Link ist schon töter als tot
Druckbare Version
Link ist schon töter als tot
Um so besser :rolleyes:
Jetzt werden offensichtlich gecrackte Kontaktformulare zum Spammen missbraucht:
Zitat:
Это копия сообщения, которое вы отправили Contact Name Here через whois:very-potolok.ru
Это письмо отправлено с сайта whois: от:
truelife <*snip*>
You have a new answer from Lanino to your question. Go to view - whois:
header:01: Return-Path: <verypotoru [at] vh122.sweb.ru>02: Received: from vh122.sweb.ru ([77.222.40.168]) by mx-ha.gmx.net (mxgmx01403: [212.227.15.9]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from verypotoru by vh122.sweb.ru with local (Exim 4.90_1) (envelope-from05: <verypotoru [at] vh122.sweb.ru>) ID: [ID filtered]
____________________
Zitat:
Ez a(z) Contact Name Here részére a(z) whois:rocon.hu webhelyről küldött alábbi üzenet másolata
Ez egy érdeklődő e-mail a(z) whois: webhelyről, feladója:
truelife <*snip*>
You have a new answer to your question. Go to view - whois:
header:01: Return-Path: <szasimoto [at] gmail.com>02: Received: from mail.szasi.info ([79.120.178.8]) by mx-ha.gmx.net (mxgmx11403: [212.227.17.5]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from localhost (localhost [127.0.0.1]) by mail.szasi.info (Postfix)05: with ESMTP ID: [ID filtered]
____________________
Zitat:
Dieses ist eine Kopie der folgenden Nachricht, die an J. D. via Angelfreunde Ratingen e.V. gesendet wurde:
Dies ist eine Mailanfrage via whois: von:
truelife <*snip*>
You have a new answer to your question. Go to view - whois:
header:01: Return-Path: <angelfreunde-ratingen [at] t-online.de>02: Received: from mout-xforward.kundenserver.de ([82.165.159.6]) by mx-ha.gmx.net03: (mxgmx111 [212.227.17.5]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from infong1110.kundenserver.de ([82.165.80.156]) by05: mrelayeu.kundenserver.de (mreue010 [172.19.35.7]) with ESMTPA (Nemesis) ID: [ID06: filtered]07: Received: from 196.18.0.69 (IP may be forged by CGI script) by08: infong1110.kundenserver.de with HTTP ID: [ID filtered]
Ein schon etwas älterer Google-Drive-Spam, jedoch immer noch aktiv:
header:01: Return-Path: <nikolas.carlson [at] students.uav.edu>02: Received: from NAM03-CO1-obe.outbound.protection.outlook.com ([40.107.79.84])03: by mx-ha.web.de (mxweb111 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from DM6PR03MB3612.namprd03.prod.outlook.com (20.176.85.141) by05: DM6PR03MB4281.namprd03.prod.outlook.com (20.176.122.138) with Microsoft SMTP Server06: (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) ID: [ID filtered]07: Received: from DM6PR03MB3612.namprd03.prod.outlook.com08: ([fe80::ca4:1d66:5ee9:59b0]) by DM6PR03MB3612.namprd03.prod.outlook.com09: ([fe80::ca4:1d66:5ee9:59b0%4]) with mapi ID: [ID filtered]10: From: "Carlson, Nikolas" <nikolas.carlson [at] students.uav.edu>11: To: "xxx [at] xxx" <xxx [at] xxx>12: Subject: I saw you at last weekends13: Thread-Topic: I saw you at last weekends14: Thread-Index: [filtered]15: Date: Thu, 21 Feb 2019 xx:xx:xx +000016: Message-ID: [ID filtered]17: Accept-Language: en-US18: Content-Language: en-US19: X-MS-Has-Attach:20: X-MS-TNEF-Correlator:21: x-clientproxiedby: KL1PR06CA0055.apcprd06.prod.outlook.com (2603:1096:802:14::23) To22: DM6PR03MB3612.namprd03.prod.outlook.com (2603:10b6:5:ab::13)23: x-ms-exchange-messagesentrepresentingtype: 124: x-originating-ip: [2001:e68:5057:8a4e:12be:f5ff:fe28:bda0]25: x-ms-publictraffictype: Email26: x-ms-office365-filtering-correlation-ID: [ID filtered]27: x-microsoft-antispam:28: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4629: 7221)(201702281549075)(8990200)(7048125)(7024125)(7025125)(7027125)(7023125)(5600110)(711020)(30: 605104)(2017052603328)(7153060)(7193020);SRVR:DM6PR03MB4281;31: x-ms-traffictypediagnostic: DM6PR03MB4281:32: x-ms-exchange-purlcount: 133: x-microsoft-exchange-diagnostics:34: =?utf-8?B?MTtETTZQUjAzTUI0MjgxOzIzOmo2QkxXWEdORjhpeVd4NXlYVTN2ZE9iRnpK?=35: =?utf-8?B?WHBIZG5Rd09mKzV0VEJ3bHQvb01tMDZ2WjdOMUlOUU5iVWdJWWcxVk9yaEZk?=36: =?utf-8?B?b1lyU2NWUURTQit2NDRYdHRITnBCdEI2S0xMRnNBOFIwbzBwbi9RaXVaTWt3?=37: =?utf-8?B?SjlBNUt5cGVXbXB3RkNzcHNlTDI4cnZrOHlxWUQvUDMxc2FmQnp4aFZqMFJV?=38: =?utf-8?B?MjIwS2JjMlN0dnMrdmduZDZ0MlhoZFlVUVdrM0lTMzd3YzRibmIwdWpYZDBk?=39: =?utf-8?B?RUh4c2xhQytqcHBoNjg1QUt6K3JodjJ0S0JKVEw2QjhQbW1DZkM4ZVcyYWlx?=40: =?utf-8?B?NC9Na1hxdTEvWmlkYUlvdnBWTVFBVCtQYzkzTFJVQVRaZ1ljVlhmUWR1dG5j?=41: =?utf-8?B?VW1VOVE4TEQ3Z3p0Nk03d04wRFJPMFJQOGpjOEJnMDNxcHdZSGplWXFiSjBh?=42: =?utf-8?B?UG5wS2l3bG9xOGUvVUFlemRGRUkrVHR2UkJIcHAxbDgxVGVTbTlXVmZ1S0g1?=43: =?utf-8?B?TEVsUUdhNVBiV05qcU4rMi9Wa01Hai9XYkxIK3NyM1JlQUpHWXFhK2NCeVpy?=44: =?utf-8?B?aWszcjVvUU5lZklQb1RkejBpc29aR0RTeTYrcnZ3NWltbHo3SGhCNDBjUVFH?=45: =?utf-8?B?QS9SS29ZY05MYk51N2llUXNZVzZWRTgvQ2RQenlDNFFhbDRDdjFCRG9tVzZC?=46: =?utf-8?B?S0Vsdm1vZUlDZkVyTytYOVVCL01IRW14M3RTSEtMT0JMTjdRdGs2aWxuK3ZD?=47: =?utf-8?B?U3lnSEo2cGNCL3RNODM0dTZ3bGpNOWhuYXhXdWR0eGJUaDFLb1paam5LcjEv?=48: =?utf-8?B?YkJRT3RlVVhMakExVVZQa29uM25MK0RyZ0RZV2Vib2xaaUtCRUZYSVBUNlVZ?=49: =?utf-8?B?Y2J4WkM5YjFpUkV3R3dHVjFYVWRDRnpKbEJoTXR5bG5jRmVnNk9yVms3NktG?=50: =?utf-8?B?eHVobThPN3RvT1ZuMCtaU3E3ZTl4Nmx3amo5bDJsL093V21XbCtIc3VWN3Rz?=51: =?utf-8?B?Z3crazN5cFRaTStkMnBBaG1POEJUZUZOdWk5YWpHaEd0UU1xUzIxWE9ZOHky?=52: =?utf-8?B?dTVSOFgrc3ZmNUNVUVZaL1pSeXZCVzlrVGdrRXFXYlZwNTlkb1QxQjFjZUtJ?=53: =?utf-8?B?VVRsSEZuM29OclZIWER3eVMreXl1VnNaOVE0clR4ODdSNEVhVnFBNXNpdE1Q?=54: =?utf-8?B?YWZQb1N1S0FCeStLVmFOMEp1WGNOU3FVZlNSUHdOVU1OVlhLNThjVlhSMXJT?=55: =?utf-8?B?TC90ZVpDcGM2OHRxYm1vYlozOThJdFFvZUFaL250ZUFsQk5keGxmUU15VzJ5?=56: =?utf-8?B?bTRkT2VKZEFkTDVsSWtqbFM3Q3ZESHlVRmJlVnBmN011THFxNmFnOExxdjVL?=57: =?utf-8?B?eWpOUDRJR21CSG9id3JEY255emR1ZTlFNi9Oa0JIclNXaUVnTjNDSUhIcmJV?=58: =?utf-8?B?S0lKdHNDeDNwWm9BcCt4YWo0TlVwdXhrTDhIMEwrZmE5N1dyWGp0clU5V2ZX?=59: =?utf-8?B?OTljalZBaG9jSjFzQ1AwMXZiTjVFcXFyZUpRWTVDREdrSjNCLzVpWTlhdml5?=60: =?utf-8?B?VTZZUlJpWU4zL3FHWG9LOUROMkZmeDZHU0ZsZnl0S1Y5SVBEWnF5T05md29i?