Archiv verlassen und diese Seite im Standarddesign anzeigen : Mugu Dubletten
So, jetzt gibt es die Dubletten nicht nur von den Russkis, sondern auch von den Mugus... :sick:
Received: from as2.itesm.mx (EHLO as2.itesm.mx) [200.34.200.162] by mx0.gmx.net (mx101) with SMTP; 09 Jul 2008 18:45:44 +0200
kelkyoung9ng [at] gmail.com
Received: from as2.itesm.mx (EHLO as2.itesm.mx) [200.34.200.162] by mx0.gmx.net (mx097) with SMTP; 09 Jul 2008 18:45:44 +0200
kelkyoung9ng [at] gmail.com
Received: from htlispmail1.htldom.com (EHLO htlispmail1.htldom.com)
[209.74.232.11] by mx0.gmx.net (mx072) with SMTP; 13 Jul 2008 13:51:50 +0200
arthurfranklin11 [at] hotmail.com
Received: from htlispmail1.htldom.com (EHLO htlispmail1.htldom.com)
[209.74.232.11] by mx0.gmx.net (mx100) with SMTP; 13 Jul 2008 13:52:00 +0200
arthurfranklin [at] hotmail.com
Das Einzige, was mich dabei schon immer gewundert hat: angeblich (wie viele Threads hier zeigen) sind die Mugus ja zu blöd, um einen Eimer Wasser umzutreten. Aber wie man offene Proxies und Botnetze ausnutzt, das scheinen sie zu wissen...
- kjz
Die werden sich halt im Spammerforum von Ibragimov o.a. die Ratware bestellt haben. Da ist der Zugang zu den Botnetzen schon voreingestellt, sobald die Miete für das Botnetz bezahlt wird, gibts den Freischaltcode, und Send-Safe macht alles weitere. Das kann auch ein Mugu.
Allerdings dürfte das eher schon eine "progressive" Mugu-Gruppe sein. Viele von denen arbeiten IMHO immer noch über das yahoo/gmail-Webinterface, vom Internetcafe aus.
Z.T. suchen die sogar die e-Mailadressen der Opfer noch per Hand aus Gästebüchern.
So heute wieder:
Received: from smtp20.orange.fr (EHLO smtp20.orange.fr) [80.12.242.27] by mx0.gmx.net (mx022) with SMTP; 14 Jul 2008 01:48:04 +0200
Received: from User (unknown [41.222.71.58]) ---> Swift Networks Ltd., Nigeria by mwinf2007.orange.fr (SMTP Server) with ESMTP id 6794B1C0009A; Mon, 14 Jul 2008 01:47:52 +0200 (CEST)
Received: from smtp20.orange.fr (EHLO smtp20.orange.fr) [80.12.242.27] by mx0.gmx.net (mx021) with SMTP; 14 Jul 2008 01:48:04 +0200
Received: from User (unknown [41.222.71.58]) by mwinf2007.orange.fr (SMTP Server) with ESMTP id 6794B1C0009A; Mon, 14 Jul 2008 01:47:52 +0200 (CEST)
daviesmarko [at] live.com
davies_markk [at] live.com
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx029) with SMTP; 14 Jul 2008 08:09:01 +0200
Received: from User (unknown [62.173.63.234]) ---> ipNX Nigeria Limited by mwinf2103.orange.fr (SMTP Server) with ESMTP id B7FC31C0024B; Mon, 14 Jul 2008 08:08:43 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx031) with SMTP; 14 Jul 2008 08:09:01 +0200
Received: from User (unknown [62.173.63.234]) by mwinf2103.orange.fr (SMTP Server) with ESMTP id B7FC31C0024B; Mon, 14 Jul 2008 08:08:43 +0200 (CEST)
lgp11 [at] i12.com
generalpeterolu01 [at] hotmail.com
Typisches Merkmal: von Nigeria über den Mailserver der notorischen Merkbefreiten von Spamadoo eingeworfen, (Freemailer-) Adresse bei i12.com, bei Mugus bisher meiner Erfahrung nach eher ungewöhnlich.
- kjz
Und wieder:
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.49] by mx0.gmx.net (mx099) with SMTP; 16 Jul 2008 01:44:11 +0200
Received: from User (unknown [41.222.71.50]) ---> SWIFTNG by mwinf2124.orange.fr (SMTP Server) with ESMTP id F0A5D1C00359;
Wed, 16 Jul 2008 01:43:19 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.49] by mx0.gmx.net (mx098) with SMTP; 16 Jul 2008 01:44:11 +0200
Received: from User (unknown [41.222.71.50])
by mwinf2124.orange.fr (SMTP Server) with ESMTP id F0A5D1C00359;
Wed, 16 Jul 2008 01:43:19 +0200 (CEST)
Abgeworfen über Spamadoo in FR durch Swift, Nigeria.
davmark [at] 8u8.com
davismark [at] 8u8.com
Received: from www.hotexpress.cl (EHLO australia.hotexpress.cl) [190.54.21.26] by mx0.gmx.net (mx010) with SMTP; 16 Jul 2008 07:38:10 +0200
Received: from www.hotexpress.cl (EHLO australia.hotexpress.cl) [190.54.21.26] by mx0.gmx.net (mx001) with SMTP; 16 Jul 2008 07:38:10 +0200
Abgeworfen über Chile, kommt von 41.211.250.26 (jaraos) ---> DIRECT ON PC LTD, Nigeria.
INFO.HARALDCHAMBER1 [at] YMAIL.COM
info.wendy2 [at] ymail.com
Muguphone Dropbox: +2348063843620 ---> MTN, Nigeria
- kjz
Die Mugus machen jetzt anscheinend definitiv Geschäfte mit der Russen-Mafia. Na dann Gnade uns Gott....
Received: from presleymail.aristotle.net (EHLO PRESLEYMAIL.aristotle.net) [67.134.176.95] by mx0.gmx.net (mx002) with SMTP; 16 Jul 2008 10:58:12 +0200
Received: from presleymail.aristotle.net (EHLO PRESLEYMAIL.aristotle.net) [67.134.176.95] by mx0.gmx.net (mx052) with SMTP; 16 Jul 2008 10:55:16 +0200
infoextolfinance [at] aol.co.uk
Muguphone: +44 703 186 1196 ---> Magrathea Telecommunications Limited, UK
Magrathea Telecommunications stellt da leider immer wieder traurige Rekorde auf...
- kjz
Man hat wieder geordert:
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx044) with SMTP; 18 Jul 2008 05:26:18 +0200
Received: from User (adsl23140.4u.com.gh [41.210.23.140]) by mwinf2127.orange.fr (SMTP Server) with ESMTP id 6E0D71C00090; Fri, 18 Jul 2008 05:25:59 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx047) with SMTP; 18 Jul 2008 05:26:18 +0200
Received: from User (adsl23140.4u.com.gh [41.210.23.140]) by mwinf2127.orange.fr (SMTP Server) with ESMTP id 6E0D71C00090; Fri, 18 Jul 2008 05:25:59 +0200 (CEST)
Post bitte an:
pfreeman1 [at] i12.com
pfreeman [at] i12.com
Received: from mail01.syd.optusnet.com.au (EHLO mail01.syd.optusnet.com.au) [211.29.132.182] by mx0.gmx.net (mx097) with SMTP; 18 Jul 2008 00:58:03 +0200
Received: from User (196.226.211.41.client196.directonpc.com [41.211.226.196] (may be forged)) (authenticated sender dehicks [at] optusnet.com.au) by mail01.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id m6HMs8kC009001; Fri, 18 Jul 2008 08:54:18 +1000
Received: from mail01.syd.optusnet.com.au (EHLO mail01.syd.optusnet.com.au) [211.29.132.182] by mx0.gmx.net (mx097) with SMTP; 18 Jul 2008 00:58:03 +0200
Received: from User (196.226.211.41.client196.directonpc.com [41.211.226.196] (may be forged)) (authenticated sender dehicks [at] optusnet.com.au) by mail01.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id m6HMs8kC009001; Fri, 18 Jul 2008 08:54:18 +1000
mrs.joyh [at] yahoo.es
mrs.joyhoffman [at] yahoo.es
- kjz
Es geht weiter:
Received: from mail04.svc.cra.dublin.eircom.net (HELO
mail04.svc.cra.dublin.eircom.net) [159.134.118.20] by mx0.gmx.net (mx042) with SMTP; 18 Jul 2008 21:56:57 +0200
X-Originating-IP: [41.205.160.167] ---> dial-pool3.ph.starcomms.net, Nigeria
Received: from mail04.svc.cra.dublin.eircom.net (HELO
mail04.svc.cra.dublin.eircom.net) [159.134.118.20]
by mx0.gmx.net (mx041) with SMTP; 18 Jul 2008 21:56:57 +0200
X-Originating-IP: [41.205.160.167]
Post hätte gerne:
claimsunit023 [at] live.com
Und das Muguphon stellt freundlicherweise zur Verfügung:
Tel: +44-704-5726-910 ---> Open Telecom International Ltd., UK
- kjz
Die haben sich jetzt 'eingeschossen':
Received: from mail-out8.nyct.net (EHLO mail.nyct.net) [216.139.141.8] by mx0.gmx.net (mx054) with SMTP; 19 Jul 2008 03:06:38 +0200
Received: from webmail2.nyct.net (bsd20.nyct.net [216.139.147.96]) by mail.nyct.net (8.14.2/8.14.1) with ESMTP id m6J13obq016769; Fri, 18 Jul 2008 21:03:50 -0400 (EDT) (envelope-from info_offical [at] yahoo.com)
Received: from 80.255.59.242 (proxying for 172.16.1.2) (SquirrelMail authenticated user kaf [at] nyct.net) by webmail2.nyct.net with HTTP; Fri, 18 Jul 2008 21:04:00 -0400 (EDT)
Received: from mail-out8.nyct.net (EHLO mail.nyct.net) [216.139.141.8] by mx0.gmx.net (mx054) with SMTP; 19 Jul 2008 03:06:38 +0200
Received: from webmail2.nyct.net (bsd20.nyct.net [216.139.147.96]) by mail.nyct.net (8.14.2/8.14.1) with ESMTP id m6J13obq016769; Fri, 18 Jul 2008 21:03:50 -0400 (EDT) (envelope-from info_offical [at] yahoo.com)
Received: from 80.255.59.242 (proxying for 172.16.1.2) (SquirrelMail authenticated user kaf [at] nyct.net) by webmail2.nyct.net with HTTP; Fri, 18 Jul 2008 21:04:00 -0400 (EDT)
80.255.59.242 gehört VIENNA TECHNOLOGIES LTD., Nigeria.
Und das Mugu-Fax gibt es auf: FAX: +44-870-471-4393 ---> Magrathea Telecommunications Limited, UK
Auffällig im Übrigen, dass bei den Mugus im 'Muguphon' immer wieder Magrathea Telecommunications und Open Telecom International in London auftauchen. Beide Firmen sollten wohl mal über ihre Sicherheitsphilosophie nachdenken. Oder aber, sie sind 'Mugu owned'.
- kjz
Keine direkte Dublette, aber zweimal wohl dieselbe Mugu-Gang:
Received: from smtp-out2.iol.cz (EHLO smtp-out2.iol.cz) [194.228.2.87] by mx0.gmx.net (mx060) with SMTP; 24 Jul 2008 02:20:08 +0200
Received: from [192.168.30.65] (Forwarded-For: 192.168.5.19,
[81.199.63.21]) by sxiolpkg.ux.to2cz.cz (mshttpd); Thu, 24 Jul 2008
00:12:26 GMT
81.199.63.21 ---> 81.199.63.21.rmts.satcom-systems.net
Dann das übliche Erbschaftsmärchen.
madamtorethhughes [at] gmail.com
Received: from smtp-out1.iol.cz (EHLO smtp-out1.iol.cz) [194.228.2.86] by mx0.gmx.net (mx036) with SMTP; 24 Jul 2008 14:29:12 +0200
Received: from [192.168.30.62] (Forwarded-For: 196.220.5.179,
[41.219.189.2]) by sxiolpkg.ux.to2cz.cz (mshttpd); Thu, 24 Jul 2008
12:17:36 GMT
41.219.189.2 ---> Netcom Africa Limited, Nigeria
Dann das Lotteriemärchen.
uknl.office.1 [at] gmail.com
Konstatiere: GMail entwickelt sich allmählich zur Landplage.
- kjz
Wieder eine Mugu-Dublette:
Received: from server.hoststaff.com (EHLO server.hoststaff.com) [67.222.135.50] by mx0.gmx.net (mx036) with SMTP; 29 Jul 2008 14:24:39 +0200
Received: from server.hoststaff.com (EHLO server.hoststaff.com) [67.222.135.50] by mx0.gmx.net (mx008) with SMTP; 29 Jul 2008 14:24:39 +0200
RE: YOUR HONESTY PAYMENT IS READY TO BE DELIVERED TO YOU!!
Post hätte gerne:
royalerranddeliveryltdng [at] gmail.com
Mugu-Phon in Nigeria: +234 702 779 4953
- kjz
Und wieder, diesmal aus dem europ. 'Mugu-Paradies', sprich: NL
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx108) with SMTP; 30 Jul 2008 17:50:09 +0200
Received: from User (k16147.upc-k.chello.nl [62.108.16.147]) by mwinf2126.orange.fr (SMTP Server) with ESMTP id E89761C00099; Wed, 30 Jul 2008 17:50:04 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx110) with SMTP; 30 Jul 2008 17:50:09 +0200
Received: from User (k16147.upc-k.chello.nl [62.108.16.147]) by mwinf2126.orange.fr (SMTP Server) with ESMTP id E89761C00099; Wed, 30 Jul 2008 17:50:04 +0200 (CEST)
Dann das übliche Lotto-Märchen....
Post an: agentdanwater [at] aim.com
Mugu-Phon: ++31 630 784 354 ---> KPN Mobile The Netherlands B.V.
Mugu-Fax: ++31 84 735 4470 ---> Jump B.V., NL
Ganz, ganz schwach: weder der Großkonzern KPN, noch Jump haben funktionierende Abuse-Adressen und sind bei RFC-Ignorant seit längerem gelistet...
- kjz
Wieder mal der 'doppelte Mugu':
Received: from ip-70-38-11-43.static.privatedns.com (EHLO
cl-t111-320cl.privatedns.com) [70.38.11.43] by mx0.gmx.net (mx033) with SMTP; 01 Aug 2008 15:03:16 +0200
Received: from localhost ([127.0.0.1]:43248 helo=www.renwarez.com) by cl-t111-320cl.privatedns.com with esmtpa (Exim 4.69) (envelope-from <thabodlamini [at] renwarez.com>) id 1KOu80-00060R-8s; Fri, 01 Aug 2008 08:53:04 -0400
Received: from 196.31.32.112 ([196.31.32.112]) (SquirrelMail authenticated user thabodlamini [at] renwarez.com) by www.renwarez.com with HTTP; Fri, 1 Aug 2008 08:53:04 -0400 (EDT)
Received: from ip-70-38-11-43.static.privatedns.com (EHLO
cl-t111-320cl.privatedns.com) [70.38.11.43] by mx0.gmx.net (mx079) with SMTP; 01 Aug 2008 15:03:17 +0200
Received: from localhost ([127.0.0.1]:43248 helo=www.renwarez.com) by cl-t111-320cl.privatedns.com with esmtpa (Exim 4.69) (envelope-from <thabodlamini [at] renwarez.com>) id 1KOu80-00060R-8s; Fri, 01 Aug 2008 08:53:04 -0400
Received: from 196.31.32.112 ([196.31.32.112]) (SquirrelMail authenticated user thabodlamini [at] renwarez.com) by www.renwarez.com with HTTP; Fri, 1 Aug 2008 08:53:04 -0400 (EDT)
196.31.32.112 löst auf zu myw-stp-196-31-32-112.sentechsa.net, Sentech ist ein beliebter Mugu-Provider in Südafrika. Und bei http://www.renwarez.com steht wohl der Hosenlatz offen...
Dann das übliche 'verwaiste Gelder' Märchen.
Mugulein hätte gerne Post auf: dthabo231 [at] yahoo.com.hk
- kjz
Und bei http://www.renwarez.com steht wohl der Hosenlatz offen...
Oder es ist eine extra für Spamruns angelegte Mugudomain. Es gibt ein paar wenige Spezis, die genau das tun und von dort so lange ihren Dreck in die Welt pusten, bis die Domain nach ein paar Tagen abgeklemmt wird.
Und wieder:
Received: from outmailhost.telefonica.net (EHLO
ctsmtpout2.frontal.correo) [213.4.149.242] by mx0.gmx.net (mx006) with SMTP; 02 Aug 2008 02:46:53 +0200
Received: from User (41.211.226.38) by ctsmtpout2.frontal.correo
(7.2.056.6) (authenticated as sebascd [at] telefonica.net) id 48932B5700102703; Sat, 2 Aug 2008 02:46:52 +0200
Received: from outmailhost.telefonica.net (EHLO
ctsmtpout2.frontal.correo) [213.4.149.242] by mx0.gmx.net (mx006) with SMTP; 02 Aug 2008 02:46:53 +0200
Received: from User (41.211.226.38) by ctsmtpout2.frontal.correo
(7.2.056.6) (authenticated as sebascd [at] telefonica.net) id 48932B5700102703; Sat, 2 Aug 2008 02:46:52 +0200
Abgekippt über Telefonica von 38.226.211.41.client38.directonpc.com. Direct on PC Ltd. aus Lagos ist ebenfalls ein bei Mugus sehr beliebter Anbieter (Wireless Broadband Internet service, VSAT).
Muguphon: +234-703-916-5893
Das ist MTN, ebenfalls aus Lagos.
Post an: cbncreditforeigndep [at] gmail.com
Leider entwickelt sich Google, mit seiner ach so liberalen Maxime 'Don't be evil' zunehmend zum Schwarzhut. Man ist nämlich dort anscheinend auch so liberal, dass man meint, als '500 Pfd. Gorilla' auf dem globalen Markt auch nichts gegen Missbrauch und Betrüger auf den eigenen Systemen unternehmen zu müssen. Spammer setzen also zunehmend auf GMail-Dropboxen, Blogspot- und Google-Redirects, etc.
- kjz
Heute mal wieder:
Received: from static.customer-201-116-82-36.uninet-ide.com.mx (EHLO ecardio.cardiologia.org.mx) [201.116.82.36]
by mx0.gmx.net (mx045) with SMTP; 08 Aug 2008 15:01:15 +0200
Received: from www-data by ecardio.cardiologia.org.mx with local (Exim 4.63) (envelope-from <alexinfonl6 [at] yahoo.com.hk>) id 1KRRGD-0005We-DV; Fri, 08 Aug 2008 07:40:01 -0500
Received: from a170237.upc-a.chello.nl (a170237.upc-a.chello.nl [62.163.170.237]) by mail.cardiologia.org.mx (Horde MIME library) with
HTTP; Fri, 08 Aug 2008 07:40:00 -0500
Received: from static.customer-201-116-82-36.uninet-ide.com.mx (EHLO
ecardio.cardiologia.org.mx) [201.116.82.36] by mx0.gmx.net (mx079) with SMTP; 08 Aug 2008 15:01:19 +0200
Received: from www-data by ecardio.cardiologia.org.mx with local (Exim 4.63) (envelope-from <alexinfonl6 [at] yahoo.com.hk>) id 1KRRGD-0005We-DV; Fri, 08 Aug 2008 07:40:01 -0500
Received: from a170237.upc-a.chello.nl (a170237.upc-a.chello.nl
[62.163.170.237]) by mail.cardiologia.org.mx (Horde MIME library) with
HTTP; Fri, 08 Aug 2008 07:40:00 -0500
Also über Mexiko abgekippt von Chello(NL), einer Mugu Hochburg.
Das übliche Lotterie-Märchen...
Muguphon: +31 617 623 594 das ist mal wieder Telfort (NL), Mugus haben da sehr genaue Vorlieben, meist Telfort oder Margaretha. Anscheinend kennt man dort kein vernünftiges Abuse Management :eek:
Post bitte an:
alexinfonl8 [at] yahoo.com.hk
alexinfonl6 [at] yahoo.com.hk
- kjz
Diesmal direkt aus Lagos:
Received: from unknown (EHLO mail.sierratel.sl) [41.205.225.140]
by mx0.gmx.net (mx012) with SMTP; 09 Aug 2008 21:59:55 +0200
Received: (qmail 28084 invoked by uid 509); 9 Aug 2008 19:59:37 +0000
Received: from 127.0.0.1 by localhost.localdomain (envelope-from
<acfsl [at] sierratel.sl>, uid 507) with qmail-scanner-1.25-st-qms
(clamdscan: 0.83/1293. spamassassin: 3.0.4. perlscan: 1.25-st-qms.
Clear:RC:1(127.0.0.1):.
Processed in 0.037185 secs); 09 Aug 2008 19:59:37 -0000
Received: from unknown (HELO webmail.sierratel.sl)
(acfsl [at] sierratel.sl@127.0.0.1)
by mail.sierratel.sl with SMTP; 9 Aug 2008 19:59:37 +0000
Received: from 41.220.75.3
(SquirrelMail authenticated user acfsl [at] sierratel.sl)
by webmail.sierratel.sl with HTTP;
Sat, 9 Aug 2008 19:59:37 -0000 (GMT)
Received: from unknown (EHLO mail.sierratel.sl) [41.205.225.140]
by mx0.gmx.net (mx085) with SMTP; 09 Aug 2008 21:59:55 +0200
Received: (qmail 28084 invoked by uid 509); 9 Aug 2008 19:59:37 +0000
Received: from 127.0.0.1 by localhost.localdomain (envelope-from
<acfsl [at] sierratel.sl>, uid 507) with qmail-scanner-1.25-st-qms
(clamdscan: 0.83/1293. spamassassin: 3.0.4. perlscan: 1.25-st-qms.
Clear:RC:1(127.0.0.1):.
Processed in 0.037185 secs); 09 Aug 2008 19:59:37 -0000
Received: from unknown (HELO webmail.sierratel.sl)
(acfsl [at] sierratel.sl@127.0.0.1)
by mail.sierratel.sl with SMTP; 9 Aug 2008 19:59:37 +0000
Received: from 41.220.75.3
(SquirrelMail authenticated user acfsl [at] sierratel.sl)
by webmail.sierratel.sl with HTTP;
Sat, 9 Aug 2008 19:59:37 -0000 (GMT)
Abgekippt über Sierratel in Sierra Leone von 75-3.vgccl.net aus Lagos.
Das übliche Märchen von den verwaisten Irak-Geldern....
Post bitte an:
garryjlawfirm [at] hotmail.com
mrgarryjohnson [at] yahoo.com.hk
- kjz
Und wieder der doppelte Mugu:
Received: from unknown (EHLO mecanica.itc.mx) [200.23.53.224] by mx0.gmx.net (mx014) with SMTP; 14 Aug 2008 00:39:31 +0200
Received: from unknown (EHLO mecanica.itc.mx) [200.23.53.224] by mx0.gmx.net (mx013) with SMTP; 14 Aug 2008 00:39:54 +0200
Dann wieder das verwaiste Gelder wg. Flugzeugabsturz-Märchen.
Post an: MAILS4FOSTER [at] SIFY.COM
Mugufon:
Private Tel: +44 (704) 577 1119 ---> Open Telecom International Ltd., UK
Private Fax: +44 (700) 580 8491 ---> PNC Telecom Services Limited, UK
Tel: +44 704 574 6786 ---> Open Telecom International Ltd., UK
Open Telecom in UK ist auch so ein typ. Mugu-Provider. Da habe ich bisher nur Mugu-Nummern gesehen. Das Warum sieht man hier:
http://www.open-telecom.co.uk/press/15052002.htm
Fast schon eine Einladung zu Betrügereien auf dem Silbertablett....
- kjz
Heute war wieder Mugu-Tag (die Russenmafia hat wohl Wochenende oder braucht die Botnetz-Kapazität für ihren Anti-Georgien-Feldzug).
abgeworfen über Russki-Webmail von 41.204.224.41 (DIRECTONPC-Wireless-ISP-NETBLK, Nigeria):
Received: from fe02-tochka.mtu.ru (EHLO umail.ru) [62.5.255.22] by mx0.gmx.net (mx091) with SMTP; 16 Aug 2008 00:56:48 +0200
Received: from [41.204.224.41] (account antilife [at] mailfrom.ru) by be01-umail.umail.ru (CommuniGate Pro WEBUSER 5.1.14) with HTTP id 12374757; Sat, 16 Aug 2008 02:56:47 +0400
Received: from fe02-tochka.mtu.ru (EHLO umail.ru) [62.5.255.22] by mx0.gmx.net (mx092) with SMTP; 16 Aug 2008 00:56:48 +0200
Received: from [41.204.224.41] (account antilife [at] mailfrom.ru) by be01-umail.umail.ru (CommuniGate Pro WEBUSER 5.1.14) with HTTP id 12374757; Sat, 16 Aug 2008 02:56:47 +0400
Received: from fe02-tochka.mtu.ru (EHLO umail.ru) [62.5.255.22] by mx0.gmx.net (mx044) with SMTP; 16 Aug 2008 01:55:54 +0200
Received: from [41.204.224.41] (account antilife [at] mailfrom.ru) by be01-umail.umail.ru (CommuniGate Pro WEBUSER 5.1.14)
Received: from fe02-tochka.mtu.ru (EHLO umail.ru) [62.5.255.22] by mx0.gmx.net (mx044) with SMTP; 16 Aug 2008 01:55:54 +0200
Received: from [41.204.224.41] (account antilife [at] mailfrom.ru) by be01-umail.umail.ru (CommuniGate Pro WEBUSER 5.1.14)
Angeblich liegen bei DHL mal wieder verwaiste 800.000 $ rum...
Post an:
dhlworlddeliverydispatch09 [at] hotmail.com
dhlworlddeliverydispatch2008 [at] gmail.com
Muguphon:
+44-702-404-7160
+44-702-404-7162
Beide bei Magrathea Telecommunications Limited, UK, ein äusserst beliebter Mugu-Provider.
Und die holländische Mugu-Asyl-Abteilung darf auch nicht fehlen:
Received: from hpsmtp-eml20.kpnxchange.com (EHLO
hpsmtp-eml20.kpnxchange.com) [213.75.38.85]
by mx0.gmx.net (mx107) with SMTP; 16 Aug 2008 19:09:55 +0200
Received: from hpsmtp-eml22.kpnxchange.com ([213.75.38.122]) by
hpsmtp-eml20.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:09:46 +0200
Received: from cpbrm-eml34.kpnsp.local ([195.121.247.250]) by
hpsmtp-eml22.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:55 +0200
Received: from hpsmtp-eml29.kpnxchange.com ([10.94.53.250]) by
cpbrm-eml34.kpnsp.local with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:53 +0200
Received: from localhost ([10.94.53.250]) by hpsmtp-eml29.kpnxchange.com
with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:51 +0200
Received: from hpsmtp-eml20.kpnxchange.com (EHLO
hpsmtp-eml20.kpnxchange.com) [213.75.38.85]
by mx0.gmx.net (mx031) with SMTP; 16 Aug 2008 19:09:55 +0200
Received: from hpsmtp-eml22.kpnxchange.com ([213.75.38.122]) by
hpsmtp-eml20.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:09:46 +0200
Received: from cpbrm-eml34.kpnsp.local ([195.121.247.250]) by
hpsmtp-eml22.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:55 +0200
Received: from hpsmtp-eml29.kpnxchange.com ([10.94.53.250]) by
cpbrm-eml34.kpnsp.local with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:53 +0200
Received: from localhost ([10.94.53.250]) by hpsmtp-eml29.kpnxchange.com
with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 16 Aug 2008 19:08:51 +0200
Dort liegen immerhin schon 20 Mill. $ (natürlich nicht) rum.
Post:
chingwong04 [at] live.com
- kjz
Heute wieder:
Abgekübelt von cpc2-lewi10-0-0-cust653.bmly.cable.ntl.com in UK über Spamadoo in FR:
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx096) with SMTP; 22 Aug 2008 01:36:33 +0200
Received: from User (cpc2-lewi10-0-0-cust653.bmly.cable.ntl.com [86.6.146.142]) by mwinf2127.orange.fr (SMTP Server) with ESMTP id B5C8B1C0006C; Fri, 22 Aug 2008 01:36:28 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx094) with SMTP; 22 Aug 2008 01:36:33 +0200
Received: from User (cpc2-lewi10-0-0-cust653.bmly.cable.ntl.com [86.6.146.142]) by mwinf2127.orange.fr (SMTP Server) with ESMTP id B5C8B1C0006C; Fri, 22 Aug 2008 01:36:28 +0200 (CEST)
Post hätte gerne:
christophermorandep [at] myway.com
christophermorandep [at] myway.com
Und eine Domain gab's auch noch:
http://www.hoberg.co.cc/
Eine niederländische Stiftung mit engl. Namen gehostet beim obermerkbefreiten Hanaro in KR, nun ja....
Jetzt sogar 3 abgekippt über offene Mail Relays bei Unis in Südamerika direkt frisch von Nigeria: 41.220.75.3 ---> 75-3.vgccl.net, Nigeria
Received: from mail.cinvestav.edu.mx (EHLO educa.cinvestav.edu.mx)
[148.247.22.2]
by mx0.gmx.net (mx071) with SMTP; 22 Aug 2008 13:19:35 +0200
Received: from educa.cinvestav.edu.mx (localhost.localdomain [127.0.0.1])
by educa.cinvestav.edu.mx (8.12.8/8.12.8) with ESMTP id m7MCQ9pr004180;
Fri, 22 Aug 2008 07:26:09 -0500
Received: (from apache [at] localhost)
by educa.cinvestav.edu.mx (8.12.8/8.12.8/Submit) id m7MCOShf004148;
Fri, 22 Aug 2008 07:24:28 -0500
X-Authentication-Warning: educa.cinvestav.edu.mx: apache set sender to
info [at] garyadams.com using -f
Received: from 83.138.172.72 (proxying for 41.220.75.3)
(SquirrelMail authenticated user roberto.perez);
by www.cinvestav.edu.mx with HTTP;
Fri, 22 Aug 2008 07:24:28 -0500 (CDT)
Received: from linuxnv.nuevavision.com.pe (EHLO nuevavision.com.pe)
[200.60.36.128]
by mx0.gmx.net (mx079) with SMTP; 22 Aug 2008 13:36:25 +0200
Received: from localhost ([127.0.0.1] helo=mail.nuevavision.com.pe)
by nuevavision.com.pe with esmtp (Exim 4.63)
(envelope-from <info [at] garyadams.com>)
id 1KWUVy-0001pz-Mx; Fri, 22 Aug 2008 06:09:10 -0500
Received: from 83.138.172.72 (proxying for 41.220.75.3)
(SquirrelMail authenticated user sacuna)
by mail.nuevavision.com.pe with HTTP;
Fri, 22 Aug 2008 12:09:10 +0100 (BST)
Received: from linuxnv.nuevavision.com.pe (EHLO nuevavision.com.pe)
[200.60.36.128]
by mx0.gmx.net (mx048) with SMTP; 22 Aug 2008 13:36:24 +0200
Received: from localhost ([127.0.0.1] helo=mail.nuevavision.com.pe)
by nuevavision.com.pe with esmtp (Exim 4.63)
(envelope-from <info [at] garyadams.com>)
id 1KWUVy-0001pz-Mx; Fri, 22 Aug 2008 06:09:10 -0500
Received: from 83.138.172.72 (proxying for 41.220.75.3)
(SquirrelMail authenticated user sacuna)
by mail.nuevavision.com.pe with HTTP;
Fri, 22 Aug 2008 12:09:10 +0100 (BST)
Post hätte hier gerne:
garybarradams145 [at] live.com
- kjz
Und eine Domain gab's auch noch:
http://www.hoberg.co.cc/
Eine niederländische Stiftung mit engl. Namen gehostet beim obermerkbefreiten Hanaro in KR, nun ja....
Content liegt bei hoberg.freehostia.com und ist u.a. von bupafoundation.com und cafonline.org geklaut.
http://db.aa419.org/fakebanksview.php?key=29057
-> http://www.co.cc/prosecution/prosecution.php
-> http://www.freehostia.com/abuse.html
Hoberg Foundation
Hoogte Kadijk 179,
Netherlands.
(Open: Monday – Sunday: 8.30 a.m. – 6.30 p.m.)
Mail address: P.O. Box 2643 1000 CP
T/Fax: +31 (0) 20 621 4322
Ach ja, das war der Papa: http://vanhoverdfoundation.zzl.org (tot)
Mal eine etwas andere Masche.
Received: from impulsedjs.com (EHLO impulsedjs.com) [206.130.99.109] by mx0.gmx.net (mx034) with SMTP; 26 Aug 2008 04:38:34 +0200
Received: from User (75-3.vgccl.net [41.220.75.3] (may be forged)) (authenticated bits=0) by impulsedjs.com (8.13.1/8.13.1) with ESMTP id m7Q2ZHaC012971; Mon, 25 Aug 2008 20:35:24 -0600
Received: from impulsedjs.com (EHLO impulsedjs.com) [206.130.99.109] by mx0.gmx.net (mx034) with SMTP; 26 Aug 2008 04:38:34 +0200
Received: from User (75-3.vgccl.net [41.220.75.3] (may be forged)) (authenticated bits=0) by impulsedjs.com (8.13.1/8.13.1) with ESMTP id m7Q2ZHaC012971; Mon, 25 Aug 2008 20:35:24 -0600
Sieht zunächst wie Mortgage Leadz Spam aus:
Goodday Sir/Madam,
My names are Mrs. Carlson Nicole,I am a marketer with seven bell yard lenders.We
Offer Private, Commercial and Personal Loans with very Minimal annual Interest
Rates as Low as 0.5% within a 1year to 50 years repayment duration period to any
part of the world. We give out loans within the range of $5,000 to $100,000,000
USD. Our loan Services Rendered include:
*Refinance
*Home Improvement
*Inventor Loans
*Auto Loans
*Debt Consolidation
*Line of Credit
*Second Mortgage
*Business Loans
*Personal Loans
*International Loans
Our loans are well insured for maximum security is our priority, Are you losing
sleep at nights worrying how to get a Legit Loan Lender?Are you biting your
finger nails to the quick? Instead of beating yourself up, contact SEVEN BELL
YARD LENDERS ( Loan Services ) now, Loan specialists who help stop Bad Credit
History, to discover a win solution which is Our Mission.
We also render Collateral And Non- Collateral Loans For Your Business Start up,
If you are interested in this offer please kindly fill out the application
details below so that i can start the processing of your loan sum.
APPLICATION DETAILS
Full Name:..........................................
Contact Address:.............................
Phone:...................................................
Purpose of your loan.......................
Amount Needed as Loan:...............
Loan Duration:...................................
Annual Income:.................................
Occupation:........................................
Sex.............................
Date of Birth............................
Marital Status........................
In acknowledgement to these details, I will send you a well calculated Terms and
Condition which will include the agreement.
Furthermore be informed that you will also need a form of Identification which
can be either a Driver's Licence or your working Identity card.
Interested Persons should contact me through the following email address and
telephone number below which is;
Name;Barrister Paul John Lockett
Email; paul-lockett [at] 8u8.com
Direct Mobile: +44 703 194 2899 ---> Magrathea Telecommunications Limited, UK
Yours truly,
Mrs. Carlson Nicole
(PUBLICITY MANAGER)
Copyright © 2008 Seven Bell Yard Lenders.
Aaaber:
Abgekippt über impulsedjs.com (da hat die Maschine wohl den Hosenlatz offen) von 75-3.vgccl.net (absoluter Mugu-Provider in Nigeria).
Und dann wieder das Muguphon: +44 703 194 2899 ---> Magrathea Telecommunications Limited, UK
Ob Magrathea ausser Mugus überhaupt noch reguläre Kunden hat?
Also wieder Mugu-Vorschussbetrug.
Post also an: paul-lockett [at] 8u8.com
- kjz
Es geht weiter.
Abgekippt über Earthlink von Zombie in Kolumbien:
Received: from elasmtp-dupuy.atl.sa.earthlink.net (EHLO
elasmtp-dupuy.atl.sa.earthlink.net) [209.86.89.62] by mx0.gmx.net (mx018) with SMTP; 28 Aug 2008 07:07:00 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=earthlink.net;
b=hV9mRBn0Fcld+D4VbwjVAGrNrkoTO9VNtlWtkXUyP8BXSzPrtrlBpvBCZ5muH59E;
h=Message-ID:Date:From:Reply-To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.30] (helo=mswamui-chipeau.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <officenm8899000988 [at] earthlink.net>) id 1KYZMj-00051d-VT; Thu, 28 Aug 2008 00:44:14 -0400
Received: from 190.144.58.170 by webmail.earthlink.net with HTTP; Thu, 28 Aug 2008 00:43:48 -0400
Received: from elasmtp-dupuy.atl.sa.earthlink.net (EHLO
elasmtp-dupuy.atl.sa.earthlink.net) [209.86.89.62] by mx0.gmx.net (mx018) with SMTP; 28 Aug 2008 07:07:00 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=earthlink.net;
b=hV9mRBn0Fcld+D4VbwjVAGrNrkoTO9VNtlWtkXUyP8BXSzPrtrlBpvBCZ5muH59E;
h=Message-ID:Date:From:Reply-To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.30] (helo=mswamui-chipeau.atl.sa.earthlink.net) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <officenm8899000988 [at] earthlink.net>) id 1KYZMj-00051d-VT; Thu, 28 Aug 2008 00:44:14 -0400
Received: from 190.144.58.170 by webmail.earthlink.net with HTTP; Thu, 28 Aug 2008 00:43:48 -0400
Lebt Soludo immer noch?
CENTRAL BANK OF NIGERIA
TINUBU SQUARE VICTORIA
ISLAND LAGOS NIGERIA
[OFFICE OF THE GOVERNOR]
CONTRACT #: MAV/NNPC/FGN/MIN/009,
SWIFT CODE: BPH KPL PK ,
CENTRAL BANK NIGERIA
OUR REF: CBN/IRD/CBX/021/04
PRIVATE EMAIL;professor_charles [at] cooltoad.com
MAV/NNPC/FGN/MIN/008
IMMEDIATE CONTRACT CASH PAYMENT NOTIFICATION
professor_charles [at] cooltoad.com
Abgekippt über Spamadoo von chines. Proxy:
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx069) with SMTP; 29 Aug 2008 03:04:31 +0200
Received: from User (unknown [222.223.71.138]) by mwinf2128.orange.fr (SMTP Server) with ESMTP id 546461C00098; Fri, 29 Aug 2008 03:03:30 +0200 (CEST)
Received: from smtp21.orange.fr (EHLO smtp21.orange.fr) [80.12.242.46] by mx0.gmx.net (mx071) with SMTP; 29 Aug 2008 03:04:31 +0200
Received: from User (unknown [222.223.71.138]) by mwinf2128.orange.fr (SMTP Server) with ESMTP id 546461C00098; Fri, 29 Aug 2008 03:03:30 +0200 (CEST)
CENTRAL BANK OF NIGERIA
Tinubu Square, Lagos- Nigeria.
Our ref: Cbn/Ohg/Oxd1/2008
Your ref: ...............................
Telex: Cenbank.
Reference Number CBN/UNRC/XX1/08
CONTACT DETAILS:
CHAIRMAN OF THE COMMITTEE.
ALHAJI ALI MOHEMMED.
UNITED NATIONS RECONCILIATION COMMITTEE
WEST AFRICA ZONE ANNEX OFFICE IN ACCRA.
GHANA
EMAIL: admin [at] unrclearanceannex.com
admin [at] unrclearanceannex.com
- kjz
Anscheinend haben die Russkis die Adressen an die Mugus vertickert. Das kann ja Eiter werden....
Received: from unknown (EHLO spike.bangkokdns.com) [203.107.132.132] by mx0.gmx.net (mx091) with SMTP; 29 Aug 2008 18:15:22 +0200
Received: from unknown (EHLO spike.bangkokdns.com) [203.107.132.132] by mx0.gmx.net (mx054) with SMTP; 29 Aug 2008 18:15:34 +0200
Yours in the sincerely,
Louisa Wilson
N.B
PLEASE REPLY TO (louisawilson20 [at] gmail.com)
Wie war das noch:
louisawilson20 [at] gmail.com
wilsonlouisa30 [at] gmail.com
- kjz
Heute:
Received: from server21.joeswebhosting.net (EHLO
server21.joeswebhosting.net) [202.228.204.130] by mx0.gmx.net (mx061) with SMTP; 30 Aug 2008 12:28:02 +0200
Received: from server21.joeswebhosting.net (EHLO
server21.joeswebhosting.net) [202.228.204.130] by mx0.gmx.net (mx084) with SMTP; 30 Aug 2008 12:28:02 +0200
Mail an:
wilsonlouisa30 [at] gmail.com
louisawilson20 [at] gmail.com
- kjz
Hier war der Mugu selbst für den ganzen Text zu blöd. Oder Ratware nur geklauft?
Received: from starburst.dnsprotect.com (EHLO starburst.dnsprotect.com) [209.51.136.26] by mx0.gmx.net (mx002) with SMTP; 31 Aug 2008 04:59:45 +0200
Received: from starburst.dnsprotect.com (EHLO starburst.dnsprotect.com) [209.51.136.26] by mx0.gmx.net (mx043) with SMTP; 31 Aug 2008 04:59:45 +0200
FROM: MR. ZULU MOHAMMED
EXECUTIVE DIRECTOR
DOMICILLIARY ACCOUNTS DEPT.
UNION BANK OF NIGERIA PLC
APAPA BRANCH - LAGOS.
First, I have to introduce myself. My name is Mr.Zulu Mohammed, an
executive director with the union bank of Nigeria plc. I came to know
you in my private search for a reliable and reputable person to handle
this confidential transaction which involves the transfer of a huge sum
of money to foreign bank account.
The proposal is this - An American, CARL J. HACKSON, an Oil Merchant /
Contractors with the Federal Government of Nigeria, died of an
undisclosed illness five years ago. Before his death, he was one of our
most valuable comtomer.
He left a balance of USD$10,233,000.00 (Ten Million, Two Hundred and
Thirty three thousand Dollars only). This said sum of money can only be
claimed by Mr. Hackson's wife, children or Next of Kin. Efforts made by
the Bank to get in touch with any member of his family have proved
abortive. Mr. Hackson left no WILL nor Instructions and there is no
trace that he had wife and kids, so his money remains in the vault of
our bank.
For three years, I have personally monitored this account and now feel
that this is the time to move the whole fund into the foreign bank
account. Therefore, I and my trusted colleagues now seek your permission
to have you stand as next of kin to Late Carl J. Hackson so that the
funds (USD$10,233,000.00) be paid into your account as next of kin.
Be assured that all documents and proves to enable you get this fund
will carefully worked out and I guarantee you a risk free involvement.
You will get a negotiable percentage of the total sum for your
assistance. We shall map out a percentage of this money to take care of
minor expenses that could arise in the cause of this transaction.
Please note, that I and my colleagues would resigned our positions
quietly in the bank if this transaction is successful. We put all our
hope and the success of this transaction in you, I hope you will not
take undue advantage of us.
If you are interested in this proposal, get back to me through my email
address. Furthermore, you must include your personal information,
Mail hätte gerne:
zulumohammed1 [at] hotmail.com
- kjz
Diesmal der NL Mugu aus NG:
Eingeworfen von 80.255.59.246 (ViennaTech, trotz des Namens ein Satellitenanbieter aus NG) über Bezequint in IL.
Received: from sa4.bezeqint.net (EHLO sa4.bezeqint.net) [192.115.104.18]
by mx0.gmx.net (mx003) with SMTP; 02 Sep 2008 04:40:46 +0200
Received: from localhost (sa4 [127.0.0.1])
by sa4.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP id
CA9D33002F;
Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
X-Virus-Scanned: amavisd-new at bezeqint.net
Received: from sa4.bezeqint.net ([127.0.0.1])
by localhost (sa4.bezeqint.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id u4kDUlqMjEiy; Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
Received: from mas26.bezeqint.net (mas26.bezeqint.net [192.115.104.156])
by sa4.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP;
Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
Received: (from mas26.bezeqint.net [80.255.59.246])
by mas26.bezeqint.net (MOS 3.8.6-GA)
with HTTP/1.1 id EWX17555 (AUTH ronit111);
Tue, 2 Sep 2008 05:34:18 +0300 (IDT)
Received: from sa4.bezeqint.net (EHLO sa4.bezeqint.net) [192.115.104.18]
by mx0.gmx.net (mx002) with SMTP; 02 Sep 2008 04:40:50 +0200
Received: from localhost (sa4 [127.0.0.1])
by sa4.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP id
CA9D33002F;
Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
X-Virus-Scanned: amavisd-new at bezeqint.net
Received: from sa4.bezeqint.net ([127.0.0.1])
by localhost (sa4.bezeqint.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id u4kDUlqMjEiy; Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
Received: from mas26.bezeqint.net (mas26.bezeqint.net [192.115.104.156])
by sa4.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP;
Tue, 2 Sep 2008 05:30:14 +0300 (IDT)
Received: (from mas26.bezeqint.net [80.255.59.246])
by mas26.bezeqint.net (MOS 3.8.6-GA)
with HTTP/1.1 id EWX17555 (AUTH ronit111);
Tue, 2 Sep 2008 05:34:18 +0300 (IDT)
Das übliche Lotteriemärchen aus NL. Muguphone und -fax:
Tel:0031-626-415-837 ---> Telfort B.V., NL
Fax:0031-847-375-060 ---> Jump B.V., NL
Mit Jump und Telfort haben wir mal wieder so 2 Rogue Companies aus den NL. Aus meiner Sicht nur Mugus als Kunden und beide bei RFC-Ignorant wegen disfunktionaler Abuse-Adressen gelistet.
Post bitte an:
agent_densmore001 [at] yahoo.com.hk
- kjz
Mal wieder der 'doppelte Mugu':
Abgekippt über webmail.internet.gr von dial-pool8.ph.starcomms.net (Mugu-Provider in Nigeria).
Received: from qmail7.internet.gr (EHLO qmail7.internet.gr) [62.1.1.44] by mx0.gmx.net (mx020) with SMTP; 07 Sep 2008 11:10:51 +0200
Received: (qmail 6936 invoked from network); 7 Sep 2008 09:09:00 -0000
Received: by simscan 1.0.8 ppid: 6930, pid: 6932, t: 0.0825s
scanners: clamav: 0.93/m:
Received: from unknown (HELO webmail.internet.gr) ([62.1.1.41])
(envelope-sender <info [at] foundation.net>) by 0 (qmail-ldap-1.03) with SMTP for <john [at] a32.net>; 7 Sep 2008 09:09:00 -0000
Received: from 212.100.250.230 (proxying for 41.205.165.167) (SquirrelMail authenticated user katsabas) by webmail.internet.gr with HTTP; Sun, 7 Sep 2008 12:09:00 +0300 (EEST)
Received: from qmail7.internet.gr (EHLO qmail7.internet.gr) [62.1.1.44] by mx0.gmx.net (mx074) with SMTP; 07 Sep 2008 11:10:51 +0200
Received: (qmail 6936 invoked from network); 7 Sep 2008 09:09:00 -0000
Received: by simscan 1.0.8 ppid: 6930, pid: 6932, t: 0.0825s
scanners: clamav: 0.93/m:
Received: from unknown (HELO webmail.internet.gr) ([62.1.1.41])
(envelope-sender <info [at] foundation.net>) by 0 (qmail-ldap-1.03) with SMTP for <john [at] a32.net>; 7 Sep 2008 09:09:00 -0000
Received: from 212.100.250.230 (proxying for 41.205.165.167) (SquirrelMail authenticated user katsabas) by webmail.internet.gr with HTTP; Sun, 7 Sep 2008 12:09:00 +0300 (EEST)
Fondazion Di Vittorio, ITALY
http://www.fondazionedivittorio.it
NOTIFICATION FOR CASH AID
This is to acknowledge the receipt of the requested data and
theconfirmation of your reliability in this universal programme.
Do note that I have forwarded the produced data, to the head office of
the Vittorio Foundation (ITALY) and the ECOWAS head office (Organisation
assigned to handle your payment) in NIGERIA. Included in this letter is
your donation pin number to be used when claiming your donation. Your
donation pin number is "21556770665477". This number should be kept
strictly confidential by you, as you will use it in receiving your
donation.
You are to immediately contact the Payment officer in the ECOWAS office
in Abuja, Nigeria for claim of your donation. Please do contact the
officer in the below information.
CONTACT INFOS.
MR. ALFRED UDEH
COUNSELLOR, ECOWAS HEAD OFFICE ABUJA.
PLOT 4, BLOCK 23,GARKI, ABUJA.NIGERIA
E-MAIL:ecowascounsellor109 [at] hotmail.com
PHONE NUMBER: +2347033356828
Do note that your contact with MR. ALFRED UDEH, you are to provide
him with your full name,full address,phone number,sex,age,occupation,
and your country This will enable the ECOWAS office prepare a cheque
valued US$850,000.00 and all necessary documents required to clear/cash
the check in your name.
Please contact MR. ALFRED UDEH immediately. Thank you for your
cooperation in this matter.
Signed,
Fondazione Presidente
Mr. Carlo Ghezzi.
Post bitte an:
ecowascounsellor109 [at] hotmail.com
- kjz
Auch hier:
Received: from mail09.syd.optusnet.com.au (EHLO
mail09.syd.optusnet.com.au) [211.29.132.190] by mx0.gmx.net (mx082) with SMTP; 10 Sep 2008 19:27:41 +0200
Received: from User (c220-237-70-71.ipswc2.qld.optusnet.com.au
[220.237.70.71]) (authenticated sender nomatterwhat [at] optusnet.com.au) by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id m8AHOwLN008007; Thu, 11 Sep 2008 03:25:16 +1000
Received: from mail09.syd.optusnet.com.au (EHLO
mail09.syd.optusnet.com.au) [211.29.132.190] by mx0.gmx.net (mx082) with SMTP; 10 Sep 2008 19:27:41 +0200
Received: from User (c220-237-70-71.ipswc2.qld.optusnet.com.au
[220.237.70.71]) (authenticated sender nomatterwhat [at] optusnet.com.au) by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id 8AHOwLN008007; Thu, 11 Sep 2008 03:25:16 +1000
Payment/Notification
UNITED NATIONS ORGANIZATION IN CONJUNCTION WITH THE INTERNATIONAL
MONETARY FUND WORLD BANK FACT-FINDING & SPECIAL DUTIES OFFICE Office of
The Director Special duties.Cotonou,Republic of Benin
PLEASE REPLY TO MY PRIVATE BOX Email: mooregorge7 [at] gmail.com
Special duties reference
UNO/WBF LM-05-371
ORDERING CONTRACTOR:
UNO/WBF ? SG
DIPLOMATIC BOX 55KG
To the Beneficiary,
The World Bank Group, Fact Finding & Special Duties office I conjunction
with the United Nations Organization, has received part of your pending
payment with reference number (LM-05-371) amounting to
($15.5million(Fifteen million five hundred thousand USA Dollars) out of
your contractual/inheritance funds from our ordering contractor Bank
quoting reference to UNO/WBF LM-05-371, the said payment is been
arranged in a Security-proof trunk box weighing 75kg padded with
synthetic nylon.According to information gathered from the bank's
security computer we were notified that you have waited for so long to
receive this payment without success, we also confirmed that you have
not met all statutory requirements in respect of your pending payment.
You are therefore advised to contact our Payment Clearance Department to
obtain necessary information to the Security courier service company
that is specialized in sending diplomatic materials and information from
one country to another,w!
hich also has diplomatic immunity
This office has met with this Security courier service and concluded
shipping arrangement with them, therefore shipment will commence as soon
as we have your go ahead order, the diplomat who will be bringing in
this Consignment trunk (Box) to you is an expert and has been in this
line of work for so many years now, so you have noting to worry about.
After all arrangements we have concluded ! that you must donate (Five
Hundred Thousand United States Dollars) to a charity organization we
designate to you as soon as you receive your inheritance fund. To this
effect,in your response you should send to us a promissory note
promising to donate the stated amount and also with your address where
you will like the consignment trunk Box to be delivered to.
Please maintain topmost secrecy as it may cause a lot of problems if
found out that we are using this media to help you. Therefore you are
advised not to inform anyone about this until you received your
consignment box.
The above requirement qualifies you for final remittance process of the
received sum.
The below information would be needed for proper filing and to enable
safe delivery.
Full Name
Address
Occupation
Nationality
Mobile/phone number
Fax
Age
Sex
Please confirm message granted with "GO AHEAD ORDER"on MY PRIVATE BOX
Email; mooregorge7 [at] gmail.com
Congratulations.
Yours Faithfully
Father Gorge.Moore
Director, Special Duties UNO/WBF.
Post geht an: mooregorge7 [at] gmail.com
Was aber auch wieder ein Indiz dafür ist, dass Botnetze zusammen mit den Adressdatenbanken vermietet werden. Welchen (und teilweise auch wieviel) Spam man erhält, hängt also teilweise davon ab, welchem Herder die eigene Adresse in die schmierigen Griffel gefallen ist.
- kjz
Heute:
Received: from sa10.bezeqint.net (EHLO sa10.bezeqint.net) [192.115.104.24]
by mx0.gmx.net (mx052) with SMTP; 13 Sep 2008 11:57:23 +0200
Received: from localhost (localhost.localdomain [127.0.0.1])
by sa10.bezeqint.net (Bezeq International SMTP out Mail Server) with
ESMTP id 1133F125EC0;
Sat, 13 Sep 2008 12:55:34 +0300 (IDT)
Received: from sa10.bezeqint.net ([127.0.0.1])
by localhost (sa10.bezeqint.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 12418-05; Sat, 13 Sep 2008 12:55:31 +0300 (IDT)
Received: from mas26.bezeqint.net (mas26.bezeqint.net [192.115.104.156])
by sa10.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP;
Sat, 13 Sep 2008 12:55:21 +0300 (IDT)
Received: (from mas26.bezeqint.net [80.255.59.245])
by mas26.bezeqint.net (MOS 3.8.6-GA)
with HTTP/1.1 id EZI46847 (AUTH nimrod);
Sat, 13 Sep 2008 12:49:08 +0300 (IDT)
Received: from sa10.bezeqint.net (EHLO sa10.bezeqint.net) [192.115.104.24]
by mx0.gmx.net (mx110) with SMTP; 13 Sep 2008 11:57:23 +0200
Received: from localhost (localhost.localdomain [127.0.0.1])
by sa10.bezeqint.net (Bezeq International SMTP out Mail Server) with
ESMTP id 1133F125EC0;
Sat, 13 Sep 2008 12:55:34 +0300 (IDT)
Received: from sa10.bezeqint.net ([127.0.0.1])
by localhost (sa10.bezeqint.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 12418-05; Sat, 13 Sep 2008 12:55:31 +0300 (IDT)
Received: from mas26.bezeqint.net (mas26.bezeqint.net [192.115.104.156])
by sa10.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP;
Sat, 13 Sep 2008 12:55:21 +0300 (IDT)
Received: (from mas26.bezeqint.net [80.255.59.245])
by mas26.bezeqint.net (MOS 3.8.6-GA)
with HTTP/1.1 id EZI46847 (AUTH nimrod);
Sat, 13 Sep 2008 12:49:08 +0300 (IDT)
MR. Densmore Stewart
Tel:0031-626-415-837 ---> Telfort B.V., NL
Fax:0031-847-375-060 ---> Jump B.V., NL
EMAIL: agent_densmore122 [at] yahoo.com.hk
Post also an: agent_densmore122 [at] yahoo.com.hk
Somit abgekippt über Bezeqint (von diesem israel. Provider habe ich bisher absolut nur Spam erhalten, scheint hochgradig durchseucht zu sein) von VIENNA TECHNOLOGIES LTD. frisch aus Nigeria.
Und Telfort und Jump in den Niederlanden scheinen auch so 'Mugu only' Firmen zu sein. Das aber auch viele Geschäftsleute sich ihre Griffel gerne mit Banditen dreckig machen, sobald nur ein paar Cents herausspringen... Oder hat man seine Dienste nicht abgesichert, so dass die Scheunentore zum Missbrauch offenstehen? Das wäre heutzutage dann schon 'vorsätzlich grob fahrlässig'.
- kjz
Ein kurzer Blick in die Statistik (man sieht, der Mugu nutzt offene Squirrel-Mail Zugänge aus):
Oktober 2007(!):
Received: from 41.220.75.3 (SquirrelMail authenticated user phlame) by 84.95.249.10 with HTTP; Tue, 23 Oct 2007 21:28:14 +0200 (IST)
---> 75-3.vgccl.net, Nigeria
August 2008:
Received: from 41.220.75.3 (SquirrelMail authenticated user acfsl [at] sierratel.sl) by webmail.sierratel.sl with HTTP; Sat, 9 Aug 2008 19:59:37 -0000 (GMT)
---> 75-3.vgccl.net
September 2008:
Received: from 75-3.vgccl.net (75-3.vgccl.net [41.220.75.3]) by webmail.kyani.net (Horde MIME library) with HTTP; Sun, 14 Sep 2008 03:42:17 -0500
September 2008:
Received: from 212.100.250.218 (proxying for 41.220.75.3) (SquirrelMail authenticated user kanate) by webmail.wic.co.th with HTTP; Sun, 21 Sep 2008 01:51:59 +0700 (ICT)
---> 75-3.vgccl.net, Nigeria
Soviel zu dem Märchen, die nigerian. Regierung unternähme angeblich was gegen die Mugus....
