The previous scam site, thepapersale.tumblr.com, was killed by Tumblr. Now he's moved his scam to cheapessays.tumblr.com.
He's using the email address canthandlethisx@gmail.com now. Here's the message text.
hey before we hook up can you do me a favor? i need this essay for class but my paypal doesnt work. i just need proof you bought it like a receipt or a paragraph then we can meet up. let me know if you can do that for me . the essay is $37 but if you can afford it, you can buy all 5 for $55. the link to the essays is below, id prefer the path to human morality essay or all of them if you can.
CheapEssays - Affordable Essays starting at $37.99
Thursday, April 29, 2010
Wednesday, April 28, 2010
Another Scam Site
http://thepapersale.tumblr.com/
Lately he has been setting up these scam sites on Tumblr. If you find one of them, just email support@tumblr.com and notify them of it and they will take down the site.
Also, it would be a good idea for you to notify PayPal that he is using his PayPal account for this scam.
Lately he has been setting up these scam sites on Tumblr. If you find one of them, just email support@tumblr.com and notify them of it and they will take down the site.
Also, it would be a good idea for you to notify PayPal that he is using his PayPal account for this scam.
Tuesday, April 27, 2010
Another Sample Scam Message
X-Apparently-To: ***@***.*** via 98.136.183.59; Tue, 27 Apr 2010 08:43:10 -0700
Return-Path:
X-YMailISG: cVAMjI4WLDuspuaNkcTVxr6y8gIw9nhO5GZonIdO6JoxyAodHlwPtJHr.LKhnylIILpb4ZD3ZsvOqLQyHqeKyjBRQmOpKBZBBR6Mrr_uBA5kWVieXIsNi4Gs5P_FOVi4C729ky7yaBNlJlu9UxOChK.cEWSTZMJWKNHZG_D54lWU9.KQZhabrEZC8y1QkAEW8rMr6cUwqGK_Tbk5Sm4PLJj6RNpch1wLK0GBPKeRwrQ.G4Rf.1ZhYPtQt.XfEVp4RnVR8tXHU8GzFQLWnPFAaHR91e6TunlpkLFiIeQ4
X-Originating-IP: [93.190.137.170]
Authentication-Results: mta1047.mail.sp2.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO global.underhostnetworks.com) (93.190.137.170) by mta1047.mail.sp2.yahoo.com with SMTP; Tue, 27 Apr 2010 08:43:09 -0700
Received: from hostedre by global.underhostnetworks.com with local (Exim 4.69) (envelope-from) id 1O6mwA-0001Z8-LG for ***@***.com; Tue, 27 Apr 2010 17:43:02 +0200
To: *** <***@***.***>
Subject:
Date: Tue, 27 Apr 2010 17:43:02 +0200
From: oLUSHiZo olushizo@gmail.com
Message-ID: <0d80dd0dc49884408b4919c4997a13e2@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.0 rc3]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b1_0d80dd0dc49884408b4919c4997a13e2"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - global.underhostnetworks.com
X-AntiAbuse: Original Domain - ***
X-AntiAbuse: Originator/Caller UID/GID - [641 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - global.underhostnetworks.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php -q /home/hostedre/public_html/gmail/autoresponder.php
X-Source-Dir: hostedreplies.com:/public_html/gmail
Content-Length: 1116723
.
hey ***, i need a favor before we meet up. the only way i'll meet up with you is if you purchase one of the papers below and send me proof you bought it. you can send me a sample of the essay, then can meet up somewhere public and get to know each other then head somewhere private like my place or yours. i need this essay for class and its really important. without it, i cant play. whats in it for you? a friend with certain benefits. no one bought it yet so you still have time to send me proof. dont offer me cash or to meet up in person first, i need someone who has paypal and i want proof first.
EssaysForSale // Affordable Essays Starting at $37.99!
let me sum it up, buy one of the essays, i'd prefer the path to human morality one or ALL of them would be great if you can afford it =). send me a sample of the essay or the receipt, we go somewhere public for a little bit to talk then head somewhere private, we have our fun, then after we have our fun, you send me the full essay. if your performance is good the first time, we can meet up again without any essay purchasing lol.
