go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



Be on the lookout, forms now leading to trust web sites for fake web sites

I know it has been awhile since the blog has been touched. I really need to get back in to blogging, and news notes will prove it.

This time, I want to highlight yet another email I got through my contact form over on the main network’s web site, jaredrimer.net.

This contact form is quite interesting as it leads to trust web sites, one of which caught my attention. Reading the email on my phone, I clicked on the second link from within this form because I was curious. The first link I checked out via the computer on my main connection, and the profile was removed. It leads to this page: Action We Take which has a heading on fake reviews.

You may also want to check out this wikipedia page on Country code top-level domain to learn more. Here is the form.


Below is the result of your feedback form. It was submitted by () on Monday, February 15, 2021 at 17:01:54

Name: Mattie
phone: 445 1406
contact_method: both E-mail and phone
bug: no
additional_bug_info: The best fake id maker in the market for over 15 years

read our reviews and testimonials
https://www.trustpilot.com/review/idgod.ch
https://scamadviser.com/check-website/idgod.ch
https://www.sitejabber.com/online-business-review?url=idgod.ch

comment_or_question: The best fake id maker in the market for over 15 years

read our reviews and testimonials
https://www.trustpilot.com/review/idgod.ch
https://scamadviser.com/check-website/idgod.ch
https://www.sitejabber.com/online-business-review?url=idgod.ch


HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 172.94.125.11


According to the IP lookup at abuse IP database it is belonging to purevpn with the company of Secure Internet LLC. It is a Data Center/Web Hosting/Transit . The country is Germany. I’m the first reporter of the IP. As I said, I looked at the first two links and the site in question for fake ID’s is just outright wrong. I would’ve never done this anyhow, but this is just another tactic for people to get you to go over to their site.

Site Jabber looks to only allow people to review, and I went to the site carefully to see what it was about. ID God looks like it has a lot of info about what you should do so they can do their job. So far, from the scam advisor, I’d recomend people to read that since thats all we’ve got.

This is only going to get more interesting.

Comments (0)

White Cane Travel expiring tomorrow? Nobody called me to tell me about it!

I just love these types of forms. In the following example of things really to watch for, I’m going to show you a little bit of information about when my web site white cane travel expires. According to the form, it is to expire later on tonight if no payment for registration is made. I checked with a registration database and it expires in March, which means, I’ll be billed at some point next month. Have you seen anything like this before? Here’s the post for you to see.



I love these types of forms. First of all, its the 22nd of January as I am seeing the following form, and my domain is still active. The registration expiration date for the domain is 2021-03-06 which is March of this year. I’ll be billed next month at some point to renew the domain. This guy didn’t even get anything right as domains just don’t get expired due to non-payment. I have a valid telephone number in the who is directory, which we’ve talked about on the Security Box. I believe it is all hidden now from most people, but I have contact info on the site for those who need it. Check out this contact form i just received on January 22, 2021 as it was sent last night. What fun!


Below is the result of your feedback form. It was submitted by () on Thursday, January 21, 2021 at 21:32:37

name: Joe Miller
phone: +1542384593234
method: Phone
to: Jared Rimer
bug: No
additional_bug_info: Notice#: 491343
Date: 21 Jan 2021

YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY!

YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED WITHIN 24 HOURS

We have not received your payment for the renewal of your domain whitecanetravel.com

We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain whitecanetravel.com

CLICK HERE FOR SECURE ONLINE PAYMENT: hxxps://domainregister.ga

IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED

CLICK HERE FOR SECURE ONLINE PAYMENT: https://domainregister.ga

ACT IMMEDIATELY.

The submission notification whitecanetravel.com will EXPIRE WITHIN 24 HOURS after reception of this email.
comment_or_question: Notice#: 491343
Date: 21 Jan 2021

YOUR IMMEDIATE ATTENTION TO THIS MESSAGE IS ABSOLUTELY NECESSARY!

YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED WITHIN 24 HOURS

We have not received your payment for the renewal of your domain whitecanetravel.com

We have made several attempts to reach you by phone, to inform you regarding the TERMINATION of your domain whitecanetravel.com

CLICK HERE FOR SECURE ONLINE PAYMENT: htxxs://domainregister.ga

IF WE DO NOT RECEIVE YOUR PAYMENT WITHIN 24 HOURS, YOUR DOMAIN whitecanetravel.com WILL BE TERMINATED

CLICK HERE FOR SECURE ONLINE PAYMENT: hxxps://domainregister.ga

ACT IMMEDIATELY.