=61: =?utf-8?B?TGJPUzJCQ1dka29XZTdZUzhtQVlsRm94K0c5Y05Qc3g0UkxScmNDbENXM3Jh?=62: =?utf-8?Q?A+tex0CTvSl/GGVWlFrG+z9nSy/8s4iDLMm2CP7?=63: x-microsoft-antispam-prvs: <x [at] DM6PR03MB4281.namprd03.prod.outlook.com>64: x-forefront-prvs: 09555FB1AD65: x-forefront-antispam-report:66: SFV:NSPM;SFS:(10009020)(346002)(136003)(39850400004)(376002)(396003)(366004)(199004)(189003)(967: 86003)(186003)(71190400001)(476003)(486006)(6306002)(46003)(508600001)(2906002)(81156014)(105568: 6002)(71200400001)(1730700003)(106356001)(8676002)(1361003)(88552002)(68736007)(33656002)(743169: 002)(81166006)(558084003)(75432002)(6116002)(6436002)(6916009)(966005)(8936002)(256004)(23510070: )(53936002)(14454004)(316002)(786003)(52116002)(99286004)(7696005)(25786009)(305945005)(55016071: 2)(386003)(86362001)(102836004)(6506007)(2501003)(97736004)(5660300002)(5640700003)(7736002);D72: R:OUT;SFP:1101;SCL:1;SRVR:DM6PR03MB4281;H:DM6PR03MB3612.namprd03.prod.outlook.com;FPR:;SPF:Non73: ;LANG:en;PTR:InfoNoRecords;A:0;MX:1;74: received-spf: None (protection.outlook.com: students.uav.edu does not designate75: permitted sender hosts)76: x-ms-exchange-senderadcheck: 177: x-microsoft-antispam-message-info: x78: Content-Type: text/plain; charset="utf-8"79: Content-ID: [ID filtered]80: Content-Transfer-Encoding: base6481: MIME-Version: 1.082: X-OriginatorOrg: students.uav.edu83: X-MS-Exchange-CrossTenant-Network-Message-ID: [ID filtered]84: X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2019 xx:xx:xx.4581 (UTC)85: X-MS-Exchange-CrossTenant-fromentityheader: Hosted86: X-MS-Exchange-CrossTenant-mailboxtype: HOSTED87: X-MS-Exchange-CrossTenant-ID: [ID filtered]88: X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR03MB428189: Envelope-To: <xxx [at] xxx>90: X-Spam-Flag: YES
Ziel: whois:Zitat:
Its me, I called you yeasturday.
Gezeigt wird unter dieser Adresse ein durchaus netter weiblicher Anblick in schwarzen Dessous, was nach meiner Erfahrung so manchen Mann spontan zu einem "Click to see" verführt hat :rolleyes:
Wenn ich den Header richtig deute, wurde hier eine fremde Email gecrackt oder doch "nur" überschrieben?
Ganz sicher gecrackte Mail-Accounts.
Bei den von Microsoft versorgten Uni- und Schul-Mailadressen gibt es offenbar entweder eine erhebliche Menge einfach per Brute Force erratbarer Kennwörter, oder es wurden Passwort-Files gestohlen und gecrackt. Aufgrund der Menge und des zeitlichen Musters, in dem dieses Phänomen aufgetaucht ist, tippe ich auf das zweite, obwohl das erste bei den ganzen automatisch angelegten Mail-Accounts mit systematisch generierten Passwörten für Studenten, von denen sich viele nicht die Mühe einer Passwortänderung machen, auch nicht auszuschließen ist. Ich habe aber bisher noch keine Nachrichten-Info über ein Datenleck bei Microsoft/Hotmail gesehen, obwohl das Problem bestimmt schon seit Mai letzten Jahres besteht (da habe ich eine Abuse-Mail an Microsoft und den Admin einer betroffenen akademischen Institution geschrieben, die aber nicht beantwortet wurde).