- kjz
Und mal wieder der Mugu:
Received: from smtp04.osg.ufl.edu (EHLO smtp.ufl.edu) [128.227.74.71] by mx0.gmx.net (mx050) with SMTP; 21 Sep 2008 05:26:33 +0200
Received: from osgjas02.cns.ufl.edu (osgjas02.cns.ufl.edu [128.227.74.132]) by smtp.ufl.edu (8.14.0/8.14.0/3.0.0) with ESMTP id m8L3NEiO011954; Sat, 20 Sep 2008 23:23:14 -0400
X-Originating-IP: 41.220.75.3 [41.220.75.3] ---> 75-3.vgccl.net
Post hätte gerne:
rev.norlanisaac [at] live.com
claimsagent [at] blpclaimsoffice.com
Und natürlich wieder die Magrathea Phone Dropbox.
Tel: +44-703-191-3584 ---> Magrathea Telecommunications Limited, UK
- kjz
Der Mugu schlägt wieder doppelt zu:
Received: from mout0.freenet.de (EHLO mout0.freenet.de) [195.4.92.90] by mx0.gmx.net (mx041) with SMTP; 24 Sep 2008 03:13:32 +0200
Received: from [195.4.92.20] (helo=10.mx.freenet.de) by mout0.freenet.de with esmtpa (ID ritawilliamsmrs031 [at] freenet.de) (port 25)
(Exim 4.69 #65) id 1KiIwV-0007Eo-VU; Wed, 24 Sep 2008 03:13:23 +0200
Received: from [41.204.236.144] (port=10922 helo=User) by 10.mx.freenet.de with esmtpa (ID ritawilliamsmrs031 [at] freenet.de) (port 25)
(Exim 4.69 #65) id 1KiIwU-0005wE-N5; Wed, 24 Sep 2008 03:13:23 +0200
Received: from mout3.freenet.de (EHLO mout3.freenet.de) [195.4.92.93] by mx0.gmx.net (mx043) with SMTP; 24 Sep 2008 03:13:27 +0200
Received: from [195.4.92.14] (helo=4.mx.freenet.de) by mout3.freenet.de with esmtpa (ID senatecommitteeondebt [at] freenet.de) (port 25)
(Exim 4.69 #65) id 1KiIwY-0000A0-HH; Wed, 24 Sep 2008 03:13:26 +0200
Received: from [41.204.236.144] (port=10923 helo=User) by 4.mx.freenet.de with esmtpa (ID senatecommitteeondebt [at] freenet.de) (port 25)
(Exim 4.69 #65) id 1KiIwW-0007Dh-QS; Wed, 24 Sep 2008 03:13:26 +0200
Abgekübelt über Freenet von DIRECTONPC-VSAT-ISP-NETBLK, Nigeria.
Bitte Post an:
citiinfo [at] rocketmail.com
citibdic [at] hotmail.com
- kjz
Der 'doppelte Mugu' erneut:
Received: from mail.lluga.net (EHLO mail.lluga.net) [194.146.132.5]
by mx0.gmx.net (mx050) with SMTP; 29 Sep 2008 01:04:05 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk; d=fbi.org;
h=Received:Reply-To:From:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE;
b=Ia/m2LM80NzpCeG+c5QxphKTLBMKeZi2TwrnBPR8g2uJ3l91XEaDZFU8RpMcUXASCHT4nAVR0ud9aHqZxEf cs3pH52KbrYfLexQ/WAHPVGiPdVhfyfYv1QtQOck96eDz;
Received: from [88.191.93.119] (helo=User) ---> sd-15832.dedibox.fr
by mail.lluga.net with esmtpa (Exim 4.69)
(envelope-from <robertmuller111 [at] fbi.org>)
id 1Kk5IV-0006Oz-II; Mon, 29 Sep 2008 02:03:31 +0300
Received: from mail.lluga.net (EHLO mail.lluga.net) [194.146.132.5]
by mx0.gmx.net (mx050) with SMTP; 29 Sep 2008 01:04:05 +0200
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk; d=fbi.org;
h=Received:Reply-To:From:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE;
b=Ia/m2LM80NzpCeG+c5QxphKTLBMKeZi2TwrnBPR8g2uJ3l91XEaDZFU8RpMcUXASCHT4nAVR0ud9aHqZxEf cs3pH52KbrYfLexQ/WAHPVGiPdVhfyfYv1QtQOck96eDz;
Received: from [88.191.93.119] (helo=User)
by mail.lluga.net with esmtpa (Exim 4.69)
(envelope-from <robertmuller111 [at] fbi.org>)
id 1Kk5IV-0006Oz-II; Mon, 29 Sep 2008 02:03:31 +0300
das Märchen vom FBI....
Post hätte gerne: robertmuler.111 [at] gmail.com
- kjz
Und wieder der Mugu:
Received: from mail.rose.net (HELO frontend02.rose.net) [64.39.128.19] by mx0.gmx.net (mx021) with SMTP; 04 Oct 2008 03:13:22 +0200
Received: (qmail 2053 invoked from network); 3 Oct 2008 20:10:38 -0000
Received: from unknown (HELO mail.rose.net)
(bssmith [at] moultriega.net@127.0.0.1) by frontend02.rose.net with SMTP; Fri, 03 Oct 2008 16:10:38 -0400
Received: from 41.220.75.3 (SquirrelMail authenticated user bssmith [at] moultriega.net) by mail.rose.net with HTTP; Fri, 3 Oct 2008 16:10:38 -0400 (EDT)
Received: from mail.rose.net (HELO frontend02.rose.net) [64.39.128.19] by mx0.gmx.net (mx002) with SMTP; 04 Oct 2008 03:13:24 +0200
Received: (qmail 2053 invoked from network); 3 Oct 2008 20:10:38 -0000
Received: from unknown (HELO mail.rose.net)
(bssmith [at] moultriega.net@127.0.0.1) by frontend02.rose.net with SMTP; Fri, 03 Oct 2008 16:10:38 -0400
Received: from 41.220.75.3 (SquirrelMail authenticated user bssmith [at] moultriega.net) by mail.rose.net with HTTP; Fri, 3 Oct 2008 16:10:38 -0400 (EDT)
Man achte mal auf die IP: 41.220.75.3 ---> 75-3.vgccl.net, Nigeria
Also bereits seit Wochen 41.220.75.3, man darf wohl mit Fug und Recht behaupten, dass hier der 'Provider' selbstverständlich mit den Mugus gemeinsame Sache macht.
Ach ja, Post hätte gerne:
alexander.flockhart804 [at] yahoo.com.hk
- kjz
Wieder mal mein 'Lieblings-Mugu':
Received: from 115480-app1.kyani.net (115480-app1.kyani.net [72.32.209.73])
by xxxx.xxxxx) with ESMTP id CA755780048E
for <xxxx [at] xxxx>; Mon, 6 Oct 2008 02:50:25 +0200 (CEST)
Received: by 115480-app1.kyani.net (Postfix, from userid 48)
id E5BA851A7F; Thu, 2 Oct 2008 12:26:58 -0500 (CDT)
Received: from 75-3.vgccl.net (75-3.vgccl.net [41.220.75.3]) by
webmail.kyani.net (Horde MIME library) with HTTP; Thu, 2 Oct 2008 12:26:55 -0500
Wie man sieht, mal wieder von 75-3.vgccl.net, dem Komplizen-Provider der Mugus.
Post hätte der Mugu gerne an: fedexdelivery_20 [at] yahoo.com.hk
Mugu-Phon: +234-807-702-6688 (ein Handy in Nigeria)
- kjz
Und noch einmal derselbe Mugu:
Received: from mail.anhoes.tpc.edu.tw (mail.anhoes.tpc.edu.tw
[163.20.141.3]) by xxxx.xxxx (Postfix) with ESMTP id 5FB497866310
for <xxxx [at] xxxx>; Fri, 10 Oct 2008 09:13:47 +0200 (CEST)
Received: from mail.anhoes.tpc.edu.tw (localhost [127.0.0.1])
by mail.anhoes.tpc.edu.tw (Postfix) with ESMTP id 36FB5926CC;
Fri, 10 Oct 2008 14:50:19 +0800 (CST)
Received: from mail.anhoes.tpc.edu.tw (localhost [127.0.0.1])
by mail.anhoes.tpc.edu.tw (Postfix) with ESMTP id 711B2925D8;
Fri, 10 Oct 2008 14:50:18 +0800 (CST)
X-OriginatingIP: 41.220.75.3 (tonyny6699) ---> 75-3.vgccl.net
Also wieder mal die 75-3.vgccl.net.
Post an: totalmicrofinanceloanfirm_1 [at] yahoo.com.hk
Wann wird Yahoo endlich mal schlauer und blockt die IP 41.220.75.3 direkt auf ihren Routern? Ist wahrscheinlich nur geträumt und zuviel verlangt....
- kjz
Derselbe Mugu zum Dritten:
Received: from webmail.napomichigan.com (EHLO isatonline.com)
[216.122.145.94] by mx0.gmx.net (mx099) with SMTP; 09 Oct 2008 19:13:51 +0200
Received: from 75-3.vgccl.net [41.220.75.3] by isatonline.com with SMTP;
Thu, 9 Oct 2008 13:13:29 -0400
Also wieder mal 75-3.vgccl.net, womit sich bestätigt, dass 41.220.75.3 für jede gut gepflegte Blocklist ein Muss ist.
Post an: josh.martins [at] hydroghana.com
martinsjosh [at] gmail.com
- kjz
Wie man jetzt wohl deutlich sieht, ist der Provider in NG fest in den Händen der kriminellen Mugus:
Received: from claim.goldrush.com (goldrush.com [206.171.171.1] (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx.xxxxx (Postfix) with ESMTP id 2D2837897423 for <xxxxx [at] xxxxx.xxxx>; Sat, 8 Nov 2008 19:58:27 +0100 (CET)
Received: from goldrush.com (claim.goldrush.com [127.0.0.1]) by claim.goldrush.com (8.12.8p1/8.12.9) with ESMTP id mA8CahcC054150;
Sat, 8 Nov 2008 04:36:43 -0800 (PST) (envelope-from alexander [at] hangsengbank.com)
X-OriginatingIP: 41.220.75.3 (denysalcorn) ---> 75-3.vgccl.net, Nigeria
Also dieselbe Mugu-Maschine nach Monaten immer noch am Netz, das sagt wohl alles.... Und die Masche hatten wir am 4. 10. schon einmal...
Post hätte gerne: alexandre_flocker1102 [at] yahoo.com.hk
- kjz
Und wieder der 'Lieblingsmugu':
Received: from ms2.kntech.com.tw (ms2.kntech.com.tw [219.87.68.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxxx.xxxxx (Postfix) with ESMTP id D35187831F1E for <xxxxxx [at] xxxxxx.xxxx>; Sun, 9 Nov 2008 04:06:32 +0100 (CET)
Received: from e108f (75-3.vgccl.net [41.220.75.3] (may be forged) authenticated bits=0) by ms2.kntech.com.tw (8.13.8/8.13.8) with ESMTP id mA91mB0p017856; Sun, 9 Nov 2008 09:48:19 +0800
Man beachte: 41.220.75.3 ---> 75-3.vgccl.net, Nigeria
Post hätte gerne:
larisa.sos [at] live.com
assistlarisa [at] mymail.com
- kjz
Und wieder ein paar Dubletten:
Received: from um.acceleratedconnections.com (EHLO newmail.dsl4u.ca) [63.250.111.21] by mx0.gmx.net (mx104) with SMTP; 11 Nov 2008 23:10:05 +0100
Received: from homeliferomano.com (unknown [206.108.180.94]) by newmail.dsl4u.ca (Postfix) with ESMTP id 8F3074FD08D; Tue, 11 Nov 2008 17:10:02 -0500 (EST)
Received: from User ([196.3.183.72]) by homeliferomano.com with Microsoft
SMTPSVC(6.0.3790.3959); Tue, 11 Nov 2008 17:09:03 -0500
Received: from newmail.dsl4u.ca (EHLO newmail.dsl4u.ca) [63.250.111.21] by mx0.gmx.net (mx059) with SMTP; 11 Nov 2008 23:10:09 +0100
Received: from homeliferomano.com (unknown [206.108.180.94]) by newmail.dsl4u.ca (Postfix) with ESMTP id 4101F4FD0A1; Tue, 11 Nov 2008 17:10:03 -0500 (EST)
Received: from User ([196.3.183.72]) by homeliferomano.com with Microsoft
SMTPSVC(6.0.3790.3959); Tue, 11 Nov 2008 17:09:03 -0500
Post an:
upscourier1 [at] post.ro
Received: from shahab.ut.ac.ir (EHLO shahab.ut.ac.ir) [80.66.177.182]
by mx0.gmx.net (mx116) with SMTP; 12 Nov 2008 05:07:53 +0100
Received: from localhost (localhost.localdomain [127.0.0.1])
by shahab.ut.ac.ir (Postfix) with ESMTP id 08FAB261CB;
Wed, 12 Nov 2008 07:35:39 +0330 (IRST)
X-Virus-Scanned: Debian amavisd-new at ece.ut.ac.ir
Received: from shahab.ut.ac.ir ([127.0.0.1])
by localhost (shahab.ut.ac.ir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zzOuKartujeG; Wed, 12 Nov 2008 07:35:38 +0330 (IRST)
Received: from shahab.ut.ac.ir (localhost.localdomain [127.0.0.1])
by shahab.ut.ac.ir (Postfix) with ESMTP id C5E08261BD;
Wed, 12 Nov 2008 07:35:31 +0330 (IRST)
Received: from 41.219.245.236
(SquirrelMail authenticated user h.homayouni)
by shahab.ut.ac.ir with HTTP;
Wed, 12 Nov 2008 07:35:32 +0330 (IRST)
Received: from shahab.ut.ac.ir (EHLO shahab.ut.ac.ir) [80.66.177.182]
by mx0.gmx.net (mx089) with SMTP; 12 Nov 2008 05:07:08 +0100
Received: from localhost (localhost.localdomain [127.0.0.1])
by shahab.ut.ac.ir (Postfix) with ESMTP id AA36E261C8;
Wed, 12 Nov 2008 07:35:36 +0330 (IRST)
X-Virus-Scanned: Debian amavisd-new at ece.ut.ac.ir
Received: from shahab.ut.ac.ir ([127.0.0.1])
by localhost (shahab.ut.ac.ir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3Tpcr5RJQ4MO; Wed, 12 Nov 2008 07:35:36 +0330 (IRST)
Received: from shahab.ut.ac.ir (localhost.localdomain [127.0.0.1])
by shahab.ut.ac.ir (Postfix) with ESMTP id C5E08261BD;
Wed, 12 Nov 2008 07:35:31 +0330 (IRST)
Received: from 41.219.245.236
(SquirrelMail authenticated user h.homayouni)
by shahab.ut.ac.ir with HTTP;
Wed, 12 Nov 2008 07:35:32 +0330 (IRST)
Post hätte hier gerne: xygt075 [at] gmail.com
- kjz
Und der Dauer-Mugu:
Received: from 195-23-27-44.net.novis.pt (EHLO zonesoft.org) [195.23.27.44]
by mx0.gmx.net (mx082) with SMTP; 12 Nov 2008 14:20:07 +0100
Received: from User ([41.220.75.3])
by zonesoft.org (IceWarp 9.1.0) with ASMTP id SYG18704;
Wed, 12 Nov 2008 13:20:04 -0000
Man beachte: 41.220.75.3 ---> 75-3.vgccl.net
Die Domain ist auch interessant: http://vgccl.net
Domain Removed For Spam
Machen die Mugus in NG jetzt also schon ihre eigenen ISPs auf? Genug Geld von 'abgezogenen' Opfern haben sie dafür ja. :sick:
Ach ja, Post an: philip_essex [at] hotmail.com
Das Muguphone stellt 'freundlicherweise zur Verfügung:
Telphone: +44-701-112-0985 ---> PNC Telecom Services Limited, UK
- kjz
Machen die Mugus in NG jetzt also schon ihre eigenen ISPs auf?
http://www.iipanel.net scheint auch so ein Kandidat zu sein.
http://www.iipanel.net scheint auch so ein Kandidat zu sein.
Ja, enom bürgt für 'Qualität'.....
Ansonsten mal wieder ein paar Dubletten:
Received: from memphis.dnsdc2.com (EHLO memphis.dnsdc2.com)
[206.221.179.190]
by mx0.gmx.net (mx090) with SMTP; 11 Nov 2008 16:30:49 +0100
Received: from nobody by memphis.dnsdc2.com with local (Exim 4.69)
(envelope-from <nobody [at] memphis.dnsdc2.com>)
id 1KzvCU-0003TY-Hk
for xxxxxx [at] xxxx; Tue, 11 Nov 2008 10:30:42 -0500
Received: from memphis.dnsdc2.com (EHLO memphis.dnsdc2.com)
[206.221.179.190]
by mx0.gmx.net (mx099) with SMTP; 11 Nov 2008 16:30:49 +0100
Received: from nobody by memphis.dnsdc2.com with local (Exim 4.69)
(envelope-from <nobody [at] memphis.dnsdc2.com>)
id 1KzvCU-0003TR-FC
for xxxxxx [at] xxxxxx; Tue, 11 Nov 2008 10:30:42 -0500
Post an: missjoy.ambula2 [at] live.com
Received: from iberweb-4a.servidorpt.com (EHLO
iberweb-4a.servidorpt.com) [77.91.200.170]
by mx0.gmx.net (mx056) with SMTP; 11 Nov 2008 20:26:33 +0100
Received: from nobody by iberweb-4a.servidorpt.com with local (Exim 4.69)
(envelope-from <nobody [at] iberweb-4a.servidorpt.com>)
id 1KzysZ-00065b-L6
for xxxxx [at] xxxxxx; Tue, 11 Nov 2008 19:26:23 +0000
Received: from iberweb-4a.servidorpt.com (EHLO
iberweb-4a.servidorpt.com) [77.91.200.170]
by mx0.gmx.net (mx087) with SMTP; 11 Nov 2008 20:26:34 +0100
Received: from nobody by iberweb-4a.servidorpt.com with local (Exim 4.69)
(envelope-from <nobody [at] iberweb-4a.servidorpt.com>)
id 1KzysZ-00065g-Oz
for xxxxx [at] xxxxxxxxx; Tue, 11 Nov 2008 19:26:23 +0000
Post an: drdesmondloan [at] googlemail.com
- kjz
Und wieder der Doppel-Mugu:
Received: from shared6.no-wires.co.uk (EHLO shared6.no-wires.co.uk)
[93.189.104.250] by mx0.gmx.net (mx075) with SMTP; 12 Nov 2008 20:46:22 +0100
Received: (qmail 25460 invoked from network); 12 Nov 2008 19:45:34 +0000
Received: from unknown (HELO User) (82.128.27.43) by 93.189.104.52 with SMTP; 12 Nov 2008 19:45:25 +0000
Received: from shared6.no-wires.co.uk (EHLO shared6.no-wires.co.uk)
[93.189.104.250] by mx0.gmx.net (mx073) with SMTP; 12 Nov 2008 20:46:22 +0100
Received: (qmail 25460 invoked from network); 12 Nov 2008 19:45:34 +0000
Received: from unknown (HELO User) (82.128.27.43) by 93.189.104.52 with SMTP; 12 Nov 2008 19:45:25 +0000
Post hätte gerne:
fiduciarycoperatepersonel [at] hotmail.co.uk
mhanson_002 [at] yahoo.com
Und das Muguphone gibt es mit freundlicher Unterstützung von Magrathea, ihrer Mugu-Company in UK.
Tel: +44-702-403-5687 ---> Magrathea Telecommunications Limited, UK
- kjz
Wieder mal der doppelte Mugu:
Received: from shared-1.esy.nforce.nl (EHLO shared-1.esy.nforce.nl)
[85.17.40.221] by mx0.gmx.net (mx076) with SMTP; 14 Nov 2008 08:13:43 +0100
Received: (qmail 5567 invoked from network); 13 Nov 2008 19:22:39 +0100
Received: from unknown (HELO User) (41.223.251.88) by shared-1.esy.nforce.nl with SMTP; 13 Nov 2008 19:22:38 +0100
Received: from shared-1.esy.nforce.nl (EHLO shared-1.esy.nforce.nl)
[85.17.40.221] by mx0.gmx.net (mx110) with SMTP; 14 Nov 2008 08:13:43 +0100
Received: (qmail 5567 invoked from network); 13 Nov 2008 19:22:39 +0100
Received: from unknown (HELO User) (41.223.251.88) by shared-1.esy.nforce.nl with SMTP; 13 Nov 2008 19:22:38 +0100
41.223.251.88 ---> Omnium des Telecommunications et de l'Internet Benin
Post hätte hier gerne:
derickbamako [at] yahoo.com
mooregorge8 [at] gmail.com
- kjz
Mal wieder einen Mugu aus der Mugu-Hochburg Madrid in Spanien an der Backe, der augenscheinlich die Adresse aus dem Usenet abgeerntet hat:
Received: from hosting6.ticinocom.com (hosting6.ticinocom.com
[195.190.166.33]) by spammotel.com (Postfix) with ESMTP id 13CBB14CDD
for <xxxxxxxxxxxxxxxx [at] spammotel.com>; Fri, 14 Nov 2008 17:40:00 -0500 (EST)
Received: from User (156.pool85-61-92.dynamic.orange.es [85.61.92.156])
(authenticated bits=0) by hosting6.ticinocom.com (8.12.11/8.12.11) with ESMTP id mAEMj5xp015031; Fri, 14 Nov 2008 23:45:07 +0100
Bei Ticinocom in der Schweiz hat ein Server anscheinend den Hosenlatz offen.
Post geht an:
vincentegarcia [at] mail.com
Der Hosenlatz steht immer noch offen:
Received: from hosting6.ticinocom.com (hosting6.ticinocom.com
[195.190.166.33]) by spammotel.com (Postfix) with ESMTP id 5C09114BA7
for <xxxxxxxxxx [at] spammotel.com>; Sat, 15 Nov 2008 15:05:16 -0500 (EST)
Received: from User (156.pool85-61-92.dynamic.orange.es [85.61.92.156])
(authenticated bits=0) by hosting6.ticinocom.com (8.12.11/8.12.11) with ESMTP id mAFK8dcw026671; Sat, 15 Nov 2008 21:08:40 +0100
Post geht an:
vincentegarcia1 [at] aol.com
vincentegarcia2 [at] aol.com
Das Muguphon findet man natürlich auch dort:
Tel:0034693853372 ---> France Telecom Espana, S.a./Orange
Hat da etwa jemand dem Mugu den Mailaccount dicht gemacht, höhöhö.... Ansonsten aber die Spanier (Orange) bzw. Franzosen (France Telecom Espana) wie man sie 'kennt und liebt': merkbefreit bis zur Gehirnamputation...
- kjz
Und da ist mein Dauer-Mugu wieder:
Received: from unknown (EHLO mail.918156.com.cn) [61.152.188.62]
by mx0.gmx.net (mx031) with SMTP; 16 Nov 2008 09:31:37 +0100
Received: from User [41.220.75.3] by mail.918156.com.cn with ESMTP
(SMTPD32-8.10) id A47E5B00C2; Sat, 15 Nov 2008 01:25:18 +0800
41.220.75.3 löst nun nicht mehr nach 75-3.vgccl.net auf, die Mugu-Company hat wohl dicht gemacht. Dafür hat dann MTN Nigeria übernommen: 'IP Block Assigned for Mobile Data Services Network at Ojota'. Wohl ein IP-Block (41.220.75.0 - 41.220.75.255), den man völlig gefahrlos erden kann.
Post geht diesmal an:
rich.dell22 [at] yahoo.in
rich.dell224 [at] live.com
- kjz
Und wieder die Dubletten:
Received: from 52.99.b6.static.xlhost.com (EHLO apolo.zighost.net)
[207.182.153.82] by mx0.gmx.net (mx079) with SMTP; 16 Nov 2008 03:00:25 +0100
Received: from [82.128.35.38] (helo=User) by apolo.zighost.net with esmtpa (Exim 4.69) (envelope-from <adimchambers [at] lawyer.com>) id 1L1Wvw-0002jy-Jz; Sat, 15 Nov 2008 21:00:19 -0500
Received: from 52.99.b6.static.xlhost.com (EHLO apolo.zighost.net)
[207.182.153.82] by mx0.gmx.net (mx026) with SMTP; 16 Nov 2008 03:00:26 +0100
Received: from [82.128.35.38] (helo=User) by apolo.zighost.net with esmtpa (Exim 4.69) (envelope-from <adimchambers [at] lawyer.com>) id 1L1Wvw-0002jy-Jz; Sat, 15 Nov 2008 21:00:19 -0500
Post geht an:
adimchambers [at] lawyer.com
enquiry.adimchambers [at] googlemail.com
enquiry.adimchambers [at] ymail.com
Received: from st.lzu.edu.cn (HELO lzu.cn) [202.201.0.148] by mx0.gmx.net (mx047) with SMTP; 16 Nov 2008 12:36:24 +0100
Received: (eyou send program); Sun, 16 Nov 2008 19:15:32 +0800
Message-ID: <426834132.26276 [at] lzu.cn> X-EYOUMAIL-SMTPAUTH: test [at] lzu.cn
Received: from unknown (HELO user) (82.128.35.14) by 202.201.0.148 with SMTP; Sun, 16 Nov 2008 19:15:32 +0800
Received: from st.lzu.edu.cn (HELO lzu.cn) [202.201.0.148] by mx0.gmx.net (mx052) with SMTP; 16 Nov 2008 12:36:24 +0100
Received: (eyou send program); Sun, 16 Nov 2008 19:15:32 +0800
Message-ID: <426834132.26276 [at] lzu.cn> X-EYOUMAIL-SMTPAUTH: test [at] lzu.cn
Received: from unknown (HELO user) (82.128.35.14) by 202.201.0.148 with SMTP; Sun, 16 Nov 2008 19:15:32 +0800
Post geht an:
engrelvisabubakar4 [at] gmail.com
elvisabubakarc [at] gmail.com
- kjz
Und der Usenet-Mugu:
Received: from sa9.bezeqint.net (sa9.bezeqint.net [192.115.104.23]) by spammotel.com (Postfix) with ESMTP id 1390014955 for <xxxxxxx [at] spammotel.com>; Sun, 16 Nov 2008 12:24:25 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by sa9.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP id C010F33B3E; Sun, 16 Nov 2008 18:46:58 +0200 (IST)
Received: from sa9.bezeqint.net ([127.0.0.1]) by localhost (sa9.bezeqint.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26573-07; Sun, 16 Nov 2008 18:46:57 +0200 (IST)
Received: from mas24.bezeqint.net (mas24.bezeqint.net [192.115.104.154])
by sa9.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP; Sun, 16 Nov 2008 18:46:57 +0200 (IST)
Received: (from mas24.bezeqint.net [65.120.57.18]) by mas24.bezeqint.net (MOS 3.8.6-GA) with HTTP/1.1 id HTV66305 (AUTH dwek); Sun, 16 Nov 2008 18:46:50 +0200 (IST)
Post an:
agentcarrick_claimsdept1 [at] yahoo.com.hk
Das Muguphon:
+44 704 5724 469 gibt es mit freundlicher Unterstützung von: Open Telecom International Ltd., UK (auch wieder so ein 'Mugu only' Laden...)
- kjz
Und wieder ne Dublette:
Received: from smtpgate4.pacific.net.sg (HELO smtpgate4.pacific.net.sg) [203.120.68.34] by mx0.gmx.net (mx050) with SMTP; 16 Nov 2008 20:35:01 +0100
Received: (qmail 22507 invoked from network); 16 Nov 2008 15:12:06 -0000
Received: from wm3.pacific.net.sg (HELO localhost) (mpgl [at] 192.169.41.133) by smtpgate4.pacific.net.sg with ESMTPA; 16 Nov 2008 15:12:06 -0000
Received: from 192.168.12.36 (192.168.12.36 [192.168.12.36]) by wm3.web.pacific.net.sg (Horde MIME library) with HTTP; Sun, 16 Nov 2008 23:12:01 +0800
Received: from smtpgate4.pacific.net.sg (HELO smtpgate4.pacific.net.sg) [203.120.68.34] by mx0.gmx.net (mx052) with SMTP; 16 Nov 2008 20:35:01 +0100
Received: (qmail 22507 invoked from network); 16 Nov 2008 15:12:06 -0000
Received: from wm3.pacific.net.sg (HELO localhost) (mpgl [at] 192.169.41.133) by smtpgate4.pacific.net.sg with ESMTPA; 16 Nov 2008 15:12:06 -0000
Received: from 192.168.12.36 (192.168.12.36 [192.168.12.36]) by wm3.web.pacific.net.sg (Horde MIME library) with HTTP; Sun, 16 Nov 2008 23:12:01 +0800
Post geht an:
verificationdept-claims208 [at] live.com
Das Muguphone:
+447011137259
gibt es mit freundlicher Unterstützung von PNC Telecom Services Limited, UK. Diese 'Mugu only' Company arbeitet zusammen mit:
http://www.open-telecom.co.uk/press/02062006.htm
eine weitere 'Mugu only' Company. Wann bekommen es die Freemailer und die Telefon-Redirectoren endlich in den Griff, sich gegen abusive Kundschaft zu wehren? Oder will man das gar nicht....
- kjz
Zunächst einmal:
Received: from Ununseptium.loadedtech.com.au (unknown [203.30.248.138]) by xxxxxxxxxxx (Postfix) with ESMTP id 6487B789A7B8 for <xxxxxxx [at] xxxxxxxxxxxxxx>; Mon, 17 Nov 2008 08:55:22 +0100 (CET)
Received: from mfa.com.au (243.20.233.220.exetel.com.au [220.233.20.243]) by Ununseptium.loadedtech.com.au (Postfix) with ESMTP id 7CB0C744A6; Mon, 17 Nov 2008 22:46:23 +1100 (EST)
Received: from User ([196.3.183.72] RDNS failed) by mfa.com.au with Microsoft
SMTPSVC(6.0.3790.3959); Mon, 17 Nov 2008 12:43:08 +1100
Man beachte: 196.3.183.72 ---> Suburban telecom, Nigeria
BTW: mal wieder so eine 'Mugu only' Company, siehe dazu auch:
http://www.rfc-ignorant.org/tools/lookup.php?domain=suburbantelecom.com
Also merkbefreit durch Gehirnamputation.
Der Text ist so dreist, den muss ich mal zitieren.
Dearest One,
I am Susan Walter, I am a US citizen, 39years. But I reside and work here in the
States, and my home town in the States is Houston Texas. My residential address
is as follows. 5115 Sunnyside Drive, Midland, Texas 79703 USA.
I am one of those that executed a contract in Nigeria years ago and they refused
to pay me, I had paid over $70,000 trying to get my payment all to no avail. So
I decided to travel down to Nigeria with all my contract documents. And I was
directed to meet with Barr Mat Oto, who is the member of CONTRACT AWARD
COMMITTEE, and I contacted him and he explained everything to me. He said that
those contacting us through emails are fake. Then he took me to the paying bank,
which is Oceanic Bank Int., and I am the happiest woman
on this earth because I have received my contract funds of $4.2Million USD.
Moreover, Barr Mat Oto showed me the full information of those that have not
received their payment; and I saw your contact.This is what you have to do now.
You have to contact him direct on this information below;
Name…: Barr Mat Oto
Email: matoto3390 [at] gmail.com
Address: 13, Zion Street, Ikeja Lagos Nigeria.
You really have to stop your dealing with those contacting you, because they
will dry you up until you have nothing to eat. The only money I paid was just
$1,200 for IRS, which you know. So you have to take note of that. I can give you
my number here in the States if you care for it.
Thanks.
Mrs. Susan Walter.
Post geht an:
matoto3390 [at] gmail.com
hills [at] jmail.co.za
kelvinj [at] jmail.co.za
So, nun aber die Dublette:
Received: from host-64-179-107-208.ind.choiceone.net (EHLO
mail.proserve-solutions.com) [64.179.107.208] by mx0.gmx.net (mx113) with SMTP; 17 Nov 2008 13:24:51 +0100
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.proserve-solutions.com (Postfix) with ESMTP id 71D34651E1F; Mon, 17 Nov 2008 07:23:35 -0500 (EST)
X-Virus-Scanned: amavisd-new at proserve-solutions.com
Received: from mail.proserve-solutions.com ([127.0.0.1]) by localhost (mail.proserve-solutions.com [127.0.0.1]) (amavisd-new, port
10024) with ESMTP id FjP-LKaLphbX; Mon, 17 Nov 2008 07:23:34 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.proserve-solutions.com (Postfix) with ESMTP id A42D7651E36; Mon, 17 Nov 2008 07:23:34 -0500 (EST)
Received: from User (unknown [196.3.183.72]) by mail.proserve-solutions.com (Postfix) with ESMTP id F20B6651E1F; Mon, 17 Nov 2008 07:22:55 -0500 (EST)
Received: from host-64-179-107-208.ind.choiceone.net (EHLO
mail.proserve-solutions.com) [64.179.107.208] by mx0.gmx.net (mx107) with SMTP; 17 Nov 2008 13:24:50 +0100
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.proserve-solutions.com (Postfix) with ESMTP id 71D34651E1F; Mon, 17 Nov 2008 07:23:35 -0500 (EST)
X-Virus-Scanned: amavisd-new at proserve-solutions.com
Received: from mail.proserve-solutions.com ([127.0.0.1]) by localhost (mail.proserve-solutions.com [127.0.0.1]) (amavisd-new, port
10024) with ESMTP id FjP-LKaLphbX; Mon, 17 Nov 2008 07:23:34 -0500 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.proserve-solutions.com (Postfix) with ESMTP id A42D7651E36; Mon, 17 Nov 2008 07:23:34 -0500 (EST)
Received: from User (unknown [196.3.183.72]) by mail.proserve-solutions.com (Postfix) with ESMTP id F20B6651E1F; Mon, 17 Nov 2008 07:22:55 -0500 (EST)
Man beachte: 196.3.183.72
Hier dürfte es tatsächlich derselbe Mugu sein bzw. die Boyz stehen wohl im Mugu-Cafe Schlange....
Post geht an:
gaseke2005 [at] yahoo.ca
- kjz
Die Mugu-Boyz fangen an lästig zu werden, da trudelt bald mehr ein als weiland von der RSG:
Received: from unknown (EHLO webpple.com) [211.214.161.140]
by mx0.gmx.net (mx045) with SMTP; 18 Nov 2008 14:36:07 +0100
Received: from User ([196.3.183.73]) ---> Suburban telecom, Nigeria
(authenticated bits=0)
by webpple.com (8.13.1/8.13.1) with ESMTP id mAIDUj80026563;
Tue, 18 Nov 2008 22:30:51 +0900
Received: from unknown (EHLO webpple.com) [211.214.161.140]
by mx0.gmx.net (mx045) with SMTP; 18 Nov 2008 14:36:07 +0100
Received: from User ([196.3.183.73])
(authenticated bits=0)
by webpple.com (8.13.1/8.13.1) with ESMTP id mAIDUj80026563;
Tue, 18 Nov 2008 22:30:51 +0900
Man beachte: 196.3.183.73
Post an:
andrewtweedie22 [at] sify.com
Received: from mail04.syd.optusnet.com.au (EHLO
mail04.syd.optusnet.com.au) [211.29.132.185]
by mx0.gmx.net (mx038) with SMTP; 18 Nov 2008 16:49:24 +0100
Received: from User ([80.89.177.6])
(authenticated sender stivesspeechpathology [at] optusnet.com.au)
by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mAIFknE2027561;
Wed, 19 Nov 2008 02:47:00 +1100
Received: from mail04.syd.optusnet.com.au (EHLO
mail04.syd.optusnet.com.au) [211.29.132.185]
by mx0.gmx.net (mx038) with SMTP; 18 Nov 2008 16:49:24 +0100
Received: from User ([80.89.177.6])
(authenticated sender stivesspeechpathology [at] optusnet.com.au)
by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mAIFknE2027561;
Wed, 19 Nov 2008 02:47:00 +1100
Post an:
barrister.kevins [at] yahoo.es
AcreditedPaymentConsult [at] yahoo.com
Mugu Phon: +44 702 403 7499 mit freundlicher Unterstützung von Magrathea Telecommunications Limited, UK.
Received: from unknown (EHLO web.o2net.co.kr) [211.233.11.182]
by mx0.gmx.net (mx085) with SMTP; 18 Nov 2008 13:36:34 +0100
Received: from User ([41.221.164.123]) ---> SWIFT NETWORKS CUSTOMERS IP
RANGE ALLOCATED TO OANDO/VGC BASE STATION CLIENTS WITH DHCP ADDRESSES,
Nigeria (authenticated bits=0)
by web.o2net.co.kr (8.13.1/8.13.1) with ESMTP id mAICSLFh007663;
Tue, 18 Nov 2008 21:28:26 +0900
Received: from unknown (EHLO web.o2net.co.kr) [211.233.11.182]
by mx0.gmx.net (mx085) with SMTP; 18 Nov 2008 13:36:34 +0100
Received: from User ([41.221.164.123])
(authenticated bits=0)
by web.o2net.co.kr (8.13.1/8.13.1) with ESMTP id mAICSLFh007663;
Tue, 18 Nov 2008 21:28:26 +0900
Post an:
nelsondnld55 [at] gmail.com
nelson.donald99 [at] yahoo.co.uk
Received: from mail03.syd.optusnet.com.au (EHLO
mail03.syd.optusnet.com.au) [211.29.132.184]
by mx0.gmx.net (mx065) with SMTP; 18 Nov 2008 01:56:16 +0100
Received: from User ([41.223.251.239]) --- Omnium des Telecommunications
et de l'Internet Benin (authenticated sender idnil55 [at] optusnet.com.au)
by mail03.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mAI0sBHo023322;
Tue, 18 Nov 2008 11:54:23 +1100
Received: (qmail invoked by alias); 18 Nov 2008 00:56:16 -0000
Received: from mail03.syd.optusnet.com.au (EHLO
mail03.syd.optusnet.com.au) [211.29.132.184]
by mx0.gmx.net (mx065) with SMTP; 18 Nov 2008 01:56:16 +0100
Received: from User ([41.223.251.239])
(authenticated sender idnil55 [at] optusnet.com.au)
by mail03.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mAI0sBHo023322;
Tue, 18 Nov 2008 11:54:23 +1100
Post an:
edamsjohn [at] yahoo.com.es
Fc6333 [at] msn.com
Mugu Phon: 00229-97-569-359 mit freundlicher Unterstützung durch BeninCell/SpaceTell, Benin.
- kjz
Die Mugu-Boyz bleiben hyperaktiv:
Received: from home.jses.tpc.edu.tw (EHLO home.jses.tpc.edu.tw) [163.20.47.200]
by mx0.gmx.net (mx108) with SMTP; 18 Nov 2008 22:38:47 +0100
Received: from User (unknown [212.100.69.11]) ---> Infoweb Ltd, Nigeria
by home.jses.tpc.edu.tw (Postfix) with ESMTP
id EA7212337CF; Wed, 19 Nov 2008 03:54:44 +0800 (GMT-8)
Received: (qmail invoked by alias); 18 Nov 2008 21:38:54 -0000
Received: from home.jses.tpc.edu.tw (EHLO home.jses.tpc.edu.tw) [163.20.47.200]
by mx0.gmx.net (mx076) with SMTP; 18 Nov 2008 22:38:54 +0100
Received: from User (unknown [212.100.69.11])
by home.jses.tpc.edu.tw (Postfix) with ESMTP
id EA7212337CF; Wed, 19 Nov 2008 03:54:44 +0800 (GMT-8)
Post hätte gerne:
profressor.jmiller [at] yahoo.com.hk
profjohnmiller [at] indiatimes.com
jmill [at] indiatimes.com
Received: from ariel.telkomsa.net (EHLO telkomsa.net) [196.25.211.6]
by mx0.gmx.net (mx107) with SMTP; 19 Nov 2008 02:53:10 +0100
Received: (qmail 31831 invoked from network); 19 Nov 2008 01:53:06 -0000
Received: from unknown (HELO User) (telkomsa269021 [at] telkomsa.net@[218.5.18.252])
(envelope-sender <tina.es [at] virgilio.it>)
by O (qmail-ldap-1.03) with SMTP
for <kjrklh [at] aol.com>; 19 Nov 2008 01:53:03 -0000
Received: from ariel.telkomsa.net (EHLO telkomsa.net) [196.25.211.6]
by mx0.gmx.net (mx106) with SMTP; 19 Nov 2008 02:53:10 +0100
Received: (qmail 31831 invoked from network); 19 Nov 2008 01:53:06 -0000
Received: from unknown (HELO User) (telkomsa269021 [at] telkomsa.net@[218.5.18.252])
(envelope-sender <tina.es [at] virgilio.it>)
by O (qmail-ldap-1.03) with SMTP
for <kjrklh [at] aol.com>; 19 Nov 2008 01:53:03 -0000
Post an:
tina.es [at] virgilio.it
mrpaullanthony1 [at] yahoo.co.jp
Received: from n2d.bullet.mail.ac4.yahoo.com (HELO
n2d.bullet.mail.ac4.yahoo.com) [76.13.13.86]
by mx0.gmx.net (mx002) with SMTP; 19 Nov 2008 02:55:34 +0100
Received: from [76.13.13.26] by n2.bullet.mail.ac4.yahoo.com with NNFMP; 19 Nov
2008 01:55:34 -0000
Received: from [76.13.10.164] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 19 Nov
2008 01:55:34 -0000
Received: from [127.0.0.1] by omp105.mail.ac4.yahoo.com with NNFMP; 19 Nov 2008
01:55:34 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 121319.81290.bm [at] omp105.mail.ac4.yahoo.com
Received: (qmail 64221 invoked by uid 60001); 19 Nov 2008 01:55:17 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=ymail_nen1; d=yahoo.com;
h=Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=rtn28CHnqRb4QsP7P/f6FTBHOGzrry6rtwHNrOBOrjDc4YW1Yu7lE1iyZKvTzllMdCuyeamEqRUOzo/9elWUlun9nPjZVAN+vTTu5zxCRvNampf80E+NfLCJ0xhQQR+Tu2v1yvrrzEiR6sLbupYEUq+vVyQvUtU fhaU0KiM1pxI=;
Received: from [81.91.230.141] by web59816.mail.ac4.yahoo.com via HTTP; Tue, 18
Nov 2008 17:55:17 PST ---> Benin Telecoms SA
Received: from n8.bullet.mail.ac4.yahoo.com (HELO n8.bullet.mail.ac4.yahoo.com)
[76.13.13.236]
by mx0.gmx.net (mx038) with SMTP; 19 Nov 2008 02:55:35 +0100
Received: from [76.13.13.26] by n8.bullet.mail.ac4.yahoo.com with NNFMP; 19 Nov
2008 01:55:34 -0000
Received: from [76.13.10.181] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 19 Nov
2008 01:55:34 -0000
Received: from [127.0.0.1] by omp122.mail.ac4.yahoo.com with NNFMP; 19 Nov 2008
01:55:34 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 709882.80597.bm [at] omp122.mail.ac4.yahoo.com
Received: (qmail 64225 invoked by uid 60001); 19 Nov 2008 01:55:18 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=ymail_nen1; d=yahoo.com;
h=Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=kA/69r1HDjsUuVQRTNVBj0bz5BSE5CX7k+yBgqAzW9Yc7Xl8k+f6CdykJN/rWlSbnUiiyd/7zFuTQHW5mDKttoL+VrR5ZZuD+w6cTG/nlOA4k3GdXHHgmIJz0/bPyuOpORHzleW9Ft+oGSPXEvFgZyIRYOdXtn6jEluSNcPfTGA=;
Received: from [81.91.230.141] by web59816.mail.ac4.yahoo.com via HTTP; Tue, 18
Nov 2008 17:55:18 PST
Post an:
william.mark89 [at] yahoo.com
fedexcourierserviceltd [at] hotmail.fr
Muguphone: +229-9317-8968 mit freundlicher Unterstützung von Bell, Benin.
Die Header ähneln sich zwar sehr, aber wenn man auf den annehmenden Mailserver von GMX (mx....) achtet, sieht man, dass es sich um separate Mails handelt.
- kjz
Die Mugu-Boyz sitzen immer noch am PC:
Received: from mail.interware.hu (EHLO mail.interware.hu) [195.70.32.130]
by mx0.gmx.net (mx024) with SMTP; 19 Nov 2008 11:04:10 +0100
Received: from webmail.interware.hu ([195.70.32.167])
by mail.interware.hu with esmtp (Exim 4.68)
id 1L2jwV-0002I3-8A; Wed, 19 Nov 2008 11:05:51 +0100
Received: from localhost ([127.0.0.1] helo=webmail.interware.hu)
by webmail.interware.hu with esmtp (Exim 4.63 #1 (Debian))
id 1L2jst-0002Ow-0F; Wed, 19 Nov 2008 11:02:07 +0100
Received: from 212.100.250.230 (proxying for 212.100.69.11) ---> Infoweb Ltd,
Nigeria/NG-CYBERSPACE-MNT
(SquirrelMail authenticated user fdszadmin [at] interware.hu)
by webmail.interware.hu with HTTP;
Wed, 19 Nov 2008 11:02:07 +0100 (CET)
Received: from mail.interware.hu (EHLO mail.interware.hu) [195.70.32.130]
by mx0.gmx.net (mx087) with SMTP; 19 Nov 2008 11:04:11 +0100
Received: from webmail.interware.hu ([195.70.32.167])
by mail.interware.hu with esmtp (Exim 4.68)
id 1L2jwV-0002I3-8A; Wed, 19 Nov 2008 11:05:51 +0100
Received: from localhost ([127.0.0.1] helo=webmail.interware.hu)
by webmail.interware.hu with esmtp (Exim 4.63 #1 (Debian))
id 1L2jst-0002Ow-0F; Wed, 19 Nov 2008 11:02:07 +0100
Received: from 212.100.250.230 (proxying for 212.100.69.11)
(SquirrelMail authenticated user fdszadmin [at] interware.hu)
by webmail.interware.hu with HTTP;
Wed, 19 Nov 2008 11:02:07 +0100 (CET)
Man beachte: proxying for 212.100.69.11
Die hatten wir doch heute schon einmal:
Received: from User (unknown [212.100.69.11]) by home.jses.tpc.edu.tw (Postfix) with ESMTP id EA7212337CF; Wed, 19 Nov 2008 03:54:44 +0800 (GMT-8)
Post an:
joseph.cypoon [at] yahoo.com.hk
- kjz
Wioeder die Mugu-Boyz:
Received: from n4.bullet.mail.mud.yahoo.com (HELO n4.bullet.mail.mud.yahoo.com)
[209.191.127.236]
by mx0.gmx.net (mx063) with SMTP; 20 Nov 2008 05:34:02 +0100
Received: from [68.142.200.221] by n4.bullet.mud.yahoo.com with NNFMP; 20 Nov
2008 04:34:01 -0000
Received: from [68.142.201.247] by t9.bullet.mud.yahoo.com with NNFMP; 20 Nov
2008 04:34:01 -0000
Received: from [127.0.0.1] by omp408.mail.mud.yahoo.com with NNFMP; 20 Nov 2008
04:34:01 -0000
Received: (qmail 78546 invoked by uid 60001); 20 Nov 2008 04:34:00 -0000
Received: from [82.128.32.98] by web111108.mail.gq1.yahoo.com via HTTP; Wed, 19
Nov 2008 20:34:00 PST ---> Multilinks Telecommunications, Nigeria
Received: from n23c.bullet.mail.mud.yahoo.com (HELO
n23c.bullet.mail.mud.yahoo.com) [68.142.206.39]
by mx0.gmx.net (mx105) with SMTP; 20 Nov 2008 05:34:02 +0100
Received: from [68.142.200.226] by n23.bullet.mail.mud.yahoo.com with NNFMP; 20
Nov 2008 04:34:01 -0000
Received: from [68.142.201.243] by t7.bullet.mud.yahoo.com with NNFMP; 20 Nov
2008 04:34:01 -0000
Received: from [127.0.0.1] by omp404.mail.mud.yahoo.com with NNFMP; 20 Nov 2008
04:34:01 -0000
Received: (qmail 78528 invoked by uid 60001); 20 Nov 2008 04:34:00 -0000
Received: from [82.128.32.98] by web111108.mail.gq1.yahoo.com via HTTP; Wed, 19
Nov 2008 20:34:00 PST
Post geht an:
rrrusmanshamshudeenu112 [at] yahoo.co.jp
usmanusmans14161414 [at] yahoo.com.co
Received: from anl215.rev.netart.pl (EHLO host154.nazwa.net.pl) [85.128.220.215]
by mx0.gmx.net (mx032) with SMTP; 20 Nov 2008 01:56:42 +0100
Received: from User ([41.223.248.129]) ---> Omnium des Telecommunications et de
l'Internet Benin
(authenticated bits=0)
by host154.nazwa.net.pl (8.13.8/8.13.8) with ESMTP id mAK0qoJC019540;
Thu, 20 Nov 2008 01:53:02 +0100
Received: from anl215.rev.netart.pl (EHLO host154.nazwa.net.pl) [85.128.220.215]
by mx0.gmx.net (mx032) with SMTP; 20 Nov 2008 01:56:42 +0100
Received: from User ([41.223.248.129])
(authenticated bits=0)
by host154.nazwa.net.pl (8.13.8/8.13.8) with ESMTP id mAK0qoJC019540;
Thu, 20 Nov 2008 01:53:02 +0100
Post geht an:
oceanicbankatmcard [at] tiscali.cz
christainkoffi [at] finance2.nazwa.pl
Muguphon in Benin: +229 98 11 40 44
- kjz
Mal wieder mein 'Lieblings-Mugu', anscheinend abgekippt über einen offenen Proxy in BR:
Received: from squid1.rio.rj.gov.br (squid1.rio.rj.gov.br [200.157.228.131])
by xxxxx.xxxxx (Postfix) with ESMTP id 08D78789AA01
for <xxxxx [at] xxxxx>; Thu, 20 Nov 2008 22:19:35 +0100 (CET)
Received: from riomail01.rio.rj.gov.br (unknown [10.2.201.45])
by squid1.rio.rj.gov.br (Postfix) with ESMTP id BA730127D57B;
Thu, 20 Nov 2008 19:01:20 -0200 (BRST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by riomail01.rio.rj.gov.br (Postfix) with ESMTP id 52A5B2DFC04;
Thu, 20 Nov 2008 19:01:20 -0200 (BRST)
Received: from riomail01.rio.rj.gov.br ([127.0.0.1])
by localhost (riomail01.rio.rj.gov.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 13599-05-3; Thu, 20 Nov 2008 19:01:20 -0200 (BRST)
Received: from webriomail.rio.rj.gov.br (unknown [200.157.228.15])
by riomail01.rio.rj.gov.br (Postfix) with ESMTP id 6FC912DE9DC;
Thu, 20 Nov 2008 19:01:13 -0200 (BRST)
Received: from 64.136.27.229 (proxying for 41.220.75.3, 64.136.27.33)
(SquirrelMail authenticated user planetario)
by webriomail.rio.rj.gov.br with HTTP;
Thu, 20 Nov 2008 19:01:17 -0200 (BRST)
Man beachte: 41.220.75.3
Dazu gibt es sogar mehrere Spamhaus Einträge samt 'Escalation', z. Bsp:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL68162
One of MTN Nigeria's most active spamming IP addresses.
Post hätte da mal wieder gerne:
planetfinanceloan84 [at] yahoo.co.uk
planetfinaceloan [at] live.com
- kjz
In Polen hat man immer noch den Hosenlatz offen:
Received: from adr47.rev.netart.pl (EHLO host287.nazwa.net.pl) [77.55.95.47] by mx0.gmx.net (mx092) with SMTP; 21 Nov 2008 03:12:36 +0100
Received: from User ([41.223.248.129]) ---> Omnium des Telecommunications et de l'Internet Benin (authenticated bits=0) by host287.nazwa.net.pl (8.13.8/8.13.8) with ESMTP id mAL28D1T023447; Fri, 21 Nov 2008 03:08:15 +0100
Received: from adr47.rev.netart.pl (EHLO host287.nazwa.net.pl) [77.55.95.47] by mx0.gmx.net (mx092) with SMTP; 21 Nov 2008 03:12:36 +0100
Received: from User ([41.223.248.129]) (authenticated bits=0) by host287.nazwa.net.pl (8.13.8/8.13.8) with ESMTP id mAL28D1T023447; Fri, 21 Nov 2008 03:08:15 +0100
Man beachte: 41.223.248.129
Post an:
fedexcourierdeliveringservice1985 [at] hotmail.fr
mjones1 [at] mjones1.nazwa.pl
Muguphon: +229-93992755, selbstverständlich mit freundlicher Unterstützung von Bell, Benin.
- kjz
Und wieder der Dauer-Mugu:
Received: from mail.msignal.hu (EHLO starsky.msignal.hu) [82.141.138.230]
by mx0.gmx.net (mx101) with SMTP; 21 Nov 2008 12:29:32 +0100
Received: by starsky.msignal.hu (Postfix, from userid 33)
id DE28B1FFF7; Fri, 21 Nov 2008 10:38:00 +0100 (CET)
Received: from 41.220.75.3 ([41.220.75.3]) by www.msignal.hu (Horde MIME
library) with HTTP for <molnar.janos [at] www.msignal.hu>; Fri, 21 Nov 2008 10:37:58 +0100
Received: from mail.msignal.hu (EHLO starsky.msignal.hu) [82.141.138.230]
by mx0.gmx.net (mx100) with SMTP; 21 Nov 2008 12:29:32 +0100
Received: by starsky.msignal.hu (Postfix, from userid 33)
id DE28B1FFF7; Fri, 21 Nov 2008 10:38:00 +0100 (CET)
Received: from 41.220.75.3 ([41.220.75.3]) by www.msignal.hu (Horde MIME
library) with HTTP for <molnar.janos [at] www.msignal.hu>; Fri, 21 Nov 2008 10:37:58 +0100
Man beachte: 41.220.75.3
Post an:
profit_venture [at] live.com
- kjz
Und wieder 'ne Dublette von den Mugu-Boyz:
Received: from mail.hal.ca (EHLO hal.ca) [64.26.135.66]
by mx0.gmx.net (mx080) with SMTP; 22 Nov 2008 17:53:45 +0100
Received: from User ([217.21.67.187]) by hal.ca with Microsoft
SMTPSVC(6.0.3790.3959); Sat, 22 Nov 2008 09:27:03 -0500 ---> 217.21.67.187.satcom-systems.net
Received: from mail.hal.ca (EHLO hal.ca) [64.26.135.66]
by mx0.gmx.net (mx035) with SMTP; 22 Nov 2008 17:55:28 +0100
Received: from User ([217.21.67.187]) by hal.ca with Microsoft
SMTPSVC(6.0.3790.3959); Sat, 22 Nov 2008 09:27:03 -0500
Diesmal hat man sich sogar eine Google-Domain für die Post 'geleistet':
beneficiaries [at] itilfoundations.org
Muguphon: +44 703 194 7608, +44 703 192 7681, selbstverständlich mit Unterstützung ihrer freundlichen 'Mugu only' Company, nämlich Magrathea Telecom. Schaut man sich den Webauftritt dieser 'Firma' mal an (http://www.magrathea-telecom.co.uk), so verfügt diese 'Weltfirma' gerade mal über eine Handvoll einfachst gestalteter Seiten samt Bildchen aus dem Katalog für Briefkastenfirmen. Äusserst seriös, so etwas....
