Cabledude27
Premium
join:2001-12-23
Pennsville, NJ
| [scam] Weird email received -Spamming?
Weird pic |
I got this on my Yahoo mail addy. I have removed the other addresses listed and my own but left the from addy and the IP's as they arent mine. It's only has a string of weird words in the subject line and has jpeg attachment of a weird picture. There were about 50 addresses in the To field with a majority of them to bbc.uk.co addy's, second in number to yahoo.com and a few comcast.net addy's. The picture attachment was titled zabane_tasavir2.jpg. All scans come up clean with KAV, and MSAS, Spybot, and Adaware showing no flags on the file. Anyone have any ideas?
X-Apparently-To: xxxxxx@yahoo.com via 206.190.39.122; Sun, 04 Sep 2005 13:55:33 -0700
X-Originating-IP: [216.200.145.36]
Return-Path:
Authentication-Results: mta169.mail.dcn.yahoo.com from=ljah.com; domainkeys=neutral (no sig)
Received: from 216.200.145.36 (EHLO omta18.mta.everyone.net) (216.200.145.36) by mta169.mail.dcn.yahoo.com with SMTP; Sun, 04 Sep 2005 13:55:23 -0700
Received: from dm21.mta.everyone.net (bigiplb-dsnat [172.16.0.19]) by omta18.mta.everyone.net (Postfix) with ESMTP id 545C7401BD; Sun, 4 Sep 2005 13:55:22 -0700 (PDT)
X-Eon-Dm: dm21
Received: from mailweb29.everyone.net (172.16.0.19 [172.16.0.19]) by dm21.mta.everyone.net (EON-AUTHRELAY2) with ESMTP id dm21.4317aafb.19c53; Sun, 4 Sep 2005 13:55:22 -0700 (PDT)
X-Eon-Sig: AQJ7DtxDG186uT26SwIAAAAy,48042dcf43495138309f877be78e5555
Content-Type: multipart/mixed; boundary="----------=_1125867320-19633-0"
Content-Transfer-Encoding: binary
Mime-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Date: Sun, 4 Sep 2005 13:55:20 -0700 (PDT)
From: "saadate aadam" Add to Address BookAdd to Address Book
To:
Subject: (( Yeganeh nejat dahandeye mellate iran AghA Pro. Dr. Ebrahim Mirzaie raahbar )
Reply-to: saaleh11@ljah.com
X-Originating-Ip: [85.185.50.243]
Message-Id:
Content-Length: 151998
(( payame sazmane alame hagh va edalat be raahbarie Yeganeh nejat dahandeye mellate iran AghA Pro. Dr. Ebrahim Mirzaie raahbar ))
--
Your friendly neighborhood cabledude. |
|
clank
join:2005-07-04
spain | It looks like some type of islamic fundamentalist propaganda, send it to various federal agencies. |
|
garys_2k
join:2004-05-07
Farmington, MI | reply to Cabledude27
Reminds me of that pic with Sesame Street's Bert along side Osama. |
|
removed
It is your birthday.
Premium,VIP
join:2002-02-08
Houston, TX
clubs: | reply to Cabledude27
Wow, that is scary looking. |
|
iFractal
What?...ever
Premium
join:2002-12-04
1 edit | Most definitely. Is that a cut-out of the face (middle, right) of the Statue of Liberty? Almost looks like the Twin Towers are in there, as well...and many caricatures of our President.
*shudders* That thing is creepin' me out.  |
|
Sysadmin
NoBama
Premium,MVM
join:2000-07-07
Sacramento, CA | reply to Cabledude27
 That's some weird sh!t. |
|
Cabledude27
Premium
join:2001-12-23
Pennsville, NJ
| reply to Cabledude27
I did go online to the FBI tips and leads submission link and submitted the information on it. I doubt I'll hear anything back but it bothered me that much too. Very weird and very creepy. Checking on google for the subject line comes up with one or two hits for a ripecast link and another Arabic type thing.
I've seen alot of weird emails but nothing like that.