hoppala
Der Nachschub kommt zwar spärlich, aber er kommt :(
header:01: Return-Path: <apinate [at] faproa.com.ve>02: Received: from host.faproa.com.ve ([151.80.251.165]) by mx-ha.web.de (mxweb01303: [212.227.15.17]) with ESMTPS (Nemesis) ID: [ID filtered]04: DKIM-Signature: x05: Received: from faproa by host.faproa.com.ve with local (Exim 4.91) (envelope-from06: <poor [at] spamvictim.tld>) ID: [ID filtered]07: To: xxx [at] xxx08: Subject: =?utf-8?Q?Copia_de:_Hey_s=C3=BC=C3=9F?=09: X-PHP-Script: faproa.com.ve/index.php for 196.19.10.6310: X-PHP-Originating-Script: 1000:class.phpmailer.php11: Date: Thu, 4 Apr 2019 xx:xx:xx +000012: From: "www.faproa.com.ve" <apinate [at] faproa.com.ve>13: Reply-To: xxx <xxx [at] xxx>14: Message-ID: [ID filtered]15: X-Mailer: PHPMailer 5.2.16 (https://github.com/PHPMailer/PHPMailer)16: MIME-Version: 1.017: Content-Type: text/plain; charset=utf-818: Content-Transfer-Encoding: 8bit19: X-AntiAbuse: This header was added to track abuse, please include it with any abuse20: report21: X-AntiAbuse: Primary Hostname - host.faproa.com.ve22: X-AntiAbuse: Original Domain - xxx23: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]24: X-AntiAbuse: Sender Address Domain - faproa.com.ve25: X-Get-Message-Sender-Via: host.faproa.com.ve: authenticated_ID: [ID filtered]26: X-Authenticated-Sender: host.faproa.com.ve: apinate [at] faproa.com.ve27: X-Source: /opt/cpanel/ea-php56/root/usr/bin/php-cgi28: X-Source-Args: /opt/cpanel/ea-php56/root/usr/bin/php-cgi29: X-Source-Dir: faproa.com.ve:/public_html30: Envelope-To: <xxx [at] xxx>31: X-Spam-Flag: YES
Zitat:
Esto es una copia del mensaje que envió a Main Contact vía
Esto es una petición de correo vía de:
xxx <xxx@xxx>
Erkenne mich? Du hast gesagt, dass ich sehr schön bin. Möchten Sie sich kennenlernen? Schau auf meinen Körper -
offtopic:Ein vernünftiges Übersetzungsprogramm ist wohl nicht verfügbar :rolleyes:
Noch immer aktives Ziel: whois:
Selbes Ziel, dieses Mal mit einem russischem Absender:
header:01: Return-Path: <aspect [at] aspect.ru>02: Received: from aspht.ve.dol.ru ([194.87.50.125]) by mx-ha.web.de (mxweb11103: [212.227.17.8]) with ESMTP (Nemesis) ID: [ID filtered]04: Received: by aspht.ve.dol.ru (Postfix, from userID: [ID filtered]05: To: xxx [at] xxx06: Subject: =?utf-8?B?0JrQvtC/0LjRjzogSGFsbG8gc8O8c3M=?=07: X-PHP-Originating-Script: 501:phpmailer.php08: Date: Thu, 4 Apr 2019 xx:xx:xx +030009: From: aspect <aspect [at] aspect.ru>10: Reply-To: xxx <xxx [at] xxx>11: Message-ID: [ID filtered]12: X-Priority: 313: X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)14: MIME-Version: 1.015: Content-Transfer-Encoding: 8bit16: Content-Type: text/plain; charset="utf-8"17: Envelope-To: <xxx [at] xxx>18: X-Spam-Flag: YES
Zitat:
Это копия сообщения, которое вы отправили Введите имя Контакта через Ассоциация делового сотрудничества в области передовых комплексных технологий "АСПЕКТ"
Это письмо отправлено с сайта от:
xxx <xxx@xxx>
Können Sie sich an mich erinnern? Du hast gesagt, dass ich sehr schön bin. Möchten Sie sich kennenlernen? Schau mich an -
Dritte Version (alle aktiv!) jetzt aus dem Mutterland des Brexit :rolleyes:
header:01: Return-Path: <info [at] petersfieldframing.co.uk>02: Received: from zeus.speedyservers.com ([195.8.197.169]) by mx-ha.web.de03: (mxweb111 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: DKIM-Signature: x05: Received: from ftandy by zeus.speedyservers.com with local (Exim 4.91) (envelope-from06: <poor [at] spamvictim.tld>) ID: [ID filtered]07: To: xxx [at] xxx08: Subject: =?utf-8?Q?Copy_of:_Yoo-Hoo_s=C3=BCss?=09: X-PHP-Script: framingteacher.co.uk/index.php for 193.42.104.8810: Date: Thu, 4 Apr 2019 xx:xx:xx -050011: From: Framing Teacher <info [at] petersfieldframing.co.uk>12: Reply-to: knuthe <xxx [at] xxx>13: Message-ID: [ID filtered]14: X-Priority: 315: X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)16: MIME-Version: 1.017: Content-Transfer-Encoding: 8bit18: Content-Type: text/plain; charset="utf-8"19: X-AntiAbuse: This header was added to track abuse, please include it with any abuse20: report21: X-AntiAbuse: Primary Hostname - zeus.speedyservers.com22: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]23: X-AntiAbuse: Sender Address Domain - petersfieldframing.co.uk24: X-Get-Message-Sender-Via: zeus.speedyservers.com: authenticated_ID: [ID filtered]25: X-Authenticated-Sender: zeus.speedyservers.com: ftandy26: X-Source:27: X-Source-Args:28: X-Source-Dir: framingteacher.co.uk:/public_html29: Envelope-To: <xxx [at] xxx>30: X-Spam-Flag: YES
Zitat:
This is a copy of the following message you sent to Framing Teacher via Framing Teacher
This is an enquiry email via from:
xxx <xxx@xxx>
Du hast mich erkannt? Du hast gesagt, dass ich sehr schön bin. Möchten Sie sich kennenlernen? Schau mich an - whois:://drive.google.com/open?id=1-87ixUdw65zDRyAw2J2jKZ7kd7YqRNeP
Und noch eine Version ...
header:01: Return-Path: <info [at] elenvisage.com>02: Received: from mail.grafikondesign.de ([91.250.97.208]) by mx-ha.web.de03: (mxweb110 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: by mail.grafikondesign.de (Postfix, from userID: [ID filtered]05: To: xxx [at] xxx06: Subject: =?utf-8?Q?Kopie_von:_Hi_sch=C3=B6n?=07: X-PHP-Originating-Script: 10008:phpmailer.php08: Date: Fri, 5 Apr 2019 xx:xx:xx +020009: From: ElenVisage <info [at] elenvisage.com>10: Reply-To: xxx <xxx [at] xxx>11: Message-ID: [ID filtered]12: X-Priority: 313: X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)14: MIME-Version: 1.015: Content-Transfer-Encoding: 8bit16: Content-Type: text/plain; charset="utf-8"17: X-PPP-Message-ID: [ID filtered]18: X-PPP-Vhost: elenvisage.com19: Envelope-To: <xxx [at] xxx>20: X-Spam-Flag: YES
*Bei allen wurde meine Emailaddy sowohl als FROM wie auch als REPLY im Header genutzt :mad:Zitat:
Dieses ist eine Kopie der folgenden Nachricht, die an Contact Name Here via Elenvisage Visagist Groß-Rohrheim und umgebung gesendet wurde:
Dies ist eine Mailanfrage via von:
x <xxx@xxx>*
Erkenne mich? Du hast gesagt, dass ich sehr schön bin. Möchten Sie sich kennenlernen? Schau mich an -
Wahnsinn :confused:
header:01: Return-Path: <il2003 [at] yandex.ru>02: Received: from server207.hosting.reg.ru ([31.31.196.98]) by mx-ha.web.de03: (mxweb111 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from u0482110 by server207.hosting.reg.ru with local (Exim 4.90_1)05: (envelope-from <poor [at] spamvictim.tld>) ID: [ID filtered]06: To: xxx [at] xxx07: Subject: =?utf-8?B?0JrQvtC/0LjRjzogSGFsbG8gc2Now7Zu?=08: X-PHP-Originating-Script: 508:phpmailer.php09: Date: Fri, 5 Apr 2019 xx:xx:xx +030010: From: Movei <il2003 [at] yandex.ru>11: Reply-To: xxx <xxx [at] xxx>12: Message-ID: [ID filtered]13: X-Priority: 314: X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)15: MIME-Version: 1.016: Content-Transfer-Encoding: 8bit17: Content-Type: text/plain; charset="utf-8"18: Envelope-To: <xxx [at] xxx>19: X-Spam-Flag: YES
