but… I don’t even have a Aol account, however thats of no concern to the fools that sent me this nice little phishing email:

Delivered-To: XXX@gmail.com
Received: by 10.42.218.8 with SMTP id ho8cs188088icb;
Sat, 2 Apr 2011 20:49:38 -0700 (PDT)
Received: by 10.43.56.140 with SMTP id wc12mr7828120icb.237.1301802578076;
Sat, 02 Apr 2011 20:49:38 -0700 (PDT)
Return-Path:
Received: from cl-t009-331cl.privatedns.com (cp1.likuid.com [64.15.156.140])
by mx.google.com with ESMTPS id xe4si10607558icb.57.2011.04.02.20.49.37
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 02 Apr 2011 20:49:38 -0700 (PDT)
Received-SPF: neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) client-ip=64.15.156.140;
Authentication-Results: mx.google.com; spf=neutral (google.com: 64.15.156.140 is neither permitted nor denied by best guess record for domain of nobody@cl-t009-331cl.privatedns.com) smtp.mail=nobody@cl-t009-331cl.privatedns.com
Received: from nobody by cl-t009-331cl.privatedns.com with local (Exim 4.69)
(envelope-from )
id 1Q6EJl-0006w2-N4
for XXX@gmail.com; Sat, 02 Apr 2011 23:49:37 -0400
To: XXX@gmail.com
Subject: Warning ! Your account a Aol was limited
X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76
From: Service Aol
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Sat, 02 Apr 2011 23:49:37 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cl-t009-331cl.privatedns.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - cl-t009-331cl.privatedns.com

April 2011

Dear AOL Customer, As part of our security measures,We regularly check the work of the AOL screen. We demand information to you for the following reason : Our system detected unusual charges to a credit card linked to your AOL account. This is the final reminder to log in to AOL as soon as possible. Once you are connected. AOL will provide you with steps to restore access to your account . Click here to confirm Once connected, follow the steps to activate your account. Thank you for your understanding as we work to ensure account security . We appreciate your attention to this question. Please understand that this is a security measure aimed at protecting you and your account. We apologize for any inconvenience ..

		Thank you for using AOL!

This notification was sent to you by AOL. To change your notification preferences, log into your AOL account, click the Profile sub-tab, then click the Notifications link under Account Information. Changes take up to 10 days to be reflected in our mailings. AOL will not sell or rent your personally identifiable information to tiers.Pour more information about the security of your information, read our privacy policy at https://www.aol.com/privacy . Copyright © 2011 AOL Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners. AOL is located at 2211 First St. N., San Jose, CA 95131.

Well since I dont have a Aol account the first thing I did was take a close look at the headers where I found this little bit of info:

X-PHP-Script: compagnelic.com/Skpy2.php for 81.192.139.76


So I stopped by compagnelic.com/Skpy2.php which happen to be a php script for mass emails from some M£NaBiLo$ss guy. I also followed the link given in the email which takes me to some fake Aol connection page that forwards to a phishing site geared to get all your personal information! The form submits to a “HiTman.php” that when I tried to visit, it just sent me along to aol.com. All in all not a very good attempt “less spelling and loading errors would help”, I have seen better but thanx for the lulz and the online anonymous email app 😀