Invader Helios analyzes the Beneficiary Scam

Beneficiary scam / inheritance scam / financial scams / investment scams / loan scams are one of the most common scams being spammed. They are a type of phish aim to get your personal information for the sole purpose of theft either your hard earned money or your identity.

Zifsoft has been developing a new type of software which puts the forensic power to identify spam in your inbox. Unlike the current spam control which just quarantines the scam, the Aggressor program identifies the scammer with readily availble technology such as traceroute. Aggressor also allows scammer database to be shared between users through the Aggressor P2P networking sharing system. When users share their database, they are no longer fighting the scammers individually but as a network. Aggressor is structured to petition the ISP to shut down the scammers. Aggressor is has a followup system to deter the same scammer from surfacing. This is done through the Ag_Te database that can analyze the scammer’s signature. Aggressor can even tell you which country, state, town and street the scammer came from. There will be no anonymity for the scammers.

Here are examples of beneficiary the scam shared by our client. On the left is the email. On the right is using the Aggressor Lens system which opens up the email header and runs a forensic for you.

The email sent to our client: Using Zifsoft’s Aggressor Lens (built into the Helios release), it’s laid apparent for you that the email did not originate from where the scammer purportedly claim they represent. For instance, the email below claim to be from the UK. In reality it came from Africa via Taiwan.
<sbj1>WITH DUE RESPETC<sbj2>
Dear Friend,
I know that this mail will come to you as a surprise as we have never met before, but need not to worry as I am contacting you independently of my investigation and no one is informed of this communication. I need your urgent assistance in transferring the sum of $11.3million immediately to your private account.The money has been here in our Bank lying dormant for years now without anybody coming for the claim of it.
I want to release the money to you as the relative to our deceased customer (the account owner) who died a long with his supposed NEXT OF KIN since 16th October 2005. The Banking laws here does not allow such money to stay more than 12 years, because the money will be recalled to the Bank treasury account as unclaimed fund.
By indicating your interest I will send you the full details on how the business will be executed.
Please respond urgently and delete if you are not interested.
Best Regards,
Mr. Ahmed Hassan.

 

<em1> questions@spamdex.co.uk; submit@scammed.by ; network-adm@hinet.net; akafando@telecelfaso.bf; ipaddressing@level3.com; abuse@level3.com; abuse@live.com; gmail-abuse@google.com;; abuse@outlook.com;; abuse@yandex.ru;<em2>

59.124.69.102 / 192.168.0.15 / 192.168.0.16 / 8.1.240.5 / 10.102.77.93 / 105.235.188.173 used your network to sent phishing scam with virus via fake email john@tba.org.tw

———————————————————–

please see scam email header details below:

return-path: <john@tba.org.tw>

x-original-to: info@gobi.com.sg

delivered-to: x14518238@homiemail-mx24.g.dreamhost.com

received: from tba-edge.tba-domain.tba (59-124-69-102.hinet-ip.hinet.net [59.124.69.102])

(using tlsv1 with cipher aes128-sha (128/128 bits))

(no client certificate requested)

by homiemail-mx24.g.dreamhost.com (postfix) with esmtps id 536469aeb

for <info@gobi.com.sg>; mon,  9 oct 2017 05:35:27 -0700 (pdt)

received: from tba-exch.tba-domain.tba (192.168.0.15) by

tba-edge.tba-domain.tba (192.168.0.16) with microsoft smtp server (tls) id

8.1.240.5; mon, 9 oct 2017 20:36:15 +0800

received: from [10.102.77.93] (105.235.188.173) by tba-exch.tba-domain.tba

(192.168.0.15) with microsoft smtp server (tls) id 8.3.485.1; mon, 9 oct 2017

20:35:52 +0800

message-id: <ufu6exngw5bihozgsd0fzyoii3fm7wi2pigmuhkcokqx@tba.org.tw>

mime-version: 1.0

from: ahmed hassan <john@tba.org.tw>

to: undisclosed-recipients:;

reply-to: <alahmedhassann6@live.com>

subject: with due respetc

date: mon, 9 oct 2017 12:35:12 +0000

content-type: multipart/alternative;

boundary=”–=boundary_1091235_uuyw_jvht_tujy_nfoy”

