Seite 44 von 44 ErsteErste ... 34424344
Ergebnis 431 bis 439 von 439

Thema: [Virus] Neue Bestellung / Lieferschein für xxx / Mahnung

  1. #431
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from mail.ptsg.co.ID: [ID filtered]
    02: by x (Postfix) with ESMTP ID: [ID filtered]
    03: for <x>; Thu, 25 May 2017 xx:xx:xx +0200 (CEST)
    04: Received: from webmail.ptsg.co.ID: [ID filtered]
    05: (Authenticated sender: lab [at] ptsg.co.id)
    06: by mail.ptsg.co.ID: [ID filtered]
    07: Thu, 25 May 2017 xx:xx:xx +0700 (WIT)
    Im Anhang: New Order 00BY1621.arj
    Code:
    AegisLab 			Troj.W32.Generic!c 			20170525
    ESET-NOD32 			a variant of Win32/GenKryptik.AHTT 	20170525
    Fortinet 			W32/Generic.M!tr 			20170525
    Ikarus 				Win32.Outbreak 				20170525
    Invincea 			virtool.win32.injector.fq 		20170519
    Kaspersky 			HEUR:Trojan.Win32.Generic 		20170525
    TrendMicro-HouseCall 		Suspicious_GEN.F47V0525 		20170525
    ZoneAlarm by Check Point 	HEUR:Trojan.Win32.Generic 		20170525
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  2. #432
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from ns1.banglanetbd.net (ns1.banglanetbd.net [75.126.46.114])
    02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    03: (No client certificate requested)
    04: by x (Postfix) with ESMTPS ID: [ID filtered]
    05: for <x>; Tue, 11 Jul 2017 xx:xx:xx +0200 (CEST)
    06: Received: from toroon63-1279381429.sdsl.bell.ca ([76.65.207.181]:2870
    07: helo=dsenorthern.co.uk)
    08: by ns1.banglanetbd.net with esmtpa (Exim 4.87)
    09: (envelope-from <enquiries [at] dsenorthern.co.uk>)
    10: ID: [ID filtered]
    11: for x; Tue, 11 Jul 2017 xx:xx:xx -0500

    header:
    01: Received: from ns1.banglanetbd.net (ns1.banglanetbd.net [75.126.46.114])
    02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    03: (No client certificate requested)
    04: by x (Postfix) with ESMTPS ID: [ID filtered]
    05: for <x>; Tue, 11 Jul 2017 xx:xx:xx +0200 (CEST)
    06: Received: from toroon63-1279381429.sdsl.bell.ca ([76.65.207.181]:1491
    07: helo=dsenorthern.co.uk)
    08: by ns1.banglanetbd.net with esmtpa (Exim 4.87)
    09: (envelope-from <enquiries [at] dsenorthern.co.uk>)
    10: ID: [ID filtered]
    11: for x; Tue, 11 Jul 2017 xx:xx:xx -0500
    whois:https://deref-mail.com/mail/client/*schnapp*/dereferrer/?redirectUrl=
    whois:https://deref-mail.com/mail/client/*schnapp*/dereferrer/?redirectUrl=
    whois:https://deref-mail.com/mail/client/*schnapp*/dereferrer/?redirectUrl=
    whois:https://deref-mail.com/mail/client/*schnapp*/dereferrer/?redirectUrl=
    whois:https://deref-mail.com/mail/client/*schnapp*/dereferrer/?redirectUrl=
    whois:http://www.rickmers-reederei.com

    Im Anhang ein HTML-Dokument mit folgendem Download:
    whois:http://www.crackmiata.com/z/KW128.jar

    Dort heißt es dann
    This Account has been suspended.
    Contact your hosting provider for more information.
    Geändert von schara56 (11.07.2017 um 17:47 Uhr)
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  3. #433
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from mail.misc.go.th (58-97-113-102.static.asianet.co.th
    02: [58.97.113.102])
    03: (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
    04: (No client certificate requested)
    05: by x (Postfix) with ESMTPS ID: [ID filtered]
    06: for <x>; Sat, 29 Jul 2017 xx:xx:xx +0200 (CEST)
    07: Received: from postoffice.com (unknown [84.38.130.246])
    08: (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    09: (No client certificate requested)
    10: by mail.misc.go.th (Postfix) with ESMTPSA ID: [ID filtered]
    11: for <x>; Fri, 28 Jul 2017 xx:xx:xx +0700 (ICT)
    Server Message

    *Dear ***schnapp**

    Our record indicates that you recently made a request to shutdown your email
    account(**schnapp**). And this request will be processed shortly.