--
Your friendly neighborhood cabledude. |
|
iFractal
What?...ever
Premium
join:2002-12-04 | Glad you submitted it. I had to stop looking at that picture. The longer I looked at it, the more I saw - which made the bad vibes stronger by the second. |
|
clank
join:2005-07-04
spain | reply to Cabledude27
good going |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Cabledude27
This may or may not be valid, however it appears that you did not receive the text for the email. That picture has been circulated supposedly by a group of Iranian dissidents. They are complaining about the brutality of the Iranian government and asking for help. Here is the English version of the text that is usually included:
Subject: (( Yeganeh nejat dahandeye mellate iran AghA Pro. Dr. Ebrahim
Mirzaie raahbar ))
Reply-To: rahehedayat@ljah.com
X-Originating-Ip: [85.185.50.5]
Dear Madams and Sirs we, who are sending this informations for you, are a group of iranian so called dissidents. Our nation is being oppressed, tortured and murdered by a cruel regime of mollahs, which contempts human beings and destroys our lifes and the time of our life. Day by day they trample on our human rights, gives us disinformations or don´t give us informations at all. The ways which we have for getting informations or to spread them like internet becomes reduced constantly. More than one hundred persons of our organization ALAME HAGH VA EDALAT (The Banner of Right an Justice) were imprisoned and tortured. Even those who released or are outside of prison are persecuted by the cruel regime of the mollahs. Many of the members of ALAME HAGH VA EDALAT are refugees inside their own country. Because we don´t let take us in a special tendency of politics, religion or idelogy, but working for a world of life in dignity out of those outdated ideas and limits we are until now not supported from anybody. Because of our situation we couldn´t translate our informations into another language. For more informations please contact this e-mail adress: daftar11@yahoo.com.
Both this copy and the one listed in your copy(85.185.50.243)do show originating from an IP in Iran.
inetnum: 85.185.0.0 - 85.185.255.255
org: ORG-TCoI1-RIPE
netname: IR-DCC-20041125
descr: Telecommunication Company of Iran (TCI)
country: IR
admin-c: HA1537-RIPE
tech-c: SM4126-RIPE
tech-c: NKZ1-RIPE
tech-c: ZD144-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS12880-MNT
mnt-routes: AS12880-MNT
source: RIPE # Filtered
organisation: ORG-TCoI1-RIPE
org-name: Telecommunication Company of Iran (TCI)
org-type: LIR
address: No57.2, Sayeh St. , Vali-Asr Av.
address: 1967734136
address: Tehran
address: Iran, Islamic Republic of
phone: +98 21 2015073
fax-no: +98 21 2010197
e-mail: alipour@mail.dci.co.ir
e-mail: alipour@nisn.ir
admin-c: SM4126-RIPE
admin-c: HA1537-RIPE
mnt-ref: AS12880-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Hamid Alipour
address: Datacommunications Company of Iran
address: DCI
address: P.O.Box 16315-737.
address: Tehran
address: Iran
phone: +98 21 23932210
fax-no: +98 21 23932422
e-mail: alipour@mail.dci.co.ir
org: ORG-TCoI1-RIPE
nic-hdl: HA1537-RIPE
remarks: Please for any abuse report write to abuse@mail.dci.co.ir
mnt-by: AS12880-mnt
source: RIPE # Filtered
The email address in the text daftar11@yahoo.com, and is also listed in the lower left of the Pic. I assume the picture is a collage describing the treatment they are subjected by the Mollahs. A search of the email yields further postings who claims to be in Iran also.:
»www.google.com/search?hl=en&q=da···ahoo.com
I did not go so far as to look for a babelfish Farsi (sp)translation, however, one English post is interesting:
»www.radicalparty.org/iran/index.···&catid=1
Again, I don't know how valid this is, but it may explain the context of the Pic.
MGD |
|
Cabledude27
Premium
join:2001-12-23
Pennsville, NJ
| reply to Cabledude27
Thanks MGD for digging into this I appreciate it and it does shed some light, nothing from the feds, but again didnt expect anything from them. I'll post something if I do hear from them.
--
Your friendly neighborhood cabledude. |
|