 

 

———————————————————–

spammer’s domain details:

ip address:        59.124.69.102

country:           twtaiwan

network name:      hinet-net

owner name:        taipei taiwan

cidr:              59.124.69.0/24

from ip:           59.124.69.0

to ip:             59.124.69.255

allocated:         yes

contact name:      hinet network-adm

address:           chtd, chunghwa telecom co., ltd., no. 21, sec. 21, hsin-yi rd.,, taipei taiwan 100

email:             network-adm@hinet.net

abuse email:

phone:             +886 2 2344 3007

fax:               +886 2 2395 5671

 

 

 

———————————————————–

spoofer’s domain details:

ip address:        105.235.188.173

country:           bfburkina faso

network name:      telecel_3g

owner name:        wap.telecelfaso.bf

cidr:              105.235.184.0/21

from ip:           105.235.184.0

to ip:             105.235.191.255

allocated:         yes

contact name:      zongo k macaire

address:           ouagadougou 11, bf, ouagadougou, burkina faso

email:             akafando@telecelfaso.bf

abuse email:

phone:             +22668000030

fax:

 

ip address:        8.1.240.5

country:           ususa – colorado

network name:      lvlt-org-8-8

owner name:        level 3 communications, inc.

cidr:              8.0.0.0/8

from ip:           8.0.0.0

to ip:             8.255.255.255

allocated:         yes

contact name:      level 3 communications, inc.

address:           1025 eldorado blvd., broomfield

email:             ipaddressing@level3.com

abuse email:       abuse@level3.com

phone:             +1-877-453-8353

fax:

 

 

———————————————————–

scammer’s domain details:

alahmedhassann6@live.com

 

 

———————————————————–

bait site’s domain details:

 

———————————————————–

original mail:

dear friend,

 

i know that this mail will come to you as a surprise as we have never met before, but need not to worry as i am contacting you independently of my investigation and no one is informed of this communication. i need your urgent assistance in transferring the sum of $11.3million immediately to your private account.the money has been here in our bank lying dormant for years now without anybody coming for the claim of it.

 

i want to release the money to you as the relative to our deceased customer (the account owner) who died a long with his supposed next of kin since 16th october 2005. the banking laws here does not allow such money to stay more than 12 years, because the money will be recalled to the bank treasury account as unclaimed fund.

 

by indicating your interest i will send you the full details on how the business will be executed.

By indicating your interest I will send you the full details on how the business will be executed.

Please respond urgently and delete if you are not interested.

Best Regards,
Mr. Ahmed Hassan.

 

<sbj1>AIB #25.5M Overdue Claims <sbj2>
Hello Dear,
I, am Mrs Liang Elizabeth, I work with Allien Irish Bank as the Chinese Representative Staff here in UK, I have a business proposal amounting GBP25,500,000.00 Million I want to discuss with you.Though the internet medium is highly abuse this days but am assuring you that this has nothing to do with any fraudulent activity. Please I will appreciate if you reply back this message in other for me to email you in full details.Awaiting your quick response,Yours faithfully.
Mrs L. Elizabeth,
Chief Executive Account Officer,
Allied Irish Bank,UK.
Email:mrselaingg@mailbox.org

<em1> questions@spamdex.co.uk; submit@scammed.by ; aaron@wholesaleinternet.com; abuse@wholesaleinternet.net; anti-spam@mail.jxptt.zj.cn; mrselaingg@mailbox.org; abuse@mailbox.org; gmail-abuse@google.com<em2>

 

122.225.60.26 / 69.30.226.186 used your network to sent phishing scam with virus via fake email james@kinglonte.com