The submission notification whitecanetravel.com will EXPIRE WITHIN 24 HOURS after reception of this email.

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/87.0.4280.141 Safari/537.36
REMOTE_ADDR: 158.51.121.225


The IP: 158.51.121.225 is a data hosting transit IP according to a site I use and found called abuse IP database. I’ll talk about it in a future podcast of some sort.

According to the records, the IP belongs to GlobalTelehost Corp. . the domain listed is gthost.com . They show it in Canada. The IP was reported 20 times with a 32 percent rate of it being spam.

Comments (0)

January Ouch is now available from Sans

I’m going through email and Ouch from Sans is here talking about Securing WIFI. Lots of us are on WIFI, so read the newsletter for this month and see if anything is needing to be done for you.

Comments (0)

Security post-mortem report: CustomTumblers.us

The following report has been submitted to my main live journal, the journal to the blog and this blog. The network wants to be transparent in the security of our sites, and we were made of a potential issue which turns out to be a false report, but one which we looked in to. Below, please find the report, and please contact the network with further questions using the contact information at the end of the report.


On December 21, 2020: an email caught my attention that sounded a little alarming.

The email said:

Hi Jared. Can you please check and make sure I have a valid certificate for customtumblers.us.

I signed up for a free thing that can help me with things to know on my website and it says I don’t. It says I have no valid security certificate. I don’t know how to look.

Thank you

I’ve removed the name of the customer to protect their identity, and I promptly responded to the customer. I advised them that certificates for the domain in question were installed, how to access the area in question, told them to take a look and have them report back to me.

At 8:40 am, I got the following question:

Ok thank you. Are you also saying they are installed?

The short answer is yes. The control panel in question looks for new domains and gets what is called a domain validated certificate and installs that. At 10:01, the customer wrote:

It’s there.  I’ll write back to the company and see what they say.  Weird!

There was a little more discussion with a question on who the provider was that was recently installed. Earlier this afternoon, I was advised that the provider service is DIIB which has services for search engine optimization, web site analysis, works with over 100 different platforms including wordpress, shopify, and more as well as a scanner to scan web sites for security alerts. It looks to have a free plan for one site, but the professional plan is $30 and allows you to have 30 web sites monitored.

In no way is the Jared Rimer Network blaming DIIB for this mistake, I bet it can happen to anyone. I’m hoping that the issue will be promptly resolved and that the network and this web site and other sites that belong to it are as covered as they can be in today’s environment.

Should you have any questions about any of the sites, please go to the Jared Rimer Network web site and fill out a form and ask questions.

While the report given by the provider here was negative, I bet this isn’t the first one, and it won’t be the last. I’m glad that the customer here reached out to verify things were as secure as possible, just in case.

This domain did have some issues to start with, but were resolved within a week after being created. We set up the account July 24th of this year. The Jared Rimer Network does not believe the account is in any jeopardy.

Contact:
Jared Rimer
The Jared Rimer Network
Contact: 804-442-6975 for voice and text
Email: Please use the contact form on the web site
imessage: please use the tech address for the tech podcast tech at menvi.org (remove spaces and add appropriate punctuation)

Comments (0)

Here we go with another fakery of scare tactic

I saw the following on my phone yesterday. These types of emails I’ve seen before, and I’m still here. They’re trying to scare you in to paying moneyy and as far as I’m concerned, this network is safe.

On top of this, they fill out both portions of the form with the same thing, and my web site has been stable since I fixed all the bugs after developing it in 2008.


Below is the result of your feedback form. It was submitted by () on Tuesday, November 24, 2020 at 21:50:32
—————————————————————————
Name: JimmyCom
phone: 86266635738
contact_method: phone
bug: no
additional_bug_info: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
comment_or_question: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
submit: Submit comment or question to the Jared Rimer Network
—————————————————————————

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
REMOTE_ADDR: 188.126.94.179


The IP belongs to an ISP, why are ISP’s allowing things like this to look like they’re coming from them? This is a data center web transit IP, one that should not be visiting any web site. I’ve seen and reported many of these through an abuse web page that tracks these types of things.