Return-Path:
X-YMailISG: cVAMjI4WLDuspuaNkcTVxr6y8gIw9nhO5GZonIdO6JoxyAodHlwPtJHr.LKhnylIILpb4ZD3ZsvOqLQyHqeKyjBRQmOpKBZBBR6Mrr_uBA5kWVieXIsNi4Gs5P_FOVi4C729ky7yaBNlJlu9UxOChK.cEWSTZMJWKNHZG_D54lWU9.KQZhabrEZC8y1QkAEW8rMr6cUwqGK_Tbk5Sm4PLJj6RNpch1wLK0GBPKeRwrQ.G4Rf.1ZhYPtQt.XfEVp4RnVR8tXHU8GzFQLWnPFAaHR91e6TunlpkLFiIeQ4
X-Originating-IP: [93.190.137.170]
Authentication-Results: mta1047.mail.sp2.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO global.underhostnetworks.com) (93.190.137.170) by mta1047.mail.sp2.yahoo.com with SMTP; Tue, 27 Apr 2010 08:43:09 -0700
Received: from hostedre by global.underhostnetworks.com with local (Exim 4.69) (envelope-from
To: *** <***@***.***>
Subject:
Date: Tue, 27 Apr 2010 17:43:02 +0200
From: oLUSHiZo
Message-ID: <0d80dd0dc49884408b4919c4997a13e2@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.0 rc3]
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b1_0d80dd0dc49884408b4919c4997a13e2"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - global.underhostnetworks.com
X-AntiAbuse: Original Domain - ***
X-AntiAbuse: Originator/Caller UID/GID - [641 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - global.underhostnetworks.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php -q /home/hostedre/public_html/gmail/autoresponder.php
X-Source-Dir: hostedreplies.com:/public_html/gmail
Content-Length: 1116723
.
hey ***, i need a favor before we meet up. the only way i'll meet up with you is if you purchase one of the papers below and send me proof you bought it. you can send me a sample of the essay, then can meet up somewhere public and get to know each other then head somewhere private like my place or yours. i need this essay for class and its really important. without it, i cant play. whats in it for you? a friend with certain benefits. no one bought it yet so you still have time to send me proof. dont offer me cash or to meet up in person first, i need someone who has paypal and i want proof first.
EssaysForSale // Affordable Essays Starting at $37.99!
let me sum it up, buy one of the essays, i'd prefer the path to human morality one or ALL of them would be great if you can afford it =). send me a sample of the essay or the receipt, we go somewhere public for a little bit to talk then head somewhere private, we have our fun, then after we have our fun, you send me the full essay. if your performance is good the first time, we can meet up again without any essay purchasing lol.
Friday, April 16, 2010
Website Registration Data
I'm guessing the registration data for his websites contains phone numbers and addresses of his relatives. When I asked him about this he seemed to get defensive and quickly changed the subject.
Monday, April 5, 2010
Morality Term Papers Scam
This first post sums up much of what can be found at aa419.org.
The human morality essay scam has been operating on Craigslist lately. It involves someone claiming to be a girl named Lauren who promises to meet up with a man if he first purchases a term paper for her on a website.
The response that you get when you reply to one of these ads is automatically generated, and it contains a link to humanmoralityresearch.net, which automatically redirects you to moralitytermpapers.org, where you are supposed to purchase an essay for the girl. This morality term papers scam site was previously hosted at moralitytermpapers.com. It appears to be a legitimate site that sells research papers, but it can easily be shown that it is part of a scam operation. First of all there are the ads and the replies that you get when you respond to the ads:
http://newyork.craigslist.org/lgi/cas/1670414965.html
http://newyork.craigslist.org/brk/cas/1670384594.html
http://newyork.craigslist.org/brx/cas/1666772100.html
http://newyork.craigslist.org/que/cas/1676532325.html
http://newyork.craigslist.org/brk/cas/1676528002.html
http://newyork.craigslist.org/mnh/cas/1666164354.html
http://newyork.craigslist.org/mnh/cas/1676526148.html
Here is a typical response:
Delivered-To: xxxxxx@gmail.com
Received: by 10.229.11.144 with SMTP id t16cs24810qct;
Fri, 26 Mar 2010 21:45:27 -0700 (PDT)
Received: by 10.223.143.21 with SMTP id s21mr1839835fau.51.1269665125338;
Fri, 26 Mar 2010 21:45:25 -0700 (PDT)
Return-Path:
Received: from servernl2.wrzhost.com ([217.23.6.58])
by mx.google.com with ESMTP id 8si3916588fxm.25.2010.03.26.21.45.24;
Fri, 26 Mar 2010 21:45:25 -0700 (PDT)
Received-SPF: neutral (google.com: 217.23.6.58 is neither permitted nor denied by best guess record for domain of gmaildel@servernl2.wrzhost.com) client-ip=217.23.6.58;
Authentication-Results: mx.google.com; spf=neutral (google.com: 217.23.6.58 is neither permitted nor denied by best guess record for domain of gmaildel@servernl2.wrzhost.com) smtp.mail=gmaildel@servernl2.wrzhost.com
Received: from gmaildel by servernl2.wrzhost.com with local (Exim 4.69)
(envelope-from)
id 1NvNti-0006Pu-PQ
for xxxxxx@gmail.com; Sat, 27 Mar 2010 05:45:22 +0100
To: xxx xxx
Subject: RE: i need a quick favor before we meet up ..