———————————————————–

please see scam email header details below:

return-path: <james@kinglonte.com>

x-original-to: info@gobi.com.sg

delivered-to: x14518238@homiemail-mx28.g.dreamhost.com

received: from mail.kinglonte.com (unknown [122.225.60.26])

by homiemail-mx28.g.dreamhost.com (postfix) with esmtp id 8db7420049d32

for <info@gobi.com.sg>; sun,  8 oct 2017 11:45:02 -0700 (pdt)

received: from user (unknown [69.30.226.186])

by mail.kinglonte.com (postfix) with esmtpa id b828b238387b;

mon,  9 oct 2017 01:45:25 +0800 (cst)

reply-to: <mrselaingg@mailbox.org>

from: “mrs liang elizabeth”<james@kinglonte.com>

subject: aib #25.5m overdue claims

date: sun, 8 oct 2017 10:46:38 -0700

mime-version: 1.0

content-type: text/html;

charset=”windows-1251″

content-transfer-encoding: 7bit

x-priority: 3

x-msmail-priority: normal

x-mailer: microsoft outlook express 6.00.2600.0000

x-mimeole: produced by microsoft mimeole v6.00.2600.0000

 

 

———————————————————–

spammer’s domain details:

ip address:        69.30.226.186

country:           ususa – missouri

network name:      ds-226-185-191

owner name:        vps server

cidr:              69.30.226.184/29

from ip:           69.30.226.184

to ip:             69.30.226.191

allocated:         yes

contact name:

address:           201 e. 16th st, north kansas city

email:             aaron@wholesaleinternet.com

abuse email:       abuse@wholesaleinternet.net

phone:             +1-816-256-3031

fax:

 

ip address:        122.225.60.26

country:           cnchina

network name:      jiaxing-jinlongde-ltd

owner name:        jiaxing jinlongde equipment co.,ltd

cidr:              122.225.60.24/30

from ip:           122.225.60.24

to ip:             122.225.60.27

allocated:         yes

contact name:      yaoming shen

address:           no.1 zhenyuan road,jiaxing,zhejiang.postcode:314000

email:             anti-spam@mail.jxptt.zj.cn

abuse email:

phone:             +86-13806737891

 

 

 

———————————————————–

spoofer’s domain details:

 

scammer’s domain details:

mrselaingg@mailbox.org

abuse@mailbox.org

 

 

———————————————————–

bait site’s domain details:

 

———————————————————–

original mail:

hello dear,

 

 

 

i, am mrs liang elizabeth, i work with allien irish bank as the chinese representative staff here in uk, i have a business proposal amounting gbp25,500,000.00 million i want to discuss with you.

 

 

 

though the internet medium is highly abuse this days but am assuring you that this has nothing to do with any fraudulent activity. please i will appreciate if you reply back this message in other for me to email you in full details.

 

 

 

awaiting your quick response,

 

 

yours faithfully.

mrs l. elizabeth,

chief executive account officer,

allied irish bank,uk.

email:mrselaingg@mailbox.org

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Behind Aggressor’s Helios program is a visualizer (called the Lense system), where you can analyze the sources of the scam. When grouped together, a pattern emerges. It’s this pattern that helps Aggressor nail the scammer. There can be only one Hemingway, Rowling, Shakespeare. They have their own style. Aggressor learns the style of the spammer and forms an association. The more spam is shared, the smarter Aggressor gets. Here’s a list of IP address that these beneficiary scam seem to come from:

 