- kjz
Anscheinend steht auch bei Topfield Korea (die Firma hat auch eine deutsche Niederlassung in Köln und ist bekannt für ihre Receiver) auf dem Mailserver der Hosenlatz offen:
Received: from mail.topfield.co.kr (EHLO mail.topfield.co.kr)
[211.239.120.234]
by mx0.gmx.net (mx101) with SMTP; 23 Nov 2008 21:17:22 +0100
Received: from 211.239.120.234 (211.239.120.234 [211.239.120.234])
by homepage (DeepMTA 3.4.97)
with ESMTP id <1227377646859.2843 [at] homepage>
for <xxx [at] xxxxx>; Mon, 24 Nov 2008 05:17:18 +0900
Received: from 81.91.227.12 (81.91.227.12 [81.91.227.12])
by homepage (WBlock.pss 3.6.28)
with ESMTP id 1227377646859.2843 [at] homepage
; Sun, 23 Nov 2008 03:14:06 +0900 ---> Office des Postes et
Telecommications, BJ
Received: from mail.topfield.co.kr (EHLO mail.topfield.co.kr)
[211.239.120.234]
by mx0.gmx.net (mx094) with SMTP; 23 Nov 2008 21:18:20 +0100
Received: from 211.239.120.234 (211.239.120.234 [211.239.120.234])
by homepage (DeepMTA 3.4.97)
with ESMTP id <1227377646859.2843 [at] homepage>
for <xxx [at] xxxxx>; Mon, 24 Nov 2008 05:18:17 +0900
Received: from 81.91.227.12 (81.91.227.12 [81.91.227.12])
by homepage (WBlock.pss 3.6.28)
with ESMTP id 1227377646859.2843 [at] homepage
; Sun, 23 Nov 2008 03:14:06 +0900
Post bitte an:
cashingatlertzone [at] yahoo.co.hk
- kjz
Wieder der Doppel-Mugu:
Received: from ironman.uchsc.edu (EHLO ironman.ucdenver.edu)
[140.226.189.22] by mx0.gmx.net (mx117) with SMTP; 24 Nov 2008 16:07:49 +0100
X-IronPort-AV: E=Sophos;i="4.33,659,1220248800";
d="scan'208,217";a="105258953"
Received: from kona.uchsc.edu ([140.226.190.241]) by ironman-priv.ucdenver.edu with SMTP; 24 Nov 2008 08:07:34 -0700
Received: from ironman.uchsc.edu (EHLO ironman.ucdenver.edu)
[140.226.189.22] by mx0.gmx.net (mx094) with SMTP; 24 Nov 2008 16:08:03 +0100
X-IronPort-AV: E=Sophos;i="4.33,659,1220248800";
d="scan'208,217";a="105258952"
Received: from kona.uchsc.edu ([140.226.190.241]) by ironman-priv.ucdenver.edu with SMTP; 24 Nov 2008 08:07:34 -0700
Post geht an:
alexchng20 [at] yahoo.com.hk
- kjz
Received: from mail.comtel.com.tw (60-248-91-18.HINET-IP.hinet.net
[60.248.91.18]) by xxxxx.xxxxxxx (Postfix) with ESMTP id 84CAC789AB1D for <xxxxxxx [at] xxxxxxx>; Tue, 25 Nov 2008 10:20:30 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by mail.comtel.com.tw (Postfix) with SMTP id F204830E021; Tue, 25 Nov 2008 16:47:10 +0800 (CST)
Received: from User (unknown [41.223.251.167]) ---> Omnium des
Telecommunications et de l'Internet Benin by mail.comtel.com.tw (Postfix) with ESMTP id 176D930DBDC; Tue, 25 Nov 2008 16:46:20 +0800 (CST)
Die IP 41.223.251.167 hat's auch schon zu Spamhaus geschafft:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL45313
419 Nigerian scam sources in Benin
Post an:
promisejohn11 [at] rocketmail.com
fedexexpressbenin2 [at] gmail.com
Muguphon: +229-93998780 mit freundlicher Unterstützung von Bell, Benin.
Auffällig auch, dass die Mugus immer mehr GMail-Adressen verwenden. Früher kam man zu einer GMail-Adresse nur duch Einladung, also eine etwas höhere Hürde. Mittlerweile werden GMail-Adressen aber wohl im Hunderterpack in Spammer-Foren verkauft. Immer wohl auch im Gedenken darauf, dass Google getreu dem Motto 'we are not evil' das Abuse-Management wohl sträflich vernachlässigt.
- kjz
Der Doppel-Mugu hat einen weiteren Uni-Account gecrackt:
Received: from uismail3.uis.edu (EHLO uismail3.uisad.uis.edu) [192.102.230.206] by mx0.gmx.net (mx079) with SMTP; 25 Nov 2008 23:43:07 +0100
Received: from uismail3.uis.edu (EHLO uismail3.uisad.uis.edu) [192.102.230.206] by mx0.gmx.net (mx078) with SMTP; 25 Nov 2008 23:43:08 +0100
Hier geht die Post an:
alexchng22 [at] yahoo.com.hk
Und morgen kommt dann alexchng24 [at] yahoo.com.hk?
Wäre höchstens mal interessant zu erfahren, wie der Mugu denn die Kurve von Asien nach Schwarzafrika bekommt...
- kjz
Wieder die doppelten Mugu-Boyz:
Received: from smtp1.nusa.net.id (smtpx.nusa.net.id [202.162.192.26]) by xxxxxxxx (Postfix) with ESMTP id 76B2E7893FE7 for <xxxxxxxxxxx>; Thu, 27 Nov 2008 02:50:45 +0100 (CET)
Received: from webmail.kissfm-medan.com (localhost.localdomain [127.0.0.1]) by smtp1.nusa.net.id (Postfix) with ESMTP id 55C6657840; Thu, 27 Nov 2008 08:01:02 +0700 (WIT)
Received: from 81.199.88.114 ---> 81.199.88.114.satcom-systems.net (SquirrelMail authenticated user marketing [at] kissfm-medan.com) by webmail.kissfm-medan.com with HTTP; Thu, 27 Nov 2008 08:01:03 +0700 (WIT)
Received: from smtp1.nusa.net.id (smtpx.nusa.net.id [202.162.192.26]) by xxxxxxxxxx (Postfix) with ESMTP id D81A9789A43C for <xxxxxxxxx>; Thu, 27 Nov 2008 03:00:46 +0100 (CET)
Received: from webmail.kissfm-medan.com (localhost.localdomain [127.0.0.1]) by smtp1.nusa.net.id (Postfix) with ESMTP id 6FCBD5774D; Thu, 27 Nov 2008 08:01:05 +0700 (WIT)
Received: from 81.199.88.114 (SquirrelMail authenticated user marketing [at] kissfm-medan.com) by webmail.kissfm-medan.com with HTTP; Thu, 27 Nov 2008 08:01:06 +0700 (WIT)
Post geht an:
dr.hamiltonshaw231 [at] gmail.com
Das Muguphon: +4470359 54358 gibt es mit freundlicher Unterstützung von Open Telecom International Ltd., UK, ihrer zuvorkommenden Mugu-Company....
Received: from baba.iue.edu.co (EHLO baba.iue.edu.co) [190.90.57.130]
by mx0.gmx.net (mx028) with SMTP; 27 Nov 2008 08:53:25 +0100
Received: from baba.iue.edu.co (baba.iue.edu.co [127.0.0.1])
by baba.iue.edu.co (Postfix) with ESMTP id 6584A1349961;
Thu, 27 Nov 2008 02:26:19 -0500 (COT)
Received: (from apache [at] localhost)
by baba.iue.edu.co (8.13.8/8.13.8/Submit) id mAR7Pwsl009956;
Thu, 27 Nov 2008 02:25:58 -0500
Received: from baba.iue.edu.co (EHLO baba.iue.edu.co) [190.90.57.130]
by mx0.gmx.net (mx027) with SMTP; 27 Nov 2008 08:53:25 +0100
Received: from baba.iue.edu.co (baba.iue.edu.co [127.0.0.1])
by baba.iue.edu.co (Postfix) with ESMTP id 6584A1349961;
Thu, 27 Nov 2008 02:26:19 -0500 (COT)
Received: (from apache [at] localhost)
by baba.iue.edu.co (8.13.8/8.13.8/Submit) id mAR7Pwsl009956;
Thu, 27 Nov 2008 02:25:58 -0500
Post an:
haroldson121 [at] yahoo.com
jameswilliams00951 [at] yahoo.com
- kjz
Da ist der (Benin?)-Mugu wieder:
Received: from exch01smtp09.hdi.tvcabo (smtp4.netcabo.pt [212.113.174.31]) by xxxxxxx (Postfix) with ESMTP id 14DC6789A6CF for <xxxxxxx>; Thu, 27 Nov 2008 20:06:37 +0100 (CET)
Received: from VS52.hdi.tvcabo ([10.137.130.65]) by exch01smtp09.hdi.tvcabo with Microsoft SMTPSVC(6.0.3790.3959); Thu, 27 Nov 2008 19:06:37 +0000
Post an:
linkjimleon008 [at] yahoo.com.hk
- kjz
Die Mugu-Boyz aus Benin:
Received: from postino16.prima.com.ar (postino16.prima.com.ar
[200.42.0.164]) by xxxxxxx (Postfix) with SMTP id 42DDB789AB1E for <xxxxxxx>; Fri, 28 Nov 2008 18:45:35 +0100 (CET)
Received: (qmail 96356 invoked from network); 28 Nov 2008 13:42:46 -0000
Received: from unknown (HELO User) (javierlizarralde [at] ciudad.com.ar@41.223.251.247) ---> Omnium des
Telecommunications et de l'Internet Benin by postino16.prima.com.ar with SMTP; 28 Nov 2008 13:42:46 -0000
Received: from symbiontsc.symbiont.com (mail.symbiont.com [71.166.245.202]) by xxxxxxx (Postfix) with ESMTP id AFCC0789AA77 for <xxxxxxx>; Fri, 28 Nov 2008 18:30:47 +0100 (CET)
Received: from User ([41.223.251.247]) by symbiontsc.symbiont.com with
Microsoft SMTPSVC(6.0.3790.1830); Fri, 28 Nov 2008 12:10:33 -0500
Abgekübelt über: 41.223.251.247 (Benin)
Post hätte gerne:
usmandm9 [at] gmail.com
lukechukwuma [at] latinmail.com
Mugu-Phon: +229 93 222 122, selbverständlich mit liebevoller Unterstützung von Bell Benin, ihrer freundlichen Mugu-Company...
- kjz
Die Benin-Mugu-Boyz sind hartnäckig:
Received: from mail.comtel.com.tw (60-248-91-18.HINET-IP.hinet.net
[60.248.91.18]) by xxxxxxx (Postfix) with ESMTP id 82357789AA33 for <xxxxxxx>; Sat, 29 Nov 2008 06:46:53 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by mail.comtel.com.tw (Postfix) with SMTP id 75488318624; Sat, 29 Nov 2008 00:56:29 +0800 (CST)
Received: from User (unknown [41.223.251.167]) ---> Omnium des
Telecommunications et de l'Internet Benin by mail.comtel.com.tw (Postfix) with ESMTP id E6F75310D3C; Sat, 29 Nov 2008 00:06:41 +0800 (CST)
Post bitte an:
promisej [at] rocketmail.com
fedexoffice.fedex [at] gmail.com
drcharlessolomon01 [at] fexpressdeliveringcompany.fr.tt
drcharlessolomon01 [at] gmail.com
Mugu-Phon: +229-93998780, selbstverständlich von Bell, Benin, ihrer Mugu-Service-Company. (am 25. 11. hatten wir diese Nummer auch schon)
- kjz
Wieder die Benin-Boyz:
Received: from n3b.bullet.tw1.yahoo.com (n3b.bullet.tw1.yahoo.com
[119.160.244.198]) by xxxxxxx (Postfix) with SMTP id 98A18789AA57 for <xxxxxxx>; Sat, 29 Nov 2008 19:41:09 +0100 (CET)
Received: from [119.160.244.76] by n3.bullet.tw1.yahoo.com with NNFMP;
29 Nov 2008 18:34:51 -0000
Received: from [203.212.168.60] by t1.bullet.tw1.yahoo.com with NNFMP;
29 Nov 2008 18:34:51 -0000
Received: from [203.104.18.95] by t1.bullet.kr1.yahoo.com with NNFMP; 29
Nov 2008 18:34:51 -0000
Received: from [127.0.0.1] by omp109.mail.in2.yahoo.com with NNFMP; 29
Nov 2008 18:34:50 -0000
Received: from [81.91.229.189] by web95101.mail.in2.yahoo.com via HTTP;
Sun, 30 Nov 2008 00:04:49 IST ---> Benin Telecoms SA
Post geht an:
barristerkennedyjohn54 [at] yahoo.in
pastorhenryphilips03 [at] live.fr
Und selbstverständlich liefert 'Ihre zuvorkommende Mugu-Company' auch wieder das Mugu-Phon:
+229 931 809 72 ---> Bell, Benin
- kjz
Wieder mal einen (amerikan.) Uni-Account gecrackt und wieder eine Juchhuu Adresse:
Received: from Cuda3.broward.edu (unknown [209.87.192.215]) by xxxxxxx (Postfix) with ESMTP id 81A21789AA7B for <xxxxxxx>; Mon, 1 Dec 2008 18:10:02 +0100 (CET)
Received: from mail.broward.edu (ses.broward.edu [192.168.251.26]) by Cuda3.broward.edu (Spam Firewall) with ESMTP id E6B0619013BA for <xxxxxxx>; Mon, 1 Dec 2008 11:55:23 -0500 (EST)
Received: from mail.broward.edu (ses.broward.edu [192.168.251.26]) by
Cuda3.broward.edu with ESMTP id QODD5PhjDBp1PJaG for <xxxxxxx>; Mon, 01 Dec 2008 11:55:23 -0500 (EST)
Received: from SULLIC3 [212.116.219.52] by mail.broward.edu --->
SA-FAISALIAH with NetMail ModWeb Module; Mon, 01 Dec 2008 16:55:20 +0000
Post an:
claims_depmt07 [at] yahoo.co.uk
Received: from servidor.levina.com.br (servidor.levina.com.br
[200.174.38.7]) by xxxxxxx (Postfix) with ESMTP id EAAD5789AAB6 for <xxxxxxx>; Mon, 1 Dec 2008 21:14:06 +0100 (CET)
Received: from User (night-kings.de [85.214.39.188]) ---> Strato (authenticated bits=0) by servidor.levina.com.br (8.13.3/8.13.3) with ESMTP id mB1H1Wxv028319; Mon, 1 Dec 2008 15:01:54 -0200
Abgekippt via Strato und Brasilien.
Mail geht an:
jwscons [at] googlemail.com
jwconsultsinc [at] gmail.com
Mugu-Phon: +44 8715035681, denn Magrathea Telecommunications Limited, UK ist Mugus Liebling....
- kjz
Wieder ein gecrackter Account einer US-Uni + Zombie bei Roadrunner:
Received: from smtp9.fiu.edu (smtp9.fiu.edu [131.94.189.202]) by xxxxxxx (Postfix) with ESMTP id 06F7F789AD07 for <xxxxxxx>; Tue, 2 Dec 2008 14:42:21 +0100 (CET)
Received: from cpe-75-85-236-244.bak.res.rr.com (EHLO User) ([75.85.236.244]) by smtp9.fiu.edu (MOS 3.8.7a FastPath queued) with ESMTP id LZQ30848 (AUTH zhous); Tue, 02 Dec 2008 08:39:30 -0500 (EST)
Und deutlicher können Google und Magrathea ihre absolute Merkbefreiung wohl kaum dokumentieren:
Post an:
jwscons [at] googlemail.com
jwconsultsinc [at] gmail.com
Muguphon: +44 8715035681 ---> Magrathea Telecommunications Limited, UK
- kjz
Hier wieder die Mugu-Boyz mit ihrer .hk Vorliebe:
Received: from mail.apsat.co.kr (mail.apsat.co.kr [125.7.195.60] (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested) by xxxxxxx (Postfix) with ESMTP id 66A2378001B7 for <xxxxxxx>; Wed, 3 Dec 2008 02:04:12 +0100 (CET)
Received: from User (ml82.128.10.77.multilinks.com [82.128.10.77] (authenticated bits=0) by mail.apsat.co.kr (8.13.1/8.13.1) with ESMTP id mB2HBsdB005316; Wed, 3 Dec 2008 02:12:01 +0900
Post an:
johnburr200 [at] yahoo.com.hk
Muguphon: +86 13544246807 ---> China Mobile (GSM)
Und von wegen .hk, abgeschickt wurde natürlich von ml82.128.10.77.multilinks.com in Lagos, Nigeria, der 'I love mugu'-Compnay.
- kjz
Wieder die Benin-Boyz:
Received: from unknown (EHLO webmail.inhouseit.com) [216.32.129.10] by mx0.gmx.net (mx018) with SMTP; 03 Dec 2008 14:49:03 +0100
Received: from webmail.inhouseit.com (webmail.inhouseit.com [216.32.129.12]) by webmail.inhouseit.com (Postfix) with ESMTP id DC9B7145944; Wed, 3 Dec 2008 05:47:08 -0800 (PST)
Received: from UnknownHost [81.91.235.239] by webmail.inhouseit.com with SMTP; Wed, 3 Dec 2008 05:47:35 -0800 ---> Office des Postes et Telecommunications (OPT)
Post geht an:
mathewyetes [at] gmail.com
mathewyetes1 [at] gmail.com
- kjz
Received: from servidor.levina.com.br (servidor.levina.com.br
[200.174.38.7]) by xxxxxxx (Postfix) with ESMTP id EAAD5789AAB6 for <xxxxxxx>; Mon, 1 Dec 2008 21:14:06 +0100 (CET)
Received: from User (night-kings.de [85.214.39.188]) ---> Strato (authenticated bits=0) by servidor.levina.com.br (8.13.3/8.13.3) with ESMTP id mB1H1Wxv028319; Mon, 1 Dec 2008 15:01:54 -0200
Abgekippt via Strato und Brasilien.
Mail geht an:
jwscons [at] googlemail.com
jwconsultsinc [at] gmail.com
Mugu-Phon: +44 8715035681, denn Magrathea Telecommunications Limited, UK ist Mugus Liebling....
Wieder ein alter Bekannter, diesmal via Spamadoo und Spamcast-Zombie:
Received: from smtp21.orange.fr (smtp21.orange.fr [80.12.242.49]) by xxxxxxx (Postfix) with ESMTP id 43881789AB24 for <xxxxxxx>; Sat, 6 Dec 2008 14:37:12 +0100 (CET)
Received: from User (c-71-231-19-89.hsd1.or.comcast.net [71.231.19.89]) by mwinf2121.orange.fr (SMTP Server) with ESMTP id A07A51C000A6; Sat, 6 Dec 2008 14:35:13 +0100 (CET)
Post an:
jwscons [at] googlemail.com
jwconsultsinc [at] gmail.com
Google schert sich natürlich einen Sch...dreck, denn laut Firmenmotto 'we are no evil' ist man natürlich auch Mugus Liebling.
Nicht zu vergessen unsere Mugu-Freunde bei Magrathea, denn:
Muguphon: +44 8715035681 ---> Magrathea Telecommunications Limited, UK
- kjz
sarkis88
07.12.2008, 17:59
ich habe mich mit den man zusammengetan um das geld von vitkor zuholen aber erstamal wollte die bank von spanien 3000 euro haben und wir haben das geld überwiesen eine woche später wollten die von uns 12640 euro haben wir wollten dass geld am montag überweisen gottseidank habe ich die seite gefunden wie kan ich mein geld jetzt wieder rausholen
Bitte zunächst die Forenregeln beachten !
Großbuchstaben und ein Minimum an Interpunktion erleichern ungemein
das lesen Deiner Beiträge und erhöhen die Anzahl an Tips die Du erhalten kannst.
Schaue bitte in unserem Wiki nach, hier findest Du alle notwendigen Informationen.
http://www.antispam-ev.de/wiki/419er#Was_tue_ich.2C_wenn_ich_Gelder_eingezahlt_habe.3F
Falls Ihr wirklich so dumm wart, die geforderte Summe zu überweisen, wird es sehr schwierig das Geld wieder zurück buchen zu lassen, da die Sammelkonten meist umgehend leergeräumt, und der Betrag kaskadiert weitergebucht wird.
So sieht das aus.
Selbst, wenn die Täter erwischt werden: das Geld ist nur in den allerseltensten Fällen wiederzubeschaffen.
Das ist als Totalverlust abzuschreiben.
???
Sobald ich hierfür eine Übersetzung finde werde ich's auch lesen. Geht diese Stammel-Schwemme etwa schon wieder los? :sick:
Mal wieder dasselbe Schema:
Received: from mail.ucasal.net (mail.ucasal.net [200.45.231.18]) by xxxxxxx (Postfix) with ESMTP id 5B885789AACE for <xxxxxxx>; Sat, 13 Dec 2008 18:18:02 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by mail.ucasal.net (Postfix) with ESMTP id E7D80ADF6FB; Sat, 13 Dec 2008 14:06:43 -0200 (ARST)
X-Virus-Scanned: amavisd-new at ucasal.net
Received: from mail.ucasal.net ([127.0.0.1]) by localhost (mail.ucasal.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id la9pLJ4boqL4; Sat, 13 Dec 2008 14:05:33 -0200 (ARST)
Received: from ucasal.net (localhost [127.0.0.1]) by mail.ucasal.net (Postfix) with ESMTP id C42F4ADFA14; Sat, 13 Dec 2008 14:01:15 -0200 (ARST)
Zunächst einmal gecrackter Account einer amerikan. Uni, aber dann:
X-OriginatingIP: 81.199.176.214 (ingenieria) ---> 81.199.176.214.satcom-systems.net
Der beliebt (bei Mugus), berühmt berüchtigte Satelliten-Provider in Israel, der völlig merkbefreit ist und sich lieber mit Mugu-Geld die Taschen vollstopft, als den Missbrauch zu verhindern.
siehe auch: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL66427, also bei Spamhaus seit 27. 7. 2008 gelistet, was wohl alles über deren 'Geschäftsgebahren' aussagt....
Post hätte gerne:
gaminghouse17 [at] live.com
- kjz
Und hier haben wir wieder den Dauer-Mugu:
Received: from newjet.midcoast.com (EHLO jet.midcoast.com) [69.39.100.19]
by mx0.gmx.net (mx016) with SMTP; 15 Dec 2008 15:19:42 +0100
Received: from localhost (localhost [127.0.0.1])
by jet.midcoast.com (Postfix) with ESMTP id 1C6806BF12;
Mon, 15 Dec 2008 07:55:51 -0500 (EST)
X-Virus-Scanned: by amavisd-new at midcoast.com
Received: from jet.midcoast.com ([127.0.0.1])
by localhost (jet.midcoast.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id lpH-7bmbxpPh; Mon, 15 Dec 2008 07:55:50 -0500 (EST)
Received: by jet.midcoast.com (Postfix, from userid 2)
id A84B96BE39; Mon, 15 Dec 2008 07:53:30 -0500 (EST)
Received: from 41.220.75.3 ---> mtnnigeria.net
(SquirrelMail authenticated user blufox)
by newjet.midcoast.com with HTTP;
Mon, 15 Dec 2008 07:53:29 -0500 (EST)
Der hat es auf sage und schreibe 6 Spamhaus-Einträge geschafft:
http://www.spamhaus.org/query/bl?ip=41.220.75.3
Einsamer Rekord, so schwarz sind nicht mal die Russkis und Chinesen... Wann fährt endlich mal jemand mit 'nem großem Seitenschneider nach Lagos?
Deshalb bitte viele Briefe an:
grant-Secretary2008 [at] live.com
mooreowen_claimsagent [at] yahoo.com.hk
mooreowen_claimsagent1 [at] yahoo.co.uk
- kjz
Und wieder die Dauer-Mugu-Schleuder beim 'Schwarzafrika-Provider':
Received: from srvescolas.ue.seduc.to.gov.br (EHLO
srvescolas.ue.seduc.to.gov.br) [200.181.55.91] by mx0.gmx.net (mx059) with SMTP; 17 Dec 2008 05:26:09 +0100
Received: from ue.seduc.to.gov.br (localhost.localdomain [127.0.0.1]) by srvescolas.ue.seduc.to.gov.br (Postfix) with ESMTP id 4D0D128BE0; Wed, 17 Dec 2008 01:22:30 -0200 (BRST)
X-OriginatingIP: 41.220.75.3 (vilanova)
Man beachte: X-OriginatingIP: 41.220.75.3 (vilanova)
Post an:
fedexcourier [at] mail4me.com
Muguphon: Tel: +2347041824482 ---> Nigeria
- kjz
Und wieder der Schwarzhut:
Received: from zm2.veloxia.com (zm2.veloxia.com [213.149.227.3]) by spammotel.com (Postfix) with SMTP id 9AD4E14F7E for <xxxxxxx>; Wed, 17 Dec 2008 11:35:51 -0500 (EST)
Received: (qmail 3131 invoked by uid 0); 17 Dec 2008 16:30:22 -0000
Received: from unknown (HELO localhost) (213.149.226.2) by 213.149.227.3 with SMTP; Wed, 17 Dec 2008 16:30:22 +0000
Received: from mtnngprs.com ( [mtnngprs.com]) as user alex.baget [at] 213.149.227.6 by webmail-imp.gestionar.info with HTTP; Wed, 17 Dec 2008 17:30:35 +0100
X-Originating-IP: 41.220.75.3 ---> MTN, Nigeria
Man beachte:
X-Originating-IP: 41.220.75.3 ---> MTN, Nigeria
Post an:
union.attorneys.chambers [at] live.com
- kjz
Der Dauer-Mugu:
Received: from srvescolas.ue.seduc.to.gov.br (EHLO
srvescolas.ue.seduc.to.gov.br) [200.181.55.91] by mx0.gmx.net (mx009) with SMTP; 18 Dec 2008 05:10:17 +0100
Received: from ue.seduc.to.gov.br (localhost.localdomain [127.0.0.1]) by srvescolas.ue.seduc.to.gov.br (Postfix) with ESMTP id B3E0829501; Thu, 18 Dec 2008 00:59:11 -0200 (BRST)
X-OriginatingIP: 41.220.75.3 (vilanova)
Man beachte:
X-OriginatingIP: 41.220.75.3 (vilanova) ---> MTN, Nigeria
Post an:
fedexcourierplc [at] mail4me.com
Muguphon: +2347057135302 ---> Pank Shin, Nigeria
- kjz
Und wieder der Dauergast (wer hat mal einen Seitenschneider...):
Received: from zm2.veloxia.com (HELO zm2.veloxia.com) [213.149.227.3] by mx0.gmx.net (mx014) with SMTP; 19 Dec 2008 00:28:49 +0100
Received: (qmail 18580 invoked by uid 0); 18 Dec 2008 23:28:03 -0000
Received: from unknown (HELO localhost) (213.149.226.2) by 213.149.227.3 with SMTP; Thu, 18 Dec 2008 23:28:03 +0000
Received: from mtnngprs.com ( [mtnngprs.com]) as user alex.baget [at] 213.149.227.6 by webmail-imp.gestionar.info with HTTP; Fri, 19 Dec 2008 00:28:24 +0100
X-Originating-IP: 41.220.75.3
Man beachte:
X-Originating-IP: 41.220.75.3 ---> mtnngprs.com/MTN, Nigeria
Post an:
union.attorneys.chambers [at] live.com
- kjz
Immer noch kein Seitenschneider, niemand streichelt den Server....
Received: from smtp-delay1.nerim.net (mailhost-l1-p1.mangoosta.org [195.5.209.45]) by xxxxxxx (Postfix) with ESMTP id E05F4789ACF3 for <xxxxxxx>; Sun, 21 Dec 2008 20:20:16 +0100 (CET)
Received: from maiev.nerim.net (smtp-114-sunday.nerim.net [62.4.16.114]) by smtp-delay1.nerim.net (Postfix) with ESMTP id 08B57BF26BC for <xxxxxxx>; Sun, 21 Dec 2008 19:08:47 +0100 (CET)
Received: from webmail.nerim.net (archimonde.nerim.net [62.4.16.97]) by maiev.nerim.net (Postfix) with ESMTP id 37AA8B912B; Sun, 21 Dec 2008 20:09:57 +0100 (CET)
Received: from 83.138.172.72 (proxying for 41.220.75.3) (SquirrelMail authenticated user unsa.terr.35) by webmail.nerim.net with HTTP; Sun, 21 Dec 2008 20:09:51 +0100 (CET)
Man beachte: proxying for 41.220.75.3 ---> MTN, Nigeria
Post bitte an:
t_williams5555 [at] yahoo.com.hk
- kjz
Und wieder mal kein Seitenschneider:
Received: from mail.adk.gov.my (EHLO adk.gov.my) [218.208.97.231]
by mx0.gmx.net (mx024) with SMTP; 22 Dec 2008 11:41:37 +0100
Received: (qmail 19420 invoked by uid 1008); 22 Dec 2008 18:33:19 +0800
Received: from localhost (HELO mail.adk.gov.my) (127.0.0.1) by adk.gov.my with SMTP; 22 Dec 2008 18:33:19 +0800
Received: from 41.220.75.3 (SquirrelMail authenticated user bakir [at] adk.gov.my) by mail.adk.gov.my with HTTP; Mon, 22 Dec 2008 18:33:19 +0800 (MYT)
Man beachte:
Received: from 41.220.75.3
Post an:
thomaskent1 [at] yahoo.com.hk
- kjz
Wieder das gewohnte Schema: Uni-Account/Server gecrackt und dann darüber via DSL von Ghana abgereihert:
Received: from athena.wyk.edu.hk (unknown [210.0.201.31]) by xxxxxxxx (Postfix) with ESMTP id 872F0789A40E for <xxxxxxx>; Tue, 23 Dec 2008 10:51:34 +0100 (CET)
Received: by athena.wyk.edu.hk (Postfix, from userid 81) id BB8D6C00298; Tue, 23 Dec 2008 17:21:45 +0800 (HKT)
Received: from adsl13166.4u.com.gh (adsl13166.4u.com.gh [41.210.13.166]) by webmail.wyk.edu.hk (Horde MIME library) with HTTP; Tue, 23 Dec 2008 17:21:44 +0800
Und der faule 'Prince' hat mailmässig vorgesorgt:
pkagamah [at] live.com
pkagamah [at] gmail.com
stevekwame_ghlaw [at] yahoo.com
- kjz
Und wieder einer der Dauer-Betrüger mit bekanntem Schema: versendet über gecrackten Uni-Accout, Dropbox dann bei Juchuu in HK:
Received: from mo1.mail.sc.edu (mo1.mail.sc.edu [129.252.158.23]) by xxxxx (Postfix) with ESMTP id 934957800751 for <xxxxx>; Fri, 26 Dec 2008 00:03:30 +0100 (CET)
Received: from mo1.mail.sc.edu (127.0.0.1) by mo1.mail.sc.edu (MlfMTA
v3.2r9) id hag8k60171sa for <xxxxx>; Thu, 25 Dec 2008
18:03:11 -0500 (envelope-from <TOPOREKE [at] mailbox.sc.edu>)
Received: from cae145erlp01.ds.sc.edu ([172.27.7.166]) by mo1.mail.sc.edu (SonicWALL 6.2.3.1217) with ESMTP; Thu, 25 Dec 2008 18:03:11 -0500
Received: from CAE029EVSP11.ds.sc.edu ([172.27.7.33]) by cae145erlp01.ds.sc.edu with Microsoft SMTPSVC(6.0.3790.3959); Thu, 25 Dec 2008 18:03:10 -0500
Post an:
infounicef_donation [at] yahoo.om.hk (infounicef_donation [at] yahoo.com.hk)
Muguphon:
Tel: +2348075260799 ---> Nigeria
Direct Line: +2347035064732 ---> MTN, Nigeria
- kjz
Und wieder die Mugu-Bande, wobei MTN Nigeria anscheinend ganz offiziell Kriminelle wohlwollend unterstützt:
Received: from vmail.ufrj.br (vmail.ufrj.br [146.164.3.8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 98A54789AA12 for <xxxxx>; Tue, 30 Dec 2008 21:09:52 +0100 (CET)
Received: from acd.ufrj.br (localhost.localdomain [127.0.0.1]) by vmail.ufrj.br (Postfix) with ESMTP id D1258F1407C; Tue, 30 Dec 2008 01:50:54 -0200 (BRST)
Altbekanntes Schema: gecrackter Uni-Account (diesmal Brasilien), dann Mail Dropbopx bei Juchuu in HK.
Man beachte:
X-OriginatingIP: 41.220.75.3 (museu [at] acd.ufrj.br) ---> mtnngprs.com
Post bitte an:
deskof.davidoliver [at] yahoo.com.hk
deskof.davidoliver [at] yahoo.com.uk
Muguphon:
Tel: +44-703-594-8659 ---> Open Telecom International Ltd., UK
+44-703-193-6872 ---> Magrathea Telecommunications Limited, UK
Fax: +44-702-897-9987 ---> Pipemedia Ltd, UK
Auch hier natürlich wieder unsere 'Susi Sorglos' Obermugu-Freunde im Spiel:
Open Telecom International Ltd., UK
Are you a non-UK resident? Have a UK Virtual Phone Number redirected to your international phone line with absolutely NO cost to you. This is the perfect solution for any business or individual looking to have a UK presence. Find out more...
Schöner kann man 'Einladung zum Missbrauch' ja kaum umschreiben...
Magrathea Telecommunications Limited, UK
- kjz
Und noch eine hinterher:
Received: from atila.multidata.hn (mail.multidata.hn [63.245.10.5]) by xxxxx (Postfix) with ESMTP id C6782789AB2B for <xxxxx>; Tue, 30 Dec 2008 21:33:34 +0100 (CET)
Received: from mail.multidata.hn (atila.multidata.hn [127.0.0.1]) by atila.multidata.hn (Postfix) with ESMTP id EF6B33A2744; Tue, 30 Dec 2008 14:16:13 -0600 (CST)
Man beachte:
X-OriginatingIP: 41.220.75.3 (compartir)
Post an:
ringscherry [at] jmail.co.za
Ein Thread in NANAE lässt leider nicht hoffen: Mugus wird man nicht wieder los, die spammen selbst auf jahrelang abgeklemmte Accounts. Die Russkis sind vielleicht noch intelligent und 'putzen' Antispammer-Adressen aus ihrem Adresspool. Selbst dazu sind Mugus anscheinend viel zu blöde... :sick:
- kjz
Heute war der Mugu wieder fleissig:
Received: from mail.compasspr.com.tw (mail.compasspr.com.tw [59.124.221.80]) by xxxxx (Postfix) with ESMTP id E9710789AA6E for <xxxxx>; Wed, 31 Dec 2008 04:42:16 +0100 (CET)
Received: from compasspr.com.tw (mail.compasspr.com.tw [127.0.0.1]) by mail.compasspr.com.tw (Postfix) with ESMTP id BBE0011E8D8E; Mon, 29 Dec 2008 16:18:01 +0800 (CST)
Received: from mail.compasspr.com.tw (mail.compasspr.com.tw [59.124.221.80]) by xxxxx (Postfix) with ESMTP id 26E5F780075A for <xxxxx>; Wed, 31 Dec 2008 07:12:09 +0100 (CET)
Received: from compasspr.com.tw (mail.compasspr.com.tw [127.0.0.1]) by mail.compasspr.com.tw (Postfix) with ESMTP id E0C2011E93AE; Wed, 31 Dec 2008 11:05:39 +0800 (CST)
Received: from mail.compasspr.com.tw (mail.compasspr.com.tw [59.124.221.80]) by xxxxxx (Postfix) with ESMTP id 9DE32789A939 for <xxxxx>; Wed, 31 Dec 2008 11:23:55 +0100 (CET)
Received: from compasspr.com.tw (mail.compasspr.com.tw [127.0.0.1]) by mail.compasspr.com.tw (Postfix) with ESMTP id 5F11111E93BF; Wed, 31 Dec 2008 11:06:39 +0800 (CST)
X-OriginatingIP: 72.52.66.10 (claire.zheng)
Post geht an:
feddex.dept1 [at] gmail.com
feddexdispatch [at] live.com
Muguphon: +2348038047605 ---> MTN, Nigeria
Und der Dauer-Mugu:
Received: from tempo.di-net.ru (tempo.di-net.ru [213.248.12.5])
(using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id AC33A789AA72 for <xxxxx>; Wed, 31 Dec 2008 00:42:59 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=webmail.msm.ru) by tempo.di-net.ru with esmtp (Exim 4.69) (envelope-from <info [at] hsbc.com>) id 1LHjvg-00061Y-IS; Tue, 30 Dec 2008 22:07:00 +0300
Received: from 41.220.75.3 (SquirrelMail authenticated user gratus [at] msm.ru) by webmail.msm.ru with HTTP; Tue, 30 Dec 2008 22:07:00 +0300 (MSK)
Man beachte:
Received: from 41.220.75.3
Post an:
jose_poon101 [at] yahoo.com.hk
- kjz
Der Dauer-Mugu:
Received: from vsmtp1.jaring.my (vsmtp1.jaring.my [192.228.250.81]) by xxxxx (Postfix) with ESMTP id A31DB789AAC2 for <xxxxx>; Thu, 1 Jan 2009 10:39:21 +0100 (CET)
Received: from localhost (localhost.jaring.my [127.0.0.1]) by vsmtp1.jaring.my (8.14.3/8.14.3) with ESMTP id n018mMaU064671; Thu, 1 Jan 2009 16:48:22 +0800 (MYT) (envelope-from david.singer [at] chambers.org)
X-Virus-Scanned: by JARING Malware Filters (jaring.my)
Received: from vsmtp1.jaring.my ([127.0.0.1]) by localhost (vsmtp1.jaring.my [127.0.0.1]) (amavisd-new, port 10024) with LMTP id cTTJmFlko5tj; Thu, 1 Jan 2009 16:48:22 +0800 (MYT)
Received: from webmanager.jaring.my (webmanager.jaring.my [202.187.17.9]) by vsmtp1.jaring.my (8.14.3/8.14.3) with ESMTP id n018mISc064667; Thu, 1 Jan 2009 16:48:18 +0800 (MYT) (envelope-from david.singer [at] chambers.org)
Received: from localhost.jaring.my ([127.0.0.1] helo=poram.org.my) by webmanager.jaring.my with esmtpa (Exim 4.69) (envelope-from <david.singer [at] chambers.org>) id 1LIJEi-0004VR-Ki; Thu, 01 Jan 2009 16:49:00 +0800
Received: from 41.220.75.3 ([41.220.75.3]) (SquirrelMail authenticated user fatimah [at] poram.org.my) by poram.org.my with HTTP; Thu, 1 Jan 2009 16:49:00 +0800 (MYT)
Man beachte:
Received: from 41.220.75.3 ([41.220.75.3])
Post an:
david.singer182 [at] hotmail.com
Muguphon:
Phone:+44 703 595 4276 ---> Open Telecom International Ltd., UK
Fax: +44 709 288 6551
Selbstverständlich wieder unsere Mugu-Freunde von der Open Telecom International Ltd.
Und weiter geht's:
Received: from host7.emwd.com (host7.emwd.com [67.225.202.56] (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 00212789AABD for <xxxxx>; Thu, 1 Jan 2009 18:37:19 +0100 (CET)
Received: from localhost ([127.0.0.1]:39133 helo=webmail.miamitemple.org) by host7.emwd.com with esmtpa (Exim 4.69) (envelope-from <nluk [at] lottery.com>) id 1LIKBa-0002I2-De; Thu, 01 Jan 2009 04:49:50 -0500
Received: from 80.255.59.243 ([80.255.59.243]) (proxying for 80.255.59.243 (SquirrelMail authenticated user flacayo [at] miamitemple.org) by webmail.miamitemple.org with HTTP; Thu, 1 Jan 2009 04:49:50 -0500 (EST) ---> VIENNA TECH, Nigeria
Post an:
batesdaviddpt [at] gmail.com
Muguphon:
Phone: +44 702 401 4762 ---> Magrathea Telecommunications Limited, UK
Fax: +44-870 974 0213 ---> Magrathea Telecommunications Limited, UK
Auch hier macht sich wieder Magrathea gerne mit Kriminellen gemein.
- kjz
Und noch ein Mugu:
Received: from n75a.bullet.mail.sp1.yahoo.com
(n75a.bullet.mail.sp1.yahoo.com [98.136.45.22]) by xxxxx (Postfix) with SMTP id 712EC789A40D for <xxxxx>; Fri, 2 Jan 2009 19:43:06 +0100 (CET)
Received: from [216.252.122.218] by n75.bullet.mail.sp1.yahoo.com with
NNFMP; 02 Jan 2009 18:43:05 -0000
Received: from [67.195.9.83] by t3.bullet.sp1.yahoo.com with NNFMP; 02
Jan 2009 18:43:05 -0000
Received: from [67.195.9.102] by t3.bullet.mail.gq1.yahoo.com with
NNFMP; 02 Jan 2009 18:43:05 -0000
Received: from [127.0.0.1] by omp106.mail.gq1.yahoo.com with NNFMP; 02
Jan 2009 18:43:05 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 322828.87809.bm [at] omp106.mail.gq1.yahoo.com
Received: (qmail 77807 invoked by uid 60001); 2 Jan 2009 18:43:05 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=ymail_nen1; d=yahoo.com;
h=Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=IPq8Bt5rZBHBoEbsue5KkIX2v+8Fv7EQjDLy7CoiL6lpB6vhaSgsH0Upphc2U0AKrrkxHGxw1cUBMK pVN9HH+FTEaDKFHyG4YOjufnARa9aRNiKssXMvFIv60AWjYxKP7lY7Us4msWpsp02zmVGyBAaquZLGp7 9sILR+irOoAN4=;
Received: from [41.222.192.88] by web112218.mail.gq1.yahoo.com via HTTP;
Fri, 02 Jan 2009 10:43:05 PST
Post an:
jeretoulo [at] live.fr
officeatm33 [at] yahoo.com
Wie man sieht, abgekübelt über das Webmail-Interface von Juchu, ursprünglich von der IP 41.222.192.88. Dies ist Isocel in Benin. Von diesem ISP habe ich tatsächlich mal eine etwas persönlichere Antwort erhalten:
The IP address 41.222.192.88 belongs to Isocel Telecom which is a WISP in
Benin (West Africa) and where unfortunately as of today, there is no law on
cyber criminality. It has been allocated to a very crowded Cyber café
equipped with more than 50 computers and where dozens of customers connects
everyday. The owner is unable to control the traffic of each machine. This
place is open 24/7.
Last week, we had a long meeting with government officials to include cyber
criminality in the long awaited law on electronic communications that should
occur Q1 2009, and it will be definitely part of this new law so we can
prosecute the persons behind these fraudulent acts.
We will inform you as soon as this law goes into application.
- kjz
Schneekristall
03.01.2009, 12:14
Salve alle,
hat schon mal jemand das Muguphon angerufen? Sind doch vermutlich alles Wegwerf-Handy-Nummern o.ä.
Haben die Mugus eigentlich Listen, wen sie anmailen? Ich erhielt auf eine Firmenadresse eine Russki-Mail, habe der netten Dame aber von einer anderen (Wegwerf-)Adresse aus geschrieben, aber keine Antwort erhalten :(.
Mal ne Frage wegen der IP: kann der Spammy was mit dieser anfangen? Habe -ja ich war so dumm- der "Dame" von einem Yahoo-Mailzugang geschrieben, kann da was ausgelesen werden über meine IP? Und wenn ja, was hätte man zu befürchten?
Habe mir zum baiten mal eine Fastmail-Adresse zugelegt...
So, hoffe meine Fragen sind nicht zu anfängerhaft,
viele Grüße
Schneekristall
alicesophie
03.01.2009, 12:41
An der IP kann man mittels Tabellen sehen, welchen Internet-Anbieter du nutzt und - mit einer gewissen Trefferchance - deinen Wohnort (im Sinne von Stadt, Dorf, Weiler, etc.). Mehr geht nicht, mehr kann (und darf) nur eine Strafverfolgungsbehörde und das auch nur mit Richterbeschluss.
Da würde ich mir schon mehr Sorgen machen, dass die Mail-Adresse jetzt in einem Spam-Verteiler landet.
Schneekristall
03.01.2009, 16:21
(gekürzt)
Da würde ich mir schon mehr Sorgen machen, dass die Mail-Adresse jetzt in einem Spam-Verteiler landet.
Hallo alicesophie,
gut, da mein Provider ohnehin laut IP-Check, den ich ab und an mal mache, mal in meiner Stadt, mal ganz woanders residiert, ist das wohl eher harmlos (wohne zudem in einer Großstadt).
Die Adresse ist eine Wegwerf-Adresse, also wenn die verbrannt ist, lasse ich sie einfach liegen. Wollte halt mal sehen was da an Antworten kommt vom Mugu...
VG
Schneekristall
... wenn die verbrannt ist, lasse ich sie einfach liegen.
Mal 'ne generelle Frage dazu. Ist es nicht besser, die Adresse zu loeschen? Wenn diese dann von den Listen nach einger Zeit verschwindet, wird dadurch doch auch weniger traffic erzeugt. Zwar nur Kleinvieh, macht aber bekanntlich auch Mist.
Sven Udo
04.01.2009, 02:28
Haben die Mugus eigentlich Listen, wen sie anmailen? [...]
Mal ne Frage wegen der IP: kann der Spammy was mit dieser anfangen? Habe -ja ich war so dumm- der "Dame" von einem Yahoo-Mailzugang geschrieben, kann da was ausgelesen werden über meine IP? [...]@Schneekristall, ein dringender Rat von mir.
Bitte erst lesen und dann Fragen stellen, falls es dann noch Fragen gibt.
Antispam hat ein ausgezeichnetes Wiki: Wiki/419er (https://www.antispam-ev.de/wiki/419er)
Dazu folgende Hinweise: Wichtig: Basisinfo - Was ist eigentlich "419-Nigeria-Betrug"? (https://www.antispam-ev.de/forum/showthread.php?t=18296)
Und auch hier findest du Informationen und Hinweise: Scambaiter - Deutschland (http://scambaiter.info/)
Ergänzende Informationen: ScambaitWiki (http://scambaitwiki.pytalhost.com/index.php?title=Hauptseite)
Und wieder der Dauer-Mugu (und in Malaysia weiss man anscheinend auch nicht, wie man Server absichert...):
Received: from vsmtp2.jaring.my (vsmtp2.jaring.my [192.228.250.82]) by xxxxx (Postfix) with ESMTP id 9E64E78973F1 for <xxxxx>; Mon, 5 Jan 2009 08:13:04 +0100 (CET)
Received: from localhost (localhost.jaring.my [127.0.0.1]) by vsmtp2.jaring.my (8.14.3/8.14.3) with ESMTP id n056tYAi027623; Mon, 5 Jan 2009 14:55:34 +0800 (MYT) (envelope-from david.singer [at] chambers.org)
X-Virus-Scanned: by JARING Malware Filters (jaring.my)
Received: from vsmtp2.jaring.my ([127.0.0.1]) by localhost (vsmtp2.jaring.my [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 5ia7bY2maCqk; Mon, 5 Jan 2009 14:55:33 +0800 (MYT)
Received: from webmanager.jaring.my (webmanager.jaring.my [202.187.17.9]) by vsmtp2.jaring.my (8.14.3/8.14.3) with ESMTP id n056tTOk027621; Mon, 5 Jan 2009 14:55:29 +0800 (MYT) (envelope-from david.singer [at] chambers.org)
Received: from localhost.jaring.my ([127.0.0.1] helo=poram.org.my) by webmanager.jaring.my with esmtpa (Exim 4.69) (envelope-from <david.singer [at] chambers.org>) id 1LJjNo-0000oD-Gn; Mon, 05 Jan 2009 14:56:16 +0800
Received: from 41.220.75.3 ([41.220.75.3]) (SquirrelMail authenticated user fatimah [at] poram.org.my) by poram.org.my with HTTP; Mon, 5 Jan 2009 14:56:16 +0800 (MYT)
Man beachte:
Received: from 41.220.75.3 ([41.220.75.3])
Post an:
david.singer192 [at] hotmail.com
Und unsere 'Mugu-Freunde' fürs Muguphon:
Phone: +44 703 595 4276 ---> Open Telecom, UK
Fax: +44 709 288 6551 ---> YAC Ltd., UK
Und noch einer:
Received: from ns33002.ovh.net (ns33002.ovh.net [213.251.164.110]) by xxxxx (Postfix) with SMTP id 3E71A789AAC2 for <xxxxx>; Mon, 5 Jan 2009 07:49:49 +0100 (CET)
Post an:
delivery [at] westdiamondsecurity.net.tf
Muguphon: +234-17651338 ---> Multi-links, Nigeria
- kjz
Der Dauer-Mugu hat mal wieder einen Schulserver in der Slowakei mit offenem Hosenlatz gefunden:
Received: from alfa.gymzh.edu.sk (mail.gymzh.edu.sk [213.81.187.161]) by xxxxx (Postfix) with ESMTP id F3823789AE03 for <xxxxx>; Tue, 6 Jan 2009 18:47:57 +0100 (CET)
Received: from www.gymzh.edu.sk (alfa.gymzh.edu.sk [127.0.0.1]) by alfa.gymzh.edu.sk (Postfix) with ESMTP id 68FA1D01567; Tue, 6 Jan 2009 11:10:29 +0100 (CET)
Received: from 212.62.97.23 (proxying for 41.220.75.3) (SquirrelMail authenticated user riaditel) by www.gymzh.edu.sk with HTTP; Tue, 6 Jan 2009 10:10:29 -0000 (GMT)
Man beachte:
proxying for 41.220.75.3
Post bitte an:
infodavidmelloan [at] live.com
davidmelloanagency [at] live.com
Muguphon: +44 7045 7625 20 ---> Open Telecom International Ltd., UK
- kjz
Da gehen dem Mugu wohl die gecrackten Mail-Accounts aus:
Received: from smh01.opentransfer.com (smh01.opentransfer.com
[71.18.216.112]) by xxxxx (Postfix) with ESMTP id 95221780075A for xxxxx; Mon, 12 Jan 2009 20:00:53 +0100 (CET)
Received: by smh01.opentransfer.com (Postfix, from userid 8) id 9642C22A4E10; Mon, 12 Jan 2009 12:25:17 -0500 (EST)
Received: from webmail5.opentransfer.com (unknown [69.49.230.6]) by smh01.opentransfer.com (Postfix) with ESMTP id 7558522A4E0A; Mon, 12 Jan 2009 12:25:17 -0500 (EST)
Received: from webmail5.opentransfer.com (webmail5.opentransfer.com
[127.0.0.1]) by webmail5.opentransfer.com (8.13.8/8.13.8) with ESMTP id n0CHWb99023979; Mon, 12 Jan 2009 11:32:37 -0600
Received: (from nobody [at] localhost) by webmail5.opentransfer.com (8.13.8/8.13.8/Submit) id n0CHWY7v023974; Mon, 12 Jan 2009 11:32:34 -0600
X-Authentication-Warning: webmail5.opentransfer.com: nobody set sender
to confirmation_desk [at] 8u8.com using -f
Received: from dial-pool15.ph.starcomms.net (dial-pool15.ph.starcomms.net [41.205.172.171]) by webmail.opentransfer.com (Horde MIME library) with HTTP; for <vijay.kumar [at] jamesblake.in>; Mon, 12 Jan 2009 11:32:34 -0600
Man beachte:
X-Originating-IP: 41.205.172.171 ---> dial-pool15.ph.starcomms.net, Nigeria
This message was sent automatically by a program on
Webmail which periodically
checks the size of inboxes, where new messages are
received.
The program is run weekly to ensure no one's inbox grows
too large. If your
inbox becomes too large, you will be unable to receive new
email.
Just before this message was sent, you had 18 Megabytes
(MB) or more of
messages stored in your inbox on your Webmail
To help us re-set your SPACE on our database prior to
maintain your INBOX, you
must reply to this e-mail and enter your:
Current User name: { }
and Password: { }
You will continue to receive this warning message
periodically if your inbox
size continues to be between 18 and 20 MB. If your inbox
size grows
to 20 MB, then a program on Bates Webmail will move your
oldest
You will continue to receive this warning message
periodically if your inbox
size continues to be between 18 and 20 MB. If your inbox
size grows to
20 MB, then a program on Bates Webmail will move your
oldest email to a folder
in your home directory to ensure that you will continue to
be able
to receive incoming email. You will be notified by email
that this has taken
place. If your inbox grows to 25 MB, you will be unable to
receive new email
as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE a
copy.
Thank you for your cooperation.
Webmail Help Desk
Den Mugu sollte man mal kräftig unter:
confirmation_desk [at] 8u8.com
verarzten.
- kjz
Wieder der Dauer-Mugu mit gecracktem Uni-Account (Universitas Gadjah Mada, ssiradz [at] ugm.ac.id):
Received: from smtp2.ugm.ac.id (smtp2.ugm.ac.id [203.130.245.134]) by xxxxx (Postfix) with ESMTP id 42181789AD0F for <xxxxx>; Tue, 20 Jan 2009 09:58:46 +0100 (CET)
Received: from smtp2.ugm.ac.id (localhost.localdomain [127.0.0.1]) by smtp2.ugm.ac.id (Postfix) with ESMTP id B8D57124A3B; Mon, 19 Jan 2009 23:18:07 +0700 (WIT)
Received: from webmail.ugm.ac.id (elisa.ugm.ac.id [222.124.24.14]) by smtp2.ugm.ac.id (Postfix) with ESMTP id C9C1C12496F; Mon, 19 Jan 2009 23:17:39 +0700 (WIT)
Received: from 41.220.75.3 (SquirrelMail authenticated user ssiradz [at] ugm.ac.id) by webmail.ugm.ac.id with HTTP; Mon, 19 Jan 2009 22:59:21 +0700 (WIT)
Man beachte:
Received: from 41.220.75.3 ---> Mobile Data Services Network at Ojota/MTN, Nigeria
Post bitte an:
stephen.scott54 [at] yahoo.com.hk
- kjz
Und wieder ein gecrackter Account (shea.steele [at] my.pci.edu):
X-CHKRCPT: Envelopesender vrfy shea.steele [at] my.pci.edu
X-Greylist: delayed 1070 seconds by postgrey-1.32 at deliver; Tue, 20
Jan 2009 18:07:57 CET
Received: from pubstp001.pub.datacenter.careered.com (studentmail.careered.com [216.49.211.253]) by xxxxx (Postfix) with ESMTP id 96E79789A4A4 for <xxxxx>; Tue, 20 Jan 2009 18:07:57 +0100 (CET)
Received: from PUBSVX101.pub.datacenter.careered.com ([10.0.38.41]) by pubstp001.pub.datacenter.careered.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 20 Jan 2009 10:50:08 -0600
Post hätte der Mugu gerne an:
connorarnold56 [at] 8u8.com
- kjz
Und wieder zwei:
über Juchuu:
X-CHKRCPT: Envelopesender noch judeogo345 [at] yahoo.com.co
Received: from n63a.bullet.mail.sp1.yahoo.com (n63a.bullet.mail.sp1.yahoo.com
[98.136.45.10]) by xxxxx (Postfix) with SMTP id 15108789AD0F for <xxxxx>; Wed, 21 Jan 2009 01:26:47 +0100 (CET)
Received: from [216.252.122.216] by n63.bullet.mail.sp1.yahoo.com with NNFMP; 21
Jan 2009 00:26:46 -0000
Received: from [67.195.9.81] by t1.bullet.sp1.yahoo.com with NNFMP; 21 Jan 2009
00:26:46 -0000
Received: from [67.195.9.100] by t1.bullet.mail.gq1.yahoo.com with NNFMP; 21 Jan
2009 00:26:46 -0000
Received: from [127.0.0.1] by omp104.mail.gq1.yahoo.com with NNFMP; 21 Jan 2009
00:26:46 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 654263.29606.bm [at] omp104.mail.gq1.yahoo.com
Received: (qmail 28708 invoked by uid 60001); 21 Jan 2009 00:26:46 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=ymail_nen1; d=yahoo.com.co;
h=Received:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=NNbLpYYXAdD6gzZHxTfb2/CnhwnmbYBaCoj02p6kmBuND3Ppjfh+94Q4+ZukgyTBHyKQKuLK7Qq5c5YNv/P5x4aHfLgcft/m3eBgPyk1ae/0aAGRfwrDVdngAwDcnez9ThPrU1WsVa67r4O3jAKrjFwe2Ik1yHYVEAoK9d2sypI=;
Received: from [82.128.46.93] by web111015.mail.gq1.yahoo.com via HTTP; Tue, 20
Jan 2009 16:26:46 PST
IP: 82.128.46.93 ---> Multilinks Telecommunications Limited, Nigeria
Post hätte da gerne:
judeogo345 [at] yahoo.com.co
mrjudeogo2009 [at] yahoo.com.hk
Muguphon: +234 8023 919 016 ---> Vmobile, Nigeria/Zain
über Hotmail:
X-CHKRCPT: Envelopesender noch dmorton831 [at] msn.com
Received: from col0-omc4-s15.col0.hotmail.com (col0-omc4-s15.col0.hotmail.com
[65.55.34.217]) by xxxxx (Postfix) with ESMTP id C99E2789A9F3 for <xxxxx>; Wed, 21 Jan 2009 06:06:26 +0100 (CET)
Received: from COL105-W69 ([65.55.34.201]) by col0-omc4-s15.col0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.3959); Tue, 20 Jan 2009 21:06:25 -0800
Message-ID: <COL105-W69F13107CF313C4FE6B41B9ED10 [at] phx.gbl>
Content-Type: multipart/alternative; boundary="_afe97bd7-8d95-4499-ac06-9677446f129e_"
X-Originating-IP: [82.128.26.193]
IP: 82.128.26.193 ---> Multilinks Telecommunications Limited, Nigeria
Post an:
dmorton831 [at] msn.com
mr_ernestmoris [at] hotmail.com
Muguphon: +234-703-933-1445 ---> MTN, Nigeria
Man sieht, der Trend geht zum Zweit-EMail-Account. Leider werden Freemail-Adressen ja anscheinend im Tausenderpack durch die Gegend geschmissen. Waren das noch Zeiten, als z. Bsp. Web.de eine Freemail-Adresse nur freischaltete, nachdem man einen per Brief(!!!!) zugeschickten Bestätigungscode eingegeben hatte. Es ginge also, wenn man wollte, nur will man leider nicht mehr.... Lieber billig und Geiz ist geil statt Sicherheit :sick:
- kjz
Am 2. 1. hatten wir: '41.222.192.88 belongs to Isocel Telecom', nun geht's weiter:
Received: from mo-p07-ob.rzone.de (mo-p07-ob.rzone.de [81.169.146.188]) by xxxxx (Postfix) with ESMTP id 38FF6780075A for xxxxx; Fri, 23 Jan 2009 05:57:23 +0100 (CET)
X-RZG-CLASS-ID: mo00
X-RZG-AUTH: :K2kLVU+qevIjfRMHnsb+6I0oq75AjXHYgbRR5xGFuIEvaZOw36if0w==
To: undisclosed-recipients:;
Message-ID: <206cf9l0N3oHUX.RZmta [at] mo-p00-ob.rzone.de>
Received: from User ([41.222.192.69]) by post.strato.de (mrclete mo63) (RZmta 18.10) with ESMTP id 206cf9l0N3oHUX ; Fri, 23 Jan 2009 05:56:42 +0100 (MET)
Heute haben wir: 41.222.192.69 ---> ISOCEL SARL, Benin
Zudem hat da noch ein Server bei Strato den Hosenlatz offen.
