Stolen WHMCS DB Spammers - name and shame

[Peter M Dodge]

New spammer, out of SoftLayer. My abuse dept already reported them but you should as well if you got it.

 

Email follows:

 

Return-path: <demo@onliveinfotech.co.in>

Envelope-to: billing@vtelectronics.net

Delivery-date: Tue, 29 May 2012 01:18:54 -0400

Received: from 50.97.184.171-static.reverse.softlayer.com ([50.97.184.171]:55356 helo=datamoneyservices.com)

by viridian01.vtelectronics.net with esmtps (TLSv1:AES256-SHA:256)

(Exim 4.77)

(envelope-from <demo@onliveinfotech.co.in>)

id 1SZEoh-00057z-Nr

for billing@vtelectronics.net; Tue, 29 May 2012 01:18:54 -0400

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=onliveinfotech.co.in;

h=Received:To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:X-Mailer-LID:List-Unsubscribe:X-Mailer-RecptId:X-Mailer-SID:X-Mailer-Sent-By:Content-Type:Content-Transfer-Encoding;

b=GfNM4Dek08lhuHuk+FSqqiM9E4cE7r19sLQELZ/AC83LWSSdG5dGFJjbNs2qN3M26GVOhtld6+rRJ9wGOaxlJM8asCDUnGT3KV2HN3nz9BT2eSrVU4T**h4VnxFok4aP;

Received: from onlive by datamoneyservices.com with local (Exim 4.69)

(envelope-from <demo@onliveinfotech.co.in>)

id 1SZElK-00030d-Va

for billing@vtelectronics.net; Tue, 29 May 2012 01:14:30 -0400

To: billing@vtelectronics.net

Subject: Web Hosting Talk

Message-ID: <447e3a30fb9cb99bb2f1488bfd7fa257@onliveinfotech.co.in>

Date: Tue, 29 May 2012 01:00:19 -0400

From: "onliveinfotech" <demo@onliveinfotech.co.in>

Reply-To: demo@onliveinfotech.co.in

MIME-Version: 1.0

X-Mailer-LID: 266

List-Unsubscribe: <http://onliveinfotech.co.in/unsubscribe.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&L=266&N=307>

X-Mailer-RecptId: 5305425

X-Mailer-SID: 307

X-Mailer-Sent-By: 28

Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_ba588e2548a4209132c270b3d027952e"

Content-Transfer-Encoding: 8bit

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - datamoneyservices.com

X-AntiAbuse: Original Domain - vtelectronics.net

X-AntiAbuse: Originator/Caller UID/GID - [517 514] / [47 12]

X-AntiAbuse: Sender Address Domain - onliveinfotech.co.in

X-Spam-Status: No, score=2.6

X-Spam-Score: 26

X-Spam-Bar: ++

X-Ham-Report: Spam detection software, running on the system "viridian01.vtelectronics.net", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

no for details.

 

Content preview: http://onliveinfotech.co.in/unsubscribe.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&L=266&N=307Your

email client cannot read this email. To view it online, please go here: http://onliveinfotech.co.in/display.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&S=307&L=266&N=157

[...]

 

Content analysis details: (2.6 points, 5.0 required)

 

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist

[uRIs: onliveinfotech.co.in]

0.0 HTML_MESSAGE BODY: HTML included in message

1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 KHOP_DYNAMIC Relay looks like a dynamic address

X-Spam-Flag: NO

 

--b1_ba588e2548a4209132c270b3d027952e

Content-Type: text/plain; format=flowed; charset="UTF-8"

Content-Transfer-Encoding: 8bit

 

http://onliveinfotech.co.in/unsubscribe.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&L=266&N=307Your

email client cannot read this email.

To view it online, please go here:

http://onliveinfotech.co.in/display.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&S=307&L=266&N=157

 

 

To stop receiving these

emails:http://onliveinfotech.co.in/unsubscribe.php?M=5305425&C=22f29e0563870c496e3ea4a617c67ad3&L=266&N=307

 

--b1_ba588e2548a4209132c270b3d027952e

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: 8bit

 

<html><head></head><body><pre><span style="font-size: medium;">Dear

Friends,

 

Just add your host,</span><br /><span style="font-size: medium;">Discuss

about new hosting, Hosting software and all about web hosting issue.

<br />Find more about Hosting at

 

<a class="moz-txt-link-freetext"

href="http://onliveinfotech.co.in/link.php?M=5305425&N=307&L=125&F=H">http://www.HostingTalk.in</a>

 

Hosting Talk

</span></pre><img

src="http://onliveinfotech.co.in/open.php?M=5305425&L=266&N=307&F=H&image=.jpg"

height="1" width="10"></body></html>

 

--b1_ba588e2548a4209132c270b3d027952e--

[HSc]

Here's one I just got yesterday. They called today to follow up.

 

I challenged Sonia on where they obtained my info and was told from a list they "obtained". I informed her their list was from a hacked source based on the Email it was sent to which is unique.

 

Also, these scumbags (allegedly) use WHMCS so I hope Matt takes whatever appropriate action he deems necessary. I have sent a full, uncensored copy of this with full mail headers to WHMCS Support via a ticket.

 

Their EMAIL:

 

 

FROM: Sonia Sahi <sonia@amanah.com>, <no-reply@salesforce.com>

SUBJECT: Ideas to eliminate bandwidth overage.

 

Hi XXXX,

 

I understand your company provides web hosting services and I also understand you’re always looking to increase performance of your business.

 

We help businesses deliver faster performance and eliminate overages by offering proximity hosting with unlimited bandwidth to XXXX based providers, like you. As well as off-site backup services.

 

I’ll give you a call this week to discuss what we can do for you.

 

Talk to you soon.

 

For more information visit our website http://www.amanah.com

 

Sonia Sahi

Account Manager

Amanah Tech Inc.

341-151 Front Street West, Toronto, Canada

Tel +1 416 603 9825 X1 | http://www.amanah.com

Go Unmetered - Save on Bandwidth

[xboss]

My phone has been ringing off the hook with a ton of new numbers, almost entirely business to business calls in regards to hosting add-ons, billing systems and security - and my info was NOT leaked. I think there is just some clever marketing people out there.

 

How do we knwo if our info got out or not. Didnt everybodys whmcs info get out?

[daz29]

How do we knwo if our info got out or not. Didnt everybodys whmcs info get out?

 

From what I understand, the whole database is out there, therefore - everyone's information would be included - another reason why I tend to stick to using PayPal for everything I purchase from online,

[easyhosting]

My phone has been ringing off the hook with a ton of new numbers, almost entirely business to business calls in regards to hosting add-ons, billing systems and security - and my info was NOT leaked. I think there is just some clever marketing people out there.

 

we use a number from flextel (free) for our business that directs to our phone/mobile, so if we get any of these constantly we just disable the number and get a new number

[4modules]

http://4modules.com/ WHMCS DB SPAMMER, send spam on my whmcs site.

 

im the owner of 4modules.com

 

i dont use any stolen database

 

we have open a ticket in your website of the date 03/06/2013

this is a screenshot

 

http://img577.imageshack.us/img577/6083/b72s.png

 

we dont use illegal method