Row Labels Count of IP5
58.157.155.13 27
58.159.255.255 27
58.157.155.15 27
58.156.0.0 27
58.157.155.0 27
37.49.224.173 27
78.130.176.217 26
78.130.128.0 26
192.168.0.101 26
78.130.176.255 26
78.130.176.0 26
162.144.0.0 26
162.144.128.116 26
162.144.255.255 26
197.210.25.1 25
192.254.193.46 25
218.240.43.184 4
175.100.48.0 3
8.1.240.5 3
175.100.63.255 3
59.124.69.102 3
105.235.188.173 3
192.168.0.15 3
200.53.250.4 3
193.158.245.255 2
59.124.69.0 2
10.0.0.0 2
197.248.213.150 2
193.158.0.0 2
83.103.171.255 2
81.23.41.204 2
83.238.195.68 2
125.241.88.194 2
200.125.190.203 2
62.152.59.230 2
83.103.171.0 2
193.158.244.161 2
202.43.32.0 2
81.23.32.171 2
202.43.45.154 2
105.235.184.0 2
202.43.47.255 2
116.203.75.224 2
213.32.113.0 2
192.168.0.16 2
213.32.113.159 2
192.168.11.200 2
213.32.113.255 2
141.105.64.218 2
217.160.130.106 2
193.158.244.0 2
218.240.0.0 2
8.0.0.0 2
10.255.255.255 2
81.23.32.128 2
218.240.63.255 2
81.23.32.255 2
218.84.173.25 2
10.102.77.93 2
104.193.9.74 2
83.103.171.76 2
62.210.128.0 1
220.164.2.68 1
204.29.186.3 1
121.43.255.255 1
5.63.163.113 1
122.225.60.24 1
118.88.47.255 1
122.225.60.26 1
212.237.0.0 1
122.225.60.27 1
37.49.226.255 1
122.48.0.0 1
115.164.86.57 1
122.48.100.236 1
69.57.93.66 1
122.48.255.255 1
203.119.60.105 1
123.112.0.0 1
210.205.6.9 1
123.124.89.178 1
109.236.80.0 1
123.127.255.255 1
23.227.196.72 1
123.25.13.119 1
46.242.144.100 1
124.150.140.0 1
52.69.255.255 1
124.150.142.126 1
100.64.0.0 1
124.150.143.255 1
62.231.98.128 1
100.64.251.77 1
118.170.79.189 1
133.242.0.0 1
120.27.255.255 1
133.242.202.0 1
203.142.4.134 1
133.242.202.90 1
209.17.112.0 1
138.201.0.0 1
211.181.197.255 1
138.201.255.255 1
213.199.247.200 1
138.201.83.17 1
109.236.88.198 1
139.0.0.0 1
222.173.0.0 1
139.0.24.53 1
110.50.111.255 1
139.0.255.255 1
41.190.3.109 1
103.16.182.0 1
5.35.224.0 1
148.204.176.200 1
50.23.72.55 1
103.16.182.10 1
54.175.255.255 1
103.16.183.255 1
58.211.82.0 1
103.206.129.11 1
60.175.255.255 1
162.17.225.203 1
62.216.32.12 1
169.254.206.17 1
69.30.226.184 1
17.83.201.138 1
77.79.68.48 1
172.16.0.50 1
78.32.192.0 1
172.20.10.9 1
80.128.195.159 1
172.26.221.77 1
82.207.127.255 1
172.56.34.114 1
203.119.73.105 1
172.93.128.0 1
203.179.17.220 1
172.93.144.0 1
204.61.216.115 1
172.93.148.183 1
209.17.127.255 1
172.93.159.255 1
211.181.197.128 1
172.93.255.255 1
211.202.2.4 1
173.209.43.17 1
212.237.63.255 1
175.100.0.0 1
108.170.31.64 1
175.100.15.255 1
109.236.88.0 1
103.79.141.164 1
110.50.111.240 1
175.100.6.194 1
222.143.255.255 1
175.100.60.175 1
222.175.255.255 1
175.100.60.180 1
23.95.82.58 1
175.100.60.208 1
37.49.226.0 1
175.100.60.242 1
41.190.14.92 1
103.89.88.0 1
46.21.151.85 1
176.58.93.228 1
5.172.198.242 1
179.215.248.99 1
5.35.246.177 1
180.235.224.0 1
50.23.72.52 1
180.235.240.0 1
52.68.0.0 1
180.235.245.243 1
54.160.0.0 1
180.235.247.255 1
111.90.146.202 1
180.235.255.255 1
58.208.0.0 1
181.113.58.213 1
58.223.255.255 1
182.48.0.0 1
60.166.0.0 1
182.48.11.0 1
116.203.75.237 1
182.48.11.255 1
62.210.255.255 1
182.48.11.53 1
62.216.34.133 1
182.48.63.255 1