According to the reports, it has been reported 92 times and a 100 percent spam risk. So, what is going to happen next? I can surely block the range of IP on my domain, but that isn’t going to solve anything. ISP’s should not be allowed to have their networks being used like this. Take a look at this, and let’s come up with a solution we can present somewhere to fix this. This aught to get interesting.

Comments (0)

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Malware can easily exploit the feature and send people’s data directly to remote servers, posing a massive privacy and security risk, researchers said.

Source: Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

This is the beginning of a very interesting article. Still need to see what Herbie sent me, and I retweeted this at him. This threat post article covers this very dangerous behavior, and boy, apple is getting slammed for this and I can see why. Let the comments begin on this Apple recent development.

Comments (0)

Look alike domain webinar

Hello folks, I had the pleasure of attending the look alike domain webinar that was hosted by Phishlabs. It was very interesting, and definitely covered quite a bit. As they indicated, not all attacks are going to have look like domains or domains that might mimic your web site or brand.

One of these that didn’t mimic anything except copyright per see was the email host security domain that I talked about last Friday in this blog post titled: Just saw the best email ever … in my inbox … domain is relatively new which talks about this in a spam email through my forms. Just to give you an update on that case, it looks like now that the domain is still registered but shows a blank page. I don’t know what was done, but I do know that the domain is still existing. According to the icann who is look up web page it is still registered and had pointed where I saw it through Ultrahost.

According to the webinar, this type of thing can be used to keep tabs on domains, although I think the presenter forgot that the who is directory doesn’t seem to show anything anymore on address, phone number, and the like. I’ve tested that on my domain and on one I have a who is protection on.

There was a lot more, and I know that they’ll provide a recording. Maybe at some point, I’ll record it and present it on a podcast. Thanks for reading, and we’ll chat soon!

Comments (0)

Just saw the best email ever … in my inbox … domain is relatively new

So I decided to have a little bit of fun today. I got the following email through jaredrimer.net’s contact form.


Below is the result of your feedback form. It was submitted by () on Friday, November 06, 2020 at 10:00:57

Name: WalterGlype
phone: 81976922431
contact_method: both E-mail and phone
bug: no
additional_bug_info: Unusual login details

Country / region: Lagos, Nigeria

IP address: 41.73.224.0

Platform: Windows 10

Browser: Chrome

Click here to check for more detailed activities. http://emailhostsecurity.com/?page_id=26

Failure to update might lead to permanent deactivation of your email account.It looks like they have privacy turned on based on my lookup, because it doesn’t even list a company.


The creation date was November 4, 2020 UTC. It expires in three years. There is a little bit more information listed like where it is pointing, and who registered the domain I.E. Enom, Godaddy, etc. but I am not interested in sharing all of what is listed publicly, you can look that up on your own. I just thought this was quite interesting, a domain claiming to be a host security domain blatently asking for email address and password, and nothing on its web site on who they were. Quite interesting.
comment_or_question: Unusual login details

Country / region: Lagos, Nigeria

IP address: 41.73.224.0

Platform: Windows 10

Browser: Chrome

Click here to check for more detailed activities. http://emailhostsecurity.com/?page_id=26

Failure to update might lead to permanent deactivation of your email account.

submit: Submit comment or question to the Jared Rimer Network

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51
REMOTE_ADDR: 143.244.38.159


When I went to the URL base domain, the page looks to have an image. Nothing more. It also has a supposed copyright C pannel that is linked. When I went to the address in this email, it asked for an email address and a password.

I just decided to have a little fun. I gave them an email address all right, and I even gave them a password. The site said: “Thank you for your trust. You’ll receive an email from us shortly.”

No, I didn’t give them anything on my domains, in fact, they won’t be finding me where I sent them.

Updated 11:25 am PT to clean up slight errors.

Comments (0)

This had to be the best, fascinating talk ever!

Today was the ATTACK AND DEFENSE: EXPERTS TO DEBATE CYBERSECURITY THREATS ON PODCAST and it was quite interesting. Both sides really had things well covered. There were two sides, a red team and a blue team, similar to a boxing match. The discussion talked about what the attackers would do, and how the defenders would protect their network if possible against the attack. The Twit Events page will have a copy of the podcast when it is complete. The program lasted an hour, and I’m opening the comment boards to see if you listened and what you thought. We’re listening.

