header:
01: From - Tue Oct 22 xx:xx:xx 2013
02: X-Account-Key: account1
03: X-UIDL: [UID filtered]
04: X-Mozilla-Status: 0001
05: X-Mozilla-Status2: 00000000
06: X-Mozilla-Keys:
07:
08: Return-Path: bounce[BOUNCE filtered]@i.email.hotsaleusa.biz
09: Received: from 23-106-159-144.m.emsender.biz ([23.106.159.144]) by
10: mx-ha.gmx.net (mxgmx110) with ESMTP (Nemesis) ID: [ID filtered]
11: <***>; Tue, 22 Oct 2013 xx:xx:xx +0200
12: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=email.hotsaleusa.biz;
13: h=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Transfer-Enco
14: ing:Content-Type; i=info [at] email.hotsaleusa.biz;
15: bh=4Ia2KaKbJ+VyViiNjyvFdGmE3aY=;
16: b=bLCmKFyypg7FCmnnXlF+h0p2ol0JL+5IW4txU3CaAlOr25T9Na9qneqyVAN9QJ+jJksA05bvcznU
17: v0zv/YBD+ylo63u5mG/cSC6Y4m1wx5fKRo0K1zVtINY0PaGLv0szhXnEAV5BRznw9xezql32OhtY
18: F9adbMy9vns7fa+SRcE=
19: DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1; d=email.hotsaleusa.biz;
20: b=nZdoc+ZtGNk7/2UKSDadXLiGY47XS43/VIh8ImszG+MGIcTtHN1i3UMhbmy034yqHW8S81Be95s2
21: ETuqQUSeeO4dJp0xpGuLGEdwhzK0XGd2F7yhCZZqkFY2t2/O3nGGqsWjpJPHXt8BtAvwBdRAR2Qg
22: B84rNleGce9oZe5o3+0=;
23: Date: Tue, 22 Oct 2013 xx:xx:xx +0800
24: Return-Path: bounce[BOUNCE filtered]@i.email.hotsaleusa.biz
25: To: "***" <***>
26: From: UGG Boots <info [at] email.hotsaleusa.biz>
27: Reply-to: UGG Boots <info [at] email.hotsaleusa.biz>
28: Message-ID: [ID filtered]
29: X-Priority: 3
30: X-Mailer: doEdm.biz
31: X-Complaints-To: admin [at] email.hotsaleusa.biz
32: List-Unsubscribe: <http://email.hotsaleusa.biz/u.php?[UNSUB filtered]>
33: X-MessageID: [ID filtered]
34: X-Report-Abuse: <http://email.hotsaleusa.biz/report_abuse.php?mid=***>
35: MIME-Version: 1.0
36: Content-Transfer-Encoding: quoted-printable
37: Content-Type: text/html; charset="utf-8"
38: Envelope-To: <poor [at] spamvictim.tld>
39: Subject:*** GMX Spamverdacht *** 3 Days Special - 80% Off UGG Boots Everything!
40: X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;
41: X-GMX-Antivirus: 0 (no virus found)
42: X-Antivirus: avast! (VPS 131022-1, 22.10.2013), Inbound message
43: X-Antivirus-Status: Clean
Im Body der Mail dann ganz viel html und Bilder:
UGG BOOTS Discount Store!
save 80 %OFF
------ Only today ------
shop now
Der Link führt zwischenzeitlich zu einer Infoseite der Rechteinhaber für UGG Boots, der Manolo Blahnik International Limited.
Andere Fängerdomains sind noch online:
header:
01: From - Thu Nov 21 xx:xx:xx 2013
02: X-Account-Key: account1
03: X-UIDL: [UID filtered]
04: X-Mozilla-Status: 0001
05: X-Mozilla-Status2: 00000000
06: X-Mozilla-Keys:
07:
08: Return-Path: ugg [at] topps3games.org
09: Received: from mail2.topps3games.org ([23.88.58.47]) by mx-ha.gmx.net
10: (mxgmx107) with ESMTP (Nemesis) ID: [ID filtered]
11: <***>; Thu, 21 Nov 2013 xx:xx:xx +0100
12: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=topps3games.org;
13: h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-
14: ransfer-Encoding; i=ugg [at] topps3games.org;
15: bh=Gl/TRB7Oghllvc1MDm+imh+YEe4=;
16: b=cBjWU2RqlWjQ0E//7ZXfEQAADNBSiNfNjAaQ5kPiBNvtVOizsSbi0Zg/rHbUYJyQsKLelwo7vZ3E
17: l2OabPmYBVUuq4wMXlpRlEpulrUy6suCTw0HzxRlsm1XHBprh8lGGL9JmarPZiuR+iYe93XAO5DJ
18: I0Jv5oCv65rZUvSdFic=
19: DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1; d=topps3games.org;
20: b=uQbeb9YBAreOrk3lZW75IUL+NTzS63502wF9egjujydyaZFnTc2VRa20j4FXi2cPjKHeoAXhm0GB
21: 9/+BK1/Th7NSsLByRFjGhV2M0+1rnO/ak7qLjSJAItBY0iyZC19RF5eAk2wJWF7khBPcxHGCzuWy
22: PeKvDV8QKkmIgEiruMc=;
23: Received: from www.topps3games.org (23.88.58.46) by mail1.topps3games.org ID: [ID
24: filtered]
25: To: ***
26: Message-ID: [ID filtered]
27: Return-Path: ugg [at] topps3games.org
28: Date: Thu, 21 Nov 2013 xx:xx:xx +0400
29: From: "UGG" <ugg [at] topps3games.org>
30: Reply-To: ugg [at] topps3games.org
31: MIME-Version: 1.0
32: X-Mailer-LID: [ID filtered]
33: List-Unsubscribe: <http://www.topps3games.org/iem/unsubscribe.php?[UNSUB filtered]>
34: X-Mailer-RecptID: [ID filtered]
35: X-Mailer-SID: [ID filtered]
36: X-Mailer-Sent-By: 1
37: Content-Type: multipart/alternative; charset="UTF-8";
38: boundary="b1_0332e5b94fccf11e7475373448cd064b"
39: Content-Transfer-Encoding: 8bit
40: Envelope-To: <***>
41: Subject:*** GMX Spamverdacht *** Classic & New UGG Boots Available
42: X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;
43: X-GMX-Antivirus: 0 (no virus found)
44: X-Antivirus: avast! (VPS 131120-0, 20.11.2013), Inbound message
45: X-Antivirus-Status: Clean
Hi,
I would like to let you know about our new ugg boots available in your size.