62.231.98.255 1
185.104.152.0 1
69.30.226.191 1
185.104.152.157 1
74.208.244.125 1
185.104.152.255 1
77.79.68.63 1
185.36.168.115 1
118.88.37.155 1
185.7.60.0 1
78.32.199.255 1
185.7.63.198 1
8.255.255.255 1
185.7.63.255 1
120.24.0.0 1
189.206.186.122 1
82.207.0.0 1
190.102.143.48 1
121.40.0.0 1
190.102.143.55 1
203.119.68.105 1
190.136.33.224 1
203.142.0.0 1
190.136.33.229 1
203.142.4.255 1
190.202.0.214 1
204.29.186.0 1
192.168.0.0 1
204.29.187.255 1
103.89.88.174 1
204.61.216.55 1
103.89.91.255 1
209.17.126.100 1
104.193.9.56 1
210.143.101.128 1
192.168.0.170 1
211.180.0.0 1
192.168.0.9 1
211.181.197.248 1
10.228.1.132 1
211.181.255.255 1
192.168.255.255 1
212.180.235.222 1
104.232.33.123 1
212.237.28.21 1
192.3.0.0 1
212.47.84.214 1
192.3.176.128 1
213.32.0.0 1
192.3.176.195 1
108.170.31.73 1
192.3.176.255 1
216.172.97.242 1
192.3.255.255 1
217.36.43.3 1
192.5.4.1 1
109.236.88.255 1
192.99.0.0 1
110.50.111.244 1
192.99.175.108 1
222.136.0.0 1
192.99.175.127 1
222.143.26.187 1
192.99.175.64 1
222.175.157.234 1
192.99.255.255 1
23.227.192.0 1
104.40.0.0 1
23.227.207.255 1
104.47.255.255 1
37.49.224.0 1
104.47.5.212 1
37.49.224.255 1
10.49.251.50 1
37.49.226.123 1
193.170.44.0 1
41.190.0.0 1
193.170.44.216 1
41.190.15.255 1
193.170.45.255 1
41.190.3.57 1
193.206.0.0 1
46.21.153.51 1
193.206.107.0 1
5.172.198.0 1
193.206.107.251 1
5.172.198.255 1
193.206.107.255 1
5.35.240.0 1
193.251.16.51 1
5.35.247.255 1
194.0.1.18 1
50.23.64.0 1
194.146.106.78 1
50.23.72.53 1
196.21.79.50 1
52.64.0.0 1
196.4.160.27 1
52.69.127.49 1
100.127.255.255 1
52.79.255.255 1
197.237.36.178 1
54.165.64.35 1
197.242.77.138 1
111.90.128.0 1
197.248.0.0 1
111.90.159.255 1
197.248.192.0 1
116.203.64.0 1
105.235.191.255 1
58.211.80.0 1
105.6.82.207 1
58.211.82.142 1
107.6.0.0 1
116.203.75.0 1
84.38.130.143 1
59.124.69.255 1
84.38.135.0 1
60.173.37.138 1
84.38.135.255 1
61.6.27.157 1
85.128.129.10 1
62.210.0.0 1
89.171.29.77 1
62.210.143.208 1
89.238.146.24 1
62.216.32.0 1
89.238.146.31 1
62.216.32.15 1
91.239.5.18 1
62.216.63.255 1
91.239.5.5 1
62.231.98.194 1
94.102.0.0 1
66.163.187.155 1
94.102.4.162 1
69.30.226.186 1
01.108.170.31 1
69.57.80.0 1
107.6.52.0 1
69.57.95.255 1
107.6.52.162 1
77.79.64.0 1
200.91.186.98 1
77.79.68.59 1
201.140.220.0 1
116.203.95.255 1
201.140.223.3 1
118.88.32.0 1
202.157.153.72 1
78.32.0.0 1
202.170.64.0 1
78.32.193.42 1
202.170.68.0 1
78.46.34.183 1
202.170.68.18 1
119.52.248.70 1
202.170.95.255 1
8.8.8.8 1
202.225.0.0 1
119.82.224.55 1
202.225.139.124 1
120.27.111.18 1
107.6.63.255 1
81.95.7.27 1
108.170.0.0 1
82.207.109.187 1
108.170.31.127 1
82.207.64.0 1
203.119.38.105 1
121.40.41.227 1
203.119.44.105 1
197.248.255.255 1
84.38.130.0 1
198.154.192.0 1
84.38.130.255 1
198.154.233.71 1
84.38.135.207 1
198.154.255.255 1
85.128.128.10 1
198.38.80.0 1
85.172.109.18 1
198.38.91.251 1
89.238.128.0 1
198.38.95.255 1
89.238.146.28 1
199.168.136.0 1
91.239.5.0 1
199.168.139.95 1
91.239.5.255 1
199.168.143.255 1
91.239.5.6 1
2.38.0.0 1
94.102.4.0 1
2.38.255.255 1
94.102.4.255 1
2.38.96.146 1
200.125.190.200 1
Grand Total 847