Post hätte gerne:
margaretblaire [at] gmail.com
efexdept01 [at] live.fr
Muguphon: +229 97 632 381 ---> Benin Cell/Spacetel Benin/Areeba/MTN Benin
- kjz
Mal wieder über einen gecrackten Uni-Account in Argentinien:
Received: from untref.untref.edu.ar (untref.edu.ar [200.58.113.38]) by xxxxx (Postfix) with ESMTP id 731C0789AE1E for xxxxx; Mon, 26 Jan 2009 18:21:56 +0100 (CET)
Received: from [127.0.0.1] (helo=localhost) by untref.untref.edu.ar with esmtp (Exim 4.63)
(envelope-from <barristerabdulraman [at] yahoo.com>) id 1LRUMq-0001E3-7m; Mon, 26 Jan 2009 14:31:23 -0200
Received: from 118.101.117.138 ([118.101.117.138]) by www.untref.edu.ar (IMP) with HTTP for <corountref [at] untref.edu.ar@localhost>; Mon, 26 Jan 2009 14:31:18 -0200
Post geht an:
barristerabdul.rahman02 [at] gmail.com
barristerabdulraman [at] yahoo.com
- kjz
Als angebliches Arbeitsangebot getarnt:
Received: from sheard.co.uk (host81-149-239-152.in-addr.btopenworld.com
[81.149.239.152]) by xxxxx (Postfix) with ESMTP id 7D397789AE66 for xxxxx; Tue, 27 Jan 2009 08:24:05 +0100 (CET)
Received: from User ([83.229.62.20]) by sheard.co.uk with Microsoft SMTPSVC(6.0.3790.3959); Mon, 26 Jan 2009 17:24:26 +0000
IP: 83.229.62.20 --> UK-SKYVISION (auch so ein Mugu-Satelliten-ISP)
Post an:
morgan.walsh0091 [at] gmail.com
Muguphon: +447031915548 ---> Magrathea Telecommunications Limited, UK (Mugus Liebling, die äusserst dürftige Homepage der angeblichen 'Telefongesellschaft' mit Bildern aus dem Webbaukasten läßt nur vermuten, dass hinter der 'Firma' nur ein Briefkasten steckt...)
- kjz
Der Dauer-Mugu:
Received: from webmail.jucetins.to.gov.br (unknown [201.67.112.131]) by xxxxx (Postfix) with ESMTP id CAD1E789B01F for xxxxx; Tue, 27 Jan 2009 16:23:12 +0100 (CET)
Received: from jucetins.to.gov.br (localhost.localdomain [127.0.0.1]) by webmail.jucetins.to.gov.br (Postfix) with ESMTP id 9FB0639C3BF; Mon, 26 Jan 2009 13:45:10 -0200 (BRST)
Man beachte:
X-OriginatingIP: 41.220.75.3 (jucetins) ---> MTN, Nigeria
Post bitte an:
jefferydean [at] live.co.uk
jeffery [at] live.co.uk
- kjz
Und wieder mal aus DE, das Deutsch ist für Babelfish zu gut, den hat wohl jemand verfasst, der relativ gut die deutsche Sprache beherrscht:
Received: from p57915CEC.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.92.236] by mx0.gmx.net (mx015) with SMTP; 30 Jan 2009 16:38:53 +0100
GutenTag,
Mein Name ist Katherine Klein . Ich bin deutscher Staatsbürger und
arbeite in
der Abteilung für Privatinvestoren bei einer großen Bank in Großbritannien.
Ich verwalte das Vermögen eines Kunden (Mr. Morris Thompson ein
Amerikaner), der am 31. Januar 2000 mit seiner Ehefrau und seiner
einzigen Tochter bei dem Flugzeugabsturz von Alaska Airlines Flug 261
verunglückt ist. Sie erfahren mehr über den Absturz unter
http://www.cnn.com/2000/US/02/01/alaska.airlines.list/.
Ich kontaktiere sie bezüglich des Vermögens in Höhe von $ 38,000,000
(Achtunddreißigtausend Siebenhundertfünfzig Millionen United States
Dollars), weil ich ihre Unterstützung brauche. Die Bank hat nach Ablauf
einer Frist, das Recht Gelder bzw. Kapitalvermögen einzubehalten, wenn
auszuschließen ist, dass keine Erben bzw. Bevollmächtigte Anspruch erheben.
In diesem geschilderten Fall ist die Bank, soweit sich keine weiteren
Angehörigen melden, berechtigt die $ 38,000,000 ihr Eigen zu nennen..
Dies möchte ich verhindern. Sind sie bereit mir zu helfen?
Wenn Sie sich als Nächstverwandter bei der Bank melden, muss diese das
Vermögen an Sie auszahlen.
Sind Sie vertrauensvoll? Können Sie mit einer solchen Geldsumme umgehen?
Wenn ja melden Sie sich bitte bei mir kathklein2 [at] accountant.com
Fordern Sie das Vermögen von der Bank.
Die notwendigen Details und Informationen die es Ihnen erleichtern und
vereinfachen wird das Vermögen zu erhalten sende ich Ihnen zu, sobald
ich Ihr Einverständnis zum Fortfahren in dieser Sache erhalte.
Sobald Sie zusagen werde ich Sie mit allen wichtigen Schritten dieser
Transaktion vertraut machen.
Ich garantiere Ihnen, dass diese Transaktion rechtsmäßig ablaufen wird,
so dass Sie zu keinem Zeitpunkt gesetzeswidrig handeln.
Für Ihre Unterstützung erhalten sie 20% der totalen Summe.
Da das Geld nicht bar in das Ursprungsland zurückzubringen ist,
verpflichten Sie sich ihren Anteil bestmöglich in ihrem Land zu investieren.
Hoffentlich werden Sie mein Anliegen überdenken und mir positiv
antworten.
Wenn Sie Zweifel oder Fragen haben zögern Sie bitte nicht mich zu
kontaktieren.
Richten Sie ihre Fragen an mich; ungeklärte Fragen sollten Sie nicht in
ihrer Entscheidungsfindung aufhalten.
Ich erwarte ihre Antwort.
Mit freundlichen Grüßen
Katherine Klein
Post bitte an:
kathklein2 [at] accountant.com
kathklein2 [at] aim.com
- kjz
In Bremen (87.145.92.236) ist bekanntlich die Mugu-Konzentration recht hoch.
Irgendwie hat's da dem Mugu gewaltig ins Gehirn geregnet:
Received: from n2b.bullet.mail.tp2.yahoo.com
(n2b.bullet.mail.tp2.yahoo.com [203.188.202.109]) by xxxxx (Postfix) with SMTP id A6A67789AF04 for xxxxx; Mon, 2 Feb 2009 10:16:49 +0100 (CET)
Received: from [203.188.202.70] by n2.bullet.mail.tp2.yahoo.com with
NNFMP; 02 Feb 2009 09:16:47 -0000
Received: from [203.212.168.61] by t1.bullet.mail.tp2.yahoo.com with
NNFMP; 02 Feb 2009 09:16:47 -0000
Received: from [203.104.17.88] by t2.bullet.kr1.yahoo.com with NNFMP; 02
Feb 2009 09:16:47 -0000
Received: from [127.0.0.1] by omp102.mail.in2.yahoo.com with NNFMP; 02
Feb 2009 09:16:46 -0000
Received: from [82.128.26.109] by web95011.mail.in2.yahoo.com via HTTP;
Mon, 02 Feb 2009 14:46:46 IST
IP: 82.128.26.109 ---> Multilinks Telecommunications Limited, Nigeria
I have a new email address!You can now email me at:
godwin22222222222222222222222222 [at] yahoo.in
- Hello Sir/Madam, I am Dr.godwin ifechukwude, a staff of a reputable
bank in Africa. On the 23rd of Feb. 2005, a contractor made a deposit
for 12 months valued at USD$25.5million. Upon maturity, I sent a routine
notification to his forwarding address but got no reply. After a month,
we discovered from his contract employers,that the depositor had died.
On further investigation i found out that he died without making a will.
The money is still sitting in our Bank and A cco! rding to the Laws,
here in Afirca, at the expiration of 10 (ten) years, the money will
revert to the ownership of the Government Treasury if nobody applies to
claim the fund. Consequently, my proposal is that I will like you to
stand in as the next of kin to the depositor. We shall employ the
services of an attorney to arrange the transfer of rights and privileges
of the deceased to you. If you are interested kindly reply this mail
with: 1.Your full names.2.Your full Address. 3.Your personal Tel 4.Your occ
upation.5.Your age. Best regards, Dr.godwin ifechukwude. Union Bank Nig Plc
Post also an:
godwin22222222222222222222222222 [at] yahoo.in
godwinife55 [at] yahoo.co.jp
- kjz
Bei mir ist auch wieder mal was eingeschlagen:
X-Envelope-From: <ack [at] telefonica.net>
X-Envelope-To: <eigene Adresse entfernt>
X-Delivery-Time: 1233708486
X-UID: 14454
Return-Path: <ack [at] telefonica.net>
X-RZG-FWD-BY: eigene Adresse entfernt
Received: from RZmta-intern (client mail forwarder)
by mailin.webmailer.de (zeb mi43) (RZmta 18.15)
for <eigene Adresse entfernt>; Wed, 4 Feb 2009 01:48:06 +0100 (MET)
X-RZG-CLASS-ID: mi
Received: from ctsmtpout2.frontal.correo
(outmailhost.telefonica.net [213.4.149.242])
by mailin.webmailer.de (zeb mi43) (RZmta 18.15)
with ESMTP id v01325l13NwC21 for <eigene Adresse entfernt>;
Wed, 4 Feb 2009 01:48:06 +0100 (MET)
Received: from User (196.207.243.178) by ctsmtpout2.frontal.correo (7.2.056.6) (authenticated as teclados3 [at] infonegocio.com)
id 4988512E000B9769; Wed, 4 Feb 2009 01:47:32 +0100
Message-ID: <4988512E000B9769 [at] ctsmtpout2.frontal.correo> (added by postmaster [at] telefonica.net)
Reply-To: <hausaamara [at] gmail.com>
From: "Mr. Hausa Amara"<ack [at] telefonica.net>
To: hausaamara [at] gmail.com
Subject: ATTENTION,
Date: Wed, 4 Feb 2009 00:47:32 -0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In der Mail dann was von 800k Dollar für die er meine Adresse braucht. Die Antworten hätte er gerne an hausaamara [at] gmail.com
Die Mail wurde vom Mailwasher aussortiert und gelöscht.
Gruß,
- syntax
Scheint ein neuer Dauer-Mugu zu werden. Missbraucht immerzu jaring.my um seinen Dreck loszuwerden:
Received: from smtp8.jaring.my ([127.0.0.1]) by localhost (smtp8.jaring.my [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fF3XnTqTrhH7; Mon, 9 Feb 2009 14:43:38 +0800 (MYT)
Received: from User ([83.229.62.12]) (authenticated bits=0) by smtp8.jaring.my (8.13.8/8.13.8) with ESMTP id n0SNIo7G046526; Thu, 29 Jan 2009 07:19:02 +0800 (MYT)
IP: 83.229.62.12]) ---> Hoval, Nigeria/SkyVision Network
Post an:
andersonbaker2009 [at] yahoo.com.hk
Received: from smtp9.jaring.my (smtp9.jaring.my [61.6.32.59])
by spammotel.com (Postfix) with ESMTP id F162F600B7 for xxxxx; Mon, 9 Feb 2009 14:48:25 -0500 (EST)
Received: from localhost (localhost.jaring.my [127.0.0.1]) by smtp9.jaring.my (8.13.8/8.13.8) with ESMTP id n19JldOw045188; Tue, 10 Feb 2009 03:47:39 +0800 (MYT)
(envelope-from centurybank [at] orangemail.es)
Received: from smtp9.jaring.my ([127.0.0.1]) by localhost (smtp9.jaring.my [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Nx93aoNGkgWe; Tue, 10 Feb 2009 03:47:37 +0800 (MYT)
Received: from User (213.37.124.104.dyn.user.ono.com [213.37.124.104]) (authenticated bits=0) by smtp9.jaring.my (8.13.8/8.13.8) with ESMTP id n19Jl9IT045112; Tue, 10 Feb 2009 03:47:12 +0800 (MYT) (envelope-from centurybank [at] orangemail.es)
Post an:
centurybank [at] orangemail.es
centurybankplc [at] orangemail.es
- kjz
Mal wieder der Mugu mit gecracktem Uni-Account:
Received: from al-mailx.ufh.ac.za (EHLO al-mailx.ufh.ac.za) [196.21.104.231]
by mx0.gmx.net (mx085) with SMTP; 10 Feb 2009 16:35:51 +0100
Received: from al-tsc-fs05.ufh-domain.local (al-tsc-fs05.ufh-domain.local [172.20.0.5]) by al-mailx.ufh.ac.za (8.14.3/8.14.3) with ESMTP id n1AF8t6o032405;
Tue, 10 Feb 2009 17:12:07 +0200
Received: from AL-TSC-CL01-EX.ufh-domain.local ([172.20.0.8]) by al-tsc-fs05.ufh-domain.local with Microsoft SMTPSVC(6.0.3790.1830); Tue, 10 Feb 2009 17:04:10 +0200
Post an:
mr.stevenrudolf [at] hotmail.co.uk
Und ein Mugu aus DE mit recht guten Deutsch-Kenntnissen (Bremer Hochburg...):
Received: from p57915C98.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.92.152] by mx0.gmx.net (mx060) with SMTP; 10 Feb 2009 16:24:36 +0100
GutenTag,
Mein Name ist Diana Holger .Ich bin deutscher Staatsbürger und arbeite in
der Abteilung für Privatinv estoren bei einer großen Bank in Großbritannien.
Ich verwalte das Vermögen eines Kunden (Mr. Morris Thompson ein
Amerikaner), der am 31. Januar 2000 mit seiner Ehefrau und seiner
einzigen Tochter bei dem Flugzeugabsturz von Alaska Airlines Flug 261
verunglückt ist. Sie erfahren mehr über den Absturz unter
http://www.cnn.com/2000/US/02/01/alaska.airlines.list/.
Ich kontaktiere sie bezüglich des Vermögens in Höhe von $ 38,000,000
(Achtunddreißigtausend Siebenhundertfünfzig Millionen United States
Dollars), weil ich ihre Unterstützung brauche. Die Bank hat nach Ablauf
einer Frist, das Recht Gelder bzw. Kapitalvermögen einzubehalten, wenn
auszuschließen ist, dass keine Erben bzw. Bevollmächtigte Anspruch erheben.
In diesem geschilderten Fall ist die Bank, soweit sich keine weiteren
Angehörigen melden, berechtigt die $ 38,000,000 ihr Eigen zu nennen..
Dies möchte ich verhindern. Sind sie bereit mir zu helfen?
Wenn Sie sich als Nächstverwandter bei der Bank melden, muss diese das
Vermögen an Sie auszahlen.
Sind Sie vertrauensvoll? Können Sie mit einer solchen Geldsumme umgehen?
Wenn ja melden Sie sich bitte bei mir dianaholger [at] ymail.com oder
dianaholger [at] execs.com
Fordern Sie das Vermögen von der Bank.
Die notwendigen Details und Informationen die es Ihnen erleichtern und
vereinfachen wird das Vermögen zu erhalten sende ich Ihnen zu, sobald
ich Ihr Einverständnis zum Fortfahren in dieser Sache erhalte.
Sobald Sie zusagen werde ich Sie mit allen wichtigen Schritten dieser
Transaktion vertraut machen.
Ich garantiere Ihnen, dass diese Transaktion rechtsmäßig ablaufen wird,
so dass Sie zu keinem Zeitpunkt gesetzeswidrig handeln.
Für Ihre Unterstützung erhalten sie 25% der totalen Summe.
Da das Geld nicht bar in das Ursprungsland zurückzubringen ist,
verpflichten Sie sich ihren Anteil bestmöglich in ihrem Land zu investieren.
Hoffentlich werden Sie mein Anliegen überdenken und mir positiv
antworten.
Wenn Sie Zweifel oder Fragen haben zögern Sie bitte nicht mich zu
kontaktieren.
Richten Sie ihre Fragen an mich; ungeklärte Fragen sollten Sie nicht in
ihrer Entscheidungsfindung aufhalten.
Ich erwarte ihre Antwort.
Mit freundlichen Grüßen
Diana Holger
Post an:
dianaholger2 [at] aim.com
dianaholger [at] ymail.com
dianaholger [at] execs.com
- kjz
Schon wieder so ne Pfeife... haben die momentan wieder Saison? :)
X-Envelope-From: <scho209 [at] yahoo.com.hk>
X-Envelope-To: <Adresse von mir entfernt>
X-Delivery-Time: 1234630681
X-UID: 14630
Return-Path: <scho209 [at] yahoo.com.hk>
X-RZG-FWD-BY: Adresse von mir entfernt
Received: from RZmta-intern (client mail forwarder)
by mailin.webmailer.de (lemon mi63) (RZmta 18.18)
for <Adresse von mir entfernt>; Sat, 14 Feb 2009 17:58:01 +0100 (MET)
X-RZG-CLASS-ID: mi
Received: from mail.gz2010ag.org ([59.41.8.48])
by mailin.webmailer.de (lemon mi63) (RZmta 18.18)
with ESMTP id n02aael1EGT0bh for <Adresse von mir entfernt>;
Sat, 14 Feb 2009 17:58:00 +0100 (MET)
Received: from User (unknown [196.3.183.72])
by mail.gz2010ag.org (Postfix) with ESMTP id DCDBA1C6E47;
Sat, 14 Feb 2009 20:39:19 +0800 (CST)
Reply-To: <scho_512 [at] yahoo.com.hk>
From: "Soo Cho"<scho209 [at] yahoo.com.hk>
Subject: LETTER
Date: Sat, 14 Feb 2009 14:16:01 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20090214123921.DCDBA1C6E47 [at] mail.gz2010ag.org>
To: undisclosed-recipients:;
In der Mail (wäre wohl ein wenig lang hier den ganzen Schrott zu posten) schreibt er wieder was von 28 Melonen Dollar... Korrespondenz wünscht er sich sehnlich an
Mr.Soo Cho
CHO HUNG BANK.
14 1-ka Namdaemun-ro Chung-ku
Seoul, Seoul 100-757
South Korea.
www.chohungbank.co.kr
Reply to:scho_512 [at] yahoo.com.hk
Die Mail wurde bereits vom Server entfernt bei mir.
Gruß,
- syntax
Wieder mal der Mugu mit dem gecrackten Uni-Account:
Received: from shastra.cmb.ac.lk (shastra.cmb.ac.lk [192.248.16.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 06A03789AE9D for <xxxxx>; Tue, 17 Feb 2009 20:26:09 +0100 (CET)
Received: from webmail.cmb.ac.lk ([192.248.16.176]) by shastra.cmb.ac.lk (8.13.6/8.13.3) with ESMTP id n1HIaCM4093181; Wed, 18 Feb 2009 00:36:17 +0600 (LKT) (envelope-from info [at] yahoo.com)
Received: from webmail.cmb.ac.lk (localhost.cmb.ac.lk [127.0.0.1]) by webmail.cmb.ac.lk (8.11.3/8.11.3) with ESMTP id n1HIeSY67010; Wed, 18 Feb 2009 00:40:28 +0600 (LKT) (envelope-from info [at] yahoo.com)
X-OriginatingIP: 81.199.88.2 (rajith) ---> 81.199.88.2.satcom-systems.net, Nigeria
Post an:
mralhajimusa05 [at] 8u8.com
verificationdepartment-uk [at] 8u8.com
Muguphon (man kennt ja seine Mugu-Freunde auf der Insel...):
Tel: +44-704-574-1805 ---> Open Telecom International Ltd., UK
Fax: +44-706-826-8637-9 ---> SoftSwitch Telecom Ltd, UK
- kjz
Altbekannt, mittels gecracktem Uni-Account:
Received: from brassens.iut-blagnac.fr (brassens.iut-blagnac.fr
[193.54.227.200]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 09CC0789AD3A for xxxxx; Thu, 19 Feb 2009 01:32:23 +0100 (CET)
Received: from iut-blagnac.fr (localhost [127.0.0.1]) by brassens.iut-blagnac.fr (8.12.9-20030917/jtpda-5.4) with ESMTP id n1IEZewO028772; Wed, 18 Feb 2009 15:36:40 +0100
Abgekippt über:
X-OriginatingIP: 62.56.174.234 (dep-info) ---> Gilat Satcom (Israel)
Post bitte an:
customerfund.plc [at] gmail.com
Muguphon:
+234-807-6345-130 ---> Mobile Phone, Nigeria
+234-806-8236-211 ---> MTN, Nigeria
Received: from mail.uckg.org.za (mail.uckg.org.za [196.3.166.127]) by xxxxx (Postfix) with ESMTP id 87F85789ACEE for xxxxx; Thu, 19 Feb 2009 04:41:28 +0100 (CET)
Received: from User (92.41.170.46.sub.mbb.three.co.uk [92.41.170.46]) by mail.uckg.org.za (Postfix) with ESMTP id 4919C2FB380; Tue, 17 Feb 2009 07:00:54 +0200 (SAST)
Post bitte an:
songlile_request [at] yahoo.com.hk
songlile.request [at] yahoo.com.hk
Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212]) by xxxxx (Postfix) with ESMTP id C7D74789AE98 for xxxxx; Thu, 19 Feb 2009 10:24:34 +0100 (CET)
DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
i=dept_consoledate_center_40 [at] mchsi.com; a=rsa-sha256;
c=relaxed/relaxed; t=1235035474; h=Content-Transfer-Encoding:
Content-Type:MIME-Version:Message-Id:Date:From; bh=JPImV2uSygFSZevD
j72Q4T/6+bAbH5E/lRwFDr3drnc=; b=Tc/o+eIn2QoCvgrfRpz2w4A4h7qDdPUK7RZ
yKvDrhVLtOhAcOd9QNW4kNw2GmBmdgml1W0BtKYQjL47ksP0DSQ==
Received: from sccqwbc17 (scommcenter17.asp.att.net[204.127.203.179]) by mchsi.com (sccmmhc92) with SMTP id <20090219092323m9200amckhe>; Thu, 19 Feb 2009 09:24:32 +0000
Received: from [217.10.41.228] by sccqwbc17; Thu, 19 Feb 2009 09:23:22 +0000
Post bitte an:
eventsmanager_darrenwilliams191 [at] yahoo.com.hk
eventsmanager_darrenwilliams190 [at] yahoo.com.hk
dept_consoledate_center_40 [at] mchsi.com
- kjz
Dieser Mugu versucht es über Polen:
Received: from smtp4m5.poczta.onet.pl (smtp4m5.poczta.onet.pl [213.180.138.35]) by xxxxx (Postfix) with ESMTP id 1AE76789A6DD for xxxxxx; Thu, 19 Feb 2009 20:02:26 +0100 (CET)
Received: from [41.211.228.225] ([41.211.228.225]:3349 "EHLO smtp.poczta.onet.pl" rhost-flags-FAIL-FAIL-OK-FAIL) by ps4.mod5.onet with ESMTPA id S219120AbZBSTCXnCNgp (ORCPT <rfc822;xxxxx); Thu, 19 Feb 2009 20:02:23 +0100
IP: 41.211.228.225 ---> DIRECT ON PC LTD, Nigeria
Post an:
fbi.fraudwatch [at] i12.com
rsmuellar010002 [at] poczta.onet.pl
Und noch ein doppeltes Lottchen:
Received: from eastrmmtao102.cox.net (eastrmmtao102.cox.net [68.230.240.8]) by xxxxx (Postfix) with ESMTP id 65740789A6CF for xxxxxx; Thu, 19 Feb 2009 19:22:40 +0100 (CET)
Received: from eastrmimpo02.cox.net ([68.1.16.120]) by eastrmmtao102.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20090219182239.JQQF8735.eastrmmtao102.cox.net [at] eastrmimpo02.cox.net>; Thu, 19 Feb 2009 13:22:39 -0500
Received: from eastrmwml39 ([172.18.18.217]) by eastrmimpo02.cox.net with bizsmtp id HuNd1b0094h0NJL02uNd0E; Thu, 19 Feb 2009 13:22:38 -0500
Received: from eastrmmtao103.cox.net (eastrmmtao103.cox.net [68.230.240.9]) by xxxxx (Postfix) with ESMTP id A1BD8789B10F for xxxxxx; Thu, 19 Feb 2009 20:30:35 +0100 (CET)
Received: from eastrmimpo03.cox.net ([68.1.16.126]) by eastrmmtao103.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20090219193033.IMAX11476.eastrmmtao103.cox.net [at] eastrmimpo03.cox.net>; Thu, 19 Feb 2009 14:30:33 -0500
Received: from eastrmwml39 ([172.18.18.217]) by eastrmimpo03.cox.net with bizsmtp id HvWY1b0074h0NJL02vWYJU; Thu, 19 Feb 2009 14:30:33 -0500
Post an:
amysueboo [at] cox.net
leechangilbertsoffice [at] gmail.com
Muguphon:
TEL: +6016-3795708 ---> DiGi Telecom, Malaysia
- kjz
Diesmal hat der Mugu eine Lücke bei einer Stadt in Ungarn gefunden:
Received: from ph.zalaegerszeg.hu (ph.zalaegerszeg.hu [194.88.50.23]) by xxxxx (Postfix) with ESMTP id A58C3789AB5D for xxxxx; Fri, 20 Feb 2009 05:39:53 +0100 (CET)
Received: from ph.zalaegerszeg.hu (localhost [127.0.0.1]) by ph.zalaegerszeg.hu (Postfix) with ESMTP id 7146631DE7; Fri, 20 Feb 2009 02:03:44 +0100 (CET)
Abgemüllt über:
X-OriginatingIP: 81.199.88.2 (strategia) ---> 81.199.88.2.satcom-systems.net
Satcom-Systems/Gilat/Goldenlines/012 in Israel, Netzwerk von Zombies durchseucht, verkaufen Internet über Satellit an Mugus: ergo (altbekannter) Schwarzhut.
Post an:
fred_uzor [at] yahoo.com.hk
Muguphon:
Tel.: +234-805-728-9021 ---> Globacom, Nigeria
noch einer über Google, die ihr Abuse-Management ebenfalls notorisch nicht im Griff haben:
Received: from mail-fx0-f157.google.com (mail-fx0-f157.google.com
[209.85.220.157]) by xxxxx (Postfix) with ESMTP id 1C89E789B010 for xxxxx; Thu, 19 Feb 2009 23:34:12 +0100 (CET)
Received: by fxm1 with SMTP id 1so84277fxm.6 for xxxxx; Thu, 19 Feb 2009 14:34:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:reply-to:date:message-id
:subject:from:content-type;
bh=dY2lC+I9oyxNW4mkNW6K3IcpNcOuXLE5PWzsHM2Seos=;
b=nqkVFDqYcjSsYSLXJtnx30xtBk6Q5SSHdMq9w3WoJQhMwoSmpMxWIiz1GcVorGLf+x
DZrunDDAQOQY4vN2i3UjhOSCyewM3EAYs3hBg8UWEjQC3hXQtFdFVEmnTepeEXJxwNh0
5pJLxjUZBbmTH7uJeFPpxlPwnHkRYdBQNwSKI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:reply-to:date:message-id:subject:from:content-type;
b=RbJaKPGcVlCTn1G/x87IQzBUbmrAT/pqay+3pzCj002Q4uev84P1OVTxQ0y8xb28H4
VZyeAWhYbXxsjr/OBP6KRfhn9HEkYEVBilydFe2cmdjWmicOwnwhvx556Aj+dWFIcfFK
bm3wD2gkbGX9dM9Q9ALnXXAPYeg2iz2DElZmI
Post an:
rockbangu [at] gmail.com
danmoloto8 [at] gmail.com
- kjz
Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212]) by xxxxx (Postfix) with ESMTP id C7D74789AE98 for xxxxx; Thu, 19 Feb 2009 10:24:34 +0100 (CET)
DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
i=dept_consoledate_center_40 [at] mchsi.com; a=rsa-sha256;
c=relaxed/relaxed; t=1235035474; h=Content-Transfer-Encoding:
Content-Type:MIME-Version:Message-Id:Date:From; bh=JPImV2uSygFSZevD
j72Q4T/6+bAbH5E/lRwFDr3drnc=; b=Tc/o+eIn2QoCvgrfRpz2w4A4h7qDdPUK7RZ
yKvDrhVLtOhAcOd9QNW4kNw2GmBmdgml1W0BtKYQjL47ksP0DSQ==
Received: from sccqwbc17 (scommcenter17.asp.att.net[204.127.203.179]) by mchsi.com (sccmmhc92) with SMTP id <20090219092323m9200amckhe>; Thu, 19 Feb 2009 09:24:32 +0000
Received: from [217.10.41.228] by sccqwbc17; Thu, 19 Feb 2009 09:23:22 +0000
Post bitte an:
eventsmanager_darrenwilliams191 [at] yahoo.com.hk
eventsmanager_darrenwilliams190 [at] yahoo.com.hk
dept_consoledate_center_40 [at] mchsi.com
Jetzt wieder obiger Mugu, man vergleiche:
Received: from sccmmhc91.asp.att.net (sccmmhc91.asp.att.net
[204.127.203.211]) by xxxxx (Postfix) with ESMTP id 496DB789B171 for xxxxx; Fri, 20 Feb 2009 17:45:55 +0100 (CET)
DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
i=raymond_consolidation_center_009 [at] mchsi.com; a=rsa-sha256;
c=relaxed/relaxed; t=1235148354; h=Message-Id:Date:From; bh=G/zBEj
82nwZp6Pgz0RtCFdg+GibO3Yyy9Aoq9iOl3/c=; b=NTKvuSLkUq8P+rmyjw2kMLRAh
WUGavUtZiU87hytjedfdX5ZtrRIIQdsM1pjjoxkPA+3KTwsz8y4EPMC+5D7JA==
Received: from sccqwbc18 (scommcenter18.asp.att.net[204.127.203.180]) by mchsi.com (sccmmhc91) with SMTP id <20090220164405m9100l6he6e>; Fri, 20 Feb 2009 16:45:53 +0000
Received: from [218.17.246.197] by sccqwbc18; Fri, 20 Feb 2009 16:44:05 +0000
Post geht diesmal an:
raymondpeterson_investment [at] hotmail.co.uk
raymond_consolidation_center_009 [at] mchsi.com
- kjz
Mal wieder ein Doppel-Mugu:
Received: from ctsmtpout4.frontal.correo (outmailhost.telefonica.net
[213.4.149.242]) by xxxxx (Postfix) with ESMTP id EA7BC789A627 for xxxxx; Sat, 21 Feb 2009 15:24:39 +0100 (CET)
Received: from User (41.208.151.15) by ctsmtpout4.frontal.correo
(7.2.056.6) (authenticated as betelgra [at] infonegocio.com) id 4997427900514B12; Sat, 21 Feb 2009 15:06:30 +0100
Abgekippt über: 41.208.151.15 ---> SONATEL
gecrackt(?) wurde da wohl: betelgra @ infonegocio.com
Post geht an:
fedexshipments02 [at] hotmail.com
Heute wieder, selber Mugu, mit anderer 'Legende':
Received: from ctsmtpout4.frontal.correo (outmailhost.telefonica.net
[213.4.149.242]) by xxxxx (Postfix) with ESMTP id 41ADC789B033 for xxxxx; Sun, 22 Feb 2009 16:33:51 +0100 (CET)
Received: from User (196.207.218.99) by ctsmtpout4.frontal.correo (7.2.056.6) (authenticated as betelgra [at] infonegocio.com) id 49974279005B7FAC; Sun, 22 Feb 2009 16:31:09 +0100
Abgekippt über: 196.207.218.99 ---> Sonatel
wieder über: betelgra @ infonegocio.com
Post geht an:
rev_albert [at] rediffmail.com
- kjz
Mal wieder der Doppel-Mugu mit 2 unterschiedlichen Märchen:
Received: from bay0-omc3-s17.bay0.hotmail.com (bay0-omc3-s17.bay0.hotmail.com [65.54.246.217]) by xxxxx (Postfix) with ESMTP id 16AF7789B25D for xxxxxxx; Mon, 23 Feb 2009 13:24:40 +0100 (CET)
Received: from BAY104-W51 ([65.54.175.151]) by bay0-omc3-s17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 23 Feb 2009 04:24:40 -0800
X-Originating-IP: [41.203.238.171] ---> ONATEL, BF
Post geht an:
armin_hary.23 [at] msn.com
arminhary [at] hotmail.fr
Received: from bay0-omc1-s2.bay0.hotmail.com (bay0-omc1-s2.bay0.hotmail.com [65.54.246.74]) by xxxxxx (Postfix) with ESMTP id AE42D789AE46 for xxxxx; Mon, 23 Feb 2009 13:54:45 +0100 (CET)
Received: from BAY115-W33 ([65.54.250.133]) by bay0-omc1-s2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 23 Feb 2009 04:54:44 -0800
X-Originating-IP: [41.203.238.89] ---> ONATEL, BF
Post geht an:
abdullahra4 [at] msn.com
abdullah.ra1 [at] gmail.com
- kjz
Wieder der Mugu mit dem gecrackten Uni-Account:
Received: from mx.giki.edu.pk (mx.giki.edu.pk [203.135.39.216]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id EC9C0789B165 for xxxxx; Tue, 24 Feb 2009 02:38:34 +0100 (CET)
Received: from mail.giki.edu.pk (giki.giki.edu.pk [192.168.1.5]) by mx.giki.edu.pk (8.13.8/8.13.8) with SMTP id n1NLUckY014807 for xxxxx; Tue, 24 Feb 2009 02:30:40 +0500
Received: (qmail 22208 invoked from network); 23 Feb 2009 21:18:26 -0000
Received: from unknown (HELO www.giki.edu.pk) (192.168.100.50) by mail.giki.edu.pk with SMTP; 23 Feb 2009 21:18:26 -0000
Received: from 82.128.26.54 (auth. user rector [at] 192.168.1.5) by www.giki.edu.pk with HTTP; Mon, 23 Feb 2009 21:12:34 +0000
IP: 82.128.26.54 ---> Multilinks Telecommunications Limited, Nigeria
Besonders pikant:
anscheinend wurde der Account des Rektors gecrackt:
(auth. user rector [at] 192.168.1.5)
Post geht an:
mrsmenendez [at] charity.com
mrsmenendez [at] aim.com
Als da noch wären:
Received: from servidor.cicr.com (cicr.com [200.122.132.6]) by xxxxx (Postfix) with ESMTP id 56E30789B15C for xxxxx; Tue, 24 Feb 2009 00:18:42 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1]) by servidor.cicr.com (Postfix) with ESMTP id EB736466C61; Mon, 23 Feb 2009 17:05:25 -0600 (CST)
Received: from servidor.cicr.com ([127.0.0.1]) by localhost (servidor.cicr.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21978-08; Mon, 23 Feb 2009 17:05:25 -0600 (CST)
Received: from User (unknown [78.135.14.1]) by servidor.cicr.com (Postfix) with ESMTP id 46CA5466C83; Mon, 23 Feb 2009 17:05:05 -0600 (CST)
Post geht an:
ecordova.ukclaimsdesk [at] administrativos.com
Received: from smtp23.orange.fr (smtp23.orange.fr [193.252.22.126]) by xxxxx (Postfix) with ESMTP id 6E333789AE46 for xxxxx; Tue, 24 Feb 2009 07:18:14 +0100 (CET)
Received: from User (adsl-99-140-227-41.dsl.chcgil.sbcglobal.net [99.140.227.41]) by mwinf2323.orange.fr (SMTP Server) with ESMTP id 043637000086; Tue, 24 Feb 2009 07:16:25 +0100 (CET)
Post geht an:
isaacdward008 [at] yahoo.co.jp
robert123 [at] washington.usa.com
Muguphon: +234 8082667669 ---> Vmobile, Nigeria
- kjz
Und noch'en Mugu:
Received: from infolife.net (ns1.infolife.net [70.250.169.65]) by xxxxx (Postfix) with ESMTP id 18C7E789ADED for xxxxx; Tue, 24 Feb 2009 17:24:40 +0100 (CET)
Received: from User [196.3.183.73] by infolife.net with ESMTP (SMTPD32-8.12) id A154103E013E; Tue, 24 Feb 2009 07:08:36 -0600
IP: 196.3.183.73 ---> SubTel2, Nigeria
Post an:
david01 [at] post.ro
david02 [at] post.ro
Muguphon: +234-802-4417603 ---> Vmobile, Nigeria
Bei so vielen 'Mittätern' in NG stelle ich fest, dass 419 scamming wohl ein 'hochehrenhafter Geschäftszweig' in NG zu sein scheint. Wahrscheinlich nach dem Erdöl der zweitgrößte 'Exportschlager' des Landes. Und ist der Ruf erst ruiniert.....
- kjz
Langsam werden die lästig; bei den Russkis kann man ja ggf. noch auf Listwashing hoffen, aber selbst dazu scheinen die Mugus zu blöd zu sein.
Received: from mail06.syd.optusnet.com.au (EHLO mail06.syd.optusnet.com.au) [211.29.132.187] by mx0.gmx.net (mx078) with SMTP; 24 Feb 2009 18:03:58 +0100
Received: from User (host-72-51-146-109.newwavecomm.net [72.51.146.109])(authenticated sender info.imf [at] optusnet.com.au) by mail06.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n1OGwSb7012736; Wed, 25 Feb 2009 03:58:40 +1100
Post geht an:
u.bn101 [at] hotmail.com
Muguphon: +234-7090066667 ---> Multilinks, Nigeria
- kjz
Mal wieder aus dubioser Quelle:
Received: from omr2.networksolutionsemail.com (omr2.networksolutionsemail.com [205.178.146.52]) by xxxxx (Postfix) with ESMTP id 6C3AF789AAE7 for xxxxx; Thu, 26 Feb 2009 05:52:26 +0100 (CET)
Received: from mail.networksolutionsemail.com (ns-omr2.mgt.netsol.com
[10.49.6.65]) by omr2.networksolutionsemail.com (8.13.6/8.13.6) with SMTP id
n1Q4qPlN028508 for xxxxx; Wed, 25 Feb 2009 23:52:25 -0500
Message-Id: <200902260452.n1Q4qPlN028508 [at] omr2.networksolutionsemail.com>
Received: (qmail 5286 invoked by uid 78); 26 Feb 2009 04:52:20 -0000
Received: from unknown (HELO User) (info [at] transnexus.com@82.128.106.130)
by ns-omr2.lb.hosting.dc2.netsol.com with SMTP; 26 Feb 2009 04:52:20
-0000
Jetzt also sogar Netsol mit im Boot, obwohl, wenn ich es mir recht überlege, einen Ruf in Antispammer-Kreisen haben die ja auch nicht mehr zu verlieren...
Eingereicht natürlich von:
82.128.106.130 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
fedexrepesentative1 [at] hotmail.com
Muguphone: +234-8089775866 ---> Vmobile, Nigeria
Kurze rhetorische Nachfrage: Wie seriös ist eigentlich eine 'Telefongesellschaft' ohne funktionierende Website und mit anonymer Registrierung bei Netsol?
Received: from Sacom-Ex2k3.sacom.com.vn (unknown [118.69.206.170]) by xxxxx (Postfix) with ESMTP id 78A56789ADFE for xxxxx; Thu, 26 Feb 2009 04:53:50 +0100 (CET)
Received: from User ([196.3.183.73]) by Sacom-Ex2k3.sacom.com.vn with Microsoft SMTPSVC(6.0.3790.3959); Thu, 26 Feb 2009 10:33:20 +0700
abgeworfen über: 196.3.183.73 ---> Suburban telecom, Nigeria
Auch hier die Frage: Wie seriös ist ein Provider, der sowohl mit Postmaster- und Abuse-Adresse bei RFC-Ignorant gelistet ist?
Post an:
dr.ernestchukwuebi786 [at] gmail.com
mr.davidmark5052 [at] yahoo.com
Muguphon: +2348034865543 ---> MTN, Nigeria
- kjz
Noch einer:
Received: from relay.nhs.uk (mailout.nhs.uk [212.137.44.177]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 14CB7789B591 for xxxxx; Thu, 26 Feb 2009 10:22:40 +0100 (CET)
Received: from avas-checker by relay-outbound-6 with esmtp (Relay-Software 4.52) id 1LccS0-0002gk-L5 for xxxxx; Thu, 26 Feb 2009 09:22:40 +0000
Received: from relay.nhs.uk (rlmta02.swi.contact.secure-ops.net [192.168.129.2]) by rlavas02.swi.contact.secure-ops.net (MOS 3.8.3-GA) with ESMTP id DTB41482; Thu, 26 Feb 2009 09:22:40 GMT
Received: from [193.61.118.187] (helo=TrendGW.int.rbht.nhs.uk) by relay-inbound-2 with esmtp (Relay-Software 4.52) id 1LccS0-0007g5-72 for xxxxx; Thu, 26 Feb 2009 09:22:40 +0000
Received: from RBHMAIL.int.rbht.nhs.uk ([192.168.100.111]) by TrendGW.int.rbht.nhs.uk with InterScan Messaging Security Suite; Thu, 26 Feb 2009 06:05:12 -0000
Tja, die Security Suite ist wohl doch nicht so wirksam....
Post an:
markmorris178 [at] yahoo.com.hk
Muguphon: +44 70359 71758 ---> Open Telecom International Ltd., UK
bei unseren Mugu-Freunden von der Open Telecom.
- kjz
Muguphon: +44 70359 71758 ---> Open Telecom International Ltd., UK
bei unseren Mugu-Freunden von der Open Telecom.
Zumindestens hat man mal reagiert:
The Open Telecom number in the above attachment has now been disconnected and is no longer in use..
- kjz
Jetzt also sogar Netsol mit im Boot, obwohl, wenn ich es mir recht überlege, einen Ruf in Antispammer-Kreisen haben die ja auch nicht mehr zu verlieren...
Zum Spammen eingesetzte Maildomains bei Netsol werden normalerweise schnell und rückstandsfrei entsorgt. Nach 1-2 Tagen gibt es nicht mal mehr einen Whois-Eintrag.
Selbst für 'Dieter' (MR. HORST HIETER HAENSGEN) ist der Deppen-Mugu zu blöd:
Received: from knight.crownhosting.net (unknown [206.225.8.62]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id E5AED789B34B for xxxxx; Thu, 26 Feb 2009 20:32:02 +0100 (CET)
Received: from [83.229.101.69] (helo=User) by knight.crownhosting.net with esmtpa (Exim 4.69) (envelope-from <diplomat [at] delivery.com.au>) id 1LckhY-0000gh-2L; Thu, 26 Feb 2009 13:11:19 -0500
abgeworfen über: 83.229.101.69 ---> Reliance Telecommunications Limited Reltelwireless, Nigeria
Post geht an:
diplomat.hieter0021 [at] gmail.com
diplomat.hieter00211 [at] googlemail.com
- kjz
Zumindestens hat man mal reagiert:
Wo haste Dich denn da beschwert?
Eniac
Wo haste Dich denn da beschwert?
Nun, die Mail ging an sales &at& open-telecom.co.uk und abuse &at& open-telecom.co.uk. Geantwortet hat dann ein Peter.... Das wird anscheinend tatsächlich gelesen.
- kjz
Dafür gibt's jetzt einen Mugu, der im Usenet erntet:
Received: from mail.spammotel.com (EHLO spammotel.com) [209.190.47.10] by mx0.gmx.net (mx053) with SMTP; 26 Feb 2009 22:34:03 +0100
Received: by spammotel.com (Postfix, from userid 0) id 47B235F196; Thu, 26 Feb 2009 16:21:13 -0500 (EST)
Received: from easternsolutionsnet.com (unknown [66.45.64.84]) by spammotel.com (Postfix) with ESMTP id 2F22B5F172 for xxxxx; Thu, 26 Feb 2009 16:21:05 -0500 (EST)
Received: from User (213.37.112.102.dyn.user.ono.com [213.37.112.102]) (authenticated) by easternsolutionsnet.com (8.11.6/8.11.6) with ESMTP id n1QLODj11837; Thu, 26 Feb 2009 15:24:14 -0600
Abgeworfen im span. Mugu-Paradies (213.37.112.102.dyn.user.ono.com).
Post geht an:
rmike000 [at] yahoo.com
kennypaulsam [at] gmail.com
- kjz
Nun, die Mail ging an sales &at& open-telecom.co.uk und abuse &at& open-telecom.co.uk.
Danke, das werde ich gleich mal an
OFFICER:MR ANDREW WOLLEY.
POSITION:DIRECTOR,INTL,REMMITTANCE CITIBANK LONDON.
Direct Telephone Number: +44-703-596-2760, +44-703-595-8648.
ausprobieren.
Eniac
Und wieder mal:
Received: from firewall.localdomain (correo.gtcolombia.com [201.245.37.234]) by xxxxx (Postfix) with ESMTP id 262D6789003F for xxxxx; Fri, 27 Feb 2009 17:51:32 +0100 (CET)
Received: from gtcolombia.com (firewall.gtcolombia.com [127.0.0.1]) by firewall.localdomain (Postfix) with ESMTP id 7E18211541; Fri, 27 Feb 2009 11:21:17 -0500 (COT)
Man beachte:
X-OriginatingIP: 62.56.174.234 (infobmanga) ---> IL-IPPLANET/Gilat
Mal wieder die merkbefreiten Mugu-Freunde aus IL.
Post hätte gerne:
uba.service111 [at] gmail.com
uba.serviceline [at] live.com
- kjz
Weiter geht's:
Received: from batelco.com.bh (cgpfe2.batelco.com.bh [193.188.97.110]) by xxxxx (Postfix) with ESMTP id 7DFE4789AE97 for xxxxx; Sat, 28 Feb 2009 04:21:50 +0100 (CET)
Received: from [196.3.183.73] (account emco [at] batelco.com.bh HELO User) by cgpfe2.batelco.com.bh (CommuniGate Pro SMTP 5.2.9) with ESMTPA id 177830874; Sat, 28 Feb 2009 06:21:38 +0300
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
plashniku.fevzi172 [at] gmail.com
emco [at] batelco.com.bh
Received: from news.direclynx.net (EHLO db.direclynx.net) [65.64.8.6] by mx0.gmx.net (mx011) with SMTP; 28 Feb 2009 07:32:59 +0100
Received: from db.direclynx.net (db.direclynx.net [127.0.0.1]) by db.direclynx.net (8.13.8/8.13.8) with ESMTP id n1S6TnwY000413; Sat, 28 Feb 2009 00:33:27 -0600
Received: (from apache [at] localhost) by db.direclynx.net (8.13.8/8.13.8/Submit) id n1RID29N024814; Fri, 27 Feb 2009 12:13:02 -0600
X-Authentication-Warning: db.direclynx.net: apache set sender to info-data [at] british.co.uk using -f
Received: from 41.220.75.230 ([41.220.75.230]) by webmail.direclynx.net (Horde MIME library) with HTTP for <atbha [at] webmail.direclynx.net>; Fri, 27 Feb 2009 12:12:58 -0600
IP: 41.220.75.230 ---> MTN Nigeria
Post geht an:
oceanicagencyltd [at] tlen.pl
atbha [at] webmail.direclynx.net
Und eine M$oft Live Domain hat sich der Mugu auch noch erstellt:
info [at] oceanicagencyltd.com
Received: from tempo.di-net.ru (tempo.di-net.ru [213.248.12.5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 5140C789B167 for xxxxx; Sat, 28 Feb 2009 13:06:02 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=webmail.msm.ru) by tempo.di-net.ru with esmtp (Exim 4.69) (envelope-from <info [at] nlh.org>) id 1LdMrM-0005ft-QI; Sat, 28 Feb 2009 13:55:56 +0300
Received: from 41.220.75.3 (SquirrelMail authenticated user gratus [at] msm.ru) by webmail.msm.ru with HTTP; Sat, 28 Feb 2009 13:55:56 +0300 (MSK)
Die altbekannte Dauer-Mugu IP: 41.220.75.3 ---> mtnngprs.com/MTN Nigeria
Post geht an:
gratus [at] msm.ru
nalhi [at] msn.com
nalipro [at] msn.com
- kjz
Noch'en Mugu:
Received: from mail05.syd.optusnet.com.au (mail05.syd.optusnet.com.au
[211.29.132.186]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 0DC0D789B3B9 for xxxxx; Sat, 28 Feb 2009 16:49:54 +0100 (CET)
Received: from User (b180B.static.pacific.net.au [202.7.93.11]) (authenticated sender haysie1 [at] optusnet.com.au) by mail05.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n1SFiu5u008917; Sun, 1 Mar 2009 02:45:04 +1100
Post geht an:
govcbnpayment [at] gmail.com
haysie1 [at] optusnet.com.au
Muguphon: +234 1 7938496 ---> Multilinks, Nigeria
- kjz
Wieder mal:
Received: from smtp-out5.iol.cz (smtp-out5.iol.cz [194.228.2.77]) by xxxxx (Postfix) with ESMTP id 76E76789A497 for xxxxx; Sun, 1 Mar 2009 00:51:17 +0100 (CET)
Received: from User (unknown [222.237.78.10]) by smtp-out5.iol.cz (Postfix) with ESMTP id
39BC05AE8F5; Sun, 1 Mar 2009 00:48:28 +0100 (CET)
IP: 222.237.78.10 ---> 222-237-78-10.tongkni.co.kr
Post geht an:
weuposta.ge [at] live.com
coddyb [at] ymail.com
westernunion.postage [at] wnion.com
annabel.march [at] googlemail.com
Received: from 62-48-115-144.adsl.ticino.com (EHLO
SERVER1.SYTCO.SWISS.CH) [62.48.115.144] by mx0.gmx.net (mx042) with SMTP; 01 Mar 2009 05:56:52 +0100
Received: from User ([121.8.124.42]) by SERVER1.SYTCO.SWISS.CH with Microsoft SMTPSVC(6.0.3790.3959); Sat, 28 Feb 2009 03:25:38 +0100
Post geht an:
kathrinerafae114 [at] yahoo.com
rafaelkathrine114 [at] yahoo.com
- kjz
Mugu hier, Mugu da....
Received: from linkserve.com (mighty.linkserve.com [195.166.237.3]) by xxxxx (Postfix) with ESMTP id 3E0FD789B5A6 for xxxxx; Sun, 1 Mar 2009 21:38:42 +0100 (CET)
Received: from [92.41.98.205] (account office [at] atlantika.org.ng HELO User) by linkserve.com (CommuniGate Pro SMTP 4.2) with ESMTP id 21456265; Sun, 01 Mar 2009 20:38:58 +0100
Received-SPF: none receiver=linkserve.com; client-ip=92.41.98.205; envelope-from=reeecepp [at] yahoo.com
Erstaunlich, abgekippt über Linkserve (Nigeria), aber Einlieferer ist 92.41.98.205 ---> 92.41.98.205.sub.mbb.three.co.uk.
Post geht an:
perrrrrice [at] yahoo.com.hk
reeecepp [at] yahoo.com
office [at] atlantika.org.ng
- kjz
Katherine gibt keine Ruhe:
Received: from NS1.abissnet.al (ns1.abissnet.al [80.91.126.2]) by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis) id 0MKqIe-1Ldw363cEi-000cwP ; Mon, 02 Mar 2009 01:31:02 +0100
Received: from User ([218.90.161.189]) (authenticated bits=0) by NS1.abissnet.al (8.13.1/8.13.1) with ESMTP id n220R18T013083; Mon, 2 Mar 2009 01:27:08 +0100
Post geht an:
rafaelkathrine114 [at] yahoo.com
Received: from jfhost.namliong.com.tw (unknown [60.190.137.218]) by xxxxx (Postfix) with ESMTP id EEDDD789AD5F for xxxxx; Mon, 2 Mar 2009 03:00:47 +0100 (CET)
Received: from User ([196.3.183.73]) (authenticated) by jfhost.namliong.com.tw (8.10.1/8.10.1) with ESMTP id n22A5cC03412; Mon, 2 Mar 2009 10:05:39 GMT
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
danielstock300 [at] hotmail.com
Muguphon: +234-806-762-3581 ---> MTN, Nigeria
- kjz
Nur leicht geänderte Masche vom christlichen Freemailer:
Received: from ecunet.org (mail.ecunet.org [69.2.213.90]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 82C03789AE45 for xxxxx; Mon, 2 Mar 2009 16:57:28 +0100 (CET)
Received-SPF: pass (ecunet.org: 192.168.0.92 is whitelisted)
receiver=ecunet.org; client-ip=192.168.0.92; helo=ecunet-web-1.ecunet.org; envelope-from=fortune_dona3 [at] ecunet.org; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
Received: from ecunet-web-1.ecunet.org (ecunet-web-1 [192.168.0.92]) by ecunet.org (8.14.1/8.14.1) with ESMTP id n22EwwLQ022157; Mon, 2 Mar 2009 09:58:58 -0500
Received: from ecunet-web-1.ecunet.org (localhost.localdomain [127.0.0.1]) by ecunet-web-1.ecunet.org (8.13.8/8.13.8) with ESMTP id n22EwtMO025728; Mon, 2 Mar 2009 09:58:55 -0500
Received: (from httpd [at] localhost) by ecunet-web-1.ecunet.org (8.13.8/8.13.8/Submit) id n22Ewl4F025720; Mon, 2 Mar 2009 09:58:47 -0500
Post geht an:
fortunedona22 [at] yahoo.com
fortune_dona3 [at] ecunet.org
- kjz
Aus Bahrain noch mal:
Received: from batelco.com.bh (cgpfe1.batelco.com.bh [193.188.97.109]) by xxxxx (Postfix) with ESMTP id D1DC4789AE0E for xxxxx; Tue, 3 Mar 2009 01:15:16 +0100 (CET)
Received: from [220.173.107.19] (account bscd1991 [at] batelco.com.bh HELO User) by cgpfe1.batelco.com.bh (CommuniGate Pro SMTP 5.2.9) with ESMTPA id 178798400; Tue, 03 Mar 2009 03:15:09 +0300
Post geht an:
martinsfemi777 [at] gmail.com
femimartins77777 [at] gmail.com
- kjz
Received: from bsa-brmc.org (mail.bsa-brmc.org [64.203.136.203]) by xxxxx (Postfix) with ESMTP id 0CBB17893FF6 for xxxxx; Tue, 3 Mar 2009 15:32:01 +0100 (CET)
Received: from User [92.41.76.58] by bsa-brmc.org with ESMTP (SMTPD32-7.07) id A7FF1AB0046; Mon, 02 Mar 2009 23:54:23 -0500
IP: 92.41.76.58 ---> 92.41.76.58.sub.mbb.three.co.uk (darüber wurde von Mugus schon mal Spam abgeworfen)
Post geht an:
chengvincent984 [at] yahoo.com.hk
vhcheng881 [at] yahoo.com.hk
- kjz
Der Mugu zum Abend:
Received: from canada.com (01-smtp-out.mx.canada.vsi.net [64.22.133.136]) by xxxxx (Postfix) with SMTP id 66881789B27B for xxxxx; Tue, 3 Mar 2009 16:30:03 +0100 (CET)
Received: from [64.22.128.5] by SHARON.canada.com with SMTP (1.1.1.67) Tue, 03 Mar 2009 07:30:02 -0800
Post geht an:
drelezabeth [at] canada.com
drelezerbeth [at] canada.com
barlamine_kofi [at] sify.com
und:
Received: from vmail2.ufrj.br (vmail2.ufrj.br [146.164.3.47]) by xxxxx (Postfix) with SMTP id 04360789B00D for xxxxx; Tue, 3 Mar 2009 21:33:32 +0100 (CET)
Received: from ccsdecania.ufrj.br (localhost [127.0.0.1]) by vmail2.ufrj.br (Postfix) with ESMTP id 17BAB29985E6; Sun, 1 Mar 2009 08:42:44 -0300 (BRT)
Man beachte:
X-OriginatingIP: 92.41.174.199 (vigilancia [at] ccsdecania.ufrj.br) ---> 92.41.174.199.sub.mbb.three.co.uk
three.co.uk?, Da war doch mal was..... (siehe oben)
Post geht an:
yi444kwan [at] yahoo.com.hk
vigilancia [at] ccsdecania.ufrj.br
yikwan_9999 [at] yahoo.com.hk
- kjz
Nun, die Mail ging an sales &at& open-telecom.co.uk und abuse &at& open-telecom.co.uk. Geantwortet hat dann ein Peter.... Das wird anscheinend tatsächlich gelesen.