Comments (0)

This was an interesting twitter issue today

I got email from DLVR and even live journal about my own twitter today. I thought maybe something happened so I went ahead and did what DLVR needed for me to regain my twitter. Apparently, an issue happened today which locked some accounts.

Twitter Support, You may be noticing a delay in your Tweets showing up on timelines. We’re working to fix this right now. 5 hours ago, Sprinklr

Twitter Support, We’re seeing a number of accounts that have been locked or limited by mistake and not because they Tweeted about any particular topic. We’re working to undo this and get those accounts back to normal. 4 hours ago, Sprinklr

Twitter Support, This is now fixed. Your Tweets should be making it onto your timeline…on time. an hour ago, Sprinklr

Twitter Support, The accounts that were mistakenly locked or limited have been restored. We’re sorry this happened in the first place.

If you’re having trouble accessing your account, here’s what you can do: https://help.twitter.com/managing-your-account/locked-and-limited-accounts an hour ago, Sprinklr

I saw the third tweet on my phone.

I think this was an honest mistake somewhere and unfortunate. Sadly, I believe Live Journal also had a problem as I tried to log in to my account to reconnect my twitter and its sayingt something about my password being out of date. While I want to fix that, seems like I’m now not getting email as I should. That address is up to date as I got the email saying my twitter was having a problem.

Mistakes happen, and I think this was an honest one. Were you effected by this twitter issue today? Sound off. Also coming out, some accounts were also suspended by mistake as well. They’ve reversed this too. More to come if I get any updates on this. Just wanted to pass this along.

Comments (0)

A twitter update worth sharing

I decided to go ahead and check on the twitter issues we’ve had been covering both on the box, and a segment in the regular podcast.

Twitter Support, We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things. 5 days ago, Twitter Web App

Twitter Support, 8 is the number of accounts where an archive of “Your Twitter Data” was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts. https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data 5 days ago, Twitter Web App

Twitter Support, 36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com. 5 days ago, Twitter Web App

Twitter Support, To recap:
?130 total accounts targeted by attackers
?45 accounts had Tweets sent by attackers
?36 accounts had the DM inbox accessed
?8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified 5 days ago, Twitter Web App

I want to make sure people see this, as Twitter has been very transparent as of late, so this is a good sign. These tweets are 5 days old, and I tought about looking as of late. Its never too late to share this type of data with the community in case they do not follow or know about the information being disseminated.

What to read:

Were you impacted by the issues that started on July 15th? Do you think twitter has been more transparent? Please sound off! If you’re a twitter user, read the related link dealing with your data, I’ve read quite a bit and its pretty straight forward.

Comments (0)

The latest on twitter: Monday , 7/20 18:00 PT

I was asked about any updates on the twitter situation. While its still in the investigation phase, I’m a little bit concerned, however, we really don’t know what went on so I’m not going to pass judgement.

Here’s the latest from Twitter Support and I thought I’d pass it along.

Twitter Support, We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings. https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html 2 days ago, Twitter Web App

Twitter Support, As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. 2 days ago, Twitter Web App

Twitter Support, We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. 2 days ago, Twitter Web App

Twitter Support, For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true. 2 days ago, Twitter Web App

Twitter Support, Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via @TwitterSupport as our investigation continues. 2 days ago, Twitter Web App

Twitter Support, We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right. 2 days ago, Twitter Web App

Twitter Support, There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts. 2 days ago, Twitter Web App

Here’s a link to that blog post and I hope we continue to learn more.

To add my own thoughts, I don’t think that this was a deliberate act of Twitter. I’m sure someone made a mistake, and the mistakes can give people a falst sense of security if a major breach takes place. Ongoing training was the big point I took from the blog post which I urge everyone to read. The investigation is still ongoing, and I’m sure we’ll learn more. The blog post has a lot of what is quoted from twitter, so please read the entire post. Thanks so much for reading the blog.

There are no news articles at press time from my sources with anything new. The link to Twitter’s blog came directly from Twitter directly.

Comments (0)

Breaking! An Apparent Megabreach at twitter? More to come

I saw a tweet from Steve Gibson from Security now about a potential incident that has happened today.

Steve Gibson, Yay! Verified Twitter users are again able to Tweet. Twitter had clamped down during today’s recent Mega Twitter Hack! 7 minutes ago, TweetDeck

Steve Gibson, Re: Today’s Mega Twitter Hack:
I’ll be on live with Jason Thursday morning at 11am Pacific to discuss everything we know about today’s hack. See you there! 🙂 6 minutes ago, TweetDeck

Here are tweets from Twitter support directly.