Date: Sat, 27 Mar 2010 05:45:22 +0100
From: ohsoolushiz
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.0 rc3]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_ad0e611dad3cf962d937e5e9e70d8247"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - servernl2.wrzhost.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [622 622] / [47 12]
X-AntiAbuse: Sender Address Domain - servernl2.wrzhost.com
--b1_ad0e611dad3cf962d937e5e9e70d8247
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: 8bit
hey xxx, i need a quick favor first before we meet up - hope you can handle it. if your the first guy to send me the one of the essaya or all below or proof that you have it, we can meet at a public place and then to my apartment. im a psych major and i need it for the spring quarter. whats in it for you? a friend with a lot of benefits ;] except for financial ones [obviously]. dont bother to ask me to meet up first THEN buy it or offer me cash, you`ll just get blocked. no one has pulled through yet, so let me know if your down. <p></p>
<p><a href="http://www.humanmoralityresearch.net/" target="_blank">Morality Term Papers - Your Source for Affordable Morality Papers!</a></p>
<p>so let me outline this for you just in case i didnt make it clear enough. you buy one of the essays (doesnt matter which one), forward me the paypal receipt or a paragraph, i verify that the proof is legit, we meet up somewhere public, get to know eachother, head somewhere private, do what i do best ;], i go home expecting the FULL essay in my inbox, then done. if your good, then we will repeat steps 6-7. email the proof to ohsoolushiz+proof@gmail.com, first come first serve!
Next, when you search the Web for "moralitytermpapers.com" and "humanmoralityresearch.net", you get some interesting results. When you do this search on Google:
site:moralitytermpapers.com
you see in the search results this item
http://moralitytermpapers.com/gmail/template1.txt
This page is no longer accessible so you cannot see it when you click on the link. But you can see the CACHED copy of the page, and you can see that it is the template used for automatically generating the email messages used for the fraud.
When you search for this on Google:
"humanmoralityresearch.net"
one of the results is this:
gmaildelayedreply.net/gmail/template1.txt
Which is the same template. Also, you can use Google's cache to view this file and some of the other files used for the human morality research scam. The scammer moved this part of his operation to this server hosted by WRZHost to make it harder for people to find him and also to provide a ridiculous legal excuse for his activities. He claims that he is only trying to direct traffic to the term papers site. Ha!
The morality term papers scam is not new. It has been in operation off and on since at least late 2009. This scam was operating on different Web sites that were shut down once the hosting services were contacted. It operated on
http://moralitytermpapers.tumblr.com (a blog on tumblr.com)
http://www.moralityresearchpapers.org/ (hosted by my365host.com)
http://freeshizznet.com (hosted by hostgator.com)
and different email addresses were used instead of ohsoolushiz@gmail.com and ohsoolushiz+proof@gmail.com The ones that I know of are
therealaznsensationx@gmail.com
therealaznsensationx+proof@gmail.com
lushizlaurenx@gmail.com
lushizlaurenx+proof@gmail.com
lushiizlaurenx@gmail.com
lushiizlaurenx+proof@gmail.com
lushizxlauren@gmail.com
lushizxlauren+proof@gmail.com
laurenizseductive@gmail.com
laurenizseductive+proof@gmail.com
laurenizseductivex@gmail.com
laurenizseductivex+proof@gmail.com
hotteztxchick+proof@gmail.com
hotteztxchick@gmail.com
Also, this person used a myspace profile to try to convice people that he was actually this girl Lauren:
http://www.myspace.com/laurenizseductive
The human morality essay scam has been operating on Craigslist lately. It involves someone claiming to be a girl named Lauren who promises to meet up with a man if he first purchases a term paper for her on a website.