    If this request was made accidentally and you have no knowledge of it, you are
    advised to cancel the request now

    Cancel De-activation whois:http://smpeducation.com/test/crypt/index.html?email=%0%>

    However, if you do not cancel this request, your account will be shutdown
    shortly and all your email data will be lost permanently.

    Regards.
    *Email Administrator*

    --------------------------------------------------------------------------------

    This message is auto-generated from E-mail security server, and replies sent to
    this email can not be delivered.
    This email is meant for: **schnapp**
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  4. #434
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from lserver228.megavelocity.net (lserver228.megavelocity.net
    02: [205.204.76.173])
    03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    04: (No client certificate requested)
    05: by x (Postfix) with ESMTPS ID: [ID filtered]
    06: for <x>; Sun, 30 Jul 2017 xx:xx:xx +0200 (CEST)
    07: Received: from [162.248.244.226] (port=25762)
    08: by lserver228.megavelocity.net with esmtpa (Exim 4.89)
    09: (envelope-from <shanti [at] swiftcargo.com>)
    10: ID: [ID filtered]
    Dear Sir,

    Attn : All


    Please note that they have provided shipment Billing Details at the time
    So see enclosed/Attached file BL Draft, Also if GST Registration details are provided, All you will fine as per attached .
    please freview attached and forward the same soon to ensure Hassle Free BL release and to provide Invoices on time.

    Please note that we will be able to amend any request for change of Customer Name, Address, GSTIN, etc, on the Invoice.

    Thanks & Regards,
    S* N*
    Asst Manager- Customer Service


    Gundecha Onclave, 3C2 C Wing,
    Kherani Road, Saki Naka
    Andheri (East),
    Mumbai 400072
    Im Anhang eine "AGP MOSAIC FANTIN SHIP CAG LOTSMV SAILING.r11" mit folgendem Inhalt:
    https://www.virustotal.com/de/file/e...cfe6/analysis/
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  5. #435
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from qoa-mxgw.safaricombusiness.co.ke (posta.safaricombusiness.co.ke
    02: [197.248.254.164])
    03: by x (Postfix) with ESMTP ID: [ID filtered]
    04: for <x>; Tue, 1 Aug 2017 xx:xx:xx +0200 (CEST)
    05: X-IronPort-AV: E=Sophos;i="5.39,386,1493683200";
    06: d="scan'208,217";a="1713868"
    07: Received: from host24.safaricombusiness.co.ke ([197.248.5.24])
    08: by qoa-mxgw.safaricombusiness.co.ke with ESMTP; 01 Aug 2017 xx:xx:xx +0300
    09: Received: from [::1] (port=45453 helo=host24.safaricombusiness.co.ke)
    10: by host24.safaricombusiness.co.ke with esmtpa (Exim 4.89)
    11: (envelope-from <emailteamsarah007 [at] gmail.com>)
    12: ID: [ID filtered]
    Email De-Activation

    DEAR EMAIL USER

    Our Data Base shows a shutdown request made by you to our technical team
    asking us to immediately shut down your E-mail account. This request
    will be processed shortly.

    If this request was made accidentally or you have no knowledge of it,
    you are advised to undo De-Activation now.

    Undo De-Activation [1]

    Note: if you do not Undo this request, your account will be disabled
    shortly and all your email data will be lost permanently.

    Regards.
    E-MAIL SERVICES.

    -------------------------

    This message is auto-generated from E-mail security server, and replies
    sent to this email can not be delivered.
    This email is meant for our Email subscriber only.



    Links:
    ------
    [1] whois:https://dashingboutique.in/pp/crypt/index.html
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  6. #436
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from lynxauto_1.norjac.co.uk (host81-136-165-69.in-addr.btopenworld.com
    02: [81.136.165.69])
    03: by x (Postfix) with ESMTP ID: [ID filtered]
    04: for <x>; Mon, 7 Aug 2017 xx:xx:xx +0200 (CEST)
    05: Received: from IP-220-69.dataclub.biz ([46.183.220.69]) by
    06: lynxauto_1.norjac.co.uk with Microsoft SMTPSVC(6.0.3790.3959);
    07: Mon, 7 Aug 2017 xx:xx:xx +0100
    Server Message

    Dear x Our record indicates that you recently made a request to shutdown your email (x). And this request will be processed shortly. If this request was made accidentally and you have no knowledge of it, you are advised to cancel the request now

    Cancel De-activation

    However, if you do not cancel this request, the your account will be shutdown shortly
    and all your email data will be lost permanently. Regards.
    Email Administrator