Bei mir hat leider niemand gemeldet. Und die beiden gmail-accounts, die ich gleich mit verpetzt habe, sind auch noch aktiv. :confused:
Eniac
Auch hier macht man weiter:
Received: from srv2.page4u.nl (unknown [89.18.176.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id D1F507894085x for xxxxx; Wed, 4 Mar 2009 07:31:13 +0100 (CET)
Received: from [196.3.183.73] (helo=User) by srv2.page4u.nl with esmtpa (Exim 4.61) (envelope-from <wayne.ruyns77 [at] live.com>) id 1LejY9-0001rm-Q4; Wed, 04 Mar 2009 06:21:48 +0100
der altbekannte Schwarzhut: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
wayne.ruyns77 [at] live.com
waynebrunys [at] yahoo.cn
- kjz
Die Mugus waren mal wieder hyperaktiv, und der Mugu-Trend geht (natürlich) zur Zweitadresse, falls ein Freemailer wohl tatsächlich mal zeitnah einen Account löschen sollte (man darf ja wohl noch mal träumen....):
Received: from mail.twghintranet.org ([210.177.173.70]) by mx.kundenserver.de (node=mxeu23) with ESMTP (Nemesis) id 0ML4cO-1Lf0oj2B4i-000Q7b for xxxxx; Thu, 05 Mar 2009 00:48:14 +0100
Received: from User ([218.90.161.189]) by mail.twghintranet.org (IceWarp 9.3.2) with ASMTP id LTU23444; Thu, 05 Mar 2009 00:42:44 +0800
IP: 218.90.161.189 ---> CHINANET jiangsu
Post geht an:
kathrinerafael114 [at] yahoo.com
kathrinerafa114 [at] yahoo.com
Received: from zmta03.wananchi.com (unknown [62.8.88.27]) by xxxxx (Postfix) with ESMTP id 3E511789B11B for xxxxx; Thu, 5 Mar 2009 03:38:37 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zmta03.wananchi.com (Postfix) with ESMTP id 452C6E04097; Thu, 5 Mar 2009 05:32:57 +0300 (EAT)
X-Virus-Scanned: amavisd-new at zmta03.wananchi.com
Received: from zmta03.wananchi.com ([127.0.0.1]) by localhost (zmta03.wananchi.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvXW0OOjGzOJ; Thu, 5 Mar 2009 05:32:56 +0300 (EAT)
Received: from zmbs03.wananchi.com (zmbs03.wananchi.com [62.8.88.32]) by zmta03.wananchi.com (Postfix) with ESMTP id 662E3E0407F; Thu, 5 Mar 2009 05:32:52 +0300 (EAT)
Man beachte:
X-Originating-IP: [41.204.224.17] ---> Direct-on-PC Limited, Nigeria
Post geht an:
s.lie50 [at] yahoo.com.hk
Received: from mail07.syd.optusnet.com.au (mail07.syd.optusnet.com.au
[211.29.132.188]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id A1081789AD88 for xxxxx; Thu, 5 Mar 2009 02:18:22 +0100 (CET)
Received: from User (CPE-61-9-216-166.static.qld.bigpond.net.au [61.9.216.166]) (authenticated sender ttrconst [at] optusnet.com.au) by mail07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2518Dkp031069; Thu, 5 Mar 2009 12:08:15 +1100
Post geht an:
ttrconst [at] optusnet.com.au
osas.dispatchofficer.henry2 [at] googlemail.com
Received: from vps.bloguno.net (vps.bloguno.net [207.58.168.206]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 199C2789B121 for xxxxx; Thu, 5 Mar 2009 06:40:21 +0100 (CET)
Received: from nobody by vps.bloguno.net with local (Exim 4.69) (envelope-from <nobody [at] vps.bloguno.net>) id 1Lf1BH-0000TD-Ll for xxxxx; Wed, 04 Mar 2009 19:11:19 -0500
Post geht an:
joycesamueldoe [at] gmail.com
joycesamueldoe [at] hotmail.com
Received: from cmaserver.cmaquarium.org (cmaserver.cmaquarium.org
[24.96.59.240]) by xxxxx (Postfix) with ESMTP id B1D3E789A6C6 for xxxxx; Thu, 5 Mar 2009 05:51:09 +0100 (CET)
Received: from User ([41.223.251.167] RDNS failed) by cmaserver.cmaquarium.org with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 Mar 2009 22:11:47 -0500
IP: 41.223.251.167 ---> Omnium des Telecommunications, Benin
Post geht an:
fedexcourierbeninr [at] live.fr
adamsjohn1 [at] yahoo.fr
Muguphon:
Tel; 00229 93-861-888 ---> BBCom, Benin
TEl: 00229 93-112-982 ---> BBCom
Received: from h1078125.serverkompetenz.net (lex-solutions.de
[81.169.187.139]) by spammotel.com (Postfix) with ESMTP id E548F163E1 for xxxxx; Wed, 4 Mar 2009 16:08:54 -0500 (EST)
Received: (qmail 5505 invoked from network); 4 Mar 2009 09:46:31 +0100
Received: from localhost (127.0.0.1) by localhost with SMTP; 4 Mar 2009 09:46:31 +0100
Received: from 41.222.193.11 ([41.222.193.11]) by webmail.alex-hosting.com (Horde MIME library) with HTTP; Wed, 4 Mar 2009 09:46:30 +0100
Da wurde wohl Horde/Webmail bei einem Strato-Server nicht sicher installiert.
IP: 41.222.193.11 ---> ISOCEL SARL, Benin
Post geht an:
amoussou_andre [at] live.com
amoussouandre29 [at] yahoo.fr
Received: from wireless.express.net.ua (bridge.express.net.ua
[80.254.10.74]) by xxxxx (Postfix) with ESMTP id C48C4789B29D for xxxxx; Thu, 5 Mar 2009 11:14:34 +0100 (CET)
Received: by wireless.express.net.ua (Postfix, from userid 80) id C85C715F6FB; Thu, 5 Mar 2009 01:35:54 +0200 (EET)
First of all I want you to Know that this is not a scam mail. Because based on what is going on all overthe internet world, people find it very difficult to believe things like this.
Ja, nee, is klar. Und morgen kommt der Weihnachtsmann....
Post geht an:
cbrian01 [at] zadarma.com
cbrian0001 [at] live.fr
www [at] wireless.express.net.ua
- kjz
Die Mugus schieben Überstunden:
Received: from blu0-omc1-s4.blu0.hotmail.com (blu0-omc1-s4.blu0.hotmail.com [65.55.116.15]) by xxxxx (Postfix) with ESMTP id ABDD8789B2B3 for xxxxx; Thu, 5 Mar 2009 13:15:01 +0100 (CET)
Received: from BLU116-W3 ([65.55.116.8]) by blu0-omc1-s4.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 5 Mar 2009 04:15:01 -0800
Man beachte:
X-Originating-IP: [81.199.53.85] ---> 81.199.53.85.satcom-systems.net, IL
Post geht an:
dukeobot [at] gmail.com
boxduke5 [at] msn.com
Received: from mail10.syd.optusnet.com.au (mail10.syd.optusnet.com.au
[211.29.132.191]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 54509789A623 for xxxxx; Thu, 5 Mar 2009 14:59:50 +0100 (CET)
Received: from User (CPE-61-9-216-166.static.qld.bigpond.net.au [61.9.216.166])
(authenticated sender mferdinando [at] optusnet.com.au) by mail10.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n25DuOWH006065; Fri, 6 Mar 2009 00:56:26 +1100
Post geht an:
charteredwiredepartment [at] googlemail.com
mferdinando [at] optusnet.com.au
charteredwiredepartment [at] gmail.com
Received: from ns.bacom.com.tw (1.97.132.202.adsl.static.ttn.net [202.132.97.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id A9447789AE05 for xxxxx; Thu, 5 Mar 2009 15:53:16 +0100 (CET)
Authenticated-By: admin
X-SpamFilter-By: BOX Solutions SpamTrap 1.2 with qID n25EVnqc009598, This message is released by code: ctauth0007
Received: from User ([218.57.11.112]) (authenticated bits=0) by ns.bacom.com.tw (8.14.3/8.14.3/4.0) with ESMTP id n25EVnqc009598; Thu, 5 Mar 2009 22:31:57 +0800
Post geht an:
joycesamueldoe1 [at] hotmail.com
joycesamueldoe [at] hotmail.com
Received: from webmail.tf-fpm.com (mx1.tf-fpm.com [222.124.3.51]) by xxxxx (Postfix) with ESMTP id C4F60789B29B for xxxxx; Thu, 5 Mar 2009 17:28:19 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tf-fpm.com (Postfix) with ESMTP id 6B2D442F2F5; Thu, 5 Mar 2009 09:55:31 +0700 (WIT)
X-Virus-Scanned: amavisd-new at
Received: from webmail.tf-fpm.com ([127.0.0.1]) by localhost (webmail.tf-fpm.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v84i9iBK4Y3f; Thu, 5 Mar 2009 09:55:31 +0700 (WIT)
Received: from User (unknown [204.116.68.106]) by webmail.tf-fpm.com (Postfix) with ESMTP id 09E0C48C059; Thu, 5 Mar 2009 09:54:16 +0700 (WIT)
Post geht an:
jonprez_jobdept [at] yahoo.com.hk
joboffer_dept [at] yahoo.com.hk
- kjz
Man legt nach:
Received: from vms173015pub.verizon.net (vms173015pub.verizon.net
[206.46.173.15]) by xxxxx (Postfix) with ESMTP id 9753C789B011 for xxxxx; Thu, 5 Mar 2009 23:10:44 +0100 (CET)
Received: from vms226.mailsrvcs.net ([172.18.12.131]) by vms173015.mailsrvcs.net (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPA id <0KG100EVOXH4CPDO [at] vms173015.mailsrvcs.net> for xxxxx; Thu, 05 Mar 2009 15:10:18 -0600 (CST)
Received: from 196.29.120.110 ([196.29.120.110]) by vms226.mailsrvcs.net (Verizon Webmail) with HTTP; Thu, 05 Mar 2009 15:10:16 -0600 (CST)
Man beachte:
X-Originating-IP: [196.29.120.110] ---> Internetghana
Post geht an:
mr.vincentavoki [at] verizon.net
nnana2008 [at] aol.com
Received: from mout4.freenet.de (mout4.freenet.de [195.4.92.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id F011E789B164 for xxxxx; Fri, 6 Mar 2009 08:13:53 +0100 (CET)
Received: from [195.4.92.24] (helo=14.mx.freenet.de) by mout4.freenet.de with esmtpa (ID webmaster [at] williamtmeeksiii.de) (port 25) (Exim 4.69 #76) id 1LfUEG-0002JT-4H; Fri, 06 Mar 2009 08:12:20 +0100
Received: from [82.128.33.172] (port=1452 helo=User) by 14.mx.freenet.de with esmtpa (ID webmaster [at] williamtmeeksiii.de) (port 25) (Exim 4.69 #76) id 1LfUEC-0007xP-ID; Fri, 06 Mar 2009 08:12:20 +0100
IP: 82.128.33.172 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
susanwilliams21 [at] webmail.co.za
webmaster [at] williamtmeeksiii.de
Received: from exchfront2.metro.lan (exchsrvclus1.dinamic.com [200.2.212.90]) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) id 0MKpV6-1LfUew1DKI-000bS2 for kjz [at] online.de; Fri, 06 Mar 2009 08:40:02 +0100
Received: from User ([60.10.134.103]) by exchfront2.metro.lan with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Mar 2009 04:34:24 -0300
IP: 60.10.134.103 ---> CNCGROUP Hebei
Post geht an:
kathrinerafael114 [at] yahoo.com
kathrinerafa114 [at] yahoo.com
Kleines Detail am Rande: Mugus nutzen anscheinend keine Botnetze, sondern gecrackte Accounts/Server mit unsicheren Webmail-Skripten. Eigentlich erstaunlich, denn hier im Forum zeigen sich die Mugus oft 'zu dumm, um einen Eimer Wasser umzutreten'. Oder haben die auch eine 'Technik-Abteilung', die sich um das Cracken bzw. 'Besorgen' gecrackter Server kümmert?
- kjz
Zur Abwechslung mal ein 'deutscher' Mugu, der noch nicht einmal Zahlen lesen kann.....:
Received: from p57915B97.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.91.151] by mx0.gmx.net (mx082) with SMTP; 06 Mar 2009 15:30:33 +0100
Aufmerksamkeit.
Sehr geehrter:
Zuerst muß ich um Ihre Zuversicht in dieser Angelegenheit bitten,da
dies aufgrund der Situation als streng VERTRAULICH anzusehen ist. Ich
erwähne jedoch im Vorfeld, daß
eine Offerte diesen Ausmaßes selbstverstaendlich abschrecken kann. Ich
hoffe,dass dies keine Besorgnis bei ihnen erregen wird, aber ich
versichere Ihnen, daß alles seine Richtigkeit hat. Wir
haben wegen der Dringlichkeit,entschieden Sie auf dem Postwege zu
informieren.
Als Erstes moechte ich mich bei ihnen vorstellen. Mein Name is Frau
Claudia Wolfgang, ein Managerin bei der Chartered Bank England PLC. Ich
kam an ihren
Namen durch meine Suche nach eine entsprechenden Person,um eine sehr
vertrauliche Angelegenheit
abzuwickeln,die Übertragung von einer betraechtlichen Summe Geld,welches
aus einer Erbschaftstammt,zur folge haette.
Hier nun mein Vorschlag: Ein Ausländer,der verstorbene Ingenieur
Jurgen Kaufmann,ein Hollander aus Namibia, kam 1999 bei einem
Flugzeugunglueck ums Leben.Seither sind
keine Erbe ermittelt worden.Er war bis vor seinem Tode als Unternehmer
taetig.
Herr Kaufmann war unser Kunde hier bei der Chartered Bank
PLC.,England,und hatte ein
Kontoguthaben von USD$ 38,000,000 (Achtunddreißigtausend
Siebenhundertfünfzig Millionen United States Dollars),
Diese Summe liegt jetzt bei der Bank und wartet auf eine Person,die
berechtigten Anspruch darauf hat.Sollte kein Anspruchsteller gefunden
werden,geht die komplette Summe an dieRegierung von Großbritannien.
Daher haben meine Kollegen und ich beschlossen,vor Ablauf der
Frist,eineentsprechende Person zu benennen.Mit Ihrer Erlaubnis wuerden
wir Sie als Verwandten des
verstorbenen Kaufmann deklarieren, damit Sie den Anspruch in Hoehe von
USD$ 38,000,000M erhalten wuerden.Infolge
dessen koennten Sie als der Nutznießer (Verwandte der Kaufmann) dieser
Summe gelten.Die Urkunden und die Beweise zu
diesem Vorgang werde ich Ihnen selbstverstaendlich erbringen und zu
IhrerVerfuegung stellen. Wir versichern Ihnen eine 100% risikofreie
Abwicklung. Ihr Anteil wäre dann
in einem persoenlichen Gespraech zu eroertern,da wir natuerlich auch in
eigenem Interesse handeln .Ihr Anteil wäre 25% von der totalen Gange.
Falls dies fuer Sie von Interesse sein sollte,wuerde ich Sie bitten mit
uns in Kontakt zu treten.Zu diesem Zwecke senden Sie mir bitte Ihre
persönliiche Daten wie Voll
Namen, Adresse Telefon/Fax nummer und ihre vertrauliche E-mail Adresse,
damit
ich Ihnen die relevanten details dieser Offerte zukommen lassen kann:
( wolfgang [at] jershie.zzn.com oder wcl20 [at] excite.co.uk )
Mit freundlichen Grüßen,
Claudia Wolfgang
Post geht an:
wolfgang [at] jershie.zzn.com
wcl20 [at] excite.co.uk
wolcl99 [at] myway.com
- kjz
Selbe Mail, nur hat T-Offline anscheinend eine neue IP zugeteilt:
Received: from p57915F93.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.95.147] by mx0.gmx.net (mx062) with SMTP; 06 Mar 2009 17:07:03 +0100
Anscheinend aber beide wieder in der 'Mugu-Hochburg' Bremen lokalisiert.
- kjz
Katherine Rafael ist weiterhin merkbefreit:
PLEASE I HAVE BEEN HAVING PROBLEM WITH MY YAHOO EMAIL ADDRESS,
Höhö, warum wohl...... :D
Received-SPF: softfail (mxeu1: transitioning domain of gawab.com does
not designate 200.2.212.90 as permitted sender) client-ip=200.2.212.90; envelope-from=katherine114 [at] gawab.com; helo=exchfront2.metro.lan;
Received: from exchfront2.metro.lan (exchsrvclus1.dinamic.com [200.2.212.90]) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) id 0MKpV6-1LfeEr3f7W-000boB for kjz [at] online.de; Fri, 06 Mar 2009 18:53:45 +0100
Received: from User ([218.90.161.189]) by exchfront2.metro.lan with
Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Mar 2009 14:53:17 -0300
IP: 218.90.161.189 ---> CHINANET jiangsu
Post geht an:
katherine114 [at] gawab.com
katherine114 [at] icmail.net
Received: from mail.fop.net (mail.fop.net [74.202.89.54]) by xxxxx (Postfix) with ESMTP id E813E789B17F for xxxxx; Fri, 6 Mar 2009 18:48:16 +0100 (CET)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.fop.net (Postfix) with ESMTP id BD14445E71; Fri, 6 Mar 2009 12:45:36 -0500 (EST)
Received: from mail.fop.net ([127.0.0.1]) by localhost (email.grandlodgefop.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05362-02; Fri, 6 Mar 2009 12:45:36 -0500 (EST)
Received: from User (unknown [218.57.11.112]) by mail.fop.net (Postfix) with ESMTP id 0F8F946056; Fri, 6 Mar 2009 12:44:12 -0500 (EST)
IP: 218.57.11.112 ---> CNCGROUP Shandong
Post geht an:
cenbk101010 [at] gmail.com
muellerreal02 [at] aol.com
der notorische Dauer-Mugu mal wieder:
Received: from mail.helb.co.ke (mail.helb.co.ke [80.240.202.34]) by xxxxx (Postfix) with ESMTP id 18BD0789A7B0 for xxxxx; Fri, 6 Mar 2009 20:13:14 +0100 (CET)
Received: from mail.helb.co.ke (mail.helb.co.ke [127.0.0.1]) by mail.helb.co.ke (Postfix) with ESMTP id 0117AA25BE; Fri, 6 Mar 2009 21:34:11 +0300 (EAT)
Received: from 41.220.75.3 (SquirrelMail authenticated user helb) by mail.helb.co.ke with HTTP; Fri, 6 Mar 2009 21:34:11 +0300 (EAT)
Man beachte:
IP: 41.220.75.3 ---> mtnngprs.com/MTN_Nigeria
Post geht an:
ffinanceplc [at] ymail.com
helb [at] helb.co.ke
Muguphon: +44 70359 32533 ---> Open Telecom International Ltd., UK
Received: from ns1.softeve.com (ns1.softeve.com [202.71.104.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 97437789B00C for xxxxx; Fri, 6 Mar 2009 17:58:12 +0100 (CET)
Received: from [41.223.251.196] (helo=User) by ns1.softeve.com with esmtpa (Exim 4.51) id 1LfcPJ-0004RR-B0; Fri, 06 Mar 2009 23:57:18 +0800
IP: 41.223.251.196 ---> Omnium des Telecommunications et de l'Internet Benin
Post geht an:
atm.paycenter01 [at] live.fr
landajoens [at] yahoo.com
- kjz
Man legt nach:
Received: from mail.yahorng.com.cn (yahorng.com.cn [61.28.2.163]) by xxxxx (Postfix) with SMTP id D5675789AE3A for xxxxx; Sat, 7 Mar 2009 06:56:12 +0100 (CET)
Received: from User (unknown [196.3.183.72]) by mail.yahorng.com.cn (Postfix) with ESMTP id 8CD0611AD8B9; Thu, 5 Mar 2009 20:54:47 +0800 (HKT)
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
fed2206 [at] gmail.com
dex2202 [at] live.com
Muguphon: +2347062363932 ---> Pank Shin, Nigeria
- kjz
Kleines Detail am Rande: Mugus nutzen anscheinend keine Botnetze, sondern gecrackte Accounts/Server mit unsicheren Webmail-Skripten. Eigentlich erstaunlich, denn hier im Forum zeigen sich die Mugus oft 'zu dumm, um einen Eimer Wasser umzutreten'. Oder haben die auch eine 'Technik-Abteilung', die sich um das Cracken bzw. 'Besorgen' gecrackter Server kümmert?
Einerseits gibt es Spezialisten und Phisher (http://www.antispam-ev.de/forum/showthread.php?p=201427#post201427) sehr verschiedener Qualifikationen, andererseits aber ist für Chuks Normalmugu auch das Kaufen von gecrackten Accounts in den einschlägigen Foren möglich, entweder direkt oder über spezialisierte Zwischenhändler.
Jede Menge Mugus mal wieder:
Received: from IMPaqm1.telefonica.net (impaqm1.telefonica.net [213.4.149.61]) by xxxxx (Postfix) with ESMTP id 25A96789AB06 for xxxxx; Sat, 7 Mar 2009 12:52:29 +0100 (CET)
Received: from IMPmailhost1.adm.correo ([10.20.102.38]) by IMPaqm1.telefonica.net with bizsmtp id Q9EP1b00W0piX6q01BsUTu; Sat, 07 Mar 2009 12:52:28 +0100
Received: from cps9 ([10.20.100.209]) by IMPmailhost1.adm.correo with BIZ IMP id QBsT1b0074X3sTu1hBsT7T; Sat, 07 Mar 2009 12:52:28 +0100
Post geht an:
jimtete1 [at] gmail.com
receiveoffice1 [at] gmail.com
wettfilee [at] terra.es
Received: from cpsmtpo-eml04.kpnxchange.com (cpsmtpo-eml04.KPNXCHANGE.COM [213.75.38.153]) by xxxxx (Postfix) with ESMTP id 0B0CC789B254 for xxxxx; Sat, 7 Mar 2009 14:39:22 +0100 (CET)
Received: from cpsmtp-he02.kpnxchange.com ([213.75.38.22]) by cpsmtpo-eml04.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 14:39:15 +0100
Received: from User ([196.3.183.73]) by cpsmtp-he02.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 14:35:57 +0100
IP: 196.3.183.73 ---> Suburbantelecom, Nigeria
Post geht an:
dalestjohn173 [at] gmail.com
Katherine kann es auch nicht lassen:
Received: from exchfront2.metro.lan (exchsrvclus1.dinamic.com
[200.2.212.90]) by mx.kundenserver.de (node=mxeu25) with ESMTP (Nemesis) id 0MKstg-1Lfwis2ZZI-000Oq7 for xxxxx; Sat, 07 Mar 2009
14:37:58 +0100
Received: from User ([116.10.198.42]) by exchfront2.metro.lan with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 10:34:47 -0300
Post geht an:
katherine114 [at] icmail.net
katherine114 [at] gawab.com
Ob ihr wenigstens dies die Laune verdirbt:
The account (katherine114 [at] gawab.com) has been suspended upon your request and after investigations.
Received: from cpsmtpo-eml04.kpnxchange.com (cpsmtpo-eml04.KPNXCHANGE.COM [213.75.38.153]) by xxxxx (Postfix) with ESMTP id 53335789B166 for xxxxx; Sat, 7 Mar 2009 21:48:57 +0100 (CET)
Received: from cpsmtp-he03.kpnxchange.com ([213.75.38.23]) by cpsmtpo-eml04.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 21:48:56 +0100
Received: from User ([60.22.156.41]) by cpsmtp-he03.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 21:45:50 +0100
IP: 60.22.156.41 ---> CNCGROUP Liaoning
Post geht an:
mrdanielsmith9898s [at] yahoo.com.cn
Received: from mail.teiep.gr (unknown [195.130.72.60]) by xxxxx (Postfix) with ESMTP id 0EAD3789A9F3 for xxxxx; Sat, 7 Mar 2009 20:50:31 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by mail.teiep.gr (Postfix) with ESMTP id 78DFC2C1CC; Sat, 7 Mar 2009 18:46:13 +0200 (EET)
Received: from mail.teiep.gr ([127.0.0.1]) by localhost (mail.teiep.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Mw1UIUQaSlt; Sat, 7 Mar 2009 18:46:12 +0200 (EET)
Received: from mail.teiep.gr (proxy.teiep.gr [195.130.72.60]) by mail.teiep.gr (Postfix) with ESMTP id 0B2BE2C25F; Sat, 7 Mar 2009 18:46:07 +0200 (EET)
Received: from 81.199.40.36 (proxying for 10.250.50.48) (SquirrelMail authenticated user library) by mail.teiep.gr with HTTP; Sat, 7 Mar 2009 18:46:07 +0200 (EET)
IP: 81.199.40.36 ---> 81.199.40.36.satcom-systems.net (die Mugu-Freunde aus Israel)
Post geht an:
claimsagent_mrjamesmark [at] yahoo.com.hk
Muguphon: + (44)7024018893 ---> Magrathea Telecommunications Limited, UK
Received: from joejoe.pib.com.br (joejoe.pib.com.br [200.194.176.42]) by xxxxx (Postfix) with SMTP id 5CCA37893FF6 for xxxxx; Sun, 8 Mar 2009 01:10:45 +0100 (CET)
Received: (openx-qmail-1.09 30818 invoked by uid 289); 7 Mar 2009
23:24:17 -0000
Received: by simscan 1.4.0 ppid: 29652, pid: 30816, t: 0.0793s
scanners: attach: 1.4.0
Received: from zeus.pib.com.br (HELO webmail.bilboque.com.br)
(200.194.176.32) by joejoe.pib.com.br with SMTP; 7 Mar 2009 23:24:17 -0000
Received: from 41.217.2.8 (SquirrelMail authenticated user bilboque [at] bilboque.com.br) by webmail.bilboque.com.br with HTTP; Sat, 7 Mar 2009 20:24:27 -0300 (BRT)
IP: 41.217.2.8 ---> ZOOM Mobile Nigeria Ltd.
Post geht an:
susanjamir [at] hotmail.es
susanjamir1 [at] hotmail.es
bilboque [at] bilboque.com.br
Muguphon: +448 704 955 920 ---> Stylecom Limited, UK
Received: from mail.cyccatv.net.tw (mail.cyccatv.net.tw [61.58.31.253]) by xxxxx (Postfix) with ESMTP id 78453789B24A for xxxxx; Sun, 8 Mar 2009 13:27:47 +0100 (CET)
Received: from mail.cyccatv.net.tw (localhost.cyccatv.net.tw [127.0.0.1]) by mail.cyccatv.net.tw (Postfix) with ESMTP id DD6AFA766E8; Sun, 8 Mar 2009 09:29:27 +0800 (CST)
Man beachte:
X-OriginatingIP: 81.199.88.8 ---> 81.199.88.8.satcom-systems.net (wieder mal die Mugu-Freunde aus Israel...)
Post geht an:
mryi_k2 [at] yahoo.com.hk
yikwan [at] mail.cyccatv.net.tw
- kjz
Tja, von einer Adresse musste Katherine ja schon Abschied nehmen....
Received: from exchsrvclus1.dinamic.com (EHLO exchfront2.metro.lan)
[200.2.212.90] by mx0.gmx.net (mx022) with SMTP; 08 Mar 2009 16:58:10 +0100
Received: from User ([116.10.198.42]) by exchfront2.metro.lan with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Mar 2009 10:34:47 -0300
IP: 116.10.198.42 ---> CHINANET Guangxi
Im Mailbody jetzt nur noch:
katherine114 [at] icmail.net
Received: from successhk.com (unknown [202.67.202.123]) by xxxxx (Postfix) with ESMTP id 0A2D8789B2AD for xxxxx; Sun, 8 Mar 2009 20:32:04 +0100 (CET)
Received: from User [196.3.183.72] by successhk.com with ESMTP (SMTPD32-8.05) id AE626800110; Mon, 02 Mar 2009 07:46:42 +0800
IP: 196.3.183.72 ---> Suburban telecom, Nigeria (your friendly Mugu owned company....)
Post geht an:
chikaateli1999 [at] web2mail.com
f_eze2002 [at] yahoo.com.co
Muguphon: 011 234 802 582 4103 ---> Vmobile, Nigeria
- kjz
Und weg. Katherine muss sich was neues suchen....
katherine114 [at] icmail.net deleted
- kjz
Einen hab' ich noch:
Received: from mail.wayne-lachut.com (mail.wayne-lachut.com [66.192.123.23]) by xxxxx (Postfix) with ESMTP id D7E4D789B251 for xxxxx; Mon, 9 Mar 2009 20:19:25 +0100 (CET)
Received: from User [196.3.183.72] by mail.wayne-lachut.com with ESMTP (SMTPD-9.21) id A6F12EC0; Mon, 09 Mar 2009 12:42:25 -0400
IP: 196.3.183.72 ---> Suburbantelecom, Nigeria
Post geht an:
williamsibru47 [at] gmail.com
mrricksteven [at] yahoo.cn
Muguphon: +234 807 076 0985 ---> mobile number, Nigeria
- kjz
Nachschub:
Received: from proxy1.addr.com (proxy1.addr.com [38.113.244.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 8CE06789B13D for xxxxx; Tue, 10 Mar 2009 00:41:50 +0100 (CET)
Received: from 41.211.239.220 (addr40.addr.com [38.113.244.204]) by proxy1.addr.com (8.12.11/8.12.8/Submit) with ESMTP id n29DPlp1026305; Mon, 9 Mar 2009 06:25:48 -0700 (PDT)
Received: from phpmailer ([41.211.239.220]) by 41.211.239.220 with HTTP (UebiMiau); Mon, 9 Mar 2009 06:21:16 -0700
IP: 41.211.239.220 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
edmonddagogoofatmcenter [at] gmail.com
Received: from cpsmtpo-eml05.kpnxchange.com (cpsmtpo-eml05.KPNXCHANGE.COM [213.75.38.154]) by xxxxx (Postfix) with ESMTP id 427EE789ACF8 for xxxxx; Tue, 10 Mar 2009 05:44:13 +0100 (CET)
Received: from cpsmtp-he02.kpnxchange.com ([213.75.38.22]) by cpsmtpo-eml05.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 05:44:13 +0100
Received: from User ([196.3.183.73]) by cpsmtp-he02.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 05:44:08 +0100
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Tja, diese IP hatten wir schon mal (ebenso die .72), wohl ein Mugu-Cafe.
Post geht an:
waynebrunys [at] yahoo.cn
waynebrunys01 [at] yahoo.cn
- kjz
Katherine ist noch immer merkbefreit:
Received: from exchfront2.metro.lan (mailfront2.dinamic.com [200.2.212.91]) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) id 0MKpV6-1Lgp4l0MkL-000bU9 for xxxxx; Tue, 10 Mar 2009 00:40:09 +0100
Received: from User ([218.90.161.189]) by exchfront2.metro.lan with Microsoft SMTPSVC(6.0.3790.3959); Mon, 9 Mar 2009 20:34:36 -0300
IP: 218.90.161.189 ---> CHINANET jiangsu
Post geht an:
katrine1114 [at] yahoo.co.jp
ketrine114 [at] yahoo.co.jp
katrine114 [at] yahoo.co.jp
Received: from bay0-omc2-s24.bay0.hotmail.com (bay0-omc2-s24.bay0.hotmail.com [65.54.246.160]) by xxxxx (Postfix) with ESMTP id BA1CA789B299 for xxxxx; Tue, 10 Mar 2009 10:18:40 +0100 (CET)
Received: from BAY115-W33 ([65.54.250.133]) by bay0-omc2-s24.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 02:18:39 -0700
Man beachte:
X-Originating-IP: [193.220.50.10] ---> Swift Networks Limited, Nigeria
Post geht an:
sjade0027 [at] msn.com
shawwjade [at] inmail.sk
- kjz
Als Jobangebot von Toshiba getarnt:
Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au
[211.29.132.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1512A789B39B for xxxxx; Tue, 10 Mar 2009 12:34:45 +0100 (CET)
Received: from User (newserver23.propagation.net [63.249.132.1]) (authenticated sender lasson.ama323 [at] optusnet.com.au) by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2ABQMOx018656; Tue, 10 Mar 2009 22:26:37 +1100
Post geht an:
toshibainc14 [at] gmail.com
lasson.ama323 [at] optusnet.com.au
Received: from ip-70-38-11-109.static.privatedns.com (EHLO mx4.hotmail.com) [70.38.11.109] by mx0.gmx.net (mx011) with SMTP; 10 Mar 2009 13:15:24 +0100
Post geht an:
ericfreeman001 [at] gmail.com
Muguphon: +27-787919754 ---> MTN, Südafrika/Nigeria
Wieder mal Katherine:
Received: from exchsrvclus1.dinamic.com (EHLO exchfront2.metro.lan [200.2.212.90] by mx0.gmx.net (mx045) with SMTP; 10 Mar 2009 13:19:39 +0100
IP: 218.90.161.189 ---> CHINANET jiangsu
Post geht an:
katrine114 [at] yahoo.co.jp
katrine1114 [at] yahoo.co.jp
ketrine114 [at] yahoo.co.jp
Received: from bay0-omc1-s31.bay0.hotmail.com (bay0-omc1-s31.bay0.hotmail.com [65.54.246.103]) by xxxxx (Postfix) with ESMTP id A94E2789B2A3 for xxxxx; Tue, 10 Mar 2009 21:38:18 +0100 (CET)
Received: from BAY121-W37 ([207.46.10.72]) by bay0-omc1-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 13:38:17 -0700
Man beachte:
X-Originating-IP: [41.202.20.36] ---> dhcp2036.myzipnet.com, Ghana
Post geht an:
kwasidan01 [at] gmail.com
mrdannkwasi79 [at] msn.com
Sven Udo hat wohl einen Namensvetter:
Thanks, James Udo
Received: from wmproxy1-g27.free.fr (wmproxy1-g27.free.fr [212.27.42.91]) by xxxxx (Postfix) with ESMTP id 53E46789B254 for xxxxx; Wed, 11 Mar 2009 02:38:15 +0100 (CET)
Received: from wmproxy1-g27.free.fr (localhost [127.0.0.1]) by wmproxy1-g27.free.fr (Postfix) with ESMTP id 9F53563DE6; Wed, 11 Mar 2009 02:37:54 +0100 (CET)
Received: from zimbra1-e1.priv.proxad.net (zimbra1-e1.priv.proxad.net [172.20.243.151]) by wmproxy1-g27.free.fr (Postfix) with ESMTP id 0A3EB63657; Wed, 11 Mar 2009 02:37:04 +0100 (CET)
Post geht an:
neuftex.gabriel [at] free.fr
western_unionb11 [at] live.fr
Muguphon: +229-97070361 ---> BéninCell
Katherine kann es nicht lassen:
Received: from w2003srvr1.dmdevices.local (mail.dmdevices.net
[64.147.8.123]) by mx.kundenserver.de (node=mxeu24) with ESMTP (Nemesis) id 0MKtd6-1Lh8YV1gBH-000lLt for xxxxx; Tue, 10 Mar 2009 21:28:09 +0100
Received: from User ([60.10.134.103]) by w2003srvr1.dmdevices.local with
Microsoft SMTPSVC(6.0.3790.3959); Tue, 10 Mar 2009 13:24:25 -0700
Wieder mal über eine verseuchte China-Kiste:
IP: 60.10.134.103 ---> CNCGROUP Hebei
Post geht an:
ketrine114 [at] yahoo.co.jp
katrine1114 [at] yahoo.co.jp
katrine114 [at] yahoo.co.jp
- kjz
Je später der Abend, desto dreister der Mugu:
Received: from bnld.nld.com.vn (unknown [210.245.22.124]) by xxxxx (Postfix) with ESMTP id EAF68789B00B for xxxxx; Wed, 11 Mar 2009 21:05:15 +0100 (CET)
Post bitte an:
ng.laodong [at] nld.com.vn
mclaimsuk004 [at] googlemail.com
- kjz
Noch ein paar:
Den hatten wir auch schon....
Received: from mail.cpatu.com.uy (r200-40-190-2.ae-static.anteldata.net.uy [200.40.190.2]) by xxxxx (Postfix) with ESMTP id 2A7DB789AA33 for xxxxx; Wed, 11 Mar 2009 13:57:13 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by mail.cpatu.com.uy (Postfix) with ESMTP id BA8AA5CA39; Wed, 11 Mar 2009 05:23:39 -0300 (UYT)
Received: from mail.cpatu.com.uy ([127.0.0.1]) by localhost (mail.cpatu.com.uy [127.0.0.1]) (amavisd-new, port 10024) with LMTP id chIUstUp3ba8; Wed, 11 Mar 2009 05:23:38 -0300 (UYT)
Received: from User (unknown [192.168.3.1]) by mail.cpatu.com.uy (Postfix) with ESMTP id A01985C9E6; Wed, 11 Mar 2009 05:20:17 -0300 (UYT)
Post geht an:
jadeshaww [at] gmail.com
jjadeshaw [at] inMail.sk
Und den wohl auch:
Received: from successhk.com (unknown [202.67.202.123]) by xxxxx (Postfix) with ESMTP id 803DB789AE89 for xxxxx; Wed, 11 Mar 2009 14:07:55 +0100 (CET)
Received: from User [196.3.183.72] by successhk.com with ESMTP (SMTPD32-8.05) id AA8E19C0260; Sun, 01 Mar 2009 13:18:06 +0800
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
chikaateli1999 [at] web2mail.com
f_eze2002 [at] yahoo.com.co
Muguphon: +234 802 582 4103 ---> Vmobile, Nigeria/Zain
- kjz
Jede Menge Mugus:
Received: from IMPaqm1.telefonica.net (impaqm1.telefonica.net [213.4.149.61]) by xxxxx (Postfix) with ESMTP id 5A558789B282 for xxxxx; Thu, 12 Mar 2009 14:06:27 +0100 (CET)
Received: from IMPmailhost1.adm.correo ([10.20.102.38]) by IMPaqm1.telefonica.net with bizsmtp id S7lD1b00F0piX6q01D6NZm; Thu, 12 Mar 2009 14:06:23 +0100
Received: from cps3 ([10.20.100.3]) by IMPmailhost1.adm.correo with BIZ IMP id SCi11b00304PNsy1hCi1bD; Thu, 12 Mar 2009 13:42:05 +0100
X-TE-authinfo: authemail="??" |auth_email="??"
X-TE-AcuTerraCos: auth_cuTerraCos="terra-wm"
Received: from [83.229.90.44] by correo6.terra.es with HTTP (authenticated as edmond22222 [at] terra.es); Thu, 12 Mar 2009 13:42:00 +0100
IP: 83.229.90.44 ---> Supernet, Nigeria
Post geht an:
edmond22222 [at] terra.es
edmonddagogo4atm [at] sify.com
Received: from mail03.syd.optusnet.com.au (mail03.syd.optusnet.com.au
[211.29.132.184]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id D908B789B27D for xxxxx; Thu, 12 Mar 2009 15:02:51 +0100 (CET)
Received: from User ([41.211.228.31]) (authenticated sender info.optuscn94 [at] optusnet.com.au) by mail03.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2CE1INq018600; Fri, 13 Mar 2009 01:01:51 +1100
IP: 41.211.228.31 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
info.optuscn94 [at] optusnet.com.au
unitednation5067 [at] hotmail.com
andrewwolley23099 [at] gmail.com
Muguphon: +44 870 288 7323 ---> Interweb Design Ltd, UK
Und heute hat dasselbe Mugulein ganz besonders vorgesorgt:
Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au
[211.29.132.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 91F09789A938 for xxxxx; Fri, 13 Mar 2009 02:38:36 +0100 (CET)
Received: from User ([41.211.226.118]) (authenticated sender info.optuscd95 [at] optusnet.com.au) by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2D1UTio027319; Fri, 13 Mar 2009 12:30:48 +1100
IP: 41.211.226.118 --> DIRECT ON PC LTD, Nigeria
Post geht an:
info.optuscd95 [at] optusnet.com.au
andrewwolley2200555 [at] yahoo.com.hk
mrandrewwolley2003 [at] gmail.com
Muguphones:
+44-700-5921640 ---> PNC Telecom Services Limited, UK
+44 7624198271 ---> Manx Telecom, Isle of Man
+44 870 288 7323 ---> Interweb Design Ltd, UK
Und noch ein Mugu, der nach Mail-Accounts phisht:
Received: from norte.esfera.cl (norte.esfera.cl [192.80.24.26]) by xxxxx (Postfix) with ESMTP id 91BF1789AE8D for xxxxx; Thu, 12 Mar 2009 22:11:41 +0100 (CET)
Received: from sur.esfera.cl (unknown [200.111.14.29]) by norte.esfera.cl (Postfix) with ESMTP id 140EB448222; Thu, 12 Mar 2009 15:11:01 -0300 (CLST)
Received: from esfera.cl (localhost [127.0.0.1]) by sur.esfera.cl (8.xx.EnergyDrink/Esfera smtp v_bop) with ESMTP id n2CKpTFn019705; Thu, 12 Mar 2009 17:51:29 -0300
Man beachte:
X-OriginatingIP: 41.220.75.3 ---> MTN, Nigeria (die Dauer-Mugu IP)
Post geht an:
infoa [at] ymail.com
jaroto [at] esfera.cl
- kjz
Katherine ist wieder da, jetzt aber nur noch mit 1 Mailadresse. Was wohl mit den anderen 2 passiert ist.... :D
Received: from mail.twghintranet.org ([210.177.173.70]) by mx.kundenserver.de (node=mxeu5) with ESMTP (Nemesis) id 0MKqpg-1Li9Cx0hlQ-0001s5 for xxxxx; Fri, 13 Mar 2009
16:22:13 +0100
Received: from User ([60.10.134.103]) by mail.twghintranet.org (IceWarp 9.3.2) with ASMTP id UMU31152; Fri, 13 Mar 2009 17:59:52 +0800
IP: 60.10.134.103 ---> CNCGROUP Hebei
Post geht nur noch an:
katrine1114 [at] yahoo.co.jp
- kjz
Und schon wieder einer...
X-Envelope-From: <davidpewi3 [at] gmail.com>
X-Envelope-To: <meine Adresse>
X-Delivery-Time: 1236989405
X-UID: 15170
Return-Path: <davidpewi3 [at] gmail.com>
X-RZG-FWD-BY: meine Adresse
Received: from RZmta-intern (client mail forwarder)
by mailin.webmailer.de (voltan mi25) (RZmta 18.25)
for <meine Adresse>; Sat, 14 Mar 2009 01:10:05 +0100 (MET)
X-RZG-CLASS-ID: mi
Received: from boettgertomomfs.com ([68.124.236.110])
by mailin.webmailer.de (voltan mi25) (RZmta 18.25)
with ESMTP id j02433l2DNXmwJ for <meine Adresse>;
Sat, 14 Mar 2009 01:10:05 +0100 (MET)
Received: from User ([196.213.111.202]) by boettgertomomfs.com with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 13 Mar 2009 07:55:01 -0700
Reply-To: <dr.davidpewi3 [at] gmail.com>
From: "Dr. David Chabalala Pewi"<davidpewi3 [at] gmail.com>
Subject: CAN YOU HANDLE THIS TRANSFER???
Date: Fri, 13 Mar 2009 17:00:57 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Message-ID: <SBS-SERVER7yvgffuVF000080ef [at] boettgertomomfs.com>
X-OriginalArrivalTime: 13 Mar 2009 14:55:02.0109 (UTC) FILETIME=[AFEF08D0:01C9A3EB]
Diesmal geht es um 43.860.000,00 $
Die Antworten hätte er gerne an
Dr. David Chabalala Pewi
Email: dr.davidpewi3 [at] gmail.com
Phone: +27-73-846-3099
Der Schrott wurde bereits von meinem Mailserver entfernt.
Gruß,
- syntax
Der Mugu, der Optus in AU immer exploitet, scheint sich zum 'Dauer-Gast' zu entwickeln:
Received: from mail09.syd.optusnet.com.au (mail09.syd.optusnet.com.au
[211.29.132.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 6BB77789B261 for xxxxx; Sat, 14 Mar 2009 16:20:20 +0100 (CET)
Received: from User ([41.211.228.216]) (authenticated sender info.optuscn02 [at] optusnet.com.au) by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2EF7921021205; Sun, 15 Mar 2009 02:07:21 +1100
IP: 41.211.228.216 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
info.optuscn02 [at] optusnet.com.au
unitednations.ssr [at] googlemail.com
Muguphone:
Tel: +44-7024023681 ---> Magrathea Telecommunications Limited, UK
FAX: +44-8704952404 ---> Stylecom Limited, UK
ausserdem hätten wir noch:
Received: from IMPaqm2.telefonica.net (impaqm2.telefonica.net
[213.4.149.62]) by xxxxx (Postfix) with ESMTP id 769DC7893CA7 for xxxxx; Sat, 14 Mar 2009 04:14:11 +0100 (CET)
Received: from IMPmailhost2.adm.correo ([10.20.102.39]) by IMPaqm2.telefonica.net with bizsmtp id SrEB1b0090r0BT63MrEBqF; Sat, 14 Mar 2009 04:14:11 +0100
Received: from cps9 ([10.20.100.209]) by IMPmailhost2.adm.correo with BIZ IMP id SrE91b0054X3sTu1irE9iQ; Sat, 14 Mar 2009 04:14:10 +0100
X-TE-authinfo: authemail="??" |auth_email="??"
X-TE-AcuTerraCos: auth_cuTerraCos="terra-wm"
Received: from [41.211.239.186] by correo17.terra.es with HTTP (authenticated as obadiahmailafi9 [at] terra.es); Sat, 14 Mar 2009 04:09:27 +0100
IP: 41.211.239.186 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
obadiahmailafi9 [at] terra.es
immagaladima111 [at] sify.com
Muguphon: +234 70257-28574 ---> Pank Shin, Nigeria
Squirrelmail läßt sich in KE auch noch immer exploiten:
Received: from mail.nema.go.ke (mail.nema.go.ke [80.240.202.162]) by xxxxx (Postfix) with ESMTP id 99D86789B163 for xxxxx; Sat, 14 Mar 2009 07:42:44 +0100 (CET)
Received: from mail.nema.go.ke (mail.nema.go.ke [127.0.0.1]) by mail.nema.go.ke (Postfix) with ESMTP id DAB105CD1FD; Sat, 14 Mar 2009 08:21:06 +0300 (EAT)
Received: from 127.0.0.1 (proxying for 192.168.0.21, 127.0.0.1) (SquirrelMail authenticated user info) by mail.nema.go.ke with HTTP; Sat, 14 Mar 2009 08:21:07 +0300 (EAT)
Post geht an:
fedex_delivery69 [at] yahoo.com.hk
Muguphon: +2348057547555 ---> Globacom, Nigeria
- kjz
Optus und Sify scheinen sich ihre Merkbefreiung redlich verdienen zu wollen:
Received: from mail02.syd.optusnet.com.au (mail02.syd.optusnet.com.au [211.29.132.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1090D789B16B for xxxxx; Sat, 14 Mar 2009 22:38:41 +0100 (CET)
Received: from User (c122-107-155-148.eburwd5.vic.optusnet.com.au [122.107.155.148]) (authenticated sender mrkes [at] optusnet.com.au) by mail02.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2ELP546020532; Sun, 15 Mar 2009 08:25:14 +1100
Post geht an:
dr.obadiah0060 [at] sify.com
mrkes [at] optusnet.com.au
- kjz
Katherine kann es einfach nicht lassen:
Received: from mail1.mywave.at (mail1.mywave.at [85.193.128.12]) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) id 0MKpV6-1LiyKP3NTo-000nPN for xxxxx; Sun, 15 Mar 2009 22:57:05 +0100
Received: from User (host-41-207-0-84.afnet.net [41.207.0.84]) by mail1.mywave.at (Postfix) with ESMTP id 3A4732808B9A; Sun, 15 Mar 2009 22:34:06 +0100 (CET)
IP: 41.207.0.84 ---> AFNET, CI
Post geht an:
katrine114 [at] yahoo.co.jp
katrine1114 [at] yahoo.co.jp
Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112]) by xxxxx (Postfix) with ESMTP id 73107789AA3B for xxxxx; Mon, 16 Mar 2009 06:50:42 +0100 (CET)
Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Mar 2009 05:43:38 +0000
Post geht an:
john.kane [at] menara.ma
w_t_u_m_t_f [at] mail.md
Muguphon: +229-9320-1763 ---> BBCom, Benin
- kjz
Sister Jorgensen direkt im Doppelpack:
Received: from adlim.com.br (smtp.adlim.com.br [200.249.47.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id DA15A789A627 for xxxxx; Mon, 16 Mar 2009 15:52:29 +0100 (CET)
BrmaOutput: [41.221.174.107]
Received: from User ([41.221.174.107]) (authenticated bits=0) by adlim.com.br (8.12.11.20060308/8.12.11) with ESMTP id n2GEHYoW002123; Mon, 16 Mar 2009 11:17:48 -0300
Received: from ss93.shared.server-system.net (ss93.shared.server-system.net [64.13.208.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 35580789B246 for xxxxx; Tue, 17 Mar 2009 07:35:23 +0100 (CET)
Received: from User ([41.221.174.107]) (authenticated bits=0) by ss93.shared.server-system.net (8.12.11.20060308/8.12.11) with ESMTP id n2GH2mgq031493; Mon, 16 Mar 2009 10:02:52 -0700
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
mrshriderjorgensen4luv01 [at] gmail.com
mrshriderjorgensen4luv [at] gmail.com
Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112]) by xxxxx (Postfix) with ESMTP id 73107789AA3B for xxxxx; Mon, 16 Mar 2009 06:50:42 +0100 (CET)
Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Mar 2009 05:43:38 +0000
Post geht an:
john.kane [at] menara.ma
w_t_u_m_t_f [at] mail.md
Muguphon: +229-9320-1763 ---> BBCom, Benin
Received: from sccmmhc91.asp.att.net (sccmmhc91.asp.att.net [204.127.203.211]) by xxxxx (Postfix) with ESMTP id A2BCC789B000 for xxxxx; Tue, 17 Mar 2009 02:01:39 +0100 (CET)
DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;
i=moorejacksonfinancial [at] mchsi.com; a=rsa-sha256;
c=relaxed/relaxed; t=1237251699; h=Content-Type:MIME-Version:
Message-Id:Date:From; bh=Icrrx1hmSpgqI246jup0AIIggHdCOntCVKYv+0pTBE
Q=; b=MTYJzzGQRVbjSN5kksHCKcn9sWhsn2WftZz6A265pMuZG9EPpgtvNIOfMFmpQ
K0fYuCh9QKWlJJAQ4TNc4ieaA==
Received: from sccqwbc17 (scommcenter17.asp.att.net[204.127.203.179]) by mchsi.com (sccmmhc91) with SMTP id <20090317005942m9100pb53je>; Tue, 17 Mar 2009 01:01:37 +0000
Received: from [67.222.8.32] by sccqwbc17; Tue, 17 Mar 2009 00:59:41 +0000
IP: 67.222.8.32 ---> host.bahrain-dns.net
Post geht an:
moorejacksonfinancial [at] mchsi.com
moorejackson12 [at] googlemail.com
- kjz
Weiter geht's:
Received: from 156.89.233.72.static.reverse.ltdomains.com (EHLO
server.hammersurepa.com) [72.233.89.156] by mx0.gmx.net (mx077) with SMTP; 17 Mar 2009 13:48:51 +0100
Received: from localhost ([127.0.0.1] helo=72.233.89.156) by server.hammersurepa.com with esmtpa (Exim 4.69) (envelope-from <ndemanosiviwe01 [at] gmail.com>) id 1Lhr87-0007DL-3x; Thu, 12 Mar 2009 20:03:47 +0000
Received: from 41.202.20.190 ([41.202.20.190]) (SquirrelMail authenticated user 005 [at] cbcy-london.co.uk) by 72.233.89.156 with HTTP; Thu, 12 Mar 2009 20:03:47 -0000 (UTC)
IP: 41.202.20.190 ---> dhcp20190.myzipnet.com, Ghana
Post hätte gerne:
ndemanosiviwe01 [at] gmail.com
ndemanosiviwe [at] gmail.com
005 [at] cbcy-london.co.uk
ndemanosiviwe [at] executivemail.co.za
Received: from hpsmtp-eml15.KPNXCHANGE.COM (EHLO hpsmtp-eml15.kpnxchange.com) [213.75.38.115] by mx0.gmx.net (mx116) with SMTP; 18 Mar 2009 00:59:48 +0100
Received: from cpsmtp-he03.kpnxchange.com ([213.75.38.23]) by hpsmtp-eml15.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 18 Mar 2009 00:59:46 +0100
Received: from User ([124.122.188.60]) by cpsmtp-he03.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 18 Mar 2009 00:59:42 +0100
IP: 124.122.188.60 ---> ppp-124-122-188-60.revip2.asianet.co.th
Post geht an:
hh.jj1978 [at] gmail.com
Muguphon: + 44 792 408 6767 ---> Manx Telecom, Isle of Man
Besonders perfide, weil es hier angeblich um verwaistes Vermögen von Holocaust-Opfern gehen soll:
Received: from 21.32.be.static.xlhost.com (EHLO mx4.hotmail.com)
[209.190.50.33] by mx0.gmx.net (mx100) with SMTP; 18 Mar 2009 06:55:38 +0100
Post geht an:
zvi.barak [at] Aggies.com
- kjz
Und wieder:
Received: from jakenweb.Jaken.com (unknown [74.0.158.219]) by xxxxx (Postfix) with ESMTP id 19E78789B266 for xxxxx; Wed, 18 Mar 2009 13:10:43 +0100 (CET)
Received: from User ([196.3.183.73]) by jakenweb.Jaken.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 18 Mar 2009 04:49:44 -0700
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
customercare.04 [at] sify.com
Muguphon: +44 7031 9788 84 ---> Magrathea Telecommunications Limited, UK
Received: from dns.tongx.com.tw (unknown [59.120.91.111]) by xxxxx (Postfix) with ESMTP id 70397789ACE5 for xxxxx; Thu, 19 Mar 2009 07:19:52 +0100 (CET)
Received: from User (unknown [83.229.48.148]) by dns.tongx.com.tw (Postfix) with ESMTP id C0E9011A39; Wed, 18 Mar 2009 22:14:04 +0000 (UTC)
IP: 83.229.48.148 ---> Cyberspace Link 4 PHC, Nigeria/Sky-Vision
Post geht an:
ruthlawson971 [at] msn.com
ruthlawson971 [at] yahoo.com
ruthlawson971 [at] web2mail.com
Received: from huiquandyeing.com (unknown [60.12.88.114]) by xxxxx (Postfix) with ESMTP id 49BC0789B396 for xxxxx; Thu, 19 Mar 2009 10:20:56 +0100 (CET)
Received: from User ([82.128.44.204]) [authenticated user test [at] huiquandyeing.com) by huiquandyeing.com (huiquandyeing.com [192.168.1.138]) (MDaemon.PRO.v6.8.5.R) with ESMTP id 59-md50000000064.tmp for xxxxx; Tue, 17 Mar 2009 20:36:39 +0800
IP: 192.168.1.138 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
songlile [at] HangSeng.com.hk
songlille [at] yahoo.com.hk
test [at] huiquandyeing.com
- kjz
Wieder was vom Dauer-Mugu:
Received: from untref.untref.edu.ar (untref.edu.ar [200.58.113.38]) by xxxxx (Postfix) with ESMTP id 67D04789B39E for xxxxx; Thu, 19 Mar 2009 23:49:39 +0100 (CET)
Received: from [127.0.0.1] (helo=localhost) by untref.untref.edu.ar with esmtp (Exim 4.63) (envelope-from <rtfc [at] opentransfer.com>) id 1LkQGC-0000nH-Cq; Thu, 19 Mar 2009 18:58:47 -0300
Received: from mtnngprs.com (mtnngprs.com [41.220.75.3]) by www.untref.edu.ar (IMP) with HTTP for <estadisticasdeturismo [at] untref.edu.ar@localhost>; Thu, 19 Mar 2009 18:58:38 -0300
Man beachte:
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
officialtellez [at] vista.aero
rtfc [at] opentransfer.com
Received: from mx.inode.at (mx11.lb01.inode.at [62.99.145.13]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 97229789AA12 for xxxxx; Fri, 20 Mar 2009 01:47:14 +0100 (CET)
Received: from [213.47.214.141] (port=5280 helo=webmail) by smartmx-11.inode.at with esmtp (Exim 4.69) (envelope-from <jacobthemover [at] yahoo.com>) id 1LkStC-0001O9-Q7; Fri, 20 Mar 2009 01:47:10 +0100
Received: from [127.0.0.1] (helo=inode.at) by webmail with smtp (Exim 4.67) (envelope-from <jacobthemover [at] yahoo.com>) id 1LkSlx-0001bI-Oy; Fri, 20 Mar 2009 01:39:42 +0100
Received: from 41.220.75.3 (SquirrelMail authenticated user erich.wanisch [at] inode.at) by webmail.inode.at with HTTP; Fri, 20 Mar 2009 01:39:42 +0100 (CET)
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
jacobthemover [at] yahoo.com
erich.wanisch [at] inode.at
skyhagencyinc [at] sify.com
- kjz
Immer wieder dieselben Schwarzhüte:
Received: from server2.badboyhost.com (ip216-239-69-247.vif.net 216.239.69.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxx (Postfix) with ESMTP id D4E31789B16F for xxxxx; Sat, 21 Mar 2009 00:09:22 +0100 (CET)
Received: from [58.213.153.48] (helo=User) by server2.badboyhost.com with esmtpa (Exim 4.69) (envelope-from <robertmull0 [at] yahoo.com>) id 1Lknb9-0002An-42; Fri, 20 Mar 2009 18:54:01 -0400
IP: 58.213.153.48 ---> NANJING-PROVICE-PUBLICITY-DEPT
Post geht an:
robertmull0 [at] yahoo.com
cenbk_2110 [at] live.com
direkt doppelt:
Received: from mail.si-sv3206.com (EHLO mail.si-sv3206.com) [67.228.189.68] by mx0.gmx.net (mx002) with SMTP; 20 Mar 2009 21:35:19 +0100
Received: from 41.174.3.243 [41.174.3.243] by mail.si-sv3206.com with SMTP; Fri, 20 Mar 2009 14:39:44 -0500
Received: from mail.si-sv3206.com (EHLO mail.si-sv3206.com) [67.228.189.68] by mx0.gmx.net (mx081) with SMTP; 20 Mar 2009 22:44:46 +0100
Received: from 41.174.3.243 [41.174.3.243] by mail.si-sv3206.com with SMTP; Fri, 20 Mar 2009 14:53:36 -0500
IP: 41.174.3.243 ---> Neotel Pty Ltd, ZA
Post geht an:
consult.alex039 [at] gmail.com
Muguphone: +27-78-2960-455 ---> MTN, ZA
Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au [211.29.132.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id E5587789B015 for xxxxx; Sat, 21 Mar 2009 11:02:13 +0100 (CET)
Received: from User ([59.154.25.30]) (authenticated sender sangub [at] optusnet.com.au) by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2L9kvoi007493; Sat, 21 Mar 2009 20:47:30 +1100
Post geht an:
sangub [at] optusnet.com.au
almir [at] uae.net
almirmu11 [at] email.bg
- kjz
Und noch eine alte Bekannte (schon am 17. 3.):
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
mrshriderjorgensen4luv01 [at] gmail.com
mrshriderjorgensen4luv [at] gmail.com
Received: from mail.peoplesolutions.cc (mail.peoplesolutions.cc [209.3.193.155]) by xxxxx (Postfix) with ESMTP id 95541789AACC for xxxxx; Sat, 21 Mar 2009 18:27:27 +0100 (CET)
Received: from User [41.221.174.107] by mail.peoplesolutions.cc with ESMTP (SMTPD-8.22) id AFB20400; Sat, 21 Mar 2009 12:02:58 -0400
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
mrshriderjorgensen012 [at] gmail.com
mrshriderjorgensen4luv02 [at] gmail.com
- kjz
Auf's Neue:
Received: from smtpgate4.pacific.net.sg (smtpgate4.pacific.net.sg [203.120.68.34]) by xxxxx (Postfix) with SMTP id B94A3789B252 for xxxxx; Sun, 22 Mar 2009 00:23:47 +0100 (CET)
Received: (qmail 32367 invoked from network); 21 Mar 2009 18:41:50 -0000
Received: from wm1.pacific.net.sg (HELO localhost) (contactme [at] 192.169.41.131) by smtpgate4.pacific.net.sg with ESMTPA; 21 Mar 2009 18:41:50 -0000
Received: from 192.168.0.22 (192.168.0.22 [192.168.0.22]) by wm1.web.pacific.net.sg (Horde MIME library) with HTTP; Sun, 22 Mar 2009 02:41:49 +0800
Post geht an:
all4charities [at] live.com
Received: from smtp-gw29.mailanyone.net (smtp-gw29.mailanyone.net [208.70.128.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id DCEB3789ACE2 for xxxxx; Sun, 22 Mar 2009 05:56:15 +0100 (CET)
Received: from mailanyone.net by smtp-gw29.mailanyone.net with esmtpa (MailAnyone extSMTP michael_squeo [at] centum.ca) id 1LlFiR-0006FI-P9; Sat, 21 Mar 2009 23:55:20 -0500
Post geht an:
michael_squeo [at] centum.ca
marvin_ktcheung08 [at] yahoo.com.hk
- kjz
Received: from smtpgate4.pacific.net.sg (smtpgate4.pacific.net.sg [203.120.68.34]) by xxxxx (Postfix) with SMTP id B94A3789B252 for xxxxx; Sun, 22 Mar 2009 00:23:47 +0100 (CET)
Received: (qmail 32367 invoked from network); 21 Mar 2009 18:41:50 -0000
Received: from wm1.pacific.net.sg (HELO localhost) (contactme [at] 192.169.41.131) by smtpgate4.pacific.net.sg with ESMTPA; 21 Mar 2009 18:41:50 -0000
Received: from 192.168.0.22 (192.168.0.22 [192.168.0.22]) by wm1.web.pacific.net.sg (Horde MIME library) with HTTP; Sun, 22 Mar 2009 02:41:49 +0800
Post geht an:
all4charities [at] live.com
Es geschehen noch Zeichen und Wunder:
Thank you for your report dated 22 March 2009.