The response that you get when you reply to one of these ads is automatically generated, and it contains a link to humanmoralityresearch.net, which automatically redirects you to moralitytermpapers.org, where you are supposed to purchase an essay for the girl. This morality term papers scam site was previously hosted at moralitytermpapers.com. It appears to be a legitimate site that sells research papers, but it can easily be shown that it is part of a scam operation. First of all there are the ads and the replies that you get when you respond to the ads:
http://newyork.craigslist.org/lgi/cas/1670414965.html
http://newyork.craigslist.org/brk/cas/1670384594.html
http://newyork.craigslist.org/brx/cas/1666772100.html
http://newyork.craigslist.org/que/cas/1676532325.html
http://newyork.craigslist.org/brk/cas/1676528002.html
http://newyork.craigslist.org/mnh/cas/1666164354.html
http://newyork.craigslist.org/mnh/cas/1676526148.html
Here is a typical response:
Delivered-To: xxxxxx@gmail.com
Received: by 10.229.11.144 with SMTP id t16cs24810qct;
Fri, 26 Mar 2010 21:45:27 -0700 (PDT)
Received: by 10.223.143.21 with SMTP id s21mr1839835fau.51.1269665125338;
Fri, 26 Mar 2010 21:45:25 -0700 (PDT)
Return-Path:
Received: from servernl2.wrzhost.com ([217.23.6.58])
by mx.google.com with ESMTP id 8si3916588fxm.25.2010.03.26.21.45.24;
Fri, 26 Mar 2010 21:45:25 -0700 (PDT)
Received-SPF: neutral (google.com: 217.23.6.58 is neither permitted nor denied by best guess record for domain of gmaildel@servernl2.wrzhost.com) client-ip=217.23.6.58;
Authentication-Results: mx.google.com; spf=neutral (google.com: 217.23.6.58 is neither permitted nor denied by best guess record for domain of gmaildel@servernl2.wrzhost.com) smtp.mail=gmaildel@servernl2.wrzhost.com
Received: from gmaildel by servernl2.wrzhost.com with local (Exim 4.69)
(envelope-from
id 1NvNti-0006Pu-PQ
for xxxxxx@gmail.com; Sat, 27 Mar 2010 05:45:22 +0100
To: xxx xxx
Subject: RE: i need a quick favor before we meet up ..
Date: Sat, 27 Mar 2010 05:45:22 +0100
From: ohsoolushiz
Message-ID:
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.0 rc3]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_ad0e611dad3cf962d937e5e9e70d8247"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - servernl2.wrzhost.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [622 622] / [47 12]
X-AntiAbuse: Sender Address Domain - servernl2.wrzhost.com
--b1_ad0e611dad3cf962d937e5e9e70d8247
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: 8bit
hey xxx, i need a quick favor first before we meet up - hope you can handle it. if your the first guy to send me the one of the essaya or all below or proof that you have it, we can meet at a public place and then to my apartment. im a psych major and i need it for the spring quarter. whats in it for you? a friend with a lot of benefits ;] except for financial ones [obviously]. dont bother to ask me to meet up first THEN buy it or offer me cash, you`ll just get blocked. no one has pulled through yet, so let me know if your down. <p></p>
<p><a href="http://www.humanmoralityresearch.net/" target="_blank">Morality Term Papers - Your Source for Affordable Morality Papers!</a></p>
<p>so let me outline this for you just in case i didnt make it clear enough. you buy one of the essays (doesnt matter which one), forward me the paypal receipt or a paragraph, i verify that the proof is legit, we meet up somewhere public, get to know eachother, head somewhere private, do what i do best ;], i go home expecting the FULL essay in my inbox, then done. if your good, then we will repeat steps 6-7. email the proof to ohsoolushiz+proof@gmail.com, first come first serve!
Next, when you search the Web for "moralitytermpapers.com" and "humanmoralityresearch.net", you get some interesting results. When you do this search on Google:
site:moralitytermpapers.com
you see in the search results this item
http://moralitytermpapers.com/gmail/template1.txt
This page is no longer accessible so you cannot see it when you click on the link. But you can see the CACHED copy of the page, and you can see that it is the template used for automatically generating the email messages used for the fraud.
When you search for this on Google:
"humanmoralityresearch.net"
one of the results is this:
gmaildelayedreply.net/gmail/template1.txt
Which is the same template. Also, you can use Google's cache to view this file and some of the other files used for the human morality research scam. The scammer moved this part of his operation to this server hosted by WRZHost to make it harder for people to find him and also to provide a ridiculous legal excuse for his activities. He claims that he is only trying to direct traffic to the term papers site. Ha!
The morality term papers scam is not new. It has been in operation off and on since at least late 2009. This scam was operating on different Web sites that were shut down once the hosting services were contacted. It operated on
http://moralitytermpapers.tumblr.com (a blog on tumblr.com)
http://www.moralityresearchpapers.org/ (hosted by my365host.com)
http://freeshizznet.com (hosted by hostgator.com)
and different email addresses were used instead of ohsoolushiz@gmail.com and ohsoolushiz+proof@gmail.com The ones that I know of are
therealaznsensationx@gmail.com
therealaznsensationx+proof@gmail.com
lushizlaurenx@gmail.com
lushizlaurenx+proof@gmail.com
lushiizlaurenx@gmail.com
lushiizlaurenx+proof@gmail.com
lushizxlauren@gmail.com
lushizxlauren+proof@gmail.com
laurenizseductive@gmail.com
laurenizseductive+proof@gmail.com
laurenizseductivex@gmail.com
laurenizseductivex+proof@gmail.com
hotteztxchick+proof@gmail.com
hotteztxchick@gmail.com
Also, this person used a myspace profile to try to convice people that he was actually this girl Lauren:
http://www.myspace.com/laurenizseductive
Subscribe to:
Posts (Atom)