 

How does Helios work?

Helios has three systems.

  • Minerva for identifying the type of spam / scam.
  • Lense for identifying the origin of the scam.
  • HH (Handle Hacker) a complaint report writer that informs the ISP of the scammer’s activities. It contains all the necessary evidence, forensics for the ISP to qualify that this is a genuine complaint. We’ve had a high acceptance rate where we manage to put a stop to the scammers even entire network of spambots.
Minerva system
Lense to identify the origin of the scam.
HH system for informing the scammer’s ISP.

Helios’ “LENSE” feature breaks down the scam into five segments. Each five segments educates the user identify the origin of the scam. This is the second time this scam came from Burkina Faso (Africa) using an aol address, hence the simple label BF_benefiaryscam (“GEOlocation_type of Scam”).

  • header. “please see scam email header details below:”
  • spammer’s domain details:
  • spoofer’s domain details:
  • scammer’s domain details:
  • bait site’s domain details:
  • original mail.

<em1>questions@spamdex.co.uk; submit@scammed.by <em2>

204.29.186.19 / 172.27.2.36 / 172.27.62.2 / 41.138.96.187 / 10.96.18.194 used your network to sent phishing scam via email marinabagnidaniel@aol.com

———————————————————–

please see scam email header details below:

return-path: <marinabagnidaniel@aol.com>

x-original-to: info@gobi.com.sg

delivered-to: x14518238@homiemail-mx25.g.dreamhost.com

received: from omr-m017e.mx.aol.com (omr-m017e.mx.aol.com [204.29.186.19])

(using tlsv1 with cipher adh-aes256-sha (256/256 bits))

(no client certificate requested)

by homiemail-mx25.g.dreamhost.com (postfix) with esmtps id 9d34b2004df33

for <info@gobi.com.sg>; thu, 12 oct 2017 10:27:05 -0700 (pdt)

received: from mtaomg-aac02.mx.aol.com (mtaomg-aac02.mx.aol.com [172.27.2.36])

by omr-m017e.mx.aol.com (outbound mail relay) with esmtp id cd71d3800083;

thu, 12 oct 2017 13:27:04 -0400 (edt)

received: from core-mab02a.mail.aol.com (core-mab02.mail.aol.com [172.27.62.2])

by mtaomg-aac02.mx.aol.com (omag/core interface) with esmtp id 0bd3938000082;

thu, 12 oct 2017 13:26:56 -0400 (edt)

received: from 41.138.96.187 by webjas-vab191.srv.aolmail.net (10.96.18.194) with http (webmailui); thu, 12 oct 2017 13:26:53 -0400

date: thu, 12 oct 2017 13:26:55 -0400

from: marinabagnidaniel@aol.com

message-id: <15f119fe9b0-c0c-37f47@webjas-vab191.srv.aolmail.net>

subject: may god bless you,

mime-version: 1.0

content-type: multipart/alternative;

boundary=”—-=_part_281295_1889293041.1507829213616″

x-mb-message-source: webui

x-mb-message-type: user

x-mailer: jas std

x-originating-ip: [41.138.96.187]

dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;

s=20150623; t=1507829224;

bh=eurbm2sxv3th8tjjgpxuh+soq3iwu/egsianyeqskve=;

h=from:subject:message-id:date:mime-version:content-type;

b=ix5kqa3oebrzophbag3fk9hrowdklzk6m5aycgerzrx0axsrrqs58vut9avpprvir

usgw++h/g6oy2w5xduxx3aojlfrjzm7cdrdktocghgdp1nrwhxyqfz7wr3wop2kr32

b7kidmegkx0p3voyqkpo39/wxxqtbac3pbvw5bks=

x-aol-sid: 3039ac1b022459dfa5e00843

 

 