Twitter Support, We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly. 2 hours ago, Twitter Web App

Twitter Support, You may be unable to Tweet or reset your password while we review and address this incident. 2 hours ago, Twitter Web App

Twitter Support, We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. an hour ago, Twitter Web App

I’ll join Twit tomorrow morning to see what Jason and Steve will be talking about. More later.

Comments (2)

Spam likely, this is the first I’ve seen this

I was on a phone call this morning, and i was getting an inbound call when we were about to finish our call. The phone said Spam likely, and I didn’t see the number at first while it rang. The missed call notification I got was “spam risk” and when going in there I found the phone number that called.

This is the first time I’ve seen this, because I’ve heard of people receiving these notifications on their calls for some time. I think this is great news! Maybe now I can go back to possibly answering my phone for phone numbers now knowing I have this to help me.

This is known as STIR/SHAKEN where this is a protocol where caller ID can’t be spoofed. It does not stop the calls from coming in unless you specifically go on to your phone settings and turn on silence unknown callers. I’m not necessarily sure if thats the right thing to do, as places like doctor offices, hospitals, and other companies use a bank of phone numbers and you’ll miss calls.

Its best to link to the Wikipedia article as there are a lot of links to various aspects including the caller ID spoofing, Internet Engineering Task Force, and nore. Security Now has also talked about this on their podcast and you should check it out.

Security Now! is the longest running twit show to date. I know I’m behind, and I need to catch up, but it is a show worth listening to.

This technology works no matter the phone, a person who comes here to assist me does not have an iphone. This is nice to see!

You can see Security Now! podcast 761 for a recent update on this.

How have you delbt with the spam likely calls? Turn on the unknown callers and call people back? I aught to play with it and see if thats the way to go. Your thoughts are welcome.

Comments (1)

What is the state of Antivirus today? Is it about dead?

I read an email now twice, and it made me think the first time about the status of whether it is worth using Antivirus software. Companys like Eset, Trend Micro, and Norton are household names in this industry. Recently, I got an email from someone who wanted me to link to Eset in a piece I ran way back many years ago. I normally don’t do this because people don’t go back that far, but the email I got from Shaun got me to think.

I really like the way Trend Micro worked when I used it. It blocked things that were potentially harmful, and I could still view the portions of the page that were safe. If the entire web site was bad, they let you know! They’ve got a vast network and use the cloud to help keep you safe by proactively blocking bad URL’s or web sites as its been known.

I’ve also used Norton and Eset, and both were good in their time. While I’m not going to say one way or another whether any of these products are good today, I know that Windows Defender is not. I know this because I purposely downloaded a file I knew was bad. This program never picked it off. I think I deleted it now, but if Defender is to be good, it would know about this potential file because it came from an email claiming that I had an invoice, or some such thing.

In 2017, I wrote a very interesting blog post Antivirus and the disabled computer user where I ask the question of what is accessible out there. Two different products came out and none were products like Eset or even Trend Micro. I did download home, and never installed it.

In recent discussions, someone who does a technology show on the mix indicated I should get Malware Bytes. I’ve never used it, but the feedback I got indicated that it was accessible, and I’ve been contemplating downloading it.

In June 2020, I got the following Email from Shaun which sparked me thinking about this again, and I told the person I’d put a link to eset in to a post after thoroughly reviewing the following email.

Hi.

Got this from another list I am lerking on.

Reviewing the windows release info there is something about avast.

What scares me is that avast own avg now.

So your supposed security software can smash your system to bits now.

You know I am so happy I no longer use security software bar windows defender with many excludes.

I do have and run from time to time malwarebytes but if this is the state of security software, then I’d rather get a virus, or hacked, or have to pay
a ransom.

I read the forums linked to from one of the posts and several others in the same vain and many people have had their systems completely destroyed.

Its a shame I have to say that, but maybe our security companies are getting to greedy on things.

Some of these guys that got hit actually payed for this shit, guess they won’t be coming back.

Not without reformatting and reinstalling everything at any rate which is what I would do.

I am surprised no one is suing over this, I’d at least want my money back and would never go back.

So pleased I quit the comercial security suite thing back in 2007.

My friend or at least one of them and his family are still wedded to norton.

