTKjkU nFtj9xCRKRVztGSJk7tE0kuUA1zWjAOD6ErSC.Q.hWgGW9tr4kusPplxixRK z1lSQ.VtOhk2DudyqatLM1o1a43lW5tQlQhN83FEe8tesaIxW5Au0kKZafVl _HwIrAElX6KhiEieOErJAunbf77u61jOhmZviw8FCrtD11el2ZFy_e4HhxOq gFvncKSzooDcGhNY_2ifugt7tvRYpPB9.ha960AG5YwadeVeo0TQ9mXHtF59 SCV_eQnEy_dWnaTu5mq8zy9Zkld.r0f9MhB3JioMC_hQXMc5gkd6mDsFzgOv dgKx6tHYSXFTblCAJCFKwniTy6IYuPUJZogNoyAwecBYKZ7nImF7RfPjaAre zfhjFKcc_iUNsENRMiQg6W_PMxTHVe.ngGcGb6Z9egU07tPdUHG6kUhOkg0m .nZetW9in5gntBTuzn6upXhBsc13U7N_A0.AgDBpN2cmTK3axxTE0ccUc6V3 p.qI1e8ScLCsAp_Q2WAqKs1n5Fl2WQFGeqQ.ZERQi52aR0Za3XPL4trtyUC5 VPJgqTAxLEoKPf5T53ZnoHsRmbqSk3pdC4qvqRcx8YdLiyqDWbYe4AvTSnTV oYVrPpzxSOczOkbNLn50flKZeaLxhtK_YdEwTjuMOqo9IXnJF_aTYDPSY3_7 HpehAK8ykL0p6nAI5x2B0Jnekr7NGuDKYFsJfh3Fb5_eWdQAa.6x0AJbsVdI 1i7Du.KxKlE4cfJw1UjHMSkk_B53mHS7iJH1ukvpnoodatOfPndmQfW9ch1k rsboGlrGGoOV2DofvWALq2Dh9CnKdeLhKXXWriwvm8evX6DBbaDBwhQ5XKaD fnfToRfnMGScmXuMEME2P15HmqBYaMvGi.sncjJbOOr47tzJZcL9uyBWlEFk .gmmY0PaFYCFg88e3RyC0ctzNQtFNTvXpGFFPvFsnl7236CRmjRaWNhJoOEB BTTuYJkfMYn9.4P6n4xvnKYejhV2JT1i2_G_HwxGYB7RP5Zz
X-Originating-IP: [98.138.91.56]
Authentication-Results: mta1398.mail.gq1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO nm19-vm1.bullet.mail.ne1.yahoo.com) (98.138.91.56) by mta1398.mail.gq1.yahoo.com with SMTP; Mon, 28 Jan 2013 09:48:30 -0800
Received: from [98.138.90.49] by nm19.bullet.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
Received: from [98.138.89.160] by tm2.bullet.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
Received: from [127.0.0.1] by omp1016.mail.ne1.yahoo.com with NNFMP; 28 Jan 2013 17:48:29 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 767188.31202.bm@omp1016.mail.ne1.yahoo.com
Received: (qmail 76260 invoked by uid 60001); 28 Jan 2013 17:48:29 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1359395309; bh=cWWERGSiKN8Yc0+13r6BuxFRRovPPl1Nu155pMUJR+0=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID
ate:From:Subject:To:MIME-Version:Content-Type; b=YZxZpbLOY2yqVEL6ojWO4prXNYouwcnE4ZW9Wguou3WLshS9y0ESebMMZ6dL3qeFdKhbAE9PYnDCcQMumLstvg2dO+va3WWs7FDdjCr0pDLOONlMHgju+tXjutoRWyRdsfQz4NgBAD5JAXr3W683LqEEqD6/Ch1yXlv//E6GfLE=DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID
ate:From:Subject:To:MIME-Version:Content-Type; b=ttt4jjHqcKrsOSnRTWn6mewfo0di9m1MBlTOOQb86Yg9m86f00xxWXI5XCB7dcpNpyq7ImKG9dAsLXU+iZVbpiBwKPwRodMBFVixpiC0m7VanbrzJzUoCOPC8xcjreSS9b1y5Vb1CuVO7Kfrmfg6bGMCEuAzBbsRSmfG7q/varM= ;X-YMail-OSG: X1ptpUYVM1my8AyTNVbtHKRHdn32aezUbS3RZJfgfcJjFo3 q.AFdeqS1usifEq.K37s8UY3Yyd7VvRMWOxJHciNaLtALDyjU4GmHsr42LGP iM9fc7gY2S5wMwyBVyuvR15XQkQwD9RpzByyyo8mnNc5dOTPP1ggysTMhfX7 FYWnkrB6YqAjFYV6aFCwM24iLmEIa.D7Tn38MU.wpvDYA.e8kzW.cuKZGVcF 9sZfrfigXKiiCQGbVVhDdGfnN5DMYI6BWvKU19HzIrYVM7Ncu811OfseRVB0 XpD6p2F7mCMYt0rUot7untq9qZgDloMoSVN96OZMoyYW5Nlvy9AFZWT9l7HT eQaM.4MtuN2LNOwTt7kTo8tz.4__yd18KMfAQF4JWUVQmZ5hkleW4xUm8N_Y btf1m7DMObEzoTmEoviES666nWzIFd2BoNMABZ1huuMjULDeHC6CE0H_ZLGj 5k0_QlMczeA7Om1c.i48BpcOIH3T4_sPvTNkw3hskwOepmWZYqx_YvVOPlov Ce4udqxArvuzJA_BHjVNiopPYreKu
Received: from [217.118.81.22] by web120006.mail.ne1.yahoo.com via HTTP; Mon, 28 Jan 2013 09:48:29 PST
X-Mailer: YahooMailWebService/0.8.131.499
Message-ID: <1359395309.72038.androidMobile@web120006.mail.ne1.yahoo.com>
Date: Mon, 28 Jan 2013 09:48:29 -0800 (PST)
From: This sender is DomainKeys verified
Red Matthews <bottlemysteries@yahoo.com>
View contact details
Subject: hi Steve
To: Steve <c----st----@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1454997657-1875793391-1359395309=:72038"
Content-Length: 444
Compact Headers
hard to believe this lol ( I removed the H in this link sent in the malicious email all of us received to avoid one of you knuckle heads on this forum from clicking on it here accidentally ttp://bit.ly/14p5Nk2 My take on these emails is the hackers in Russia are using a email Hacking BOT ( A program which attacks email address's ) which have the name RED in them.... All Red has to do is change his name to Blue Matthews anything but Red!!!! and this email will go away. In all seriousness if you have opened the email you might want to visit this site...... http://www.belarc.com/free_download.html the number one site in the world to detect and protect computers. The pay version is also part of this web site. This software protects and manages all of our Government entities. Check out the map of where the email was sent from in Russia below...... How about MR Matthews Red!!!