We have investigated and traced the source of the SPAM email that was relayed.
We have removed the compromised account from our network.
Abuse Response Team
PACNET
I appreciate the information you have provided us. I have
closed the account, all4charities [at] live.com which you reported, in
accordance with our Terms of Use (TOU). It is a strict violation of the
TOU for our members to send objectionable or unwanted material of any
kind or nature using our service.
- kjz
Einen hab' ich noch, wieder mal ein gecrackter Uni-Account:
Received: from caduceus1.gmu.edu (caduceus1.gmu.edu [129.174.0.40]) by xxxxx (Postfix) with ESMTP id B2A00789B259 for xxxxx; Mon, 23 Mar 2009 03:34:46 +0100 (CET)
Received: from User ([97.104.31.194]) by caduceus1.gmu.edu (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTPA id <0KGX0089VTBAPV40 [at] caduceus1.gmu.edu> for xxxxx; Sun, 22 Mar 2009 22:25:43 -0400
IP: 97.104.31.194 --> cpe-97-104-31-194.cfl.res.rr.com
Post geht an:
webeuromillion2 [at] mixmail.com
info.bnvsur0 [at] aol.es
info.bnv [at] aol.es
- kjz
neue Mugus frisch auf den Tisch:
Received: from o2.pl (host78-210-static.107-82-b.business.telecomitalia.it [82.107.210.78]) by spammotel.com (Postfix) with SMTP id AB9015FDF6 for xxxxx; Mon, 23 Mar 2009 10:47:01 -0400 (EDT)
Received: from pc05 ([127.0.0.1]) by pc05 ([127.0.0.1]) with SMTPSVC; Mon, 23 Mar 2009 16:01:29 +0100
Received: from o2.pl (host78-210-static.107-82-b.business.telecomitalia.it [82.107.210.78]) by spammotel.com (Postfix) with SMTP id 12DC65EABE for xxxxx; Mon, 23 Mar 2009 10:21:46 -0400 (EDT)
Received: from pc05 ([127.0.0.1]) by pc05 ([127.0.0.1]) with SMTPSVC; Mon, 23 Mar 2009 15:36:14 +0100
Post geht an:
edsn [at] o2.pl
Received: from gatewayshoes.com.br (189-39-81-90.reverso.wideway.net.br
[189.39.81.90]) by spammotel.com (Postfix) with ESMTP id 3D1C75F3AC for xxxxx; Mon, 23 Mar 2009 14:30:18 -0400 (EDT)
Received: from User ([125.89.161.189]) (authenticated bits=0) by gatewayshoes.com.br (8.12.11.20060308/8.12.11) with ESMTP id n2NI9cRZ025632; Mon, 23 Mar 2009 15:09:54 -0300
BrmaOutput: [125.89.161.189] ---> CHINANET Guangdong
Post geht an:
fffxxww [at] gmail.com
ffxxww [at] gmail.com
Received: from cluster-ldap.tutby.com (mail.tut.by [195.137.160.40]) by xxxxx (Postfix) with ESMTP id E06C3789B772 for xxxxx; Mon, 23 Mar 2009 20:17:08 +0100 (CET)
Received: from [41.219.243.26] (account au2008_82 [at] tut.by HELO User) by cluster-ldap.tutby.com (CommuniGate Pro SMTP 5.2.12) with ESMTPA id 12529301; Mon, 23 Mar 2009 21:17:05 +0200
IP: 41.219.243.26 ---> dial-pool82.lg.starcomms.net, Nigeria
Post geht an:
mrdonald101 [at] gmail.com
au2008_82 [at] tut.by
- kjz
Hier mal wieder der notorische Dauer-Mugu (mit gecracktem Uni-Account):
Received: from jsu.ac.ir (unknown [78.39.195.23]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 7578C789B009 for xxxxx; Wed, 25 Mar 2009 00:42:41 +0100 (CET)
Received: from jsu.ac.ir (jsu.ac.ir [127.0.0.1]) by jsu.ac.ir (8.14.2/8.14.2) with ESMTP id n2NIdlqj023615; Mon, 23 Mar 2009 23:09:47 +0430
Man beachte:
X-OriginatingIP: 41.220.75.3 (zaherzade) ---> mtnngprs.com/MTN, Nigeria
Post geht an:
ukwebdraw_1011 [at] yahoo.co.uk
jamesdineegan111 [at] live.com
Und der 'Optus-Mugu':
Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au [211.29.132.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 94897789B006 for xxxxx; Wed, 25 Mar 2009 08:58:16 +0100 (CET)
Received: from User (ml82.128.2.115.multilinks.com [82.128.2.115]) (authenticated sender info.fbise [at] optusnet.com.au) by mail11.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2OK2KWg025728; Wed, 25 Mar 2009 07:02:55 +1100
IP: 82.128.2.115 ---> Multilinks, Nigeria
Post geht an:
morriswilliams.williams649 [at] gmail.com
info.fbise [at] optusnet.com.au
Muguphon:
TEL; 234 803823048 ---> MTN, Nigeria
FAX; 234 805609056 ---> Globacom, Nigeria
- kjz
Nachschub:
Received: from mail.cablecolor.hn (mail.cablecolor.hn [205.240.200.30]) by xxxxxx (Postfix) with ESMTP id A6206789B020 for xxxxx; Wed, 25 Mar 2009 14:36:32 +0100 (CET)
Received: from [41.221.167.30] (helo=User) by mail.cablecolor.hn with esmtpa (Exim 4.63) (envelope-from <viviannasim27 [at] yahoo.com>) id 1LmTnv-0006uE-OC; Wed, 25 Mar 2009 20:10:05 +0600
IP: 41.221.167.30 ---> Swift, Nigeria
Post geht an:
viviannasim27 [at] yahoo.com
vivsalem33 [at] gmail.com
Received: from c2bthomr10.btconnect.com (c2bthomr10.btconnect.com
[213.123.20.128]) by xxxxx (Postfix) with ESMTP id F141E789A42A for xxxxx; Thu, 26 Mar 2009 13:51:27 +0100 (CET)
Received: from User ([211.229.16.49]) by c2bthomr10.btconnect.com with ESMTP id CYQ93269 (AUTH penny.whitefield [at] btconnect.com); Thu, 26 Mar 2009 12:45:10 GMT
IP: 211.229.16.49 ---> Kornet, KR
Post geht an:
penny.whitefield [at] btconnect.com
Und hier war der Mugu zu dumm, um einen Eimer Wasser umzutreten:
Reply-To: <johnr01benworth [at] gmail.con>
So wird das natürlich nichts, wenn man nur an 'con man' denkt.... Ich korrigiere mal:
johnr01benworth [at] gmail.com
- kjz
Der 'Optus'-Mugu:
Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au [211.29.132.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 5FA5D789B5B5 for xxxxx; Thu, 26 Mar 2009 19:43:51 +0100 (CET)
Received: from User ([59.154.25.30]) (authenticated sender Gjaramillo) by mail11.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2QISVVT002925; Fri, 27 Mar 2009 05:29:10 +1100
Post geht an:
drmikeokoro8 [at] live.com
drmikeokoro [at] i.ua
Muguphon: +234-803-363-1189 ---> MTN, Nigeria
Received: from main.kbuzz.net (unknown [174.133.65.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 486D8789A623 for xxxxx; Wed, 25 Mar 2009 19:00:22 +0100 (CET)
Received: from dhcp1640.myzipnet.com ([41.202.16.40] helo=User) by main.kbuzz.net with esmtpa (Exim 4.69) (envelope-from <sarah [at] gmail.com>) id 1Lm4PM-0006oO-Vx; Tue, 24 Mar 2009 13:03:01 +0200
IP: 41.202.16.40 ---> Zipnet-Network, Ghana
Post geht an:
sarah [at] gmail.com
smaxwell01 [at] yahoo.com.hk
- kjz
Hier das 'Spiel': Guter Mugu - Böser Mugu.... Dabei sollte doch eigentlich klar sein, dass es keine guten Mugus gibt....
Received: from fallback.edevote.nl (worldwebmedia4.nl [213.193.237.69]) by xxxxx (Postfix) with ESMTP id 85358789B88B for xxxxx; Fri, 27 Mar 2009 11:37:20 +0100 (CET)
Received: from UnknownHost [203.92.57.41] by fallback.edevote.nl with SMTP; Fri, 27 Mar 2009 05:20:34 +0100
Subject: Wanring !!! Fraud
Dearest,
My name is Ruth Ruggiero, I live at 8763 Pelican Dr.La Grange IL
60525,United States.
I am one of those that executed a contract in Nigeria years ago and they
refused to pay me, I had paid over $70,000USD trying to get my payment
all to no avail.
Somebody directed me to travel down to Nigeria with all my contract
documents to meet Barrister Mat Oto who is the member of CONTRACT
PAYMENT COMMITTEE and LEGAL ADVISER to the COMMITTEE, and I contacted
him and he explained everything to me on telephone and advised me to
come down to Nigeria which I did.
He said that those contacting us through emails are fake. Then he took
me to the paying bank, which is Central Bank of Nigeria, and I am the
happiest woman on this earth because I have received my contract funds
of $8.2Million USD.
On the process of searching for my file,I saw your information on
awaiting payment list in the office of Barrister Mat Oto.Though I did
not capture all your information lest your fax number.
Am sorry contacting you late as I planed doing it as soon as I arrive
back USA.
I have been so busy because we are trying to set up a factory here with
the money we received.
So if you care,do contact Barrister Mat Oto with the information below
and just explain yourself to him as I know he is honest and humble person.
Alternatively mention my name to him he will attend to you.
Name: Barrister Mat Oto
Email: brr.oooo [at] shurl.ws
phone number +234-1-432490123
Address: 123,Palm Avenue Palm Grove,
Lagos Nigeria.
You really have to stop your dealing with those contacting you okay
because they will dry you up until you have nothing to eat.
The only money I paid was just $8,200 for Federal Inland Revenue
Services (F.I.R.S).
So you have to take note of that. You can reach me on this telefax
number:1-208-248-3647
Thanks,
Ruth Ruggiero
Post geht an:
brr.oooo [at] shurl.ws
ruth.rug [at] gmail.com
r.r60525 [at] gmail.com
Muguphon:
phone +234-1-432490123 ---> Lagos, Nigeria
fax +1-208-248-3647 ---> Time Warner Telecom Of Idaho, Llc - Id
- kjz
Und noch ein 'deutscher Mugu' aus der Mugu-Hochburg Bremen:
Received: from p57915F24.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.95.36] by mx0.gmx.net (mx113) with SMTP; 27 Mar 2009 16:09:05 +0100
Aufmerksamkeit.
Sehr geehrter:
Zuerst muß ich um Ihre Zuversicht in dieser Angelegenheit bitten,da
dies aufgrund der Situation als streng VERTRAULICH anzusehen ist.. Ich
erwaehne jedoch im Vorfeld, daß
eine Offerte diesen Ausmaßes selbstverstaendlich abschrecken kann. Ich
hoffe,dass dies keine Besorgnis bei ihnen erregen wird, aber ich
versichere Ihnen, daß alles seine Richtigkeit hat. Wir
haben wegen der Dringlichkeit,entschieden Sie auf dem Postwege zu
informieren.
Als Erstes moechte ich mich bei ihnen vorstellen. Mein Name is Frau
Claudia Wolfgang, ein Managerin bei der Chartered Bank England PLC. Ich
kam an ihren
Namen durch meine Suche nach eine entsprechenden Person,um eine sehr
vertrauliche Angelegenheit
abzuwickeln,die Übertragung von einer betraechtlichen Summe Geld,welches
aus einer Erbschaftstammt,zur folge haette.
Hier nun mein Vorschlag: Ein Ausländer,der verstorbene Ingenieur
Jurgen Kaufmann,ein Hollander aus Namibia, kam 1999 bei einem
Flugzeugunglueck ums Leben.Seither sind
keine Erbe ermittelt worden.Er war bis vor seinem Tode als Unternehmer
taetig.
Herr Kaufmann war unser Kunde hier bei der Chartered Bank
PLC.,England,und hatte ein
Kontoguthaben von USD$ 38,000,000 (Achtunddreißigtausend
Siebenhundertfünfzig Millionen United States Dollars),
Diese Summe liegt jetzt bei der Bank und wartet auf eine Person,die
berechtigten Anspruch darauf hat.Sollte kein Anspruchsteller gefunden
werden,geht die komplette Summe an dieRegierung von Großbritannien.
Daher haben meine Kollegen und ich beschlossen,vor Ablauf der
Frist,eineentsprechende Person zu benennen.Mit Ihrer Erlaubnis wuerden
wir Sie als Verwandten des
verstorbenen Kaufmann deklarieren, damit Sie den Anspruch in Hoehe von
USD$ 38,000,000M erhalten wuerden.Infolge
dessen koennten Sie als der Nutznießer (Verwandte der Kaufmann) dieser
Summe gelten.Die Urkunden und die Beweise zu
diesem Vorgang werde ich Ihnen selbstverstaendlich erbringen und zu
IhrerVerfuegung stellen. Wir versichern Ihnen eine 100% risikofreie
Abwicklung. Ihr Anteil wäre dann
in einem persoenlichen Gespraech zu eroertern,da wir natuerlich auch in
eigenem Interesse handeln .Ihr Anteil wäre 25% von der totalen Gange.
Falls dies fuer Sie von Interesse sein sollte,wuerde ich Sie bitten mit
uns in Kontakt zu treten.Zu diesem Zwecke senden Sie mir bitte Ihre
persönliiche Daten wie Voll
Namen, Adresse Telefon/Fax nummer und ihre vertrauliche E-mail Adresse,
damit
ich Ihnen die relevanten details dieser Offerte zukommen lassen kann:
(mariamu [at] excite.co.uk )
Mit freundlichen Grüßen,
Claudia Wolfgang
Also, AUFMERKSAMKEIT! für:
mariamu [at] excite.co.uk
- kjz
Wieder mal ein PHP-Skript (Horde Framework Mailer) nicht abgesichert:
Received: from mail.hosting.cybertrails.com (server-8.hosting.cybertrails.com [162.42.209.8]) by xxxxx (Postfix) with ESMTP id 8063B789B019 for xxxxx; Sun, 29 Mar 2009 21:34:39 +0200 (CEST)
Received: (qmail 19941 invoked by uid 398); 29 Mar 2009 12:22:02 -0000
Received: from 82.128.34.120 ([82.128.34.120]) by 162.42.209.128 (Horde Framework) with HTTP; Sun, 29 Mar 2009 05:22:01 -0700
IP: 82.128.34.120 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
willisgasa [at] hotmail.com
- kjz
Katherine kann es einfach nicht lassen:
Received: from shinepainting.com (s143.n16.vds2000.com [66.84.16.143]) by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) id 0MKpV6-1LoOeo2dSW-00013G ; Mon, 30 Mar 2009 23:04:41 +0200
Received: from User (host-41-207-0-116.afnet.net [41.207.0.116]) (authenticated bits=0) by shinepainting.com (8.13.1/8.13.1) with ESMTP id n2UL3iLm004556; Mon, 30 Mar 2009 17:03:46 -0400
Man beachte:
X-Orig: host-41-207-0-116.afnet.net [41.207.0.116], CI
Post geht an:
katrine114 [at] yahoo.co.jp
Und noch einer:
Received: from edge1.avusa.co.za (edge1.avusa.co.za [196.44.3.100]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1BE77789B27A for xxxxx; Mon, 30 Mar 2009 23:36:08 +0200 (CEST)
Received: from rbkhub01.avusa.johnnic.dom (172.16.64.164) by edge1.avusa.co.za (172.16.64.174) with Microsoft SMTP Server (TLS) id 8.1.291.1; Mon, 30 Mar 2009 23:28:04 +0200
Received: from mx3.johncom.co.za (172.16.64.39) by rbkhub01.avusa.johnnic.dom (172.16.64.164) with Microsoft SMTP Server id 8.1.291.1; Mon, 30 Mar 2009
23:29:03 +0200
Received: from 196.44.1.137 (localhost [127.0.0.1]) by mx3.johncom.co.za (8.13.1/8.13.1) with ESMTP id n2ULSNO8000481; Mon, 30 Mar 2009 23:28:23 +0200 (SAST)
Received: from 62.173.54.90 (SquirrelMail authenticated user linux) by mx3.johncom.co.za with HTTP; Mon, 30 Mar 2009 23:28:30 +0200 (SAST)
IP: 62.173.54.90 ---> ipNX Nigeria Limited
Post geht an:
barrvictorjame1 [at] yahoo.co.jp
- kjz
Der Mugu kommt mir irgendwie auch bekannt vor, ansonsten wohl (wieder mal) ein ungenügend abgesicherter Freemailer:
Received: from mail.aiesec.net (mail.aiesec.net [195.219.234.99]) by xxxxx (Postfix) with ESMTP id 4754A789B88E for xxxxx; Tue, 31 Mar 2009 14:43:08 +0200 (CEST)
Received: from User (unknown [58.26.4.3]) by mail.aiesec.net (Postfix) with ESMTP id EB4EB3D490; Tue, 31 Mar 2009 09:32:00 +0100 (BST)
IP: 58.26.4.3 ---> INSTITUTE FOR HEALTH SYSTEMS RESEARCH, MY
Post geht an:
alderman.colin234 [at] gmail.com
alderman.colin23 [at] gmail.com
Muguphon bei altbekannter .....Company:
Direct Tel: +44 703 180 6846 ---> Magrathea Telecommunications Limited, UK
- kjz
Tja, Mugus haben's halt schwer :D, da muss man sich schon mehrfach absichern.....
Received: from EXFE02.easyxchange.co.uk (ex02.easyxchange.co.uk [62.233.64.253]) by xxxxx (Postfix) with ESMTP id EC7EE7896836 for xxxxx; Wed, 1 Apr 2009 04:28:12 +0200 (CEST)
Received: from User ([196.3.183.72]) by EXFE02.easyxchange.co.uk with Microsoft SMTPSVC(6.0.3790.1830); Tue, 31 Mar 2009 17:28:59 +0100
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
theresajohn42 [at] yahoo.com
teresa33 [at] hotmail.com
barristerrolandbaker4 [at] rocketmail.com
Muguphon: +34634157561 ---> Vodafone España, S.a.
- kjz
Nachschub:
Received: from swip.net (mailfe15.tele2.it [212.247.155.205]) by xxxxx (Postfix) with ESMTP id D17A4789B3A6 for xxxxx; Wed, 1 Apr 2009 23:34:34 +0200 (CEST)
X-Cloudmark-Score: 0.000000 []
X-Cloudmark-Analysis: v=1.0 c=1 a=-Ud56-JNSNEA:10
a=UZ1+beSXdrTmeETz1XykGQ==:17 a=NiEIbLnrxaPFdmVXKhcA:9
a=94gOCdWv8_RLqvef5-wA:7 a=8qpR8FETQ1WKo0Emv6VxhpO-iEcA:4
a=qJMeZhlYfXQA:10 a=EHIbpXcMlxoA:10 a=eHyt4q1bod-lKDc7:21
a=GUsR_muNWa9yp1QW:21
Received: from [62.163.86.18] (account eu341021 [at] tele2.it) by mailbe01.swip.net (CommuniGate Pro WEBUSER 5.2.6) with HTTP id 130935956; Wed, 01 Apr 2009 23:34:34 +0200
IP: 62.163.86.18 ---> a86018.upc-a.chello.nl
Post hätte gerne:
eu_claimdept [at] aol.nl
eu341021 [at] tele2.it
Muguphon: +31-643-776-188 ---> T-Mobile Netherlands B.V.
Received: from mout5.freenet.de (mout5.freenet.de [195.4.92.95]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id D00DE789B3AF for xxxxx; Wed, 1 Apr 2009 23:41:17 +0200 (CEST)
Received: from [195.4.92.24] (helo=14.mx.freenet.de) by mout5.freenet.de with esmtpa (ID ojukwu [at] bossmail.de) (port 25) (Exim 4.69 #79) id 1Lp8BC-0002JE-SQ; Wed, 01 Apr 2009 23:41:02 +0200
Received: from [196.3.183.73] (port=46758 helo=User) by 14.mx.freenet.de with esmtpa (ID ojukwu [at] bossmail.de) (port 25) (Exim 4.69 #76) id 1Lp8B5-0005So-0d; Wed, 01 Apr 2009 23:41:02 +0200
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
sir.ronald.baker [at] googlemail.com
ojukwu [at] bossmail.de
sir.ronald.baker [at] gmail.com
- kjz
Noch 2, einen davon hatte ich schon am 31. 3. Bei der Aiesec steht anscheinend immer noch der Hosenlatz offen:
Received: from mail.aiesec.net (mail.aiesec.net [195.219.234.99]) by xxxxx (Postfix) with ESMTP id A3546789AD16 for xxxxx; Thu, 2 Apr 2009 09:53:33 +0200 (CEST)
Received: from User (unknown [58.26.4.3]) by mail.aiesec.net (Postfix) with ESMTP id 891DA2348CB; Thu, 2 Apr 2009 00:00:03 +0100 (BST)
IP: 58.26.4.3 ---> INSTITUTE FOR HEALTH SYSTEMS RESEARCH, MY
Post geht an:
alderman01 [at] gmail.com
alderman00 [at] gmail.com
Muguphon: +44 703 180 6846 ---> Magrathea Telecommunications Limited, UK
Received: from smtp.cyber.net.pk (smtp.cyber.net.pk [202.163.97.85]) by xxxxx (Postfix) with ESMTP id 8B1A7789B632 for xxxxx; Thu, 2 Apr 2009 12:27:23 +0200 (CEST)
Received: from conversion-daemon.smtp.cyber.net.pk by smtp.cyber.net.pk (Sun Java System Messaging Server 6.2-4.01 (built Sep 1 2005)) id <0KHG00H01XIIAL00 [at] smtp.cyber.net.pk> for xxxxx; Thu, 02 Apr 2009 15:11:49 +0500 (GMT)
Received: from mail-node.cyber.net.pk ([192.168.20.19]) by smtp.cyber.net.pk (Sun Java System Messaging Server 6.2-4.01 (built Sep 1 2005)) with ESMTP id <0KHG00JJ2XNMCQB0 [at] smtp.cyber.net.pk>; Thu, 02 Apr 2009 15:11:47 +0500 (GMT)
Received: from cyber.net.pk (mail-node.cyber.net.pk [192.168.20.19]) by jesmail-lh.cyber.net.pk (Sun Java System Messaging Server 6.2 (built Dec 2 2004)) with ESMTP id <0KHG00780XNM15A0 [at] jesmail-lh.cyber.net.pk>; Thu, 02 Apr 2009 15:11:46 +0500 (GMT)
Received: from [192.168.20.121] (Forwarded-For: 192.168.0.17, [41.204.224.17]) by jesmail-lh.cyber.net.pk (mshttpd); Thu, 02 Apr 2009 02:11:46 -0800
IP: 41.204.224.17 ---> DIRECTONPC-Wireless-ISP-NETBLK, Nigeria
Post geht an:
ammad [at] cyber.net.pk
waynecambell70 [at] live.com
- kjz
ghost0815
02.04.2009, 22:49
Mugu Hochburg Bremen?
Habsch was verpasst?
So viele Internetcafes haben die dort auch nicht.
Kann ich hier vor Ort helfen?
Ich muss zugeben ein paar Jahre ausgesetzt zu haben, sowohl im Scambaiting als auch mich überhaupt mit der Materie zu befassen. Erst seit ich zum Krisenteam gehörte um unser entfürtes Schiff zurück zu bekommen bin ich wieder dabei, die Kriminalität ist mir doch etwas zu viel geworden. Die Behörden haben in diesen Jahren schließlich immer noch nichts gescheites vorangebracht.
Wenn jemand Info's hat, ich bin immer dabei...
Es wurde schon oft der Polizei z.B. eine Einwahl-IP (==>>kein Internet-Cafe!) auf dem Silbertablett geliefert. Da kommt dann immer nur der Kommentar: "nöjah, da könn wir nix machen, das ist eine straffreie Vorbereitungshandlung".
Richtige Razzien so wie in Spanien oder Amsterdam hat es m.W. in Bremen nie gegeben.
Das scheint da bisher stillschweigend geduldet zu werden.
Neuer Tag, neue Mugus:
Received: from relay3.bagan.net.mm (relay3.bagan.net.mm [203.81.162.126]) by xxxxx (Postfix) with SMTP id 5E770789B38F for xxxxx; Thu, 2 Apr 2009 21:16:28 +0200 (CEST)
Received: (qmail 13397 invoked from network); 2 Apr 2009 17:29:13 -0000
Received: from owm.bagan.net.mm (HELO myanmar.com.mm) (203.81.71.113) by relay3.bagan.net.mm with SMTP; 2 Apr 2009 17:29:13 -0000
Man beachte:
X-OriginatingIP: 213.185.118.245 (palmbeach) ---> VIENNA TECHNOLOGIES customer, Nigeria
Post geht an:
barrpatrickl [at] aim.com
Received: from hpsmtp-eml16.kpnxchange.com (hpsmtp-eml16.KPNXCHANGE.COM
[213.75.38.116]) by xxxxx (Postfix) with ESMTP id 669E8789B35C for xxxxx; Thu, 2 Apr 2009 21:12:10 +0200 (CEST)
Received: from cpsmtp-he03.kpnxchange.com ([213.75.38.23]) by hpsmtp-eml16.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Apr 2009 21:12:07 +0200
Received: from User ([69.114.228.155]) by cpsmtp-he03.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Apr 2009 21:11:40 +0200
IP: 69.114.228.155 ---> ool-4572e49b.dyn.optonline.net
Post geht an:
ferrenrodrigue [at] chinaacc.com
Muguphon:
Phone: +234 1 473 5643 ---> Lagos, Nigeria
Fax: +234 1 473 5643
Und Anhänge gibt's auch noch:
http://img3.imageshack.us/img3/6794/fbiletter.th.jpg (http://img3.imageshack.us/my.php?image=fbiletter.jpg)
http://img25.imageshack.us/img25/3082/farrenspringbank.th.jpg (http://img25.imageshack.us/my.php?image=farrenspringbank.jpg)
http://img24.imageshack.us/img24/6182/clientcard.th.jpg (http://img24.imageshack.us/my.php?image=clientcard.jpg)
- kjz
Wieder 3:
Received: from imc-035.imconline.net (unknown [66.155.35.253]) by xxxxx (Postfix) with ESMTP id 909DF789B5D2 for xxxxx; Thu, 2 Apr 2009 17:21:53 +0200 (CEST)
Received: from User [196.3.183.73] by imc-035.imconline.net with ESMTP (SMTPD-10.02) id AF86088C; Thu, 02 Apr 2009 07:28:54 -0500
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
rickystevens1 [at] yahoo.cn
williamsibru007 [at] yahoo.cn
Muguphon: +234 807 076 0985 ---> mobile number, Nigeria
Received: from web4312.mail.ogk.yahoo.co.jp (web4312.mail.ogk.yahoo.co.jp [124.83.212.92]) by xxxxx (Postfix) with SMTP id C56AC789B37D for xxxxx; Fri, 3 Apr 2009 16:36:34 +0200 (CEST)
Received: (qmail 12171 invoked by uid 60001); 3 Apr 2009 14:29:53 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=yj20050223; d=yahoo.co.jp;
h=Message-ID:Received:X-RocketDSI:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=ehstqcaDKp+wTWEua2Bw9Pmnb8uTvdxPJAWuFSnhlTdO9w3WlE8ZNI64DRW6XP3KDI0AFVAuh5YF9X/fmIlB3J/JuGH8pjdW/V4pcCj0Exic7oK/ta69C3q1SMuFSzUt
;
Message-ID: <20090403142953.12169.qmail [at] web4312.mail.ogk.yahoo.co.jp>
Received: from [82.128.33.252] by web4312.mail.ogk.yahoo.co.jp via HTTP;
Fri, 03 Apr 2009 23:29:53 JST
IP: 82.128.33.252 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
johnsmithaaaaaaaaaabbbbbbbbbbbb [at] yahoo.co.jp
johnsmith10070 [at] yahoo.fr
Received: from smtp2e.orange.fr (smtp2e.orange.fr [80.12.242.113]) by xxxxx (Postfix) with ESMTP id BF7BB789A623 for xxxxx; Fri, 3 Apr 2009 20:27:41 +0200 (CEST)
Received: from User (ABayonne-152-1-15-156.w83-193.abo.wanadoo.fr
[83.193.37.156]) by mwinf2e26.orange.fr (SMTP Server) with ESMTP id 4091780000BB; Fri, 3 Apr 2009 20:24:43 +0200 (CEST)
Post geht an:
richardcavanaghh [at] live.com
richardcavanaggh [at] live.com
- kjz
Frische Mugus:
Received: from cocboise.org (mail.cocboise.org [70.58.63.10]) by xxxxx (Postfix) with ESMTP id 05053789B2AE for xxxxx; Sat, 4 Apr 2009 16:37:49 +0200 (CEST)
Received: from User ([82.128.26.140]) by cocboise.org with Microsoft SMTPSVC(6.0.3790.1830); Fri, 3 Apr 2009 04:10:07 -0700
IP: 82.128.26.140 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
trusteewanted [at] yahoo.com.hk
lian_beefunds [at] yahoo.com.hk
Den Mugu gab es doch schon mal (am 2. 4. 09):
Received: from mout1.freenet.de (mout1.freenet.de [195.4.92.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id A2321789B24B for xxxxx; Sun, 5 Apr 2009 07:25:56 +0200 (CEST)
Received: from [195.4.92.22] (helo=12.mx.freenet.de) by mout1.freenet.de with esmtpa (ID info.bet1004 [at] bossmail.de) (port 25) (Exim 4.69 #79) id 1LqKpL-0005go-B6; Sun, 05 Apr 2009 07:23:27 +0200
Received: from [41.191.85.205] (port=54497 helo=User) by 12.mx.freenet.de with esmtpa (ID info.bet1004 [at] bossmail.de) (port 25) (Exim 4.69 #76) id 1LqKpK-0004au-C3; Sun, 05 Apr 2009 07:23:26 +0200
IP: 41.191.85.205 ---> FAST COM CYBER, Benin
Post geht an:
globalmaxdccbenin [at] gmail.com
eribeson19 [at] gmail.com
info.bet1004 [at] bossmail.de
Muguphon: +229-98-239474 ---> Benin
- kjz
Wieder der Freenet-Mugu:
Received: from mout2.freenet.de (mout2.freenet.de [195.4.92.92]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 84941789A6B8 for xxxxx; Mon, 6 Apr 2009 07:51:01 +0200 (CEST)
Received: from [195.4.92.20] (helo=10.mx.freenet.de) by mout2.freenet.de with esmtpa (ID johnab [at] chefmail.de) (port 25) (Exim 4.69 #79) id 1LqhdT-0000Dy-R2; Mon, 06 Apr 2009 07:44:43 +0200
Received: from [196.3.183.73] (port=34147 helo=User) by 10.mx.freenet.de with esmtpa (ID johnab [at] chefmail.de) (port 25) (Exim 4.69 #76) id 1LqhdS-0000zX-16; Mon, 06 Apr 2009 07:44:43 +0200
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
wmqoxw [at] mail.com
johnab [at] chefmail.de
Und noch einer:
Received: from web-4.ars-sth.se.crystone.se (web-4.crystone.se [83.168.244.15]) by xxxxx (Postfix) with SMTP id BA704789B37C for xxxxx; Mon, 6 Apr 2009 09:30:49 +0200 (CEST)
Received: (qmail 12007 invoked by uid 1867); 5 Apr 2009 01:11:15 +0200
Da wird im Header auch gleich noch das ungesicherte Skript genannt:
X-PHP-Script: www.starwheels.se/images/mass.php for 83.229.48.149
Post geht an:
timothy.mccaron [at] sify.com
Muguphon: +44-7035912785 ---> Open Telecom International Ltd., UK
- kjz
Auf ein Neues:
Received: from mail.tnreginet.net (unknown [210.212.62.101]) by xxxxx (Postfix) with SMTP id 86305789B35C for xxxxx; Mon, 6 Apr 2009 14:38:47 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.tnreginet.net (Postfix) with ESMTP id E265523548D; Sun, 5 Apr 2009 06:42:43 +0530 (IST)
Received: from mail.tnreginet.net ([127.0.0.1]) by localhost (mail.tnreginet.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 24420-08; Sun, 5 Apr 2009 06:42:43 +0530 (IST)
Received: from User (mail.centera.com.au [203.59.99.26]) by mail.tnreginet.net (Postfix) with ESMTP id 7540F235401; Sun, 5 Apr 2009 06:40:55 +0530 (IST)
Post geht an:
pwango39 [at] hotmail.com
wangpauloo1 [at] centrum.cz
Received: from mail.dover.k12.nh.us (mail.dover.k12.nh.us [75.147.19.92]) by xxxxx (Postfix) with ESMTP id CE560789AE3B for xxxxx; Tue, 7 Apr 2009 04:18:00 +0200 (CEST)
Post geht an:
green20042009 [at] gmail.com
j.amara [at] dover.k12.nh.us
Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112]) by xxxxx (Postfix) with ESMTP id 9B3A3789AD42 for xxxxx; Tue, 7 Apr 2009 07:46:09 +0200 (CEST)
Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Apr 2009 05:38:58 +0000
Post geht an:
paul.ali [at] menara.ma
dhlcuorrierservi [at] sify.com
- kjz
Frische Mugus:
Received: from p579178CD.dip.t-dialin.net (EHLO mx4.hotmail.com)
[87.145.120.205] by mx0.gmx.net (mx085) with SMTP; 07 Apr 2009 17:00:05 +0200
Dieser wohl aus DE:
IP: 87.145.120.205, die Spur führt (mal wieder) nach Bremen, anscheinend die deutsche 'Mugu-Hauptstadt'.
VON SITZ DES VIZE PRASIDENTEN
INTERNATIONALE PROMOTIOM-GEWINNZUTEILUNG
REFERENZNUMMER: ELP-25456009-ESP
BEARBEITUNGSNUMMER:ELP/25456009/AGA
OFFIZIELLE GEWINNBENACHRITIGUNG
Wir sind erfreut ihnen mitteilen zu konnen, das die gewinnliste LOTTO
PROGRAMM an 25/ 02/ 2009 erschienen ist.
Dir offizielle liste der gewinner erschien am 06/ 04/ 2009 Ihr email
wurde auf dem los mit dir nummer: 025.11464992.750 und mit der
seriennummer:2113-06 registried. Die glucksnummer: 10-16-25-41-46, haben
in der 3. kategorie gewonnen.
Sie sind damit gewinner von: EURO 615, 810,00 (SECHS HUNDERT UND
FUNFZEHN TAUSEND UND ACHTHUNDERTZEHN.) Die summe ergibt sich einer
gewinnausschuttung von EURO:16,626,870,00 (SECHZEHN MILLIONEN
SECHSHUNDERT SECHS UND ZWANZIG TAUSEND ACHT HUNDERT UND SIEBZIG) Die
summe wurde durch 27gewinnern aus der glieichen kategorie geteilt.
HERZLICHEN GLUCKWUNSCH!!!
Dir gewinn ist bei einer sicherheitsfirma hinterlegt und in ihren namen
versichert. um keine komplikationen bei der abwicklung der zahlung zu
verursachen bitten wir sie diese offizielle mitteilung , diskret zu
behandeln.,es ist ein teil unseres sicherheitsprotokolls und garantiet
ihnen einen reibunglosen Ablauf.
Alle gewinner werden per computer aus 500.000 email aus ganz europa
,asien, australien und amerika als teil unserer Internationalen
promotion programms ausgewahlt, Welches wir einmal im jahr veranstalten.
Bitte kontaktieren sie unseren auslands sachbearbeiter DON ANTONIO
ROBERT bei der sicherheitfirma SANSA SEGUROS S.L on EMAIL;
sansaseguros [at] aol.com Bitte denken sie daran, jeder gewinnanspruch muss
bis zum 20/4/2009 Angemeldete sein. Jeder nicht angemeldet
Gewinnanspruch verfallt und geht zuruck an das MINISTERIO DE ECONOMIA Y
HACIENDA Bitte denken sie auch daran das 5% ihres gewinnes an die
sicherheitsfirma bilbao S.L. geht. Dir 5% sind erst nach erhalt des
gewinnes fallig da der gewinn in ihren namen versichert ist.
WICHTIG: um verzogerungen und komplikationen zu vermeiden, bitte immer
referenznummer und bearbeitungsnummer angeben. Adressanderungen bitte
immer so schell wie moglich mitteilen mit ihrer komplekt namen und
telephone number dabei Per email an die sicherheitdfirma SANSA SECURITY
COMPANY S.Lon sansaseguros [at] aol.com
Post bitte an:
sansaseguros [at] aol.com
raelcampo [at] aim.com
Received: from linux.kenosu.co.jp (unknown [210.133.119.178]) by xxxxx (Postfix) with ESMTP id E3D01789B58A for xxxxx; Tue, 7 Apr 2009 19:40:11 +0200 (CEST)
Post geht an:
adbremittancebj [at] sify.com
regis [at] shymail.com
Muguphon: +22998710577 ---> Benin
Received: from smtp2c.orange.fr (smtp2c.orange.fr [80.12.242.155]) by xxxxx (Postfix) with ESMTP id 988AD789AA04 for xxxxx; Tue, 7 Apr 2009 20:11:28 +0200 (CEST)
Received: from User (c-68-41-38-253.hsd1.mi.comcast.net [68.41.38.253]) by mwinf2c24.orange.fr (SMTP Server) with ESMTP id 06B6C80000A3; Tue, 7 Apr 2009 20:10:13 +0200 (CEST)
Post geht an:
jonathan_spencer1 [at] aol.com
mrjonathanspencer_confirmation [at] hotmail.com
bradturpin1983 [at] yahoo.com.hk
- kjz
Mugus in Hülle und Fülle, dabei auch 'alte Bekannte':
Received: from relay.aragon.es (relay.aragon.es [195.55.229.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 9302E789B634 for xxxxx; Tue, 7 Apr 2009 10:46:29 +0200 (CEST)
Received: from midcorreo1.dga.es (midcorreo1.dga.es [172.27.12.75]) by relay.aragon.es (8.13.8/8.13.8/Debian-3) with ESMTP id n378aeJq004527 for xxxxx; Tue, 7 Apr 2009 10:36:45 +0200
Post geht an:
cpcanfranc [at] aragon.es
michaelstelzel22 [at] gmail.com
michaelstelzel21 [at] gmail.com
Muguphon: +44-703-115-2750 ---> Easynet Group Plc, UK
Received: from rijtesten.rijtesten.be (rijtesten.colocated.redunix.net [78.41.207.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 3F688789AE1C for xxxxx; Tue, 7 Apr 2009 23:56:28 +0200 (CEST)
Received: from [210.245.85.63] (helo=User) by rijtesten.rijtesten.be with esmtpa (Exim 4.68) (envelope-from <Jmoore102 [at] web2mail.com>) id 1Ll3aF-0003v3-OV; Sat, 21 Mar 2009 16:58:06 +0100
Post geht an:
Jmoore102 [at] web2mail.com>
sandramatthews47 [at] gmail.com
Muguphon: +234-806-615-4068 ---> MTN, Nigeria
der 'Dauer-Mugu':
Received: from pustik.unhalu.ac.id (unknown [222.124.222.59]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1BAFA789B2AD for xxxxx; Wed, 8 Apr 2009 02:30:58 +0200 (CEST)
Received: from www.unhalu.ac.id (localhost [127.0.0.1]) by pustik.unhalu.ac.id (Postfix) with ESMTP id C81749E6E9; Mon, 6 Apr 2009 21:46:08 -0700 (PDT)
Received: from 41.220.75.3 (SquirrelMail authenticated user mukhsar) by www.unhalu.ac.id with HTTP; Mon, 6 Apr 2009 21:46:08 -0700 (PDT)
Man beachte:
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
europw2009 [at] yahoo.com
Muguphon: +31 (0) 84 740 8620 ---> J2 Global (Netherlands) B.V.
der 'Freenet-Mugu':
Received: from mout4.freenet.de (mout4.freenet.de [195.4.92.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1B2B2789A9F3 for xxxxx; Wed, 8 Apr 2009 01:51:44 +0200 (CEST)
Received: from [195.4.92.17] (helo=7.mx.freenet.de) by mout4.freenet.de with esmtpa (ID info.call [at] goldmail.de) (port 25) (Exim 4.69 #79) id 1LrL4K-0002Dy-NG; Wed, 08 Apr 2009 01:51:04 +0200
Received: from [68.206.46.105] (port=4430 helo=User) by 7.mx.freenet.de with esmtpa (ID info.call [at] goldmail.de) (port 25) (Exim 4.69 #79) id 1LrL4J-0006x3-LM; Wed, 08 Apr 2009 01:51:04 +0200
IP: 68.206.46.105 ---> cpe-68-206-46-105.gt.res.rr.com
Post geht an:
gmdnnpcadmin1 [at] sify.com
nnpcadmin2 [at] sify.com
info.call [at] goldmail.de
Received: from mx4.hotmail.com (81.199.227.197.satcom-systems.net [81.199.227.197]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) id 0MKpIi-1LrGvx3ZME-0000mD for xxxxx; Tue, 07 Apr 2009 21:26:50 +0200
IP: 81.199.227.197 ---> 81.199.227.197.satcom-systems.net (wieder mal Gilat, IL)
Post geht an:
govaliyu300000 [at] yahoo.com
csuzu [at] hotmail.com
Muguphon: +234-708-9519276 ---> Pank Shin, Nigeria
- kjz
Wieder der Freenet-Mugu:
Received: from mout1.freenet.de (mout1.freenet.de [195.4.92.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 58239789AB5D for xxxxx; Fri, 10 Apr 2009 03:26:15 +0200 (CEST)
Received: from [195.4.92.12] (helo=2.mx.freenet.de) by mout1.freenet.de with esmtpa (ID montti [at] goldmail.de) (port 25) (Exim 4.69 #88) id 1Ls5VB-0005kv-3Y; Fri, 10 Apr 2009 03:25:53 +0200
Received: from [196.3.183.73] (port=52165 helo=User) by 2.mx.freenet.de with esmtpa (ID montti [at] goldmail.de) (port 25) (Exim 4.69 #79) id 1Ls5V7-0005XH-BD; Fri, 10 Apr 2009 03:25:52 +0200
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
infocs121 [at] sify.com
montti [at] goldmail.de
Und den Mugu hatten wir auch schon am 7.4.:
Received: from winfesmtp1.menara.local (smtp-xe1.menara.ma [196.217.246.110]) by xxxxx (Postfix) with ESMTP id 6A0EC789AD42 for xxxxx; Fri, 10 Apr 2009 04:05:09 +0200 (CEST)
Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp1.menara.local with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Apr 2009 01:44:51 +0000
Post geht an:
apexcourierbr6 [at] sify.com
paul.ali [at] menara.ma
Muguphon: +229-98-34-98-33 ---> Benin
Received: from hpsmtp-eml15.kpnxchange.com (hpsmtp-eml15.KPNXCHANGE.COM
[213.75.38.115]) by xxxxx (Postfix) with ESMTP id E5A13789B355 for xxxxx; Thu, 9 Apr 2009 17:20:35 +0200 (CEST)
Received: from cpsmtp-he02.kpnxchange.com ([213.75.38.22]) by hpsmtp-eml15.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959);Thu, 9 Apr 2009 17:18:36 +0200
Received: from User ([82.93.33.87]) by cpsmtp-he02.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 9 Apr 2009 17:16:29 +0200
IP: 82.93.33.87 ---> a82-93-33-87.adsl.xs4all.nl
Post geht an:
tony_chan0022 [at] yahoo.com.hk
tony_chan0012 [at] yahoo.com.hk
- kjz
Interessante Beobachtung:
Zunächst der normale Mugu Spam:
Received: from monmonki.com (EHLO monmonki.com) [216.70.123.107] by mx0.gmx.net (mx066) with SMTP; 10 Apr 2009 13:35:46 +0200
Received: (qmail 17445 invoked from network); 2 Apr 2009 20:32:19 +0800
Received: from unknown (HELO User) (41.210.36.38) by monmonki.com with SMTP; 2 Apr 2009 20:32:19 +0800
IP: 41.210.36.38 ---> Ghana Telecom ADSL
Man schaue aufs Whois: http://41.210.36.38
Dort ist als Ansprechpartner genannt:
M. K. N.
mnfodzo [at] ghanatel.net
Also eine Beschwerde an Ghanatel. Was bekomme ich kurz darauf zurück:
Received: from smxhq901.ghanatel.com.gh (EHLO smxhq901.ghanatel.com.gh)
[80.87.64.5] by mx0.gmx.net (mx020) with SMTP; 10 Apr 2009 13:51:08 +0200
Received: from mnfodzo by smxhq901.ghanatel.com.gh with local (Exim 4.69) (envelope-from <mnfodzo [at] smxhq901.ghanatel.com.gh>) id 1LsFMF-0001yK-FZ for xxxxx; Fri, 10 Apr 2009 11:57:20 +0000
Also von besagtem mnfodzo [at] smxhq901.ghanatel.com.gh.
Interessant jetzt der Inhalt der Mail:
Hello,
I will not be reading my mail for a while.
Your mail regarding 'Please stop this 419/advance fee fraud scammer!
spammers mail dropbox at: simonridley [at] indiatimes.com,
sridley13 [at] yahoo.com.co' will be read when I return.
AM MRS KATE MARCUS ,I AM A BUSINESS OWNER I HAVE WILL MY OIL
COMPANY,INCLUDING THE
SUM OF 100 MILLION DOLLARS ($100000000) AND MY INVESTMENT TO YOU. I WOULD
LIKE YOU TO
CONTACT MY ATTORNEY TO THAT EFFECT.HIS NAME IS BARRISTER JOHN WHITE. HE WILL
GUIDE YOU
ON WHATEVER YOU NEED TO INHERIT THE COMPANY AND CLAIM THE MONEY.YOU CAN
REACH
HIM ON
(johnwhitechambers20008 [at] gmail.com) HERE IS HIS PHONE NUMBER
+2348051063348. I
AM GOING
FOR AN OPERATION AND I DON'T KNOW IF I CAN MAKE IT DUE TO MY MEDICAL
Also wird meine Beschwerde über Mugu-Spam mit einem weiteren Mugu-Spam beantwortet. Lässt für mich nur einen Schluss zu: Ghanatel scheint ein so korrupter Sumpf zu sein, dass hier die Spammer direkt in der Telco (also an der Quelle) sitzen. Und 'Katherine' ist hier im Thread ja nur allzu gut als 'Mugu-Skript' bekannt.
Deshalb bitte Post an:
johnwhitechambers20008 [at] gmail.com
Muguphon: +2348051063348 ---> Globacom, Nigeria
Wobei http://gloworld.com (i.e. Globacom) im Whois auch noch eine nicht funktionierende Emailadresse hat. Mit anderen Worten: viele 'ISPs' in Afrika scheinen ganz dick im Mugu-Geschäft als Helfershelfer mit drinzustecken. 'Hilfe' sollte man von dieser Seite also keine erwarten.
- kjz
Die Schwarzhüte von Ghanatel lassen wieder grüßen:
Received: from ns.tamtraining.com (EHLO ns.tamtraining.com) [71.16.135.242] by mx0.gmx.net (mx015) with SMTP; 11 Apr 2009 00:56:28 +0200
X-Spam-Status: Yes, hits=10.0 required=3.0
tests=FORGED_MUA_OUTLOOK: 3.099,NIGERIAN_BODY1: 2.696,NIGERIAN_BODY2:
0.858,
NIGERIAN_BODY3: 0.972,SARE_CHARSET_W1251: 1.666,SARE_FREE_WEBM_ZCom01: 0.7,
SARE_MSGID_EMPTY: 1.106,SARE_RECV_ADDR: 0.027,SARE_SUB_ACQUISITION: 0.739,
SARE_TOCC_NONE: 0.802
X-Spam-Flag: YES
X-Spam-Level: **********
Received: from User ([41.210.34.22]) (authenticated user spam [at] tamtraining.com) by ns.tamtraining.com (Kerio MailServer 6.0.5); Fri, 3 Apr 2009 02:40:24 -0400
IP: 41.210.34.22 ---> Ghana Telecom ADSL
Post geht an:
gkofi3 [at] sify.com
gkofi2 [at] sify.com
spam [at] tamtraining.com
Received: from IMPaqm1.telefonica.net (impaqm1.telefonica.net [213.4.149.61]) by xxxxx (Postfix) with ESMTP id AF1B3789B3B1 for xxxxx; Fri, 10 Apr 2009 19:17:02 +0200 (CEST)
Received: from IMPmailhost2.adm.correo ([10.20.102.39]) by IMPaqm1.telefonica.net with bizsmtp id dt7v1b00e0r0BT601tH2mH; Fri, 10 Apr 2009 19:17:02 +0200
Received: from cps9 ([10.20.100.209]) by IMPmailhost2.adm.correo with BIZ IMP id dtH11b0034X3sTu1itH1cF; Fri, 10 Apr 2009 19:17:02 +0200
Post geht an:
chiejianthony04 [at] terra.es
westernunionmtcbr [at] ubbi.com
Muguphon: +22993181037 ---> BBCom, Benin
- kjz
Nachschub rollt, Sify aus IN ist wohl momentan bei dem Mugus der absolute Hit, wahrscheinlich haben die dort Dave Null am Abuse Desk sitzen....
Received: from 69-64-72-148.dedicated.abac.net (69-64-72-148.dedicated.abac.net [69.64.72.148]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 4F544789AE05 for xxxxx; Sun, 12 Apr 2009 09:00:14 +0200 (CEST)
Received: (qmail 8970 invoked from network); 8 Apr 2009 11:47:51 -0700
Received: from unknown (HELO User) (82.128.26.1) by 69-64-72-148.dedicated.abac.net with SMTP; 8 Apr 2009 11:47:51 -0700
IP: 82.128.26.1 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
suecater [at] optusnet.com.au
prof101s [at] sify.com
Received: from mail.cyccatv.net.tw (mail.cyccatv.net.tw [61.58.31.253]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 015FE789A938 for xxxxx; Sat, 11 Apr 2009 23:52:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.cyccatv.net.tw (Postfix) with ESMTP id 77E87D99D46; Sun, 12 Apr 2009 04:20:45 +0800 (CST)
Received: from mail.cyccatv.net.tw ([127.0.0.1]) by localhost (mail.cyccatv.net.tw [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ggqAvsae1d+7; Sun, 12 Apr 2009 04:20:45 +0800 (CST)
Received: from User (unknown [196.3.182.250]) by mail.cyccatv.net.tw (Postfix) with ESMTPA id 5DD9AD9982C; Sun, 12 Apr 2009 04:19:00 +0800 (CST)
IP: 196.3.182.250 ---> CTACCESS, Abuja, Nigeria/Suburbantelecom
Post geht an:
hua0322 [at] mail.cyccatv.net.tw
songlile260 [at] gmail.com
- kjz
Und weiter:
Received: from intserver2.isaco1.ir (unknown [217.218.102.132]) by xxxxx (Postfix) with ESMTP id E5294789B17A for xxxxx; Sun, 12 Apr 2009 20:31:12 +0200 (CEST)
Received: from User ([62.60.136.28]) by intserver2.isaco1.ir with Microsoft SMTPSVC(5.0.2195.6713); Sun, 12 Apr 2009 22:39:03 +0430
Post geht an:
4114 [at] post.isaco.ir
Xioalee1 [at] aol.com
Received: from ipmail01.adl6.internode.on.net (ipmail01.adl6.internode.on.net [203.16.214.146]) by xxxxx (Postfix) with ESMTP id 0A481789AACC for xxxxx; Mon, 13 Apr 2009 03:02:00 +0200 (CEST)
Received: from unknown (HELO User) ([41.211.230.57]) by ipmail01.adl6.internode.on.net with ESMTP; 13 Apr 2009 10:31:00 +0930
IP: 41.211.230.57 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
foryou [at] internode.on.net
barrmelsondavid202 [at] gmail.com
- kjz
Naaaachschuuuub:
Received: from exchange.dslcc.edu (exchange.dslcc.edu [164.106.42.123]) by xxxxx (Postfix) with ESMTP id C2769789B27F for xxxxx; Tue, 14 Apr 2009 00:25:34 +0200 (CEST)
Post geht an:
kremlending [at] strompost.com
Received: from dhuumrelay0.dtm.ops.eu.uu.net (dhuumrelay0.dtm.ops.eu.uu.net [194.139.33.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id D65D4789ADFE for xxxxx; Mon, 13 Apr 2009 21:19:56 +0200 (CEST)
Received: from User (dhcp183.myzipnet.com [41.202.18.3]) (authenticated bits=0) by dhuumrelay0.dtm.ops.eu.uu.net (8.14.1/8.14.1) with ESMTP id n3DJ4HqS000276; Mon, 13 Apr 2009 19:04:30 GMT
Post geht an:
zabadak [at] optusnet.com.au
westernunioncode233e [at] gmail.com
Received: from gmmr3.centrum.cz (gmmr3.centrum.cz [90.183.38.155]) by xxxxx (Postfix) with ESMTP id CEC89789B365 for xxxxx; Tue, 14 Apr 2009 13:04:37 +0200 (CEST)
Received: from rohlik (unknown [10.0.0.47]) by gmmr3.centrum.cz (Postfix) with ESMTP id 0AA9727029; Tue, 14 Apr 2009 12:51:27 +0200 (CEST)
Post geht an:
staatsclaims [at] pobox.sk
dreef_agency [at] sify.com
- kjz
Einen besonderen Humor haben diese Leute, das muss man ihnen lassen:
Received: from User ([41.210.34.22]) (authenticated user spam [at] tamtraining.com) Oder sie liefern über Server ein, die einen Spamfilter laufen haben, der den Absender immer dann tauscht, wenn spam erkannt wird. Da würde ich mich dann aber fragen, warum so ein Server als Relay agiert.
