Financial Support Agent ~ sophie@greenolivs.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 65.55.111.72 Check 65.55.111.72 at Senderbase.org Check 65.55.111.72 at Reputationauthority.org Microsoft Hosting Redmond United States
14.05.15.07 Check 14.05.15.07 at Senderbase.org Check 14.05.15.07 at Reputationauthority.org n/a n/a
65.55.111.100 Check 65.55.111.100 at Senderbase.org Check 65.55.111.100 at Reputationauthority.org Microsoft Hosting Redmond United States

*Probable originating IP address

Delivered-To: scamFRAUDalert
Received: by 10.216.180.198 with SMTP id j48csp341352wem;
Thu, 15 May 2014 07:38:33 -0700 (PDT)
X-Received: by 10.68.200.10 with SMTP id jo10mr12686179pbc.143.1400164712722;
Thu, 15 May 2014 07:38:32 -0700 (PDT)
Return-Path: <gary.benton@outlook.com>
Received: from blu0-omc2-s25.blu0.hotmail.com (blu0-omc2-s25.blu0.hotmail.com. [65.55.111.100])
by mx.google.com with ESMTP id bc5si2765128pbb.461.2014.05.15.07.38.32
for ;
Thu, 15 May 2014 07:38:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of gary.benton@outlook.com designates 65.55.111.100 as permitted sender) client-ip=65.55.111.100;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of gary.benton@outlook.com designates 65.55.111.100 as permitted sender) smtp.mail=gary.benton@outlook.com
Received: from BLU185-W10 ([65.55.111.72]) by blu0-omc2-s25.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Financial Agent Position ~ support@olivesgreen.com

Thu, 15 May 2014 07:38:30 -0700
X-TMN: [Qq/dPNH62w/GGXwN2M6PswJQ0cAcf53f]
X-Originating-Email:gary.benton@outlook.com
Message-ID: <BLU185-W1045822EFBA89AB2A26F12E3360@phx.gbl>
Return-Path: gary.benton@outlook.com
Content-Type: multipart/alternative;
boundary=”_3cf84f14-b71c-4d7d-81ea-f19f2cad3ae4_”
From: Green Olives – support@olivesgreen.com
Sender: <gary.benton@outlook.com>
To: “scamFRAUDalert
Subject: Re: Hello
Date: Thu, 15 May 2014 10:38:30 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 15 May 2014 14:38:30.0651 (UTC) FILETIME=[574C4CB0:01CF704B]

Dear scamFRAUDalert
We are glad to see you are interested in hearing more. The only position we currently have available is the Financial Agent position, a job that you can do from home, no previous experience need, low working hours and you can work full or part time.
Your duties will be to receive and process the payments coming from our clients via bank wire transfer.
You will receive a salary of $4,200 / month plus commissions and you can work from home, you don`t have to relocate.

If you are interested in taking the job or receiving more information please reply with your phone number and one of our agents will call you right away.

Sincerely,
Green Olives , 6710 Capitol St, Houston, TX 77011
__________________________________

Green Olives

sophie@greenolivs.com

address lookup
canonical name http://www.greenolivs.com
aliases
addresses 209.202.252.21
Domain Whois record

Queried whois.internic.net with “dom greenolivs.com”…

Domain Name: GREENOLIVS.COM
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.GREENOLIVS.COM
Name Server: NS2.GREENOLIVS.COM
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 13-may-2014
Creation Date: 13-may-2014
Expiration Date: 13-may-2015

Last update of whois database: Tue, 20 May 2014 17:23:34 UTC
Queried whois.tucows.com with "greenolivs.com"…

Domain Name: GREENOLIVS.COM
Registry Domain ID: 1858573240_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2014-05-13 19:16:10
Creation Date: 2014-05-13 23:08:05

Registrar Registration Expiration Date: 2015-05-13 23:08:05
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
Reseller: Lycos, Inc.
Reseller: support@lycos.com
Reseller: 866-971-5039

Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited

Registry Registrant ID:
Registrant Name: daryl herndon
Registrant Organization: herndon
Registrant Street: 2900 14st nw suit 202
Registrant City: Washington
Registrant State/Province: DC
Registrant Postal Code: 20009
Registrant Country: US
Registrant Phone: +1.202-606-1683
Registrant Fax: +1.202-606-1683
Registrant Email: andrugrimshawsuc@aol.com