    This message is auto-generated from E-mail security server, and replies sent to this email can not be delivered.
    This email is meant for: x
    whois:http://www.pustaka.uninus.ac.id/Wp-manager/Domain/crypt/index.html?userid=3D*schnapp* (whois:103.28.12.77)
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  7. #437
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from mout-xforward.kundenserver.de ([82.165.159.8]) by mx-ha.gmx.net
    02: (mxgmx115 [212.227.17.5]) with ESMTPS (Nemesis) ID: [ID filtered]
    03: for <x>; Mon, 18 Sep 2017 xx:xx:xx +0200
    04: Received: from 10.0.0.25 ([152.115.50.2]) by mrelayeu.kundenserver.de
    05: (mreue001 [212.227.15.167]) with ESMTPSA (Nemesis) id
    06: 0MgCdZ-1e5la80FGv-00NV6Z for <x>; Mon, 18 Sep 2017 xx:xx:xx
    07: +0200
    Guten Tag,

    Im Anhang dieser E-Mail finden Sie eine .DOC-Datei mit den gewünschten Informationen.

    Rech:
    whois:http://aishomiura.com/gescanntes-Dokument-*schnapp*/
    *schnapp*

    Mit freundlichen Grüße
    Nachtrag:
    Siehe auch Heise.de
    Geändert von schara56 (18.09.2017 um 15:45 Uhr) Grund: Nachtrag
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

  8. #438
    Urgestein
    Registriert seit
    18.07.2005
    Beiträge
    7.356

    Standard


    header:
    01: Received: from mtaout006-public.msg.strl.va.charter.net
    02: (mtaout006-public.msg.strl.va.charter.net [68.114.190.31])
    03: by xxxxx (Postfix) with ESMTP
    04: for <xxxxx>; Tue, 7 Nov 2017 xx:xx:xx +0100 (CET)
    05: Received: from imp04 ([64.210.232.14]) by mtaout006.msg.strl.va.charter.net
    06: (InterMail vM.9.00.023.01 201-2473-194) with ESMTP
    07: ID: [ID filtered]
    08: for <xxxxx>; Tue, 7 Nov 2017 xx:xx:xx -0600
    09: Received: from 10.0.0.59 ([196.200.27.170])
    10: by imp04 with ID: [ID filtered]

    Guten Tag,
    der Zustelltermin für Ihr Paket hat sich auf Dienstag, 15:00-19:00 Uhr
    geändert.

    Unter folgender Adresse können Sie den Status Ihres Pakets verfolgen:
    whois:http://benit.biz/DHL-number/.
    IP: 192.195.77.97 ---> perfora.net

    Es soll dann eine verseuchte Word Datei (DHL Express - Dienstag, 11_00-19_00 Uhr.doc; mit Nachladen von whois:http://leaderschool.cn) heruntergeladen werden. Die Erkennungsrate ist noch mau.

    https://virusscan.jotti.org/de-DE/fi...job/up1l8iv515

    https://www.virustotal.com/#/file/f6...8910/detection

    https://www.hybrid-analysis.com/samp...ironmentId=100
    mein Credo: die 10 größten ROKSO-Spammer aus dem Verkehr gezogen, und 80 % des weltweiten Spam-Problems hätte sich mit einem Schlag erledigt....

  9. #439
    Urinstein Avatar von schara56
    Registriert seit
    03.08.2005
    Ort
    zuhause
    Beiträge
    7.432

    Standard


    header:
    01: Received: from vps17837.inmotionhosting.com (vps17837.inmotionhosting.com
    02: [172.81.118.177])
    03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    04: (No client certificate requested)
    05: by X (Postfix) with ESMTPS ID: [ID filtered]
    06: for <X>; Wed, 8 Nov 2017 xx:xx:xx +0100 (CET)
    07: Received: from tdmonl5 by vps17837.inmotionhosting.com with local (Exim 4.89)
    08: (envelope-from <bestellbestaetigung [at] amazon.de>)
    09: ID: [ID filtered]
    10: for X; Wed, 08 Nov 2017 xx:xx:xx -0500
    Sehr geehrte/r X,

    vielen Dank für Ihren Kauf. Sie finden weitere Details in der angefügten Rechnung. Wir werden Sie sofort benachrichtigen, sobald Ihr(e) Bestellung versandt wurde(n).

    Wir freuen uns auf Ihren nächsten Besuch.
    Im Anhang eine "X Amazon 07.11.2017.zip"
    https://virusscan.jotti.org/de-DE/fi...job/rd34w1bdse
    Villains who twirl their mustaches are easy to spot.
    Those who cloak themselves in good deeds are well camouflaged.

    Sokath! His eyes uncovered!

Seite 44 von 44 ErsteErste ... 34424344

Lesezeichen

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
Partnerlink:
REDDOXX Anti-Spam Lösungen