M. Boettcher
Nachschub:
Received: from es1.domain.asse.com (mail.asse.com [65.60.105.75]) by xxxxx (Postfix) with ESMTP id 83BFC789B10B for xxxxx; Wed, 15 Apr 2009 01:05:37 +0200 (CEST)
Received: from User ([219.89.127.134]) by es1.domain.asse.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 14 Apr 2009 15:52:23 -0700
Post geht an:
craig.morrison.designs [at] googlemail.com
Received: from relay3.bagan.net.mm (relay3.bagan.net.mm [203.81.162.126]) by xxxxx (Postfix) with SMTP id CD6C5789B5E1 for xxxxx; Wed, 15 Apr 2009 11:38:58 +0200 (CEST)
Received: (qmail 27458 invoked from network); 14 Apr 2009 21:04:40 -0000
Received: from owm.bagan.net.mm (HELO myanmar.com.mm) (203.81.71.113) by relay3.bagan.net.mm with SMTP; 14 Apr 2009 21:04:40 -0000
Post geht an:
lawfirm [at] myanmar.com.mm
barr_williamjohnson07 [at] yahoo.com.hk
Received: from dsl170-159.doosa.jo (EHLO server.agaamman.com)
[80.90.170.159] by mx0.gmx.net (mx055) with SMTP; 15 Apr 2009 22:52:14 +0200
Received: from User ([83.138.172.76] RDNS failed) by server.agaamman.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 15 Apr 2009 05:32:00 +0300
Received: from inf-ip-203-i128-092.africaonline.com.gh (markowell [at] inf-ip-203-i128-092.africaonline.com.gh [212.85.203.92]) by chromium.onspeed.com (SlipStream SP Server 6.0.19 built 2007/11/22 15:27:31 -0500 (EST)); Wed, 15 Apr 2009 03:32:01 +0100 (BST)
Man beachte:
X-Originating-IP: [212.85.203.92] ---> inf-ip-203-i128-092.africaonline.com.gh
X-Originating-User: [markowell]
Post geht an:
markowell [at] inf-ip-203-i128-092.africaonline.com.gh
mikebeneth4 [at] msn.com
mikebeneth [at] msn.com
- kjz
Einen hätt' ich noch, da steht wohl bei einem Kundenserver von Inode mal wieder der Hosenlatz offen:
Received: from mx.inode.at (mx07.lb01.inode.at [62.99.145.7]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 39DDA789B893 for xxxxx; Thu, 16 Apr 2009 15:48:29 +0200 (CEST)
Received: from [213.47.214.141] (port=14062 helo=webmail) by smartmx-07.inode.at with esmtp (Exim 4.69) (envelope-from <info [at] sky.org>) id 1LuRvj-0001x2-6q; Thu, 16 Apr 2009 15:47:03 +0200
Received: from [127.0.0.1] (helo=inode.at) by webmail with smtp (Exim 4.67) (envelope-from <info [at] sky.org>) id 1LuRuR-0007sc-9R; Thu, 16 Apr 2009 15:45:43 +0200
Received: from 82.128.17.194 (SquirrelMail authenticated user liver.pool [at] inode.at) by webmail.inode.at with HTTP; Thu, 16 Apr 2009 15:45:43 +0200 (CEST)
IP: 82.128.17.194 ---> ml82.128.17.194.multilinks.com, Nigeria
Post geht an:
sarahmaccain [at] sify.com
liver.pool [at] inode.at
- kjz
Noch einer:
Received: from poczta1.linux.webserwer.pl (poczta1.linux.webserwer.pl [83.142.47.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id A8586789B10B for xxxxx; Mon, 13 Apr 2009 18:14:13 +0200 (CEST)
Received: from [196.3.183.72] (helo=User) by poczta.webserwer.pl with esmtpa (Exim 4.69) (envelope-from <japata [at] quidels.webserwer.pl>) id 1LtOBr-00018J-9t; Mon, 13 Apr 2009 17:35:21 +0200
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
japata [at] quidels.webserwer.pl
Company [at] Aggies.com
- kjz
Wieder mal:
Received: from mail07.syd.optusnet.com.au (mail07.syd.optusnet.com.au [211.29.132.188]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 009FF789B5B3 for xxxxx; Fri, 17 Apr 2009 14:19:01 +0200 (CEST)
Received: from User ([41.211.228.22]) (authenticated sender mjdhgfa) by mail07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n3HBx91Z008747; Fri, 17 Apr 2009 21:59:24 +1000
IP: 41.211.228.22 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
info1035683354 [at] googlemail.com
mjdhgfa [at] mail07.syd.optusnet.com.au
Muguphon:
+44 70359 46238 ---> Open Telecom International Ltd, UK
+44 70359 48155 ---> Open Telecom International Ltd., UK
+44 870 28 7323 ---> Nationwide Residential Ltd, UK
- kjz
Jener hier hat besonders viele Adressen zum spielen....
Received: from descpa.com (24-240-175-174.static.hckr.nc.charter.com [24.240.175.174]) by xxxxx (Postfix) with ESMTP id 72010789B982 for xxxxx; Fri, 17 Apr 2009 14:58:47 +0200 (CEST)
Received: from User ([213.255.218.244]) by descpa.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 17 Apr 2009 00:04:41 -0400
IP: 213.255.218.244 ---> Cyberspace Link 3 Lagos, Nigeria/SkyVision Network
Post geht an:
payment_atm001 [at] yahoo.cn
kelvinwilliams [at] sify.com
kelvinwilliam [at] sify.com
kelvinwilliams.williams [at] gmail.com
Muguphon: +234-702-622-5841 ---> Pank Shin, Nigeria
- kjz
Auch heute keine Ruhe:
Received: from o2.pl (host124-244-dynamic.21-87-r.retail.telecomitalia.it [87.21.244.124]) by spammotel.com (Postfix) with SMTP id B853528E05 for xxxxx; Fri, 17 Apr 2009 12:57:01 -0400 (EDT)
Received: from pc-kellynwanze ([127.0.0.1]) by pc-kellynwanze ([127.0.0.1]) with SMTPSVC; Fri, 17 Apr 2009 19:12:01 +0200
Post geht an:
edsn [at] o2.pl
Received: from mail.yahorng.com.cn (unknown [119.19.3.230]) by xxxxx (Postfix) with SMTP id 99B9C789AE05 for xxxxx; Sat, 18 Apr 2009 07:55:27 +0200 (CEST)
Received: from User (unknown [41.189.7.46]) by mail.yahorng.com.cn (Postfix) with ESMTP id 4446F30E1EB4; Sat, 18 Apr 2009 03:31:33 +0800 (HKT)
IP: 41.189.7.46 ---> SWIFT NETWORKS LTD, Nigeria
Post geht an:
oscarbennnpc [at] gmail.com
nnpc_adminofficexb [at] hotmail.com
Muguphon: +234-803 352 8864 ---> MTN, Nigeria
- kjz
So hyperaktiv wie die Mugus werden kann ich auch....
Received: from mail.yahorng.com.cn (unknown [119.19.3.230]) by xxxxx (Postfix) with SMTP id 99B9C789AE05 for xxxxx; Sat, 18 Apr 2009 07:55:27 +0200 (CEST)
Received: from User (unknown [41.189.7.46]) by mail.yahorng.com.cn (Postfix) with ESMTP id 4446F30E1EB4; Sat, 18 Apr 2009 03:31:33 +0800 (HKT)
IP: 41.189.7.46 ---> SWIFT NETWORKS LTD, Nigeria
Post geht an:
oscarbennnpc [at] gmail.com
nnpc_adminofficexb [at] hotmail.com
Muguphon: +234-803 352 8864 ---> MTN, Nigeria
Received: from blu0-omc3-s8.blu0.hotmail.com (blu0-omc3-s8.blu0.hotmail.com [65.55.116.83]) by xxxxx (Postfix) with ESMTP id 7FFFF789B35F for xxxxx; Sat, 18 Apr 2009 18:20:23 +0200 (CEST)
Received: from BLU134-W4 ([65.55.116.72]) by blu0-omc3-s8.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 18 Apr 2009 09:20:23 -0700
X-Originating-IP: [41.203.229.56] ---> ONATEL, BF
Post geht an:
dedear_shtiwe.x75 [at] msn.com
dedear_shtiwe [at] sify.com
Muguphon: 0022676634733 ---> Celtel Burkina Faso S.A.
Received: from ironport-smtp01.maxnet.net.nz (ironport-smtp01.maxnet.net.nz [123.100.71.100]) by xxxxx (Postfix) with ESMTP id D75EC789B353 for xxxxx; Sat, 18 Apr 2009 18:14:41 +0200 (CEST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result:
At01AFaW6UlX0uyp/2dsb2JhbACBLYs/gj6FP4JNhXyeQgeRE4N9BoVhAQ
X-IronPort-AV: E=Sophos;i="4.40,210,1238932800";
d="txt'?scan'208";a="117882903"
Received: from smtp02.maxnet.net.nz ([123.100.71.111]) by ironport-smtp01.maxnet.net.nz with ESMTP; 19 Apr 2009 04:00:08 +1200
Received: from User (ip169-236-210-87.adsl2.static.versatel.nl
[87.210.236.169]) by smtp02.maxnet.net.nz (Postfix) with ESMTPA id 9633E6BCC1; Sun, 19 Apr 2009 03:59:48 +1200 (NZST)
Warum verwirft Ironport so etwas nicht, schliesslich sind die doch der Eigentümer von Spamcop....
Post geht an:
accountofficier [at] yahoo.com.hk
hsbyonggi58 [at] yahoo.com.hk
Received: from fep07.mfe.bur.connect.com.au (fep07.mfe.bur.connect.com.au [203.63.86.27]) by xxxxx (Postfix) with ESMTP id 0F4C2789B359 for xxxxx; Sat, 18 Apr 2009 21:35:02 +0200 (CEST)
Received: from User (unknown [41.210.44.103]) (Authenticated sender: songsparra [at] aapt.net.au) by fep07.mfe.bur.connect.com.au (Postfix) with ESMTP id 75A0CF4F2; Sun, 19 Apr 2009 04:58:59 +1000 (EST)
IP: 41.210.44.103 ---> Ghana Telecom ADSL DYNAMIC
Post geht an:
songsparra [at] aapt.net.au
ffrancismr [at] gmail.com
fmills111 [at] gmail.com
Hier der Mugu, der direkt in der korrupten Telco sitzt und Beschwerden per Autoresponder mit weiterem 419 Spam beantwortet:
Received: from smxhq901.ghanatel.com.gh (EHLO smxhq901.ghanatel.com.gh)
[80.87.64.5] by mx0.gmx.net (mx030) with SMTP; 18 Apr 2009 21:45:27 +0200
Received: from mnfodzo by smxhq901.ghanatel.com.gh with local (Exim 4.69) (envelope-from <mnfodzo [at] smxhq901.ghanatel.com.gh>) id 1LvGZv-0002Ph-3n for xxxxx; Sat, 18 Apr 2009 19:51:55 +0000
Möge ihm reichlich Post zuteil werden:
mnfodzo [at] smxhq901.ghanatel.com.gh
mnfodzo [at] ghanatel.net
mnfodzo [at] ghanatel.com.gh
katemarcus [at] luckymail.com
johnwhitechambers20008 [at] gmail.com
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by xxxxx (Postfix) with SMTP id 113657896836 for xxxxx; Sun, 19 Apr 2009 01:44:16 +0200 (CEST)
Received: from unknown (EHLO User) [196.3.183.73] by mail.gmx.net (mp062) with SMTP; 19 Apr 2009 01:43:37 +0200
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
fincen [at] gmx.de
atmdepartmen [at] googlemail.com
Muguphon: +234-805-724-7374 ---> Globacom, Nigeria
+234-803-359-4284 ---> MTN, Nigeria
Received: from SMTP2.woosh.co.nz (smtp2.woosh.co.nz [202.74.207.41]) by xxxxx (Postfix) with ESMTP id BCF53789A707 for xxxxx; Sun, 19 Apr 2009 04:57:20 +0200 (CEST)
Received: from localhost ([127.0.0.1]) by SMTP2.woosh.co.nz with esmtp (Exim 4.69) (envelope-from <isabelj [at] woosh.co.nz>) id 1LvLKp-0005Gm-1f; Sun, 19 Apr 2009 12:56:39 +1200
Post geht an:
isabelj [at] woosh.co.nz
perry.rice37 [at] gmail.com
Received: from loco.helderhosting.nl (unknown [82.94.236.173]) by xxxxx (Postfix) with ESMTP id DEB71789AD10 for xxxxx; Sun, 19 Apr 2009 13:29:10 +0200 (CEST)
Received: from User (unknown [82.128.33.169]) by loco (Postfix) with ESMTP id 99F6F6D6A82; Sat, 18 Apr 2009 20:43:57 +0200 (CEST)
IP: 82.128.33.169 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
donald.heightt [at] gmail.com
Und natürlich der Dauer-Mugu:
Received: from o2.pl (host124-244-dynamic.21-87-r.retail.telecomitalia.it [87.21.244.124]) by spammotel.com (Postfix) with SMTP id 210E313DCC for <ocxzibydbute [at] spammotel.com>; Fri, 17 Apr 2009 16:21:28 -0400 (EDT)
Received: from pc-kellynwanze ([127.0.0.1]) by pc-kellynwanze ([127.0.0.1]) with SMTPSVC; Fri, 17 Apr 2009 22:36:28 +0200
Post geht an:
edsn [at] o2.pl
- kjz
Weiter geht's:
Received: from mail07.syd.optusnet.com.au (mail07.syd.optusnet.com.au [211.29.132.188]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 009FF789B5B3 for xxxxx; Fri, 17 Apr 2009 14:19:01 +0200 (CEST)
Received: from User ([41.211.228.22]) (authenticated sender mjdhgfa) by mail07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n3HBx91Z008747; Fri, 17 Apr 2009 21:59:24 +1000
IP: 41.211.228.22 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
info1035683353 [at] googlemail.com
mjdhgfa [at] mail07.syd.optusnet.com.au
Muguphon:
+44 70359 46238 ---> Open Telecom International Ltd, UK
+44 70359 48155 ---> Open Telecom International Ltd., UK
+44 870 28 7323 ---> Nationwide Residential Ltd, UK
Received: from clumx0.bovalpo.com (unknown [216.241.16.124]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 46C1E789B13C for xxxxx; Mon, 20 Apr 2009 01:10:09 +0200 (CEST)
Received: from bovalpo.com (localhost [127.0.0.1]) by clumx0.bovalpo.com (Postfix) with ESMTP id CCDE1170018; Sun, 19 Apr 2009 06:12:09 -0400 (CLT)
Man beachte:
X-OriginatingIP: 81.199.180.93 (hortensia) ---> 81.199.180.93.satcom-systems.net (die Mugu-Freunde aus IL...)
Post geht an:
fedexcourierdispatchman001 [at] 8u8.com
emillyjackoju [at] googlemail.com
Received: from zinc.pathwaynet.com (zinc.pathwaynet.com [216.46.200.95]) by xxxxx (Postfix) with ESMTP id 336787896836 for xxxxx; Mon, 20 Apr 2009 02:02:58 +0200 (CEST)
Received: from tin.racksphere.net ([216.46.200.91] helo=webmail.pathwaynet.com) by zinc.pathwaynet.com with esmtp (Exim 4.69) id 1LvgFc-0009db-I2; Sun, 19 Apr 2009 19:16:40 -0400
Received: from 94.196.30.113 by webmail.pathwaynet.com with HTTP; Sun, 19 Apr 2009 19:16:40 -0400 (EDT)
IP: 94.196.30.113 ---> H3GUK
Post geht an:
mrpaul101 [at] pathwaynet.com
igbinosaexpuwuw92 [at] yahoo.com.hk
Und der Dauer-Mugu:
Received: from relay.cat.net.th (EHLO relay.cat.net.th) [202.129.27.148] by mx0.gmx.net (mx075) with SMTP; 20 Apr 2009 00:21:32 +0200
Received: from mail (unknown [61.19.225.165]) by relay.cat.net.th (Postfix) with SMTP id 484D322B74; Mon, 20 Apr 2009 05:23:53 +0700 (ICT)
Received: from localhost (mail.dbd.go.th [127.0.0.1]) by mail (Postfix) with ESMTP id 4E1D465FE5; Mon, 20 Apr 2009 05:19:56 +0700 (ICT)
X-Virus-Scanned: amavisd-new at dbd.go.th
Received: from mail ([127.0.0.1]) by localhost (mail.dbd.go.th [127.0.0.1]) (amavisd-new, port 10024) with LMTP id zOfK11UG7mCE; Mon, 20 Apr 2009 05:19:56 +0700 (ICT)
Received: from mail.dbd.go.th (mail.dbd.go.th [127.0.0.1]) by mail (Postfix) with ESMTP id 3F38E65FD1; Mon, 20 Apr 2009 05:19:51 +0700 (ICT)
Received: from 41.220.75.3 (OverLook authenticated user uthaisri [at] dbd.go.th) by mail.dbd.go.th with HTTP; Mon, 20 Apr 2009 05:19:54 +0700 (ICT)
IP: 41.220.75.3 ---> MTN Nigeria
Post geht an:
uthaisri [at] dbd.go.th
philmorgan35 [at] voila.fr
- kjz
frische Mugus:
Received: from bay0-omc1-s11.bay0.hotmail.com (bay0-omc1-s11.bay0.hotmail.com [65.54.246.83]) by xxxxx (Postfix) with ESMTP id 51789789B35E for xxxxx; Tue, 21 Apr 2009 01:30:34 +0200 (CEST)
Received: from BL2PRD0101HT006.prod.exchangelabs.com ([65.55.174.125]) by bay0-omc1-s11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 20 Apr 2009 16:30:33 -0700
Received: from BL2PRD0101MB005.prod.exchangelabs.com ([169.254.115.131]) by BL2PRD0101HT006.prod.exchangelabs.com ([169.254.106.40]) with mapi; Mon, 20 Apr 2009 16:30:19 -0700
Post geht an:
albertdicks23 [at] gmail.com
infoweb [at] bsumail.net
Received: from smtp1.dbmail.com (smtp1.dbmail.com [160.92.190.1]) by xxxxx (Postfix) with ESMTP id 14181789B755 for xxxxx; Tue, 21 Apr 2009 14:24:15 +0200 (CEST)
Received: from User (unknown [83.229.48.149]) by mwumf0221.dbmail.com (Postfix) with ESMTP id 43E30201146C; Tue, 21 Apr 2009 08:48:21 +0200 (CEST)
IP: 83.229.48.149 ---> SkyVision Network, Nigeria
Post geht an:
tmothymccrron [at] sify.com
timothymccrron [at] sify.com
Muguphon: +44-7035912785 ---> Open Telecom International Ltd., UK
- kjz
Noch einer:
Received: from mobile2.reifman-ness.com (unknown [213.8.87.61]) by xxxxx (Postfix) with ESMTP id EA3EC789B13C for xxxxx; Wed, 22 Apr 2009 00:59:10 +0200 (CEST)
Received: from User ([82.128.1.229]) by mobile2.reifman-ness.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 22 Apr 2009 01:42:56 +0200
IP: 82.128.1.229 ---> ml82.128.1.229.multilinks.com, Nigeria
Post geht an:
mrchris_thompson288 [at] yahoo.com.hk
transferdept2009 [at] gmail.com
Muguphon: +234-805-242-2044 ---> Globacom, Nigeria
Aus dem Quelltext der Mail:
reply me to my private email(mrchris_thompson288 [at] yahoo.con.hk)
So wird das aber nichts. Da hat der geldgeile Mugu wohl nur noch an Con Artist (Trickbetrüger) gedacht...
- kjz
Man müht sich weiter, vergeblich:
Received: from dns.dcjh.tnc.edu.tw (unknown [163.26.207.129]) by xxxxx (Postfix) with ESMTP id A8E69789B623 for xxxxx; Thu, 23 Apr 2009 01:42:25 +0200 (CEST)
Received: from localhost (dns [127.0.0.1]) by dns.dcjh.tnc.edu.tw (Postfix) with ESMTP id E9822B349B5; Sun, 19 Apr 2009 18:07:55 +0800 (CST)
Received: from dns.dcjh.tnc.edu.tw ([127.0.0.1]) by localhost (dns.dcjh.tnc.edu.tw [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16652-01; Sun, 19 Apr 2009 18:07:55 +0800 (CST)
Received: from mail.dcjh.tnc.edu.tw (dns [127.0.0.1]) by dns.dcjh.tnc.edu.tw (Postfix) with ESMTP id BFD8FB3497B; Sun, 19 Apr 2009 18:06:53 +0800 (CST)
Man beachte:
X-OriginatingIP: 81.199.180.93 (master) ---> 81.199.180.93.satcom-systems.net (die Mugu-Freunde aus IL)
Post geht an:
fedexcourierdispatchman101 [at] 8u8.com
info [at] mail.dcjh.tnc.edu.tw
Ein gecrackter Uni-Account:
Received: from stuowa.wpunj.edu (EHLO stuowa.wpunj.edu) [149.151.3.162] by mx0.gmx.net (mx020) with SMTP; 23 Apr 2009 02:44:32 +0200
Received: from venus.stu.campus.wpunj.edu ([149.151.3.161]) by stuowa.wpunj.edu with Microsoft SMTPSVC(6.0.3790.3959); Wed, 22 Apr 2009 20:44:31 -0400
Post geht an:
dropkinm [at] student.wpunj.edu
MSGCAMLOT [at] INFO.LT
Hier hat man schnell reagiert:
msgcamlot [at] info.lt mailbox was blocked 10 minutes ago.
Muguphon: +447024097528 ---> Magrathea Telecommunications Limited, UK
Received: from mailfe06.tele2.it (EHLO swip.net) [212.247.154.173] by mx0.gmx.net (mx106) with SMTP; 23 Apr 2009 01:16:05 +0200
X-Cloudmark-Score: 0.000000 []
X-Cloudmark-Analysis: v=1.0 c=1 a=tFFhgkS6GsJXE91dmF2FJg==:17
a=E3nZq7AFlISMroFgs00A:9 a=sDyyMjwh3__TyNRS72n7-Z08jgoA:4
Received: from [209.59.42.243] (account eu1678490 [at] tele2.it) by mailbe02.swip.net (CommuniGate Pro WEBUSER 5.2.13) with HTTP id 32100729; Thu, 23 Apr 2009 01:16:02 +0200
Post geht an:
jpoon_11 [at] yahoo.com.hk
eu1678490 [at] tele2.it
- kjz
Es strömt...
Received: from server.kamtec.com (kamtest.com [213.8.123.20]) by xxxxx (Postfix) with ESMTP id 7429B789B5A1 for xxxxx; Fri, 24 Apr 2009 16:45:36 +0200 (CEST)
Received: from User ([69.2.89.44] RDNS failed) by server.kamtec.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 24 Apr 2009 17:30:19 +0300
Post geht an:
sgtjamespeter.2002 [at] yahoo.com.hk
lise.gigante [at] orange.fr
Received: from smtp1.cybercity.dk (smtp1.cybercity.dk [212.242.43.251]) by xxxxx (Postfix) with ESMTP id 26C71789B2AD for xxxxx; Fri, 24 Apr 2009 17:24:08 +0200 (CEST)
Received: from user5.cybercity.dk (user5.cybercity.dk [212.242.41.51]) by smtp1.cybercity.dk (Postfix) with ESMTP id 4708E5868FF; Fri, 24 Apr 2009 17:24:05 +0200 (CEST)
Received: from glattrup.dk (0x55530405.adsl.cybercity.dk [85.83.4.5]) by user5.cybercity.dk (Postfix) with ESMTP id C773D62AA7; Fri, 24 Apr 2009 17:23:42 +0200 (CEST)
Received: from User ([41.242.228.221]) by glattrup.dk with SMTP (Code-Crafters Ability Mail Server 2.52); Fri, 24 Apr 2009 15:15:52 +0200
IP: 41.242.228.221 ---> dsl-242-228-221.telkomadsl.co.za
Post geht an:
giancarlo.piroddi [at] hotmail.com
barr.giancarlopiroddi [at] yahoo.co.uk
Muguphon: +44 702 409 3881 ---> Magrathea Telecommunications Limited, UK
Received: from j-server.jcom.dhs.org (59-126-10-193.HINET-IP.hinet.net [59.126.10.193]) by xxxxx (Postfix) with ESMTP id 92E9E789ACEE for xxxxx; Fri, 24 Apr 2009 23:09:41 +0200 (CEST)
Received: from User (authenticated bits=0) by j-server.jcom.dhs.org (8.12.8/8.12.7) with ESMTP id n3NB62cX022036; Thu, 23 Apr 2009 19:08:56 +0800
Post geht an:
peterjameh121 [at] googlemail.com
peterjameh11121 [at] googlemail.com
Received: from the-next-level.com (unknown [70.90.28.29]) by xxxxx (Postfix) with ESMTP id 378117800D62 for xxxxx; Sat, 25 Apr 2009 15:15:10 +0200 (CEST)
Received: from User ([41.217.2.8]) by the-next-level.com with Microsoft sMTPSVC(6.0.3790.3959); Sat, 25 Apr 2009 08:51:54 -0400
IP: 41.217.2.8 ---> ZOOM Mobile Nigeria Ltd
Post geht an:
capt.jwm [at] transfer-dept.com
capt.jerry [at] jerry-peterson.com
Received: from csmmail.com (csmmail.com [66.161.153.35]) by xxxxx (Postfix) with ESMTP id 858BE789AD8F for xxxxx; Sat, 25 Apr 2009 15:45:14 +0200 (CEST)
Received: from User [41.24.56.31] by csmmail.com with ESMTP (SMTPD-8.20) id AE680890; Thu, 16 Apr 2009 11:27:36 -0400
IP: 41.24.56.31 ---> vc-41-24-56-31.umts.vodacom.co.za
Post geht an:
gabamuyama4 [at] hotmail.co.uk
gabamuyama2009 [at] hotmail.co.uk
Received: from hpsmtp-eml15.kpnxchange.com (hpsmtp-eml15.KPNXCHANGE.COM
[213.75.38.115]) by xxxxx (Postfix) with ESMTP id 58EB0789A996 for xxxxx; Sat, 25 Apr 2009 20:57:55 +0200 (CEST)
Received: from cpsmtp-he01.kpnxchange.com ([213.75.38.21]) by hpsmtp-eml15.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 25 Apr 2009 20:57:54 +0200
Received: from User ([222.35.91.208]) by cpsmtp-he01.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 25 Apr 2009 20:57:50 +0200
IP: 222.35.91.208 ---> CHINA RAILWAY TELECOMMUNICATIONS CENTER (Zombie)
Post geht an:
mr.maguanglu23 [at] yahoo.com.hk
mr.maguanglu [at] yahoo.com.hk
- kjz
Frische(?) Mugus im Angebot:
Received: from vsmtp6.jaring.my (vsmtp6.jaring.my [192.228.250.86]) by xxxxx (Postfix) with ESMTP id 9555B789A476 for xxxxx; Sat, 25 Apr 2009 21:39:51 +0200 (CEST)
Received: from localhost (localhost.jaring.my [127.0.0.1]) by vsmtp6.jaring.my (8.14.3/8.14.3) with ESMTP id n3PJa3Oh027181; Sun, 26 Apr 2009 03:36:03 +0800 (MYT) (envelope-from embassyattorney [at] narod.co.il)
X-Virus-Scanned: by JARING Malware Filters (jaring.my)
Received: from vsmtp6.jaring.my ([127.0.0.1]) by localhost (vsmtp6.jaring.my [127.0.0.1]) (amavisd-new, port 10024) with LMTP id b5FFZrAUbPGD; Sun, 26 Apr 2009 03:36:03 +0800 (MYT)
Received: from User ([41.216.44.43]) (authenticated bits=0) by vsmtp6.jaring.my (8.14.3/8.14.3) with ESMTP id n3PJZSkj027028; Sun, 26 Apr 2009 03:35:31 +0800 (MYT) (envelope-from embassyattorney [at] narod.co.il)
IP: 41.216.44.43 ---> Benin Telecoms SA
Post geht an:
embassyattorney [at] narod.co.il
finance-minister [at] live.fr
Received: from nlpi015.prodigy.net (nlpi015.sbcis.sbc.com [207.115.36.44]) by xxxxx (Postfix) with ESMTP id ED3D67800D4D for xxxxx; Sun, 26 Apr 2009 04:56:14 +0200 (CEST)
Received: from User (rrcs-67-52-19-82.west.biz.rr.com [67.52.19.82]) (authenticated bits=0) by nlpi015.prodigy.net (8.13.8 smtpauth/dk/map_regex/8.13.8) with ESMTP
id n3Q2tHDI031211; Sat, 25 Apr 2009 21:55:18 -0500
DomainKey-Signature: a=rsa-sha1; s=sbc01; d=prodigy.net; c=nofws; q=dns;
h=reply-to:from:subject:date:mime-version:content-type:
content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole;
b=GYSZ5ry7eRg+L+oiiI11kdtuPDxVuWF2FoVWYKFtJGHwUkR1iDw+bIM3hLyILrwJg
kZ9+bzuKa2V7PZ7tvJ92Q==
Post geht an:
infounicef [at] prodigy.net
agentjacole [at] aol.com
- kjz
Mugu Nr. 1 vom vorigen Post wieder, via Lücke bei Squirrelmail PHP:
Received: from ns56.tstt.net.tt (ns56.tstt.net.tt [196.3.132.56]) by xxxxx (Postfix) with ESMTP id 590B0789A476 for xxxxx; Sun, 26 Apr 2009 12:04:38 +0200 (CEST)
Received: from localhost (spam1.m.tstt.net.tt [192.168.1.56]) by ns56.tstt.net.tt (Postfix) with ESMTP id 0C65F13860; Sun, 26 Apr 2009 05:15:30 -0400 (AST)
Received: from ns56.tstt.net.tt ([127.0.0.1]) by localhost (ns56.tstt.net.tt [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09139-09; Sun, 26 Apr 2009 05:15:29 -0400 (AST)
Received: from ns46.tstt.net.tt (imap3.m.tstt.net.tt [192.168.1.46]) by ns56.tstt.net.tt (Postfix) with ESMTP id 0A1F81385D; Sun, 26 Apr 2009 05:15:29 -0400 (AST)
Received: from mailhost.tstt.net.tt (localhost.tstt.net.tt [127.0.0.1]) by ns46.tstt.net.tt (Postfix) with ESMTP id 4099DAAD2E7; Sun, 26 Apr 2009 05:16:29 -0400 (AST)
Received: from 41.216.44.43 (SquirrelMail authenticated user palmertobago) by ns46.tstt.net.tt with HTTP; Sun, 26 Apr 2009 05:16:29 -0400 (AST)
IP: 41.216.44.43 ---> Benin Telecoms SA
Post geht an:
embassyattorney [at] sify.com
finance_ministery [at] live.fr
- kjz
Nachschub:
Received: from m060.home.net.pl (HELO m060.home.net.pl) [62.129.253.60] by mx0.gmx.net (mx009) with SMTP; 27 Apr 2009 04:57:38 +0200
Received: from dhcp18195.myzipnet.com (HELO User)
(info.smarthousefilm [at] home@41.202.18.195) by m060.home.net.pl with SMTP; Sun, 26 Apr 2009 01:57:36 -0000
IP: 41.202.18.195 ---> Zipnet Wireless Broadband Dynamic Pool, Ghana
Post geht an:
georgenduka11 [at] naseej.com
ndukageorge683 [at] gmail.com
Muguphon: +233 24 888 6531 ---> Spacefon, Ghana/MTN Ghana
- kjz
Ein alter Bekannter:
Received: from clustersurf1.surfsterisp.com (clustersurf1.surfsterisp.com [202.124.144.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 1825C789B595 for xxxxx; Mon, 27 Apr 2009 21:16:47 +0200 (CEST)
Received: from netasia.net (www.netasia.net [202.124.144.9]) by clustersurf1.surfsterisp.com (8.14.3/8.14.3) with ESMTP id n3NBR93I022445; Thu, 23 Apr 2009 19:27:10 +0800
Man beachte:
X-OriginatingIP: 217.21.79.86 (lbp_araneta) ---> 217.21.79.86.satcom-systems.net (also wieder mit freundlicher Unterstützung der Mugu-Freunde in IL)
Post geht an:
chuleewong [at] yahoo.com.hk
infochu [at] mail.com
- kjz
Neuer Tag, neuer Mugu, aber wohl wieder mal gecracktes Squirrel-Mail:
Received: from server80.hosting2go.nl (server80.hosting2go.nl [83.137.194.112] (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTP id 2E8D1789B758 for xxxxx; Tue, 28 Apr 2009 15:19:08 +0200 (CEST)
Received: (qmail 7850 invoked by uid 48); 28 Apr 2009 08:48:54 +0200
Cc: recipient list not shown: ;
Received: from 62.140.137.157 (SquirrelMail authenticated user ladyjennybrooks [at] lambrech.nl) by webmail.lambrech.nl with HTTP; Tue, 28 Apr 2009 08:48:54 +0200 (CEST)
IP: 62.140.137.157 ---> Vodafone NL
Post geht an:
consultantreal [at] aol.com
jjbrooks002 [at] aol.com
ladyjennybrooks [at] lambrech.nl
consultantreal5 [at] aol.com
- kjz
Immer wieder frisch:
Received: from wasabi.serv15.eiu.edu (EHLO wasabi.serv15.eiu.edu) [139.67.15.46] by mx0.gmx.net (mx001) with SMTP; 29 Apr 2009 18:35:30 +0200
Received: from psyllium.serv15.eiu.edu (psyllium.serv15.eiu.edu [139.67.15.42]) by wasabi.serv15.eiu.edu (Postfix) with ESMTP id 33229FC02E5; Wed, 29 Apr 2009 11:17:21 -0500 (CDT)
Man beachte:
X-Originating-IP: [196.220.12.218] ---> 196-220-12-218.netcomng.com
Post geht an:
barrstevenrudolf2009 [at] hotmail.com
Da wurde wohl der Uni-Account gecrackt: pbailey [at] eiu.edu
- kjz
Mugus in Hülle und Fülle:
Received: from 105396-www1.ms-jd.org (105396-www1.ms-jd.org [72.32.186.133])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id E6CEE789A6C6
for xxxxx; Wed, 29 Apr 2009 03:32:03 +0200 (CEST)
Received: from 105396-www1.ms-jd.org (localhost [127.0.0.1])
by 105396-www1.ms-jd.org (8.13.1/8.13.1) with ESMTP id n3SMOkVx011423
for xxxxx; Tue, 28 Apr 2009 17:24:46 -0500
Received: (from apache [at] localhost)
by 105396-www1.ms-jd.org (8.13.1/8.13.1/Submit) id n3SMOkBR011404;
Tue, 28 Apr 2009 17:24:46 -0500
Post geht an:
suhatawilarafat01 [at] hotmail.com
suha.tawilarafat01 [at] gmail.com
Received: from server.onseg.com.br (EHLO server.onseg.com.br)
[200.215.49.58] by mx0.gmx.net (mx073) with SMTP; 29 Apr 2009 02:47:04 +0200
Received: from User (unknown [196.3.183.72])
by server.onseg.com.br (Postfix) with ESMTP id 7DCB91EE2E5;
Tue, 28 Apr 2009 22:06:45 -0300 (BRT)
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
profisazailani4 [at] yahoo.cn
Muguphon: +2347029744874 ---> Pank Shin, Nigeria
Received: from BCO002.local (unknown [85.17.132.201])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id B31D578A0136
for xxxxx; Wed, 29 Apr 2009 16:00:50 +0200 (CEST)
Received: from [78.138.22.178] (helo=User4)
by BCO002.local with esmtpa (Exim 4.67)
(envelope-from <info [at] nokia.co.uk>)
id 1Lyyb2-0004uF-5I; Wed, 29 Apr 2009 00:28:26 -0100
IP: 78.138.22.178 ---> Ipmath/Sky-Vision, Nigeria
Post geht an:
specialclaims1 [at] sify.com
specialclaims [at] sify.com
Muguphon: +44 7011 147741 ---> PNC Telecom Services Limited, UK
+44 7024 021 237 ---> Magrathea Telecommunications Limited, UK
+44 7005 921293 ---> PNC Telecom Services Limited, UK
Received: from bab.com.tw (hitobaby.com.tw [203.67.181.171])
by xxxxx (Postfix) with ESMTP id 01875789AE66
for xxxxx; Thu, 30 Apr 2009 03:21:31 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by bab.com.tw (Postfix) with SMTP id B96211116D48;
Tue, 28 Apr 2009 16:49:35 +0800 (CST)
Received: from User (unknown [41.191.85.209])
by bab.com.tw (Postfix) with ESMTP id 59C0CE43FC5;
Tue, 28 Apr 2009 16:47:11 +0800 (CST)
IP: 41.191.85.209 ---> MICRONET_CYBER, Benin
Post geht an:
fedexexpresser59 [at] sify.com
johneze5984 [at] yahoo.com
Received: from quimbaya.udea.edu.co (quimbaya.udea.edu.co [200.24.17.130])
by xxxxx (Postfix) with ESMTP id 08E11789AACC
for xxxxx; Thu, 30 Apr 2009 00:57:12 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by quimbaya.udea.edu.co (Postfix) with ESMTP id 116B97AC77;
Wed, 29 Apr 2009 17:24:31 -0500 (COT)
Received: from quimbaya.udea.edu.co ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id tJSVFu1e3y-v; Wed, 29 Apr 2009 17:24:30 -0500 (COT)
Received: from quimbaya.udea.edu.co (localhost [127.0.0.1])
by quimbaya.udea.edu.co (Postfix) with ESMTP id 6F3ED7A8BA;
Wed, 29 Apr 2009 17:24:30 -0500 (COT)
Man beachte:
X-OriginatingIP: 81.199.41.228 (cafima) ---> 81.199.41.228.satcom-systems.net (die Mugu-Freunde aus IL)
Post geht an:
bolajifestus [at] w.cn
cafima [at] quimbaya.udea.edu.co
Received: from pasdc2.domain.lvprinceton.com
(wsip-24-234-53-132.lv.lv.cox.net [24.234.53.132])
by xxxxx (Postfix) with ESMTP id 6E288789AE55
for xxxxx; Thu, 30 Apr 2009 06:46:37 +0200 (CEST)
Received: from User ([82.128.46.200]) by pasdc2.domain.lvprinceton.com
with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 29 Apr 2009 21:31:27 -0700
IP: 82.128.46.200 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
prtaddy [at] gmail.com
faxcomfirmation [at] yahoo.com
Received: from smtp1.nm2.naver.com (a51506.naver.com [114.111.32.200])
by xxxxx (Postfix) with ESMTP id D2705789B359
for xxxxx; Thu, 30 Apr 2009 05:40:05 +0200 (CEST)
Received: from [41.207.17.33] ([41.207.17.33])
by smtp1.nm2.naver.com ([202.131.27.94])
with ESMTP id 2009043012:28:13:927991.1055.55327648;
Thu, 30 Apr 2009 12:27:48 +0900 (KST)
IP: 41.207.17.33 ---> AVISONET, CI
Post geht an:
miss_linaeffong [at] live.fr
Received: from 42.7e.5546.static.theplanet.com (EHLO
webmail.thelowertowngroup.com) [70.85.126.66]
by mx0.gmx.net (mx099) with SMTP; 30 Apr 2009 14:35:53 +0200
Received: from c-69-136-100-156.hsd1.nj.comcast.net [69.136.100.156] by
webmail.thelowertowngroup.com with SMTP;
Thu, 30 Apr 2009 07:17:25 -0500
Post geht an:
drmondaysuleman1 [at] sify.com
drmondaysulemn1 [at] sify.com
Muguphon: +234-808-134-2286 ---> Vmobile, Nigeria/Zain
- kjz
Naaaachschuuuub:
Received: from kchs-dc-ex.kchs.local (mail.kolbecaths.org [24.187.226.2])
by xxxxx (Postfix) with ESMTP id D2D54789B776
for xxxxx; Thu, 30 Apr 2009 19:49:24 +0200 (CEST)
Received: from User ([82.128.32.53]) by kchs-dc-ex.kchs.local with
Microsoft SMTPSVC(6.0.3790.3959);
Thu, 30 Apr 2009 13:36:11 -0400
IP: 82.128.32.53 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
johnmorgan512 [at] gmail.com
info.gg [at] live.com
- kjz
Immer wieder frisch aufs Tableau:
Received: from mail.regionmoquegua.gob.pe (unknown [200.60.124.131])
by xxxxx (Postfix) with ESMTP id 3D155789AA52
for xxxxx; Fri, 1 May 2009 00:03:51 +0200 (CEST)
Received: from www.regionmoquegua.gob.pe (localhost.localdomain [127.0.0.1])
by mail.regionmoquegua.gob.pe (Postfix) with ESMTP id E602A6E1754;
Sun, 26 Apr 2009 20:51:21 -0500 (PET)
Received: from 82.128.27.188 (proxying for 82.128.27.188)
(SquirrelMail authenticated user presidencia)
by www.regionmoquegua.gob.pe with HTTP;
Sun, 26 Apr 2009 20:51:22 -0500 (PET)
IP: 82.128.27.188 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
paulwilson200999 [at] yahoo.com.hk
Received: from mx2.africaonline.co.ke (mx2.africaonline.co.ke [41.207.64.8])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 6808C789AA43
for xxxxx; Fri, 1 May 2009 00:46:29 +0200 (CEST)
Received: from localhost ([127.0.0.1] helo=webmail.africaonline.co.ke)
by mx2.africaonline.co.ke with esmtp (Exim 4.63)
(envelope-from <fenandezcalton3 [at] ubbi.com>)
id 1LzaEd-0006Xy-Js; Thu, 30 Apr 2009 20:39:47 +0300
Received: from 196.3.182.250
(SquirrelMail authenticated user mario)
by webmail.africaonline.co.ke with HTTP;
Thu, 30 Apr 2009 20:39:47 +0300 (EAT)
IP: 196.3.182.250 ---> CTACCESS, Nigeria/Suburbantelecom
Post geht an:
fenandezcalton3 [at] ubbi.com
fenandezcalton123 [at] ubbi.com
mario [at] africaonline.co.ke
Muguphon:
+447035927678 ---> Open Telecom International Ltd., UK
+447031849909 ---> Magrathea Telecommunications Limited, UK
Hier eine 'Hitliste' der allerbesten Mugufreunde in UK:
http://www.data-wales.co.uk/nigerian.htm
Received: from MHSERVER.mosteller.local (unknown [70.91.104.145])
by xxxxx (Postfix) with ESMTP id 3C53C789B3A0
for xxxxx; Thu, 30 Apr 2009 21:48:54 +0200 (CEST)
Received: from User ([41.223.249.55]) by MHSERVER.mosteller.local with
Microsoft SMTPSVC(6.0.3790.1830);
Thu, 30 Apr 2009 14:23:43 -0500
IP: 41.223.249.55 ---> Omnium des Telecommunications et de l'Internet Benin
Post geht an:
atm_card_register_center [at] arquitecto.com
MR.RICHARDPIERCDE1 [at] YAHOO.COM
Received: from webmail-01.mozcom.com (webmail.mozcom.com [202.47.132.20])
by xxxxx (Postfix) with ESMTP id AD4A2789B2B8
for xxxxx; Thu, 30 Apr 2009 23:40:53 +0200 (CEST)
Received: from localhost (unknown [127.0.0.1])
by webmail-01.mozcom.com (Postfix) with ESMTP id C6E62151ACE;
Thu, 30 Apr 2009 20:20:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mozcom.com
Received: from webmail-01.mozcom.com ([127.0.0.1])
by localhost (webmail-01.mozcom.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id F69TWUy9ppzb; Fri, 1 May 2009 04:20:44 +0800 (PHT)
Received: from webmail.mozcom.com (localhost.localdomain [127.0.0.1])
by webmail-01.mozcom.com (Postfix) with ESMTP id 0D9331519AD;
Fri, 1 May 2009 04:20:37 +0800 (PHT)
Received: from 216.12.165.82
(SquirrelMail authenticated user dcaci)
by webmail.mozcom.com with HTTP;
Fri, 1 May 2009 04:20:37 +0800 (PHT)
Post geht an:
westernu62 [at] yahoo.com.hk
wunionmonday [at] live.com
dcaci [at] mozcom.com
Received: from mail.egasa.com.pe (mail.egasa.com.pe [200.60.54.230])
by xxxxx (Postfix) with ESMTP id 45436789B60C
for xxxxx; Fri, 1 May 2009 10:49:37 +0200 (CEST)
Received: by mail.egasa.com.pe (Postfix, from userid 48)
id AF8B6E8D450; Fri, 1 May 2009 03:12:23 -0500 (PET)
Received: from 192.168.1.1 ([192.168.1.1]) by mail.egasa.com.pe (Horde
Framework) with HTTP; Fri, 01 May 2009 03:12:22 -0500
Post geht an:
songlile_online [at] yahoo.com.hk
lilemr.song27 [at] yahoo.com.hk
- kjz
Das Wochenende macht die Mugus munter:
direkt zweimal:
Received: from iesaccsm04.iesa.edu.ve (mail1.iesa.edu.ve [200.11.202.170])
by xxxxx (Postfix) with ESMTP id 00C1A789B5CF
for xxxxx; Fri, 1 May 2009 22:17:28 +0200 (CEST)
Received: from iesaccsm04.iesa.edu.ve (mail1.iesa.edu.ve [200.11.202.170])
by xxxxx (Postfix) with ESMTP id D9FCE789B255
for xxxxx; Fri, 1 May 2009 22:17:29 +0200 (CEST)
Post geht an:
Eventos [at] iesa.edu.ve
citylink.customerservice002 [at] gmail.com
Muguphon: +(234)806-488-5144 ---> MTN, Nigeria
Received: from mail-gx0-f174.google.com (mail-gx0-f174.google.com
[209.85.217.174])
by xxxxx (Postfix) with ESMTP id A5DFE789B244
for xxxxx; Sat, 2 May 2009 04:45:33 +0200 (CEST)
Received: by gxk22 with SMTP id 22so527150gxk.6
for xxxxx; Fri, 01 May 2009 19:45:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.143.17 with SMTP id q17mt12226056and.114.1241232266526;
Fri, 01 May 2009 19:44:26 -0700 (PDT)
Post geht an:
yusufupet [at] vodafone.it
westeruniontransfer.dept44 [at] live.fr
Muguphon: +229-989-50-263 ---> Benin
Received: from blu0-omc3-s23.blu0.hotmail.com
(blu0-omc3-s23.blu0.hotmail.com [65.55.116.98])
by xxxxx (Postfix) with ESMTP id 0FBDD7800D51
for xxxxx; Sat, 2 May 2009 11:51:38 +0200 (CEST)
Received: from BLU125-W40 ([65.55.116.73]) by
blu0-omc3-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sat, 2 May 2009 02:51:38 -0700
Man beachte:
X-Originating-IP: [41.208.50.176] ---> gprs02.rb.mtnns.net, ZA
Post geht an:
infor.sfo [at] gmail.com
mtn678766877 [at] msn.com
Received: from mail.reacciun.ve (neblina.reacciun.ve [150.188.4.200])
by xxxxx (Postfix) with ESMTP id E6C867800D51
for xxxxx; Sat, 2 May 2009 17:55:35 +0200 (CEST)
Received: from reacciun.ve (localhost [127.0.0.1])
by mail.reacciun.ve (Postfix) with ESMTP
id 71D0F26E0; Sat, 2 May 2009 10:31:04 -0430 (VET)
Man beachte:
X-OriginatingIP: 87.118.104.203 (lreina) ---> ns.gpftor4.privacyfoundation.de/Keyweb.de
Post geht an:
mr.smithtailor [at] live.com
Muguphon: +4470-3590-9663 ---> Open Telecom International Ltd., UK
Received: from blu0-omc2-s5.blu0.hotmail.com
(blu0-omc2-s5.blu0.hotmail.com [65.55.111.80])
by xxxxx (Postfix) with ESMTP id DE90B789A9F2
for xxxxx; Sat, 2 May 2009 20:11:21 +0200 (CEST)
Received: from BLU121-W10 ([65.55.111.71]) by
blu0-omc2-s5.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sat, 2 May 2009 11:11:21 -0700
Man beachte:
X-Originating-IP: [41.26.223.159] ---> vc-41-26-223-159.umts.vodacom.co.za
Post geht an:
prince.j3 [at] msn.com
Prince.jabulani [at] gmail.com
Muguphon: +27 766 783 306 ---> Vodacom, ZA
Received: from mail.goldenarrow.sd (mail.goldenarrow.sd [196.29.169.132])
by xxxxx (Postfix) with ESMTP id 279887800D49
for xxxxx; Sat, 2 May 2009 19:50:57 +0200 (CEST)
Received: from User ([41.210.45.68]) by mail.goldenarrow.sd with
Microsoft SMTPSVC(6.0.3790.3959);
Sat, 2 May 2009 20:37:29 +0300
IP: 41.210.45.68 ---> Ghana Telecom ADSL
Post geht an:
mrlucaskwame [at] live.com
mr.lucaskwame_icb [at] live.com
- kjz
Die IP hatten wir schon mal weiter oben....
Received: from clumx0.bovalpo.com (unknown [216.241.16.124])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 24020789B3B7
for xxxxx; Mon, 4 May 2009 15:05:05 +0200 (CEST)
Received: from bovalpo.com (localhost [127.0.0.1])
by clumx0.bovalpo.com (Postfix) with ESMTP id 802BF1405FC;
Thu, 30 Apr 2009 08:28:57 -0400 (CLT)
Man beachte:
X-OriginatingIP: 196.3.182.250 (hortensia) ---> CTAccess/Suburbantelecom, Nigeria
Post geht an:
teohzabedahoffice [at] googlemail.com
head_ofcommittee [at] live.com
-kjz
Noch ein Mugu:
Received: from mail.who.org.tw (mail.who.org.tw [60.250.14.3])
by xxxxx (Postfix) with ESMTP id 63D09789B758
for xxxxx; Tue, 5 May 2009 20:35:13 +0200 (CEST)
Received: from User ([41.189.7.46])
by mail.who.org.tw (XlXXXXXAXX) with ASMTP id T4100382;
Fri, 01 May 2009 22:52:20 +0800
IP: 41.189.7.46 ---> SWIFT NETWORKS LTD, Nigeria
Post geht an:
revdennispeter009 [at] gmail.com
Muguphon: +234-803-269-8488 ---> Nigeria
- kjz
Katherine ist wieder da.....
Received: from chinapress.com.my ([210.187.118.150])
by mx.kundenserver.de (node=mxbap0) with ESMTP (Nemesis)
id 0MKreC-1M1pQe1TxV-000QCz ; Thu, 07 May 2009 00:17:29 +0200
Received: from ([10.10.10.18])
by ironmail-s100.chinapress.com.my with SMTP id 4440105.12181808;
Wed, 06 May 2009 22:26:49 +0800
Received: from [10.10.10.100] (HELO chinapress.com.my)
by chinapress.com.my (CommuniGate Pro SMTP 4.1.8)
with ESMTP-TLS id 3374040; Wed, 06 May 2009 22:11:57 +0800
Received: from ([41.207.0.198])
by ironmail-s100.chinapress.com.my with ESMTP id 4440105.12179609;
Wed, 06 May 2009 22:20:34 +0800
IP: 41.207.0.198 ---> host-41-207-0-198.afnet.net, CI
Post geht an:
katrine114 [at] yahoo.com
katrine114 [at] yahoo.co.jp
- kjz
Es ist Wochenende, die Abuse-Desks sind nicht besetzt, und alle Mugu-Boyz klettern aus ihren Löchern....
Received: from smtp28.orange.fr (smtp28.orange.fr [80.12.242.101])
by xxxxx (Postfix) with ESMTP id E8E1D789B5E4
for xxxxx; Fri, 8 May 2009 15:22:23 +0200 (CEST)
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf2827.orange.fr (SMTP Server) with ESMTP id 5C95D80000B5;
Fri, 8 May 2009 15:22:23 +0200 (CEST)
Received: from lazard-sa.com
(LNeuilly-152-22-6-117.w193-251.abo.wanadoo.fr [193.251.5.117])
by mwinf2827.orange.fr (SMTP Server) with ESMTP id 09BD280000AC;
Fri, 8 May 2009 15:22:22 +0200 (CEST)
X-ME-UUID: 20090508132223400.09BD280000AC [at] mwinf2827.orange.fr
Received: from User ([82.128.27.13]) by lazard-sa.com with Microsoft
SMTPSVC(6.0.3790.3959);
Fri, 8 May 2009 15:22:18 +0200
IP: 82.128.27.13 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
akchiedu [at] yahoo.com.hk
Received: from bab.com.tw (hitobaby.com.tw [203.67.181.171])
by xxxxx (Postfix) with ESMTP id 54343789B013
for xxxxx; Sat, 9 May 2009 11:07:36 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by bab.com.tw (Postfix) with SMTP id 599E73A360E;
Sat, 9 May 2009 02:06:21 +0800 (CST)
Received: from User (unknown [213.137.131.252])
by bab.com.tw (Postfix) with ESMTP id F3CE93AA0CA;
Sat, 9 May 2009 02:04:33 +0800 (CST)
IP: 213.137.131.252 ---> Mediterranean Network NOC, MC
Post geht an:
westernunion.department87 [at] yahoo.com
benj_aka58 [at] ymail.com
Muguphone: +229-98-060-144 ---> Benin
Received: from smtp21.orange.fr (smtp21.orange.fr [80.12.242.49])
by deliver.uni-koblenz.de (Postfix) with ESMTP id 8895C7800D62
for <kziegler [at] uni-koblenz.de>; Sat, 9 May 2009 07:16:30 +0200 (CEST)
Received: from User (unknown [83.231.42.31])
by mwinf2121.orange.fr (SMTP Server) with ESMTP id 43C501C00089;
Sat, 9 May 2009 07:16:12 +0200 (CEST)
Post geht an:
bar.oetroperez [at] gmail.com
perezjoseabogados [at] gmail.com
perezjoabogados [at] aol.es
Received: from aurinko1.kotinet.com (mailout.kotinet.com [212.50.215.75])
by xxxxx(Postfix) with ESMTP id 5CB34789B163
for xxxxx; Sat, 9 May 2009 16:02:54 +0200 (CEST)
Received: from webmail2.kotinet.com ([212.50.215.19])
by mailstore.kotinet.com (Sun Java System Messaging Server 6.2-7.05
(built Sep
5 2006)) with ESMTP id <0KJD0071DNB5UFC0 [at] mailstore.kotinet.com> for
xxxxx; Sat, 09 May 2009 15:42:42 +0300 (EEST)
Received: from 80.80.111.133 (proxying for 213.255.201.26)
(SquirrelMail authenticated user tuntis) by webmail2.kotinet.com with HTTP;
Sat, 09 May 2009 15:53:20 +0300 (EEST)
IP: 213.255.201.26 ---> SkyVision Holdings Ltd.