header:01: Return-Path: <webmaster [at] dk-system.de>02: Received: from mail.dk-system.de ([178.254.36.224]) by mx-ha.web.de (mxweb11103: [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: by mail.dk-system.de (Postfix, from userID: [ID filtered]05: To: xxx [at] xxx06: Subject: =?utf-8?Q?Kopie_von:_Hey_s=C3=BC=C3=9F?=07: X-PHP-Originating-Script: 33:phpmailer.php08: Date: Fri, 5 Apr 2019 xx:xx:xx +020009: From: "Ing.Buero Annas GmbH" <webmaster [at] dk-system.de>10: Reply-To: xxx <xxx [at] xxx>11: Message-ID: [ID filtered]12: X-Priority: 313: X-Mailer: PHPMailer 5.2.1 (http://code.google.com/a/apache-extras.org/p/phpmailer/)14: MIME-Version: 1.015: Content-Transfer-Encoding: 8bit16: Content-Type: text/plain; charset="utf-8"17: Envelope-To: <xxx [at] xxx>18: X-Spam-Flag: YES
header:01: Return-Path: <memphis1 [at] frodo.ptwebserv.net>02: Received: from frodo.ptwebserv.net ([80.172.234.25]) by mx-ha.web.de (mxweb11303: [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: Received: from memphis1 by frodo.ptwebserv.net with local (Exim 4.91) (envelope-from05: <poor [at] spamvictim.tld>) ID: [ID filtered]06: To: xxx [at] xxx07: Subject: =?utf-8?Q?C=C3=B3pia_de:_Hey_s=C3=BC=C3=9F?=08: X-PHP-Script: maconaria-memphismisraim.info/index.php for 185.194.15.3809: X-PHP-Filename: /home/memphis1/public_html/index.php REMOTE_ADDR: 185.194.15.3810: Date: Fri, 5 Apr 2019 xx:xx:xx +010011: From: Memphis Misraim Brasil <internet [at] memphismisraim.pt>12: Message-ID: [ID filtered]13: X-Priority: 314: X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version 2.0.4]15: MIME-Version: 1.016: Content-Transfer-Encoding: 8bit17: Content-Type: text/plain; charset="utf-8"18: X-PTWebServ-MailScanner-Information: Please contact the ISP for more information19: X-PTWebServ-MailScanner-ID: [ID filtered]20: X-PTWebServ-MailScanner: Found to be clean21: X-PTWebServ-MailScanner-SpamCheck:22: X-PTWebServ-MailScanner-From: memphis1 [at] frodo.ptwebserv.net23: X-Spam-Status: No24: X-AntiAbuse: This header was added to track abuse, please include it with any abuse25: report26: X-AntiAbuse: Primary Hostname - frodo.ptwebserv.net27: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]28: X-AntiAbuse: Sender Address Domain - frodo.ptwebserv.net29: X-Get-Message-Sender-Via: frodo.ptwebserv.net: authenticated_ID: [ID filtered]30: X-Authenticated-Sender: frodo.ptwebserv.net: memphis131: Envelope-To: <xxx [at] xxx>32: X-Spam-Flag: YES
header:01: Return-Path: <noreply [at] deltapack.ro>02: Received: from mocha7003.mochahost.com ([198.38.82.161]) by mx-ha.web.de03: (mxweb113 [212.227.17.8]) with ESMTPS (Nemesis) ID: [ID filtered]04: DKIM-Signature: x05: To: xxx [at] xxx06: Subject: =?utf-8?Q?Copie_a:_Hi_s=C3=BCss?=07: Date: Fri, 5 Apr 2019 xx:xx:xx -050008: From: test j25 <noreply [at] deltapack.ro>09: Reply-To: xxx [at] xxx10: Message-ID: [ID filtered]11: X-Priority: 312: X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)13: MIME-Version: 1.014: Content-Type: text/plain; charset=utf-815: Content-Transfer-Encoding: 8bit16: X-AntiAbuse: This header was added to track abuse, please include it with any abuse17: report18: X-AntiAbuse: Primary Hostname - mocha7003.mochahost.com19: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]20: X-AntiAbuse: Sender Address Domain - deltapack.ro21: X-Get-Message-Sender-Via: mocha7003.mochahost.com: authenticated_ID: [ID filtered]22: X-Authenticated-Sender: mocha7003.mochahost.com: noreply [at] deltapack.ro23: Envelope-To: <xxx [at] xxx>24: X-Spam-Flag: YES
Das ist nicht das erste Mal, das meine Emailaddy als (gefakter) Spam-Absender missbraucht wurde :( doch dieses Mal blieben zumindestens im Gegensatz zu früher die diversen (zu Recht) empörten Replys aus ...