After hearing all this, its really stopped me trusting any security suite or any anti anything software period at least all thirdparty things.

I’ll take passive preventitive protection and on demand protection but all these active defence live protections seem to be more trouble than they are
worth.

In my case it works but I have had to exclude so much of my drive from the viruses thing I may as well not bother running something like security.

And if microsoft gets really annoyed its starts saying system files that don’t exist have issues.

So far these are programs I can do without but I still get mad at all this.

In 2007 when it was accessibility it wasn’t to bad, it only got really bad in 2012 and didn’t get really bad till the end of last year beginning of this
year.

I first noticed it after symantech got norton back in 2003, before that I actually used things and they worked.

The forwarded message links to two links about Windows 10 version 2004.

The first, Windows 10, version 2004 and Windows Server, version 2004 Known Issues and the second Resolved issues in Windows 10, version 2004 and Windows Server, version 2004. On the accessibility front, Blind Bargains posted Windows 10 2004 is Available; Narrator Gets Improved Web and Outlook Support, Even Firefox Compatibility on June 11th.

All of this is great, but what about the security software? Where does it stand with all of this? I don’t want to use inferior software that is not accessible enough to use to set up or even use if it does detect a problem.

Is MSE the best we can do? Windows Defender? Please sound off!

Comments (2)

Our Cyber Hygiene is very important

In a June 2020 video from Scott Schober, he talks about normal day-to-day hygiene and our cyber hygene when it comes to the covid-19 pandemic we’re continuing to face across the United States. While it was posted mid-june, I listened to it today, and it is still valuable and talks to people that I think may come across it. I’m going to link to it here, and it is the direct Youtube link.

Cyber Hygiene in age of COVID-19 is the video, and do give it a listen or a watch. You might find something that you may need to change in your practices for today’s Internet and technology age.

Comments (0)

Name doesn’t match, theres no deal

In the below comment form I just saw, although you’ve seen this before, the names don’t match.


Below is the result of your feedback form. It was submitted by
() on Sunday, May 03, 2020 at 17:01:44

Name: Elijah
phone: 02.47.98.76.96
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian
comment_or_question: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 89.187.178.239


What deal for what videos? I didn’t ask for any emails about any videos. This doesn’t even make sense and you fill out the bug reporting aspect of this as well as the comment aspect?

I should start blocking everyone who can’t fill out the forms correctly. No IP lookups, just flat out blocking through something called an IP deny manager. I hate the idea of blocking, as that can be circumvented, but fighting Spam like this needs to start somewhere. I’ve already killed one contact form, I should need to kill another one or two or three? Then nobody will contact us and thats not what the network is for. I’m curious on how people deal with these, especially now that we can’t go anywhere in some places. Do you block things like these at the IP level? We already know the forms email addresses could be forged anyway so blocking by email isn’t the question, and some form processors allow for that. I’d say I could do that, but I don’t like the idea because it can easily gotten around.

Comments (2)

Another type of extortion attempt? I am not laughing, nor am I convinced

I’ve gotten two of these emails, one at jaredrimer.net and the other at whitecanetravel.com on the 28th. I want people to see this, and tell me if I’m correct. Do you all think this is an extortion attempt? I do, as bugs legitimently coming to me I fix. If I’ve been hacked, I want to know about it so I can fix it. If I can’t, I can get the assistance. You be the judge.

Here is the first form.


Below is the result of your feedback form. It was submitted by
() on Thursday, April 30, 2020 at 01:08:41

Name: Leticia
phone: 479 9456
contact_method: phone
bug: no
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 92.223.89.5


Thats nice. You clain you hacked white cane travel and extracted data, but there is no data to be had. jaredrimer.net has no data to be had either, unless you hacked my word press database. If thats the case, you’ll have a lot of spam accounts plus a few legit accounts. WCT does not have any stored data, and any forms that come come via email. I hope you people have fun with whatever you had.

Here’s WCT’s email.
<


Below is the result of your feedback form. It was submitted by
() on Tuesday, April 28, 2020 at 09:12:45

name: Adam
phone: 04.35.62.75.78
method: Both E-Mail and Phone
to: First Available
bug: No
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Firefox/59.0
REMOTE_ADDR: 92.223.89.5


Do you all think this network is stupid? If there is a legitiment bug, I need to know, I’m not scared by my reputation because you fill out the comment form in the bug reporting form trying to scare me. You say not to contact you, but I bet the addresses in both forms I provided are fake. I know the phone numbers provided are definitely fake, so I surmise this is fake. Have fun with whatever data you have, because bugs that come to me get fixed. It is a blatent targeted attempt to extort money, and I want people to see this. I need every dime of my money right now, and I know other people do too. Have fun trying to extort me, because I have things under control. Enjoy!