Click Here To Shop Classic & New UGG Boots Now! <========
Sincerely yours,
vipuggbootsus.com
Link führt auf: whois:http://www.vipuggbootsus.com/, der Shop ist auch noch online.
Die letzte Spammail im Bunde hat dann nur noch ein eingebundes Bild als Link:
header:
01: From - Wed Nov 27 xx:xx:xx 2013
02: X-Account-Key: account1
03: X-UIDL: [UID filtered]
04: X-Mozilla-Status: 0001
05: X-Mozilla-Status2: 00000000
06: X-Mozilla-Keys:
07:
08: Return-Path: bounce[BOUNCE filtered]@n21.uggonsale.biz
09: Received: from 23-105-49-206.m2.emsender.biz ([23.105.49.206]) by
10: mx-ha.gmx.net (mxgmx108) with ESMTP (Nemesis) ID: [ID filtered]
11: <***>; Wed, 27 Nov 2013 xx:xx:xx +0100
12: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=n21.uggonsale.biz;
13: h=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Transfer-Enco
14: ing:Content-Type; i=info [at] n21.uggonsale.biz;
15: bh=CB1T2WgkdchqdqPRaa1U4vGd0YA=;
16: b=qBL5XI/we8yNIZ6QjFbAyq8XqSqXVjt6ghA2kurH0W6xMh/1e4rcPMpRqchJ+94qRxckDQjj0w2g
17: fem3ZrvDBWydxXPjfZAkdZjiS64sEwGuB2iOuXYYBumjwuEDuLFeXk5BC2yKCs+LJ/zxSd3azJP4
18: lwtFAVisnKDdRV6SqGg=
19: DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1; d=n21.uggonsale.biz;
20: b=RHiXHa9njAz0jWKcy5zJztG8vK53CElfM/trmyxjwSXs43HRrPyUqmTlxrhqaL03t8gx+ekUaA0s
21: 5bHosqxBe+SRng3zGETCetdctu5sIN1EMNTXuRaQnkVfgAitNi/GANB3EuImRTpOStELw4VB041D
22: oyklb45RBV4ATSNGL1w=;
23: Date: Thu, 28 Nov 2013 xx:xx:xx +0800
24: Return-Path: bounce[BOUNCE filtered]@n21.uggonsale.biz
25: To: "***" <***>
26: From: UGGBOOTS <info [at] n21.uggonsale.biz>
27: Reply-to: UGGBOOTS <info [at] n21.uggonsale.biz>
28: Message-ID: [ID filtered]
29: X-Priority: 3
30: X-Mailer: doEdm.biz
31: X-Complaints-To: admin [at] n21.uggonsale.biz
32: List-Unsubscribe: <http://n21.uggonsale.biz/u.php?[UNSUB filtered]>
33: X-MessageID: [ID filtered]
34: X-Report-Abuse: <http://n21.uggonsale.biz/report_abuse.php?mid=***>
35: MIME-Version: 1.0
36: Content-Transfer-Encoding: quoted-printable
37: Content-Type: text/html; charset="utf-8"
38: Envelope-To: <***>
39: Subject:*** GMX Spamverdacht *** Thanksgiving Day Save 75% off, discount UGG boots for
40: colder weather
41: X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;
42: X-GMX-Antivirus: 0 (no virus found)
43: X-Antivirus: avast! (VPS 131127-1, 27.11.2013), Inbound message
44: X-Antivirus-Status: Clean
Code:
<title>Untitled document</title>
</head>
<body>
<a title=3D"UGG Boots" href=3D"http://n21.uggonsale.biz/tl.php?p=3Dsd/sd/rs=
/rmi/s7/rs/UGG%20Boots/aHR0cDovL3d3dy5idXlib290cy5vcmcvI3UxMTI4MDE%3D"><img=
width=3D"550" height=3D"232" alt=3D"UGG Boots" src=3D"http://img.63bjl.com=
/zboots/343.jpg" /></a>
<img src=3D"http://n21.uggonsale.biz/to.php?p=3Dsd/sd/rs/rmi/s7/rs" width=
=3D"5" height=3D"2" alt=3D".">
</body>
</html>
Link führt zu: whois:http://www.buyboots.org/#u112801
Lesezeichen