———————————————————–

spammer’s domain details:

ip address:        41.138.96.187

country:           bfburkina faso

network name:      onatel-20090715

owner name:        pool adsl ouaga centre  onatel

cidr:              41.138.96.0/20

from ip:           41.138.96.0

to ip:             41.138.111.255

allocated:         yes

contact name:      emmanuel guigma

address:           onatel, 01 p.o. box 10 000, ouagadougou 01, burkina faso, ouagadougou 01 bp 10000, burkina faso

email:             e.guigma@onatel.bf

abuse email:

phone:             +22650305847

fax:               +22650315386

 

ip address:        204.29.186.19

country:           ususa – virginia

network name:      atdn-nscape

owner name:        aol inc.

cidr:              204.29.186.0/23

from ip:           204.29.186.0

to ip:             204.29.187.255

allocated:         yes

contact name:      aol inc.

address:           22000 aol way, dulles

email:             domain-adm@corp.aol.com

abuse email:       abuse@aol.net

phone:             +1-703-265-4670

 

 

 

———————————————————–

spoofer’s domain details:

 

———————————————————–

scammer’s domain details:

omr-m017e.mx.aol.com

 

15f119fe9b0-c0c-37f47@webjas-vab191.srv.aolmail.net

 

abuse@aol.com

abuse@aolmail.net

 

 

———————————————————–

bait site’s domain details:

 

———————————————————–

original mail:

hello my dear,

 

i sent this mail praying it will found you in a good condition of health, since i myself are in a very critical health condition in which i sleep every night without knowing if i may be alive to see the next day. i bring peace and love to you. it is by the grace of god, i had no choice than to do what is lawful and right in the sight of god for eternal life and in the sight of man for witness of god’s mercy and glory upon my life. i am mrs. marina bagni daniel a widow and citizen of united state’s of america. i am suffering from a long time brain tumor, it has defiled all forms of medical treatment, and right now i have only about a few months to live, according to medical experts. the situation has gotten complicated recently with my inability to hear proper am communicating with you with the help of the chief nurse herein the hospital, from all indication my conditions is really deteriorating and it is quite obvious that, according to my doctors they have advised me that i may not live too long, this is because this illness has gotten to a very bad stage. i hoped that you will not expose or betray this trust and confident that i am about to repose on you for the mutual benefit of the orphans and the less privileges ones. i have some funds i inherited from my late husband, the sum of ($ 9,650,000.00, nine million six hundred and fifty thousand dollars).  having known my condition, i decided to donate this fund to you believing that you will utilize it the way i am going to instruct herein. i need you to assist me and reclaim this money and use it for charity works, for orphanages and gives justice and help to the poor, needy and a widow says the lord.” jeremiah 22:15-16.“ and also build schools for less privilege that will be named after my late husband if possible and to promote the word of god and the effort that the house of god is maintained.

 

i do not want a situation where this money will be used in an ungodly manner. that’s why i’m taking this decision. i’m not afraid of death, so i know where i’m going. i accept this decision because i do not have any child who will inherit this money after i die. please i want your sincerely and urgent answer to know if you will be able to execute this project for the glory of god, and i will give you more information on how the fund will be transferred to your bank account. may the grace, peace, love and the truth in the word of god be with you and all those that you love and care for.

 

i am waiting for your immediate reply if only you are interested. please don’t forget to reply me in my private e-mail:(marinabagnidaniel@yandex.com <https://mail.google.com/mail/u/0/h/1ep0aicz1svrn/?&cs=wh&v=b&to=marinabagnidaniel@yandex.com> ) for further details.

 

may god bless you,

mrs. marina bagni daniel.

 

 

Where can I install Helios?

At the moment only selected users. We are testing the three features: Minerva (scam identification self learning system), Lense (origination identification system), HH (handle hacker system). We’re getting closer and every scam that we receive makes the Aggressor system closer to perfection. So far we’ve handled about 2000 scams. About 10% seems are steady state (repeated with some variation) scammers / spammers. The nuisance are the SEO and it’s the same people using same templates with different email addresses. Those are easy to catch and dispatched.

 

 

Fields marked with an * are required

Leave a Reply

Your email address will not be published. Required fields are marked *