Comments (0)

Nigerian 419 scam takes advantage of the Corona Virus pandemic

I should probably not be surprised while catching up on Phishlabs and their continuing coverage of lures that can take advantage of people during the Covid pandemic.

Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed, or e-mailed, from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationery, bank name and account numbers, and other identifying information using a fax number given in the letter or return e-mail address provided in the message. The scheme relies on convincing a willing victim, who has demonstrated a “propensity for larceny” by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons.

FBI: Nigerian Letter or “419” Fraud

Accessed April 13, 2020: 14:15 PT

While these are the common schemes quoted above, Phishlabs is reporting that they have now updated this very successful tactic for the modern pandemic.

Its not like people have anything else to do but get swept in to these types of things, and I’ve seen this type of thing sent to my email.

One of them contacted me through twitter, asking me to email them.

I did, thinking maybe it was a penpal relationship like they used to do via the mail or letterbox.

Boy, was I wrong. After sending an email, I got greeted with this type of scam.

In the following example, I’ve eliminated the point of contact, but left the letter in tact for you to see how this works. There are very different forms of this, and this is just one. I did respond saying I couldn’t help them and explained to them what this was. Never heard from them again!


Hello, my darling

Please with due respect and in the name of God.
First, thank you; in line with the message I sent to you, I am more than happy in your reply to my email. How is everything there in your country, I believe that you are in good health, and the atmosphere there in your country is very nice today? Mine is a little bit warm over here in Dakar Senegal.

My name is (claribel Abdel) am from Libya in North Africa, I am (23 years old), but age does not matter in a real relationship, I’m from (Libya), 5.2 feet tall, fair complexion in single (never married) and am currently residing here in Dakar as a result of the war that happened in my country that I had escaped to this country Senegal were’m under refugee camp.

My late father Major General (Abdel Fattah YOUNES). My late father He held the rank of Major General and the post of Minister of the Interior, but resigned on February 22, 2011 to desert the rebel civil war in Libya. My father was killed by members of an anti-Gaddafi military on 28 July 2011. When the rebels anti-Gaddafi military troupe attacked our house one early morning killing my parents. Also my mother was six months pregnant and she was a university professor before his death, it is only me that is alive now because I am the only child of my parents, and I managed to make my way with the help of UN to Senegal, where I am leaving now as a refugee. It was on a morning attack early by militant groups killed two members of my family my mother and father in a cold blood, also my mother was six months pregnant.

Now, as I’m talking to you, I am the only living person in my family, and I managed to make my way to this country (Senegal), where I’m going now as a refugee under the care of Rev. Father John Simon, who is the priest (Catholic Church Saint-Louis Roman (Senegal) here in the field, he has been very good to me since I came here but I am not living with him rather I live in the women because the camp have two hostels one for men and one for women.

Please do not be offended by this message that comes from me, please, it’s just that I do not know what else to do because my situation here as a refugee is giving me great concern, therefore, I would like you to consider my situation as an orphan, and be kind to me, as I’m putting all my trust in you with fear, although I do not know who you are before, but I believe that with God all things are possible and you can not me betray in the end.

I have communicated to you because of my difficult situation here in this refugee camp, Its just like one staying in the prison and I hope by Gods grace I will come here soon.
I do not have any relatives now whom I can go to, all my relatives ran away in the middle of the war the only person I have now is Reverend Father John simon, who is our guardian here in this refugee camp, he has been very fun for all the bodies in the camp, but we’re not living with him rather we are leaving the hostel, which is divided into two sections, one for men and the other for females.
Father Rev Tel number is (+221 780177232) if you call, please tell him you want to talk to me Miss.claribel Abdel, Libya he will send for me in the hostel to come and talk to you. Here in this camp I’m sending e-mail through the office computer of the church at the far office Rev. Because As a refugee here we do not have any right or privilege to anything be it money, phone, computer, or whatever because it is against the law of this country. I want to go back to my studies because I only attended my first year before the tragic incident that lead to me being in this bad situation. I was there when I saw my mother killed with six months of pregnancy.