Registry Admin ID:
Admin Name: daryl herndon
Admin Organization: herndon
Admin Street: 2900 14st nw suit 202
Admin City: Washington
Admin State/Province: DC
Admin Postal Code: 20009
Admin Country: US
Admin Phone: +1.202-606-1683
Admin Phone Ext:
Admin Fax: +1.202-606-1683
Admin Fax Ext:
Admin Email: andrugrimshawsuc@aol.com

Registry Tech ID:
Tech Name: daryl herndon
Tech Organization: herndon
Tech Street: 2900 14st nw suit 202
Tech City: Washington
Tech State/Province: DC
Tech Postal Code: 20009
Tech Country: US
Tech Phone: +1.202-606-1683
Tech Fax: +1.2026061683
Tech Email: andrugrimshawsuc@aol.com

Name Server: NS1.GREENOLIVS.COM
Name Server: NS2.GREENOLIVS.COM

DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
Last update of WHOIS database: 2014-05-13 19:16:10

Registration Service Provider:
Network Whois record

Queried whois.arin.net with "n 209.202.252.21

NetRange: 209.202.192.0 – 209.202.255.255
CIDR: 209.202.192.0/18
OriginAS:
NetName: NETBLK-LYCOS-1
NetHandle: NET-209-202-192-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Assignment
RegDate: 2000-05-22
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-209-202-192-0-1

OrgName: Lycos, Inc.
OrgId: LYCOSI-1
Address: 100 Fifth Avenue
City: Waltham
StateProv: MA
PostalCode: 02451
Country: US
RegDate: 2000-05-22
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/LYCOSI-1

OrgTechHandle: NETWO1939-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-781-370-2700
OrgTechEmail: nic-tech@lycos-inc.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO1939-ARIN

OrgAbuseHandle: NETWO1939-ARIN
OrgAbuseName: Network Operations
OrgAbusePhone: +1-781-370-2700
OrgAbuseEmail: nic-tech@lycos-inc.com
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO1939-ARIN

RTechHandle: VY7-ARIN
RTechName: Yelsangikar, Vish
RTechPhone: +1-650-428-5111
RTechEmail: nic-tech@lycos-inc.com
RTechRef: http://whois.arin.net/rest/poc/VY7-ARIN

DNS records

DNS query for 21.252.202.209.in-addr.arpa failed: ConnectionReset
name class type data time to live
greenolivs.com IN SOA
server: ns1.greenolivs.com
email: hostmaster@greenolivs.com
serial: 1400606463
refresh: 16384
retry: 2048
expire: 1048576
minimum ttl: 2560
2560s (00:42:40)
greenolivs.com IN NS ns1.greenolivs.com 60s (00:01:00)
greenolivs.com IN NS ns2.greenolivs.com 60s (00:01:00)
greenolivs.com IN TXT PPdcfqym2YFe4sKOWloEm4tBFnQxOb6eYghH0BIWkllUQd581K2kpA== 60s (00:01:00)
greenolivs.com IN MX
preference: 10
exchange: mx.greenolivs.com.cust.b.hostedemail.com
60s (00:01:00)
greenolivs.com IN A 209.202.252.21 60s (00:01:00)
21.252.202.209.in-addr.arpa IN PTR bos1-redirect.domains.lycos.com 3600s (01:00:00)
21.252.202.209.in-addr.arpa IN PTR bos2-redirect.domains.lycos.com 3600s (01:00:00)
252.202.209.in-addr.arpa IN SOA
server: invisible.lycos.com
email: nic-tech@lycos-inc.com
serial: 2007103000
refresh: 1800
retry: 600
expire: 2419200
minimum ttl: 600
3600s (01:00:00)
252.202.209.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2014-05-30 16:02:38Z
signature inception: 2014-05-20 16:02:38Z
key tag: 29930
signer's name: 209.in-addr.arpa
signature:
(1024 bits)

1E3699371E597D474F6AB03202CF55A3
71CB3029860ED0CF7B2EF3DCA6308E12
6DFF42C4A0C15B6B657BE57FDF6B56A2
E55EEDB87491C98DD2FDB0FCC3288840
B9431DA8481E3B8C844706315C6D13FF
2473C901F0866EAD153AE8999B743588
7E06D1B8AC6B5301DFE06AD15A1E595E
627AFE0DB82907E802CD4200FA4BAB80

10800s (03:00:00)
252.202.209.in-addr.arpa IN NSEC
next domain name: 253.202.209.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
252.202.209.in-addr.arpa IN NS ns2.lycos.com 3600s (01:00:00)
252.202.209.in-addr.arpa IN NS ns1.lycos.com 3600s (01:00:00)

— end —

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s