Post geht an:
mr.songlile76 [at] yahoo.com.hk
Muguphone: +852-367-86701 ---> Wharf T&T Ltd, HK
Received: from out01.mta.xmission.com (out01.mta.xmission.com
[166.70.13.231])
by xxxxx (Postfix) with ESMTP id 51DC3789B89C
for xxxxx; Sat, 9 May 2009 15:25:10 +0200 (CEST)
Received: from in02.mta.xmission.com ([166.70.13.52])
by out01.mta.xmission.com with esmtp (Exim 4.62)
(envelope-from <ils [at] ils.net>)
id 1M2mXW-0001Vd-7G; Sat, 09 May 2009 07:24:30 -0600
Received: from webmail.xmission.com ([198.60.22.199])
by in02.mta.xmission.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <ils [at] ils.net>)
id 1M2mXG-0007T0-3h; Sat, 09 May 2009 07:24:14 -0600
Received: from www-data by webmail.xmission.com with local (Exim 4.60)
(envelope-from <ils [at] ils.net>)
id 1M2mXE-0006hS-1i; Sat, 09 May 2009 07:24:12 -0600
Received: from 196.3.182.250 ([196.3.182.250]) by webmail.xmission.com
(Horde MIME library) with HTTP; Sat, 09 May 2009 07:24:00 -0600
IP: 196.3.182.250 ---> CTAccess/Suburbantelecom, Nigeria (man merke sich diese IP....)
Post geht an:
verifications-1 [at] live.com
Received: from mail1-a.speednet.com.au (mail.speednet.com.au
[202.68.164.185])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 1CDB67800D49
for xxxxxx; Sat, 9 May 2009 18:52:13 +0200 (CEST)
Received: from mail.speednet.com.au (mail1-a.speednet.com.au [127.0.0.1])
by mail1-a.speednet.com.au (8.13.7/8.13.7) with ESMTP id n49GMi1A024260;
Sun, 10 May 2009 02:22:44 +1000
Received: from 196.3.182.250
(SquirrelMail authenticated user rkangel)
by mail.speednet.com.au with HTTP;
Sat, 9 May 2009 17:23:55 +0100
Man staune: 196.3.182.250 ---> CTAccess/Suburbantelecom, Nigeria
Post geht an:
creditunitsection [at] live.com
credittunittsecttion1 [at] gmail.com
Received: from mailscan.toplisinc.com (unknown [202.57.75.204])
by xxxxx (Postfix) with ESMTP id 7D5FF789B35F
for xxxxx; Sat, 9 May 2009 19:45:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mailscan.toplisinc.com (Postfix) with ESMTP
id 50DEAE9D3A; Sat, 9 May 2009 09:58:40 +0800 (PHT)
Received: from User (unknown [82.128.26.106])
by mailscan.toplisinc.com (Postfix) with ESMTP
id D7708EA213; Thu, 7 May 2009 21:05:28 +0800 (PHT)
IP: 82.128.26.106 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
maduka0008 [at] gmail.com
- kjz
Sagte ich nicht schon, dass am Wochenende alle Mugu-Boyz aus den Löchern kriechen....
Received: from server1.12buzz.com (server1.12buzz.com [76.74.154.6])
by xxxxx (Postfix) with ESMTP id 149F1789B3BB
for xxxxx; Sun, 10 May 2009 02:18:33 +0200 (CEST)
Received: from mail.siltstop.com ([69.2.89.44] helo=User)
by server1.12buzz.com with esmtpa (Exim 4.63)
(envelope-from <diplomat80 [at] optimum.net>)
id 1M2UlQ-0002ZX-F0; Fri, 08 May 2009 18:25:40 +0000
Post geht an:
transferunit_department [at] yahoo.co.jp
diplomat80 [at] optimum.net
Received: from mail1-a.speednet.com.au (mail.speednet.com.au
[202.68.164.185])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxx (Postfix) with ESMTP id 78A7578000D0
for xxxxx; Sat, 9 May 2009 23:52:08 +0200 (CEST)
Received: from mail.speednet.com.au (mail1-a.speednet.com.au [127.0.0.1])
by mail1-a.speednet.com.au (8.13.7/8.13.7) with ESMTP id n49GFQxd023963;
Sun, 10 May 2009 02:15:26 +1000
Received: from 196.3.182.250
(SquirrelMail authenticated user rkangel)
by mail.speednet.com.au with HTTP;
Sat, 9 May 2009 17:17:16 +0100 (BST)
Jetzt staunt man wohl nicht mehr: 196.3.182.250 ---> CTAccess/Suburbantelecom, Nigeria
http://196.3.182.250
Spamhaus sagt dazu:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL75515
Post geht an:
creditunitsection [at] live.com
credittunittsecttion1 [at] gmail.com
Received: from web2.allcom.net (web2.allcom.net [64.85.136.170])
by xxxxx (Postfix) with ESMTP id 407D9789ADFE
for xxxxx; Sat, 9 May 2009 23:16:04 +0200 (CEST)
Received: by web2.allcom.net (Postfix, from userid 30)
id 75A1C59026; Sat, 9 May 2009 16:32:34 -0400 (EDT)
Received: from 41.217.2.7 ([41.217.2.7]) by webmail.altelco.net (Horde MIME
library) with HTTP; Sat, 9 May 2009 16:32:33 -0400
IP: 41.217.2.7 ---> ZOOM Mobile Nigeria Ltd
Post geht an:
applicant.process [at] jmail.co.za
maxwellbrown [at] live.com
Received: from quangninh.gov.vn (unknown [222.255.28.210])
by xxxxx (Postfix) with ESMTP id A345B789A6CE
for xxxxx; Sat, 9 May 2009 22:57:58 +0200 (CEST)
Received: from User ([82.128.32.90] RDNS failed) by quangninh.gov.vn
with Microsoft SMTPSVC(6.0.3790.2825);
Sun, 10 May 2009 03:44:20 +0700
IP: 82.128.32.90 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
fredallen [at] live.co.uk
fmbsmsg [at] live.co.uk
Received: from mensagens.al.mt.gov.br (unknown [200.252.51.133])
by xxxxx (Postfix) with ESMTP id F39AC789AE66
for xxxxx; Sun, 10 May 2009 10:59:23 +0200 (CEST)
Received: by mensagens.al.mt.gov.br (Postfix, from userid 48)
id 372741EE8D; Sat, 9 May 2009 10:51:29 +0000 (UTC)
Received: from 203.121.51.53 ([203.121.51.53]) by webmail.al.mt.gov.br
(Horde MIME library) with HTTP; Sat, 9 May 2009 06:51:26 -0400
IP: 203.121.51.53 ---> TIME Telecommunications, MY
Post geht an:
andrbrown110 [at] yahoo.co.jp
Received: from smtp-s4.menara.ma (smtp2.menara.ma [81.192.53.76])
by xxxxx (Postfix) with ESMTP id BBA9C789B15A
for xxxxx; Sun, 10 May 2009 02:10:33 +0200 (CEST)
X-AuditID: c0a80a48-ab0ebbb00000285c-15-4a060d4ccb1d
Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma
[196.217.246.112])
by smtp-s4.menara.ma (Menara) with ESMTP id 68A234DC009;
Sat, 9 May 2009 23:10:04 +0000 (WET)
Received: from EXVS11.menara.local ([192.168.5.41]) by
winfesmtp3.menara.local with Microsoft SMTPSVC(6.0.3790.1830);
Sat, 9 May 2009 23:42:56 +0000
Post geht an:
peter.juel [at] menara.ma
mrsblssing [at] hotmail.com
bm_1962 [at] ibibo.com
Muguphone: +229-9728-0821 ---> Benin
Received: from CHAMBERSERVER.ChemungChamber.local
(rrcs-24-97-80-202.nys.biz.rr.com [24.97.80.202])
by xxxxx (Postfix) with ESMTP id 32FFE789B028
for xxxxx; Sun, 10 May 2009 02:12:26 +0200 (CEST)
Received: from User ([82.128.26.175]) by
CHAMBERSERVER.ChemungChamber.local with Microsoft SMTPSVC(6.0.3790.3959);
Sat, 9 May 2009 19:59:18 -0400
IP: 82.128.26.175 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
joshppp1111 [at] live.com
johnchela [at] live.com
- kjz
Mugu-Nachschub:
Received: from lgpc.state.ny.us (lgpcsrvr.lgpc.state.ny.us [24.97.168.180])
by xxxxx (Postfix) with ESMTP id A3073789B360
for xxxxx; Fri, 8 May 2009 05:14:43 +0200 (CEST)
Received: from User ([82.128.26.85]) by lgpc.state.ny.us with Microsoft
SMTPSVC(6.0.3790.3959);
Thu, 7 May 2009 20:42:29 -0400
IP: 82.128.26.85 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
georgekoffi47 [at] gmail.com
koffi116 [at] gmail.com
Received: from smtpgate01.nexlink.ch (smtpgate01.nexlink.ch [80.86.198.161])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxx (Postfix) with ESMTP id ACA55789C29E
for xxxxx; Mon, 11 May 2009 12:50:16 +0200 (CEST)
Received: from [41.221.167.42] (helo=User)
by mail04.nexlink.ch with esmtpa (Exim 4.69)
(envelope-from <payment [at] info.org>)
id 1M3T55-0003tN-Lu; Mon, 11 May 2009 12:50:05 +0200
IP: 41.221.167.42 ---> SWIFT NETWORKS, Nigeria
Besonders niedlich ist der Betreff:
Subject: Your Fund Approved for Payment - (Not Spam)
Tja, wenn das kein Spam ist, dann bin ich Charles Soludo...
Post geht an:
mrdalemicheal [at] gmail.com
- kjz
Und hier haben wir wieder den Mugu-Provider, der alle Beschwerden mit dem Senden von weiteren Spams beantwortet:
Received: from smtpgate01.nexlink.ch (smtpgate01.nexlink.ch [80.86.198.161])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 3B3DF789B5F5
for xxxxx; Mon, 11 May 2009 17:00:29 +0200 (CEST)
Received: from [41.221.167.42] (helo=User)
by mail05.nexlink.ch with esmtpa (Exim 4.69)
(envelope-from <info [at] lmb.com>)
id 1M3WzK-0006WQ-Ne; Mon, 11 May 2009 17:00:19 +0200
IP: 41.221.167.42 ---> Swift Networks Ltd., Nigeria
Über viiieeel Post freut sich sicherlich:
goyeyemi [at] swiftng.com
- kjz
Es geht wieder los:
Received: from w3.lookwhois.com (w3.lookwhois.com [209.132.247.213])
by xxxxx (Postfix) with ESMTP id B504D789B5FA
for xxxxx; Tue, 12 May 2009 00:23:37 +0200 (CEST)
MIME-Version: 1.0
Date: Sat, 9 May 2009 18:38:08 -0700
Received: from [62.56.132.2] by w3.lookwhois.com via HTTP; Sat, 9 May
2009 18:38:05 -0700
IP: 62.56.132.2 ---> 62.56.132.2.satcom-systems.net (die Mugufreunde aus IL)
Post geht an:
nationaltrustp [at] aim.com
Received: from smtp2a.orange.fr (smtp2a.orange.fr [80.12.242.139])
by xxxxx (Postfix) with ESMTP id 0B514789C269
for xxxxx; Tue, 12 May 2009 08:45:01 +0200 (CEST)
Received: from User (AToulouse-252-1-63-42.w83-200.abo.wanadoo.fr
[83.200.223.42])
by mwinf2a06.orange.fr (SMTP Server) with ESMTP id D7E8F70000A6;
Tue, 12 May 2009 08:42:33 +0200 (CEST)
Post geht an:
hwrights008 [at] gmail.com
hwrights0009 [at] gmail.com
Received: from smtp2a.orange.fr (smtp2a.orange.fr [80.12.242.140])
by xxxxx (Postfix) with ESMTP id D3CBC789B5CF
for xxxxx; Tue, 12 May 2009 09:36:07 +0200 (CEST)
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf2a17.orange.fr (SMTP Server) with ESMTP id 39E958000117;
Tue, 12 May 2009 09:36:07 +0200 (CEST)
Received: from lazard-sa.com
(LNeuilly-152-22-6-117.w193-251.abo.wanadoo.fr [193.251.5.117])
by mwinf2a17.orange.fr (SMTP Server) with ESMTP id B1F6E8000100;
Tue, 12 May 2009 09:36:06 +0200 (CEST)
X-ME-UUID: 20090512073606729.B1F6E8000100 [at] mwinf2a17.orange.fr
Received: from User ([82.128.35.94]) by lazard-sa.com with Microsoft
SMTPSVC(6.0.3790.3959);
Tue, 12 May 2009 09:35:58 +0200
IP: 82.128.35.94 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
gdduarte20 [at] yahoo.com.hk
Received: from smtpgate4.pacific.net.sg (smtpgate4.pacific.net.sg
[203.120.68.34])
by xxxxx (Postfix) with SMTP id 6E3B7789AACC
for xxxxx; Tue, 12 May 2009 16:22:46 +0200 (CEST)
Received: (qmail 1957 invoked from network); 12 May 2009 14:22:42 -0000
Received: from wm1.pacific.net.sg (HELO localhost)
(daniel?choy [at] 192.169.41.131)
by smtpgate4.pacific.net.sg with ESMTPA; 12 May 2009 14:22:42 -0000
Received: from 190.170.20.90 (190.170.20.90 [190.170.20.90]) by
wm1.web.pacific.net.sg (Horde MIME library) with HTTP; Tue, 12 May 2009
22:22:41 +0800
IP: 190.170.20.90 ---> Universidad del Zulia, VE
Post geht an:
mtn.southafrica2010 [at] live.com
Received: from blu0-omc3-s14.blu0.hotmail.com
(blu0-omc3-s14.blu0.hotmail.com [65.55.116.89])
by xxxx (Postfix) with ESMTP id C0A2B789BA77
for xxxxx; Tue, 12 May 2009 17:35:46 +0200 (CEST)
Received: from BLU122-W13 ([65.55.116.74]) by
blu0-omc3-s14.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 12 May 2009 08:35:46 -0700
Man beachte:
X-Originating-IP: [165.146.49.236] --> dsl-146-49-236.telkomadsl.co.za
Post geht an:
jameskingca0 [at] gmail.com
jamesking_sa [at] live.co.za
Received: from vh18.hoster.by (EHLO vh18.hoster.by) [91.149.157.135]
by mx0.gmx.net (mx097) with SMTP; 11 May 2009 22:22:39 +0200
Received: from titanium.onspeed.com ([83.138.136.92] helo=User)
by vh18.hoster.by with esmtpa (Exim 4.69)
(envelope-from <paulrichard01 [at] sify.com>)
id 1M3bxA-0004Ly-Er; Mon, 11 May 2009 23:18:25 +0300
Received: from adsl10250.4u.com.gh (markowell [at] adsl10250.4u.com.gh
[41.210.10.250])
by titanium.onspeed.com (SlipStream SP Server 6.0.19
built 2007/11/22 15:27:31 -0500 (EST)); Mon, 11 May 2009 21:21:53 +0100
(BST)
Man beachte:
X-Originating-IP: [41.210.10.250] ---> adsl10250.4u.com.gh (diese IP ist auch schon 'Dauergast', wohl eine 'Mugu only'-Cafe oder im Besitz der Kriminellen selbst)
Post geht an:
markowell [at] adsl10250.4u.com.gh
paulrichard01 [at] sify.com
paul.richard11 [at] live.com
attn_paul [at] sify.com
- kjz
Das Mugu-Doppel:
Received: from webmail-01.mozcom.com (webmail.mozcom.com [202.47.132.20])
by xxxxx (Postfix) with ESMTP id DD41C789BABB
for xxxxx; Wed, 13 May 2009 20:30:01 +0200 (CEST)
Received: from localhost (unknown [127.0.0.1])
by webmail-01.mozcom.com (Postfix) with ESMTP id BF7176B8722;
Wed, 13 May 2009 14:25:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mozcom.com
Received: from webmail-01.mozcom.com ([127.0.0.1])
by localhost (webmail-01.mozcom.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RShpHhVJRWDl; Wed, 13 May 2009 22:25:49 +0800 (PHT)
Received: from webmail.mozcom.com (localhost.localdomain [127.0.0.1])
by webmail-01.mozcom.com (Postfix) with ESMTP id ED95F6B870C;
Wed, 13 May 2009 22:25:33 +0800 (PHT)
Received: from 85.249.223.12
(SquirrelMail authenticated user bidlisiw)
by webmail.mozcom.com with HTTP;
Wed, 13 May 2009 22:25:34 +0800 (PHT)
IP: 85.249.223.12 ---> RU-ELTEL
Post geht an:
adinaaganaph4 [at] yahoo.com.hk
adinaaganaph2 [at] yahoo.com.hk
Received: from blu0-omc4-s27.blu0.hotmail.com
(blu0-omc4-s27.blu0.hotmail.com [65.55.111.166])
by xxxxx (Postfix) with ESMTP id 4EB5F789B3B7
for xxxxx; Wed, 13 May 2009 19:09:27 +0200 (CEST)
Received: from BLU121-W31 ([65.55.111.136]) by
blu0-omc4-s27.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 13 May 2009 10:09:26 -0700
Man beachte:
X-Originating-IP: [82.128.26.14] ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
mmwilliamsmaa22 [at] msn.com
mmabelwilliams2 [at] gmail.com
Muguphon: +234-8036347932 ---> MTN Nigeria Communications Ltd.
- kjz
Wieder mal 'volles Rohr':
Received: from baronen.workplace.no (mail2.workplace.no [85.19.220.131])
by xxxxx (Postfix) with ESMTP id B54F87800D63
for xxxxx; Thu, 14 May 2009 02:05:18 +0200 (CEST)
Received: from User ([82.128.47.157])
by baronen.workplace.no (Lotus Domino Release 8.5)
with ESMTP id 2009051401384705-1055 ;
Thu, 14 May 2009 01:38:47 +0200
IP: 82.128.47.157 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
david.ellis [at] bellsouth.net
davidellisb [at] globalpinoy.com
Received: from blu0-omc1-s7.blu0.hotmail.com (EHLO
blu0-omc1-s7.blu0.hotmail.com) [65.55.116.18]
by mx0.gmx.net (mx013) with SMTP; 14 May 2009 04:21:57 +0200
Received: from BLU132-W1 ([65.55.116.8]) by
blu0-omc1-s7.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 13 May 2009 19:21:57 -0700
X-Originating-IP: [62.173.55.249] ---> ipNX Nigeria Limited
Post geht an:
cenbnk08 [at] msn.com
profcharles123 [at] live.com
Muguphone: +234-803-058-8515 ---> MTN Nigeria Communications Ltd.
Received: from bigxchange.grandtimber.com
(67-135-161-8.dia.static.qwest.net [67.135.161.8])
by xxxxx (Postfix) with ESMTP id 5EDA9789AB27
for xxxxx; Fri, 15 May 2009 02:47:20 +0200 (CEST)
Received: from User ([41.202.18.195]) by bigxchange.grandtimber.com with
Microsoft SMTPSVC(6.0.3790.3959);
Thu, 14 May 2009 18:34:09 -0600
IP: 41.202.18.195 ---> dhcp18195.myzipnet.com, Ghana
Post geht an:
icbmanager [at] universia.es
georgenduka233 [at] gmail.com
Muguphone: +233 24 888 6531 ---> Spacefon, Ghana/MTN, Ghana
Received: from mail1012.centrum.cz (mail1012.centrum.cz [90.183.38.142])
by xxxxx (Postfix) with ESMTP id 48F0D7800D63
for xxxxx; Fri, 15 May 2009 05:50:27 +0200 (CEST)
Received: by mail1012.centrum.cz id S302129936AbZEODuY (ORCPT
<rfc822;xxxxx); Fri, 15 May 2009 05:50:24 +0200
Received: from 81.91.227.13 (X-Forwarded-For: 10.10.10.2, 81.91.22)
by mail1012.centrum.cz (Centrum Mail) with HTTP
IP: 81.91.227.13 ---> Office des Postes et Telecommications (OPT), BJ
Post geht an:
nicolaselliot6 [at] centrum.cz
sirpeter100 [at] live.fr
Muguphone: +229 9863 4048 ---> Benin
Received: from vms173017pub.verizon.net (vms173017pub.verizon.net
[206.46.173.17])
by xxxxx (Postfix) with ESMTP id ABFC9789A43E
for xxxxx; Fri, 15 May 2009 07:24:59 +0200 (CEST)
Received: from User ([116.206.188.199]) by vms173017.mailsrvcs.net
(Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit))
with ESMTPA id <0KJO00JCX6ZWEX86 [at] vms173017.mailsrvcs.net> for
xxxxx; Fri, 15 May 2009 00:24:51 -0500
IP: 116.206.188.199 ---> iZZinet Sdn. Bhd., MY
Post geht an:
lowej [at] live.com
lowejoy38 [at] yahoo.com.my
Received: from smtp21.orange.fr (smtp21.orange.fr [80.12.242.47])
by xxxxx (Postfix) with ESMTP id F1860789B62E
for xxxxx; Fri, 15 May 2009 09:09:49 +0200 (CEST)
Received: from User
(173-15-208-235-BusName-Atlanta.hfc.comcastbusiness.net [173.15.208.235])
by mwinf2109.orange.fr (SMTP Server) with ESMTP id BD4961C000B1;
Fri, 15 May 2009 09:09:17 +0200 (CEST)
Post geht an:
PROMISE_IBE [at] MSN.COM
Muguphone: +1 216 220 5636 ---> Level 3 Communications, Llc - Oh
Received: from cyberjaya.perfect-privacy.com (EHLO mx4.hotmail.com)
[202.71.103.246] by mx0.gmx.net (mx105) with SMTP; 15 May 2009 10:03:46 +0200
Post geht an:
winning [at] powerpokersonline.com
Hier hat sich der Mugu eine eigene Domain geleistet:
http://powerpokersonline.com
Deshalb auch Post an:
amotorsa [at] emirates.net.ae
Muguphone: + 27-733-641-979 ---> MTN, ZA (schon wieder mal MTN; gegen MTN ist ein schwarzes Loch wohl ein Ort strahlender Helligkeit...)
- kjz
Reichlich Nachschub, schliesslich ist Wochenende.....
Received: from vms173019pub.verizon.net (vms173019pub.verizon.net
[206.46.173.19])
by xxxxx (Postfix) with ESMTP id 54F817800E76
for xxxxx; Sat, 16 May 2009 07:23:06 +0200 (CEST)
Received: from User ([116.206.146.213]) by vms173019.mailsrvcs.net
(Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit))
with ESMTPA id <0KJQ00LEB1JGV911 [at] vms173019.mailsrvcs.net> for
xxxxx; Sat, 16 May 2009 00:23:01 -0500 (CDT)
IP: 116.206.146.213 ---> iZZinet Sdn. Bhd., MY
lowej [at] live.com
lowejoy38 [at] live.com
Received: from tanzaniaports.com (unknown [193.220.87.101])
by xxxxx (Postfix) with ESMTP id 1C970789B76D
for xxxxx; Sat, 16 May 2009 02:23:28 +0200 (CEST)
Received:from [127.0.0.1] (helo=ThreatWall.tanzaniaports.com)
by tanzaniaports.com with esmtp
(envelope-from <kaitai.metal [at] yahoo.com.hk>)
id 1M4pTd-0002e3-Tr ; Fri, 15 May 2009 07:56:57 +0300
X-Originating-Ip: 77.92.68.5 ---> server52604.uk2net.com
kaitai.metal [at] yahoo.com.hk
apmo [at] tanzaniaports.com
zhang_laibin [at] live.co.uk
Muguphone: +(852) 35824826 ---> Wharf T&T Ltd, HK
Received: from tokio.mserv.nl (unknown [83.149.69.82])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id D4022789B394
for xxxxx; Sat, 16 May 2009 10:33:43 +0200 (CEST)
Received: (qmail 75988 invoked from network); 15 May 2009 07:15:55 +0200
Received: from ppp-124-120-149-178.revip2.asianet.co.th (HELO User)
(124.120.149.178)
by 83.149.69.82 with SMTP; 15 May 2009 07:15:55 +0200
western_wu4 [at] hotmail.com
westernunionmoneytransfer_wu1 [at] yahoo.com.hk
westernunionmoneytransfer_wu2008 [at] yahoo.com.hk
Muguphone: (66) 873-449-764 ---> Total Access Communication Plc. (TAC/DTAC), TH
Received: from mail13.bluewin.ch (mail13.bluewin.ch [195.186.18.62])
by xxxxx (Postfix) with ESMTP id 4D861789B5CF
for xxxxx; Sat, 16 May 2009 06:32:29 +0200 (CEST)
Received: from [195.186.18.203] ([195.186.18.203:37806]
helo=ps23zhb.bluewin.ch)
by mail13.bluewin.ch (envelope-from <innfo1 [at] bluewin.ch>)
(ecelerity 2.2.2.36 r(27513/27514)) with ESMTP
id 79/89-07938-AD14E0A4; Sat, 16 May 2009 04:32:28 +0000
Received: from ps23zhb (localhost [127.0.0.1])
by ps23zhb.bluewin.ch (Postfix) with ESMTP id 73EC6E95;
Sat, 16 May 2009 04:32:22 +0000 (GMT)
Received: from mail15.bluewin.ch (mail15.bluewin.ch [195.186.18.63])
by xxxxx (Postfix) with ESMTP id 4B732789AE08
for xxxxx; Fri, 15 May 2009 23:20:54 +0200 (CEST)
Received: from [195.186.19.198] ([195.186.19.198:5014]
helo=ps14zhh.bluewin.ch)
by mail15.bluewin.ch (envelope-from <innfo1 [at] bluewin.ch>)
(ecelerity 2.2.2.36 r(27513/27514)) with ESMTP
id 0A/BE-08795-00BDD0A4; Fri, 15 May 2009 21:13:40 +0000
Received: from ps14zhh (localhost [127.0.0.1])
by ps14zhh.bluewin.ch (Postfix) with ESMTP id D7C53E97;
Fri, 15 May 2009 21:11:20 +0000 (GMT)
X-FXIT-IP: 127.0.0.1, 67.201.38.205 ---> la5.proxyconn.net
verification.dept8 [at] live.com
innfo1 [at] bluewin.ch
Received: from mail.si-sv3219.com (unknown [67.228.123.207])
by xxxxx (Postfix) with ESMTP id 5EAA2789B892
for xxxxx; Fri, 15 May 2009 21:27:54 +0200 (CEST)
Received: from 196.3.183.72 [196.3.183.72] by mail.si-sv3219.com with SMTP;
Fri, 15 May 2009 11:07:51 -0700
IP: 196.3.183.72 ---> Suburbantelecom, Nigeria
wunion888 [at] live.com
Und mein Dauer-Mugu mit gecracktem Squirrel-Webmailer:
Received: from ns.mastel.com.bo (static-200-105-173-138.acelerate.net
[200.105.173.138])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id B12D77800D55
for xxxxx; Sat, 16 May 2009 19:00:25 +0200 (CEST)
X-ClientAddr: 127.0.0.1
Received: from www.mastel.com.bo (localhost.localdomain [127.0.0.1])
by ns.mastel.com.bo (8.13.1/8.13.1) with ESMTP id n4GEGnCW022615;
Sat, 16 May 2009 10:16:50 -0400
Received: from 41.220.75.3
(SquirrelMail authenticated user mastel [at] mastel.com.bo)
by www.mastel.com.bo with HTTP;
Sat, 16 May 2009 10:18:22 -0400 (BOT)
IP: 41.220.75.3 ---> mtnngprs.com/MTN Nigeria
mastel [at] mastel.com.bo
richardchoong2 [at] hotmail.com
richardchoong4 [at] live.com
- kjz
Mugu-Nachschub:
Received: from smtp4m5.poczta.onet.pl (smtp4m5.poczta.onet.pl
[213.180.138.35])
by xxxxx (Postfix) with ESMTP id B8285789B379
for xxxxx; Sun, 17 May 2009 07:50:02 +0200 (CEST)
Received: from [41.211.226.69] ([41.211.226.69]:50063 "EHLO
feer [at] poczta.onet.pl" rhost-flags-FAIL-FAIL-FAIL-FAIL) by ps4.mod5.onet
with ESMTPA id S195466AbZEQFuBDPlIE (ORCPT
<rfc822;xxxxx); Sun, 17 May 2009 07:50:01
IP: 41.211.226.69 ---> DIRECT ON PC LTD, Nigeria
generalpeterolu2029 [at] yahoo.com.hk
feer [at] poczta.onet.pl
Muguphone: +234-7026905160 ---> Visafone Communications Ltd., Nigeria
Mugufax: +234-8029402741 ---> Celtel Nigeria Limited/Zain
Received: from mail.komplekt-moscow.ru (mail.komplekt-moscow.ru
[212.248.51.60])
by xxxxx (Postfix) with ESMTP id 489DD7800D49
for xxxxx; Sat, 16 May 2009 20:54:47 +0200 (CEST)
Received: from User by komplekt-moscow.ru
(MDaemon.PRO.v7.2.0.R)
with ESMTP id md50002230498.msg
for xxxxx; Sat, 16 May 2009 18:53:09 +0400
pastuhova [at] komplekt-moscow.ru
sheikh_111 [at] yahoo.cn
- kjz
Katherine ist wieder da......
Received: from vds-286929.amen-pro.com (vds-286929.amen-pro.com
[62.193.192.185])
by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis)
id 0MKrmS-1M63HP3yAn-000TXT for xxxxx; Mon, 18 May 2009
15:53:24 +0200
Received: (qmail 9859 invoked from network); 17 May 2009 22:58:46 -0000
Received: from host-196-201-64-82.afnet.net (HELO User) (196.201.64.82)
by vds-286929.amen-pro.com with SMTP; 17 May 2009 22:58:46 -0000
IP: 196.201.64.82 ---> host-196-201-64-82.afnet.net, CI
katiren114 [at] yahoo.co.jp
katrine114 [at] yahoo.com
katrine114 [at] live.com
- kjz
Und weiter geht's:
mein Dauer-Mugu:
Received: from ns.mastel.com.bo (static-200-105-173-138.acelerate.net
[200.105.173.138])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 51BDA789B37D
for xxxxx; Mon, 18 May 2009 07:27:11 +0200 (CEST)
X-ClientAddr: 127.0.0.1
Received: from www.mastel.com.bo (localhost.localdomain [127.0.0.1])
by ns.mastel.com.bo (8.13.1/8.13.1) with ESMTP id n4H0a1d6012085;
Sat, 16 May 2009 20:36:01 -0400
Received: from 41.220.75.3
(SquirrelMail authenticated user mastel [at] mastel.com.bo)
by www.mastel.com.bo with HTTP;
Sat, 16 May 2009 20:37:39 -0400 (BOT)
IP: 41.220.75.3 ---> MTN Nigeria
mastel [at] mastel.com.bo
maryamaba [at] hotmail.com
maryammaryam1919 [at] live.co.uk
Received: from imo-m25.mx.aol.com (EHLO imo-m25.mail.aol.com) [64.12.137.6]
by mx0.gmx.net (mx115) with SMTP; 17 May 2009 23:59:33 +0200
Received: from imo-da04.mx.aol.com (imo-da04.mx.aol.com
[205.188.169.202]) by imo-m25.mail.aol.com (v107.10) with ESMTP id
RELAYIN2-34a10888c2ec; Sun, 17 May 2009 17:58:36 -0400
Received: from sabam1et [at] aol.com
by imo-da04.mx.aol.com (mail_out_v40_r1.5.) id 7.c02.5b2551f2 (37185);
Sun, 17 May 2009 17:57:57 -0400 (EDT)
Received: from User (88-134-57-227-dynip.superkabel.de [88.134.57.227])
by cia-ma05.mx.aol.com (v123.4) with ESMTP id
MAILCIAMA056-91414a10884b371; Sun, 17 May 2009 17:57:56 -0400
sabam1et [at] aol.com
mrssabah103 [at] sify.com
Received: from mediatop.hu (www.interhir.hu [193.194.159.26])
by xxxxx (Postfix) with ESMTP id C6062789B976
for xxxxx; Tue, 19 May 2009 11:47:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mediatop.hu (Postfix) with ESMTP id 92BF130CDAE;
Tue, 19 May 2009 11:12:17 +0200 (CEST)
paymentcode01 [at] gmail.com
paycode00 [at] gmail.com
ben2225 [at] voila.fr
Muguphon: +225 45359320 ---> MTN Côte d'Ivoire
Muguphon: +44-7092004111 ---> YAC Ltd, UK
Received: from mail05.raideil.net (mail05.raideil.net [66.172.17.50])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id F0F64789B8DB
for xxxxx; Tue, 19 May 2009 14:13:38 +0200 (CEST)
Received: (qmail 17837 invoked by uid 509); 18 May 2009 17:13:42 -0700
Received: from 10.66.0.62 by mail05.raideil.net (envelope-from
<info [at] euro.com>, uid 507) with qmail-scanner-1.25-st-qms
(clamdscan: 0.87/2645. spamassassin: 3.1.8. perlscan: 1.25-st-qms.
Clear:RC:1(10.66.0.62):.
Processed in 0.216357 secs); 19 May 2009 00:13:42 -0000
X-Antivirus-MYDOMAIN-Mail-From: info [at] euro.com via mail05.raideil.net
X-Antivirus-MYDOMAIN: 1.25-st-qms (Clear:RC:1(10.66.0.62):. Processed in
0.216357 secs Process 17831)
Received: from unknown (HELO webmail.yoshkatech.org) (10.66.0.62)
by mail05.raideil.net with SMTP; 18 May 2009 17:13:41 -0700
Received: from 62.56.132.5 (proxying for 170.150.0.222)
(SquirrelMail authenticated user MAIL [at] YOSHKATECH.ORG)
by webmail.yoshkatech.org with HTTP;
Mon, 18 May 2009 17:13:41 -0700 (PDT)
IP: 62.56.132.5 ---> 62.56.132.5.satcom-systems.net (die Mugu-Freunde aus IL)
MAIL [at] YOSHKATECH.ORG
nationaltrustp [at] aim.com
Muguphon: +34 634 162 345 ---> Vodafone España, S.a.
Received: from rss.lv (unknown [194.19.225.134])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 7E815789B994
for xxxxx; Tue, 19 May 2009 08:39:16 +0200 (CEST)
Received: from [196.3.183.72] (helo=User)
by rss.lv with esmtpa (Exim 4.63)
(envelope-from <jamesparkandassociates11 [at] inMail24.com>)
id 1M6Fuh-00081w-Cy; Tue, 19 May 2009 06:22:49 +0300
IP: 196.3.183.72 ---> Suburban Telecom, Nigeria
jamesparkandassociates11 [at] inMail24.com
jamesparkandassociates [at] fsmail.net
- kjz
Auch hier sorgt man unermüdlich für Nachschub:
Received: from mout0.freenet.de (mout0.freenet.de [195.4.92.90])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id ED74F789B8EC
for xxxxx; Tue, 19 May 2009 17:45:00 +0200 (CEST)
Received: from [195.4.92.22] (helo=12.mx.freenet.de)
by mout0.freenet.de with esmtpa (ID moneyisgood3 [at] bossmail.de) (port 25)
(Exim 4.69 #88)
id 1M6RUk-0001qy-Vf; Tue, 19 May 2009 17:44:47 +0200
Received: from [82.128.34.166] (port=51269 helo=User)
by 12.mx.freenet.de with esmtpa (ID moneyisgood3 [at] bossmail.de) (port 25)
(Exim 4.69 #79)
id 1M6RUa-0008NF-MN; Tue, 19 May 2009 17:44:46 +0200
IP: 82.128.34.166 ---> Multilinks Telecommunications Limited, Nigeria
moneyisgood3 [at] bossmail.de
r-paulsmithatncardpay1960 [at] live.com
infomyoffice4 [at] zoznam.sk
www-fbiinvestigation-dc [at] live.com
Muguphon: +234-8060619888 ---> MTN Nigeria Communications Ltd.
Received: from smtp3m5.poczta.onet.pl (smtp3m5.poczta.onet.pl
[213.180.138.34])
by xxxxx (Postfix) with ESMTP id 8C0BB7800D55
for xxxxx; Tue, 19 May 2009 18:37:01 +0200 (CEST)
Received: from pmq1.test.onet.pl ([192.168.246.1]:49894 "EHLO
pmq1.test.onet.pl" rhost-flags-OK-OK-OK-OK) by ps3.mod5.onet
with ESMTP id S50346946AbZESQg7dwyc5 (ORCPT
<rfc822;xxxxx>); Tue, 19 May 2009 18:36:59 +0200
Received: from 10.174.17.202 by 10.174.16.53 with HTTP;
Tue, 19 May 2009 18:36:59 +0200 ,from 212.100.250.230 by 10.174.17.202
with HTTP ,from 196.3.183.72 by 212.100.250.230 with HTTP
IP: 196.3.183.72 ---> Suburban Telecom, Nigeria
mrsclaraeze01 [at] poczta.onet.pl
interswitch.zenithbank [at] gmail.com
Muguphon: +234-808-849-5665 ---> Celtel Nigeria Limited/Zain
- kjz
Diesen Mugu hatte ich bereits:
Received: from smtp1m5.poczta.onet.pl (smtp1m5.poczta.onet.pl
[213.180.138.32])
by xxxxx (Postfix) with ESMTP id 756CC789B012
for xxxxx; Tue, 19 May 2009 22:25:11 +0200 (CEST)
Received: from pmq4.mod5.onet ([10.174.16.155]:32979 "EHLO pmq4.mod5.onet"
rhost-flags-OK-OK-OK-OK) by ps1.mod5.onet with ESMTP
id S50335128AbZESUZK52uyb convert rfc822-to-8bit (ORCPT
<rfc822;xxxxx); Tue, 19 May 2009 22:25:10 +0200
Received: from 10.174.17.203 by 10.174.16.42 with HTTP;
Tue, 19 May 2009 22:25:10 +0200 ,from 212.100.250.230 by 10.174.17.203
with HTTP ,from 196.3.183.72 by 212.100.250.230 with HTTP
IP: 196.3.183.72 ---> Suburban Telecom, Nigeria
mrsclaraeze01 [at] poczta.onet.pl
interswitch.zenithbank [at] gmail.com
Received: from blu0-omc1-s13.blu0.hotmail.com
(blu0-omc1-s13.blu0.hotmail.com [65.55.116.24])
by xxxxx (Postfix) with ESMTP id 68D09789B8A9
for xxxxx; Wed, 20 May 2009 02:43:50 +0200 (CEST)
Received: from BLU122-W18 ([65.55.116.7]) by
blu0-omc1-s13.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 19 May 2009 17:43:50 -0700
X-Originating-IP: [41.27.254.130] ---> vc-41-27-254-130.umts.vodacom.co.za
pandpartnersv [at] hotmail.com
pandpartnersn0129 [at] msn.com
Muguphon: +27 73 439 9200 ---> MTN, ZA
- kjz
Auch heute keine Ruhe:
Received: from out07.wanadoo.es (out07.wanadoo.es [62.36.20.207])
by xxxxx (Postfix) with ESMTP id AE470789B896
for xxxxx; Wed, 20 May 2009 17:12:44 +0200 (CEST)
Received: from [209.190.50.3] (helo=User)
by out07.wanadoo.es with esmtpa (Exim 4.43)
id 1M6nRp-0008Rm-0k; Wed, 20 May 2009 17:11:14 +0200
IP: 209.190.50.3 ---> 3.32.be.static.xlhost.com
lansergey [at] live.com
lans0643 [at] gmail.com
Received: from reja.alti.pl (aap42.internetdsl.tpnet.pl [83.16.15.42])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id AA6CB789B8EC
for xxxxx; Wed, 20 May 2009 18:25:39 +0200 (CEST)
Received: from User (67-31.vgccl.net [41.220.67.31] (may be forged))
(authenticated bits=0)
by reja.alti.pl (8.14.1/8.14.1) with ESMTP id n4KF1P62004805;
Wed, 20 May 2009 17:01:35 +0200
IP: 41.220.67.31 ---> MTN Nigeria
richard.duke482 [at] gmail.com
richard.duke00000 [at] gmail.com
Muguphone: +234 80 22582618 ---> Celtel Nigeria Limited/Zain
Received: from mx-out1.cs.uclo.de (mx-out1.cs.uclo.de [89.163.250.51])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id 64262789B5E4
for xxxxx; Thu, 21 May 2009 02:47:46 +0200 (CEST)
Received: (qmail 5000 invoked by uid 1007); 17 May 2009 22:02:34 +0200
Received: from web2.cs.uclo.de (HELO web2) (89.163.250.102)
by mx-out1.cs.uclo.de with AES256-SHA encrypted SMTP; 17 May 2009
22:02:34 +0200
Received: from w6117 by web2 with local (Exim 4.69)
(envelope-from <w6117 [at] web2.cs.uclo.de>)
id 1M5mTs-0008QE-4W
for xxxxx; Sun, 17 May 2009 21:57:08 +0200
w6117 [at] web2.cs.uclo.de
ttom.nellsson [at] yahoo.co.uk
Received: from out10.wanadoo.es (out10.wanadoo.es [62.36.20.210])
by xxxxx (Postfix) with ESMTP id B77377800D62
for xxxxx; Thu, 21 May 2009 00:58:37 +0200 (CEST)
Received: from [41.191.108.130] (helo=User)
by out10.wanadoo.es with esmtpa (Exim 4.43)
id 1M6uj7-0008Jd-8L; Thu, 21 May 2009 00:57:37 +0200
IP: 41.191.108.130 ---> Suburban Telecom, Nigeria
xiangsheng.ding53 [at] yahoo.com.hk
xiangsheng.ding53 [at] web2mail.com
Received: from out07.wanadoo.es (out07.wanadoo.es [62.36.20.207])
by xxxxx (Postfix) with ESMTP id B10267855788
for xxxxx; Thu, 21 May 2009 08:35:26 +0200 (CEST)
Received: from [173.20.79.184] (helo=User)
by out07.wanadoo.es with esmtpa (Exim 4.43)
id 1M71mV-0004Ty-Mh; Thu, 21 May 2009 08:29:33 +0200
IP: 173.20.79.184 ---> 173-20-79-184.client.mchsi.com
sandspeter10110 [at] yahoo.com.hk
sandspeter85 [at] yahoo.com.hk
Received: from smtp.istruzione.it (smtp3.sidi.istruzione.it [89.97.132.179])
by xxxxx (Postfix) with ESMTP id 3E5A9789B3A1
for xxxxx; Thu, 21 May 2009 15:23:58 +0200 (CEST)
Received: from localhost (unknown [127.0.0.1])
by smtp3.sidi.istruzione.it (Mail Service) with ESMTP id 46AC112C14F;
Thu, 21 May 2009 14:48:14 +0200 (CEST)
X-Virus-Scanned: Content Filter at istruzione.it
Received: from User (unknown [83.229.48.148])
by smtp3.sidi.istruzione.it (Mail Service) with ESMTP id B866C12C167;
Thu, 21 May 2009 14:45:57 +0200 (CEST)
IP: 83.229.48.148 --->Sky-Vision, Nigeria
p.consultancy [at] terra.es
nasl010002 [at] istruzione.it
ellapreston1 [at] terra.es
- kjz
Zunächst nur eine, aber Nachschub wird sicher nicht lange auf sich warten lassen:
Received: from elasmtp-mealy.atl.sa.earthlink.net
(elasmtp-mealy.atl.sa.earthlink.net [209.86.89.69])
by xxxxx (Postfix) with ESMTP id 68969789AD8A
for xxxxx; Thu, 21 May 2009 22:15:37 +0200 (CEST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=earthlink.net;
b=oTPvnfSn/HfwqQVxkAbf+Ir3b/kuOC4QwzVUdjAYIvzbNSQ4DB6OjAUmeD3EmJLC;
h=Message-ID:Date:From:Reply-To:Subject:Mime-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.25] (helo=mswamui-backed.atl.sa.earthlink.net)
by elasmtp-mealy.atl.sa.earthlink.net with esmtpa (Exim 4.67)
(envelope-from <atf22 [at] earthlink.net>)
id 1M7EdE-0000jr-5q; Thu, 21 May 2009 16:12:48 -0400
Received: from 78.138.6.251 by webmail.earthlink.net with HTTP; Thu, 21
May 2009 16:12:47 -0400
IP: 78.138.6.251 ---> Ipmath #6-Lagos/Sky-Vision
mr.danscott2009 [at] yahoo.com.hk
atf22 [at] earthlink.net
Muguphone: +44 703 193 9789 ---> Magrathea Telecommunications Limited, UK
- kjz
Wie bereits vermutet, zum Wochenende kriechen die Kriminellen vermehrt aus ihren Löchern:
Received: from servidor.peot.gob.pe (mail.peot.gob.pe [200.121.57.71])
by xxxxx (Postfix) with ESMTP id 39589789B967
for xxxxx; Fri, 22 May 2009 11:48:07 +0200 (CEST)
Received: by servidor.peot.gob.pe (Postfix, from userid 48)
id 853FB11A2C2D; Tue, 19 May 2009 07:52:05 +0000 (UTC)
Received: from 41.191.108.130
(SquirrelMail authenticated user gerenciageneral)
by www.peot.gob.pe with HTTP;
Tue, 19 May 2009 07:52:05 -0000 (GMT)
IP: 41.191.108.130 ---> Suburban Telecom, Nigeria
western.unionmoneytransfer22 [at] strompost.net
gerenciageneral [at] peot.gob.pe
Muguphon: +234 704 092 1420 ---> Visafone Communications Ltd., Nigeria
Received: from home.combitel.no (home.combitel.no [194.29.203.2])
by xxxxx (Postfix) with ESMTP id C0A8A789B62F
for xxxxx; Fri, 22 May 2009 11:33:54 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by home.combitel.no (Postfix) with ESMTP id 2FC941B0DDD5;
Fri, 22 May 2009 05:01:27 +0200 (CEST)
Received: from 41.222.192.87 ([41.222.192.87]) by webmail.combitel.no
(Horde MIME library) with HTTP; Fri, 22 May 2009 05:01:25 +0200
IP: 41.222.192.87 ---> ISOCEL SARL, BJ
patrickben9 [at] yahoo.com
dhl-courierc [at] msn.com
Muguphon: +229-9794 8648 ---> BéninCell/SpaceTel/MTN Benin/Areeba
(Bem.: bei manchen afrikan. 'Hinterhof-Telcos' wechseln die Besitzer schneller als manchereins die Unterhosen... Evtl. setzt man ja auch vermehrt auf Muguphone, da die Mailadressen zu schnell abgeklemmt werden. :D)
Received: from EDGE1.lacoe.edu (edge1.lacoe.edu [156.3.254.229])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id A652A789B8EE
for xxxxx; Fri, 22 May 2009 12:24:40 +0200 (CEST)
Received: from cas2.internal.lacoe.edu (156.3.1.12) by EDGE1.lacoe.edu
(156.3.254.229) with Microsoft SMTP Server (TLS) id 8.1.340.0; Fri, 22 May
2009 02:50:47 -0700
Received: from ECMAIL7.internal.lacoe.edu ([156.3.1.15]) by
cas2.internal.lacoe.edu ([156.3.1.12]) with mapi; Fri, 22 May 2009 02:50:46
-0700
Walkup_Geraldine [at] lacoe.edu
dhlcourierdeptm [at] live.com
Muguphon: +234-8073-963-812 ---> Globacom Ltd., Nigeria
- kjz
Katherine ist wiiiieeeder daaa....
Received: from smtp.everseiko.com.sg (smtp.everseiko.com.sg
[203.116.173.122])
by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis)
id 0MKrmS-1M7g9n106X-000TGi for xxxxx; Sat, 23 May 2009
03:36:16 +0200
Received: from host-196-201-64-82.afnet.net [196.201.64.82] by
smtp.everseiko.com.sg with SMTP;
Fri, 22 May 2009 23:03:24 +0800
IP: 196.201.64.82 ---> AFNET, CI
katiren114 [at] yahoo.co.jp
katrine114 [at] yahoo.com
Received: from iliauni.edu.ge (unknown [217.147.234.140])
by xxxxx (Postfix) with SMTP id 9308B789AD10
for xxxxx; Sat, 23 May 2009 01:59:42 +0200 (CEST)
Received: from iliauni.edu.ge (localhost.localdomain [127.0.0.1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by iliauni.edu.ge (Postfix) with ESMTP id 72BFF5A4825A;
Sat, 23 May 2009 02:16:49 +0400 (GET)
Received: (from apache [at] localhost)
by iliauni.edu.ge (8.14.1/8.14.1/Submit) id n4MMGBeu003470;
Sat, 23 May 2009 02:16:11 +0400
X-Authentication-Warning: iliauni.edu.ge: apache set sender to
info [at] hangsengbank.com.hk using -f
Received: from 77.246.66.8
(SquirrelMail authenticated user ingrid)
by webmail.iliauni.edu.ge with HTTP;
Sat, 23 May 2009 02:16:11 +0400 (GET)
IP: 77.246.66.8 ---> IncoNet-Data Management sal, LB
josephpoon7593hk [at] yahoo.co.jp
ingrid [at] iliauni.edu.ge
Received: from blu0-omc1-s33.blu0.hotmail.com
(blu0-omc1-s33.blu0.hotmail.com [65.55.116.44])
by xxxxx (Postfix) with ESMTP id 519A3789B5D5
for xxxxx; Sat, 23 May 2009 15:26:28 +0200 (CEST)
Received: from BLU114-W27 ([65.55.116.7]) by
blu0-omc1-s33.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Sat, 23 May 2009 06:26:28 -0700
X-Originating-IP: [41.203.239.7] ---> ONATEL, BF
musagaru24 [at] msn.com
musa.garuba2009 [at] hotmail.fr
Muguphon: +226-76 46 88 50 ---> Celtel Burkina Faso S.A./Zain
Received: from smtp6.aruba.it (smtpd4.aruba.it [62.149.128.209])
by xxxxx (Postfix) with SMTP id 1B01F7800D51
for xxxxx; Sat, 23 May 2009 15:52:15 +0200 (CEST)
Received: (qmail 24475 invoked by uid 89); 23 May 2009 13:52:12 -0000
Received: from unknown (HELO User) (field9 [at] helpdpoor.com@92.8.254.61)
by smtp6.aruba.it with SMTP; 23 May 2009 13:52:12 -0000
IP: 92.8.254.61 --> host-92-8-254-61.as43234.net/Opaltelecom
larrythomson22 [at] aol.co.uk
nn123456 [at] inMail24.com
- kjz
Fortsetzung folgt....
Received: from mail.icmm.ru (relay2.icmm.ru [195.69.156.66])
by xxxxx (Postfix) with ESMTP id E53DA789B77D
for xxxxx; Sun, 24 May 2009 05:21:02 +0200 (CEST)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=Windows-1251
Received: from User ([77.211.227.23])
by mail.icmm.ru (Sun Java(tm) System Messaging Server 6.3-0.15 (built
Feb 9 2007)) with ESMTPA id <0KK200FGBD2VS7C0 [at] mail.icmm.ru> for
xxxxx; Sat, 23 May 2009 03:02:00 +0600 (YEKST)
IP: 77.211.227.23 ---> VODAFONE_SPAIN_NETWORK
teresaibanez5 [at] terra.es
infoelperezseguros [at] aol.es
elperezseguros1 [at] mixmail.com
Muguphon: +34 645-072-294 ---> France Telecom España, S.a.
Received: from smtp-s1.menara.ma (smtp2.menara.ma [196.217.246.120])
by xxxxx (Postfix) with ESMTP id 9869D789ACEE
for xxxxx; Sun, 24 May 2009 07:36:11 +0200 (CEST)
X-AuditID: c0a80a1b-a65ebbb0000006dd-6c-4a18beb98f09
Received: from winfesmtp1.menara.local (unknown [10.0.1.3])
by smtp-s1.menara.ma (Menara) with ESMTP id BFBD04DC008;
Sun, 24 May 2009 03:27:53 +0000 (WET)
Received: from EXVS21.menara.local ([192.168.5.52]) by
winfesmtp1.menara.local with Microsoft SMTPSVC(6.0.3790.1830);
Sun, 24 May 2009 05:10:33 +0000
mack.peter [at] menara.ma
w_unionofficebj1 [at] strompost.com
Muguphon: +229- 97-56-88-99 ---> BéninCell/Spacetel/MTN/Areeba
Received: from traveltek3.readysteadyhost.com
(traveltek3.readysteadyhost.com [213.198.31.107])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTP id B2CCA789B765
for xxxxx; Sun, 24 May 2009 14:31:24 +0200 (CEST)
Received: from User ([196.3.183.73])
(authenticated bits=0)
by traveltek3.readysteadyhost.com (8.13.6.20060614/8.13.1) with ESMTP
id n4MDt1aM097964;
Fri, 22 May 2009 13:55:09 GMT
IP: 196.3.183.73 ---> Suburban Telecom, Nigeria
susanfernado111 [at] live.com
susan_fr1155 [at] live.com
- kjz
alte Bekannte...
Received: from mail.helvetissimmo.ch (adsl1680-dia1.ce.ip-plus.net
[217.193.118.156])
by xxxxx (Postfix) with ESMTP id F2F677855788
for xxxxx; Mon, 25 May 2009 02:58:06 +0200 (CEST)
Received: from User (unknown [196.3.183.72])
by mail.helvetissimmo.ch (Postfix) with ESMTP
id 53A117A91100; Sun, 24 May 2009 22:25:54 +0200 (CEST)
IP: 196.3.183.72 ---> ---> Suburban Telecom, Nigeria
diplomatfrankmoss2 [at] gmail.com
efabian [at] cyberhotline.com
Received: from mail.syes.tc.edu.tw (unknown [59.126.17.103])
by xxxxx (Postfix) with ESMTP id B6101789B764
for xxxxx; Mon, 25 May 2009 02:14:25 +0200 (CEST)
Received: from mail.syes.tc.edu.tw (localhost [127.0.0.1])
by mail.syes.tc.edu.tw (Postfix) with ESMTP id BDF75247268D;
Mon, 25 May 2009 06:50:37 +0800 (CST)
Received: from mail.syes.tc.edu.tw (localhost [127.0.0.1])
by mail.syes.tc.edu.tw (Postfix) with ESMTP id 355EF2472652;
Mon, 25 May 2009 06:48:01 +0800 (CST)
X-OriginatingIP: 218.111.7.135 (myt246) ---> 135.7.111.218.kmr02-home.tm.net.my
barrjl.leon1 [at] gmail.com
barrjl.leon [at] yahoo.com.hk
Received: from smtp4m5.poczta.onet.pl (smtp4m5.poczta.onet.pl
[213.180.138.35])
by xxxxx (Postfix) with ESMTP id 7C326789AE78
for xxxxx; Mon, 25 May 2009 08:57:44 +0200 (CEST)
Received: from [41.211.232.191] ([41.211.232.191]:54887 "EHLO
wsdf [at] poczta.onet.eu" rhost-flags-FAIL-FAIL-FAIL-FAIL) by ps4.mod5.onet
with ESMTPA id S28940AbZEYG5n5qCnj (ORCPT
<rfc822;xxxxx); Mon, 25 May 2009 08:57:43 +0200
IP: 41.211.232.191 ---> DIRECT ON PC LTD, Nigeria
generalpeterolu2029 [at] yahoo.com.hk
wsdf [at] poczta.onet.eu
Muguphon: 234-7026905160 ---> Visafone Communications Ltd., Nigeria
Mugufax: 234-8029402741 ---> Celtel Nigeria Limited/Zain
- kjz
Mein Dauer-Mugu:
Received: from mailwall.paleol.net (mailwall.paleol.net [81.93.85.135])
by xxxxx (Postfix) with ESMTP id 3AA5D789B935
for xxxxx>; Mon, 25 May 2009 16:40:56 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mailwall.paleol.net (Postfix) with ESMTP id 42ADE4A167;
Mon, 25 May 2009 16:16:25 +0200 (CEST)
Received: from mailwall.paleol.net ([127.0.0.1])
by localhost (mailwall [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 31479-05; Mon, 25 May 2009 16:16:25 +0200 (CEST)
Received: from webmail.paleol.net (asus2.paleol.net [81.93.85.150])
by mailwall.paleol.net (Postfix) with ESMTP id 275E54A13D;
Mon, 25 May 2009 16:16:25 +0200 (CEST)
Received: from 41.220.75.3
(SquirrelMail authenticated user igors)
by webmail.paleol.net with HTTP;
Mon, 25 May 2009 16:41:37 +0200 (CEST)
IP: 41.220.75.3 ---> MTN Nigeria
tntcourier [at] sify.com
igors [at] paleol.net
Muguphon: +44-7035926447 ---> Open Telecom International Ltd., UK
Mugufax: +44-7006094035 ---> Call Sciences Limited, UK/YAC
Ein Chinesen-Mugu:
Received: from email01.consolidated.net (email01.consolidated.net
[216.176.95.171])
by xxxxx (Postfix) with ESMTP id F1F1E789B985
for xxxxx; Mon, 25 May 2009 19:39:34 +0200 (CEST)
Received: from User ([113.112.66.249])
by email01.consolidated.net (MOS 3.10.5-GA)
with ESMTP id CIX75110 (AUTH ajfoa [at] consolidated.net);
Mon, 25 May 2009 05:53:11 -0500 (CDT)
IP: 113.112.66.249 ---> CHINANET Guangdong
atmcardection001 [at] gmail.com
andy_lau2008 [at] live.com
andy_lau2009 [at] live.com
ajfoa [at] consolidated.net
Muguphon: +861-372-480-2909 ---> China Mobile (GSM)
- kjz
Powered by vBulletin® Version 4.1.4 Copyright ©2013 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.