Please listen to this – (because it’s a secret, it is not known about it except me and you know it)

I have the death certificate of my late father here with me, I’ll send you later, because when he was alive he deposited some amount of money in a leading bank in Europe which he used my name as the relative closest, the total amount is US $ 9.5m (nine million five hundred thousand US dollars). So I will like you to help me transfer this money to your account and from it you can send some money for me to get my traveling documents and air ticket to come to know him in his country. I kept this secret to people in the camp here the only person that knows about it is you and me.

For your own information, I want you to see the news about the killing of my late father, story by BBC World News http://www.bbc.co.uk/news/world-africa-14336122 So I like you to keep it to yourself as a secret and not tell anyone because I’m afraid of losing my life and the money if people know about it.

Remember I am giving you all this information due to the trust i deposed on you. I like honest people and understanding, true and people who have vision, and God fearing person worker. My favorite language is English and I speak very fluent English.

I can trust you as a true friend?

Meanwhile I would like you to call me, like I said, I have much to tell you ..
Have a nice day and think about my condition here
Attached here is my pictures for you,

Awaiting to hear from you soonest
Thanks and remain blessed.
with love. Lovely your claribel


Don’t be fooled! I told this person I couldn’t help them and have never heard from them again. They were the ones who sent me a message after I looked at their profile and it looked OK there. This is unfortunate I got this back in November, and I am not interested in wiring money to get it. You can donate money through my web site or even through paying me for services. I didn’t win millions, and I don’t even know who this is.

COVID-19 Phishing Update: Nigerian Prince Lures Evolve with Crisis is the article. There is a link to other samples, but I did want to post this one because of how prevelent it is today. I’m not saying the others are not, but I’ve seen this one, so this is what I want to talk about in this post.

Seen the 419 scam in this light? Lets discuss it! The comment boards await you.

Comments (0)

Microsoft sending email account problems? Better check that URL!

In the following example I’m describing, it leads to a web site which I do not want you to visit.

I’ve gotten now a second email from Microsoft.

Here is the latest one:


Unusual Sign-in activity

We detected something unusual about a recent sign-in to Microsoft account

Sign-in details

Country/region: Unted State
IP address: 107.170.166.118
Platform: Mac OS
Browser: Chrome

Please go your recent activity page to let us know whether or not this was you . If this wasn’t you. we’ll help you secure your account. we’ll trust similar activity in the future.

Review recent activity

The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved © 2020


The view account information leads to http://office365-online.myvnc.com/cutomer/portal/ Don’t go here!

Firefox reports:


Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing.


I was curious, as the email address apparently said or a similar address, but we know that this can’t be the case.

The email does look very authentic, and this is what will get people. As someone who is curious on what the trend is, I only click to look, nothing more. Having Firefox on your side is great, as they may see this and mark it bad as Google does, through their safe browsing feature. Thats awesome, Google!

Make sure to check your links.This email and another one came to us through our contact at menvi.org’s email address.

Here are the headers:


imap://menvi-webmaster%40menvi%:143/fetch%3EUID%3E.INBOX%3E43967
Return-Path: <>
Received: from cp1-benor.nocwest.net
by cp1-benor.nocwest.net with LMTP
id Nbd7Bi3Yh159JwAAIyXCCQ
(envelope-from <>); Fri, 03 Apr 2020 20:43:25 -0400
Return-path: <>
Envelope-to:
Delivery-date: Fri, 03 Apr 2020 20:43:25 -0400
Received: from static.26.106.130.94.clients.your-server.de ([94.130.106.26]:33651 helo=thindra1.info)
by cp1-benor.nocwest.net with esmtp (Exim 4.93)
id 1jKWuB-0002bW-1m
for ; Fri, 03 Apr 2020 20:43:25 -0400
Subject: Microsoft account unusual sign-in activity
From: Microsoft account teamno-reply@microsoft.com
Reply-to: no-reply@microsoft.com
To:
Content-Type: text/html; charset=us-ascii; boundary=CMF8FBR06Z2XNQEBJOR4.1200369.CMF8FBR06Z2XNQEBJOR4


Nice going guys, wanna try something I’ve not seen? Problems with an account that is a forwarder and on the proper server that is working isn’t going to fool me or my team any.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu