Chase - [Manhattan] Bank (nun müssten wir doch fast alle Banken durchhaben?)

[Sven Udo]

Oder, welche fehlt noch?

header:

01: X-Apparently-To: xxxxxxxx [at] yahoo.com.au via 66.218.93.225; Tue, 11 Oct 2005 xx:xx:xx
02: 	-0700 
03: X-YahooFilteredBulk: 211.8.35.209 
04: X-Originating-IP: [211.8.35.209] 
05: Return-Path: <iijima [at] www.arena-corp.com> 
06: Authentication-Results: mta122.mail.mud.yahoo.com from=chase.com; domainkeys=neutral
07: 	(no sig) 
08: Received: from 211.8.35.209 (EHLO www.arena-corp.com) (211.8.35.209) by
09: 	mta122.mail.mud.yahoo.com with SMTP; Tue, 11 Oct 2005 xx:xx:xx -0700 
10: Received: from www.arena-corp.com (localhost [127.0.0.1]) by www.arena-corp.com
11: 	(8.12.10/8.12.10) with ESMTP ID: [ID filtered]
12: Received: (from iijima [at] localhost) by www.arena-corp.com (8.12.10/8.12.10/Submit) ID:
13: 	[ID filtered]
14: Date: Wed, 12 Oct 2005 xx:xx:xx +0900 (JST) 
15: Message-ID: [ID filtered]
16: To: poor [at] spamvictim.tld 
17: Subject: Password Change Required 
18: From: "Chase Online Banking" <profile [at] chase.com>  Add to Address Book 
19: Content-Type: text/html 
20: Content-Length: 1427 

Password change required!
Dear sir,

We recently have determined that different computers have logged onto your Chase user profile account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.

If this is not completed by Octomber 15, 2005, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. Thank you for your cooperation.

Click here to Change Your Password
http://love.red-book.ru/.usage/index...el_page_change

Thank you for your prompt attention to this matter.
We apologize for any inconvenience.

Thank you for using Chase!

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

[SpamRam]

Hier heute gleich 4 mal im Abstand weniger Minuten aufgeschlagen.

header:
01: Return-Path: <nobody [at] jaguar.websitewelcome.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 25 Oct 2005 13:36:13 -0000
05: Received: from jaguar.websitewelcome.com (EHLO jaguar.websitewelcome.com)
06: [67.19.132.34]
07: by mx0.gmx.net (mx002) with SMTP; 25 Oct 2005 15:36:13 +0200
08: Received: from nobody by jaguar.websitewelcome.com with local (Exim 4.52)
09: id 1EUOyH-00014R-RI
10: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 08:36:09 -0500
11: To: xxxxx [at] gmx.net
12: Subject: WARNING: Confirm Your Chase OnlineSM
13: From: service [at] chase.com
14: Content-Type: text/html;
15: charset=iso-8859-1;
16: Message-Id: <E1EUOyH-00014R-RI [at] jaguar.websitewelcome.com>
17: Date: Tue, 25 Oct 2005 08:36:09 -0500
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - jaguar.websitewelcome.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
23: X-AntiAbuse: Sender Address Domain - jaguar.websitewelcome.com
24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
26: X-GMX-UID: mVEsY6AMeSEkcBHObHQhaXN1IGRvb4Df

header:
01: Return-Path: <nobody [at] beast.boostserver.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 25 Oct 2005 14:34:11 -0000
05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
06: by mx0.gmx.net (mx020) with SMTP; 25 Oct 2005 16:34:11 +0200
07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
08: id 1EUPsf-0004Ud-B9
09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:34:25 +0300
10: To: xxxxx [at] gmx.net
11: Subject: WARNING: Confirm Your Chase OnlineSM
12: From: service [at] chase.com
13: Content-Type: text/html;
14: charset=iso-8859-1;
15: Message-Id: <E1EUPsf-0004Ud-B9 [at] beast.boostserver.com>
16: Sender: Nobody <nobody [at] beast.boostserver.com>
17: Date: Tue, 25 Oct 2005 17:34:25 +0300
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
26: X-GMX-UID: NCcsY18meSEkZhHObHQhaXN1IGRvb0BL

header:
01: Return-Path: <nobody [at] beast.boostserver.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 25 Oct 2005 14:38:12 -0000
05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
06: by mx0.gmx.net (mx012) with SMTP; 25 Oct 2005 16:38:12 +0200
07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
08: id 1EUPwY-0007td-EJ
09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:38:26 +0300
10: To: xxxxx [at] gmx.net
11: Subject: WARNING: Confirm Your Chase OnlineSM
12: From: service [at] chase.com
13: Content-Type: text/html;
14: charset=iso-8859-1;
15: Message-Id: <E1EUPwY-0007td-EJ [at] beast.boostserver.com>
16: Sender: Nobody <nobody [at] beast.boostserver.com>
17: Date: Tue, 25 Oct 2005 17:38:26 +0300
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
26: X-GMX-UID: AyYsY5UFeSEkfhHObHQhaXN1IGRvbwAS

header:
01: Return-Path: <nobody [at] beast.boostserver.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 25 Oct 2005 14:43:03 -0000
05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
06: by mx0.gmx.net (mx060) with SMTP; 25 Oct 2005 16:43:03 +0200
07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
08: id 1EUQ1B-0003Sa-2l
09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:43:13 +0300
10: To: xxxxx [at] gmx.net
11: Subject: WARNING: Confirm Your Chase OnlineSM
12: From: service [at] chase.com
13: Content-Type: text/html;
14: charset=iso-8859-1;
15: Message-Id: <E1EUQ1B-0003Sa-2l [at] beast.boostserver.com>
16: Sender: Nobody <nobody [at] beast.boostserver.com>
17: Date: Tue, 25 Oct 2005 17:43:13 +0300
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
26: X-GMX-UID: LyEsY0MieSEkThHObHQhaXN1IGRvb8DR
mit identischem Inhalt:

HTML-Code:

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>Chase OnlineSM</title>
</head>

<body>

<p><img border="0" src="https://chaseonline.chase.com/content/ecpweb/sso/image/chaseNew.gif" width="138" height="27"></p>
<p>Dear Pmoog@gmx.net,<br>
<br>
This is your official notification from Chase Bank that the service(s) listed below<br>
will be deactivated and deleted if not renewed immediately. Previous notifications<br>
have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary
Contact, you must renew (overview) the service(s) listed below or it will be deactivated<br>
and deleted.<br>
<br>
1. SERVICE : Chase Bank Chase OnlineSM will Bill Payment.<br>
EXPIRATION: October 25, 2005<br>
<br>
2. We recently reviewed your account, and suspect that your Chase OnlineSM Account may<br>
have been accessed by and unauthorized third party. Protecting the security of your<br>
account and of the Chase Networks is our primary concern.<br>
<br>
<br>
Login to your Chase OnlineSM Account to verify your details.<br>
Please click on the link below to confirm your information:<br>
</p>
<p><a href="http://www-chaseonline-chase.com/chaseonline/">https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp</a><br>
<br>
We apologize for any inconvenience this may cause, and appreciate your<br>
assistance in helping us maintain the integrity of the entire Chase OnlineSM system.<br>
<br>
<br>
Thank you for your prompt attention to this matter.<br>
Chase Bank OnlineSM Support, N.A.</p>
<p>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; <span class="footerText">© 2005
JPMorgan Chase &amp; Co.<br>
</span></p>

</body>

</html>

^whois:http://www-chaseonline-chase.com/chaseonline/

Registrant:

THOMAS STRUNK
1537 E.34 ST
CLEVELAND, OH 44114
US
Email: dalriatan2000@yahoo.com

[SpamRam]

header:
01: Return-Path: <nobody [at] escalade.websitewelcome.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to ich [at] gmx.net
04: Received: (qmail invoked by alias); 13 Dec 2005 22:18:56 -0000
05: Received: from escalade.websitewelcome.com (EHLO escalade.websitewelcome.com)
06: [67.19.27.66]
07: by mx0.gmx.net (mx022) with SMTP; 13 Dec 2005 23:18:56 +0100
08: Received: from nobody by escalade.websitewelcome.com with local (Exim 4.52)
09: id 1EmCun-0001oV-0l
10: for ich [at] gmx.net; Tue, 13 Dec 2005 10:22:09 -0600
11: To: ich [at] gmx.net
12: Subject: WARNING: Confirm Your Chase OnlineSM
13: From: service [at] chase.com
14: Content-Type: text/html;
15: charset=iso-8859-1;
16: Message-Id: <E1EmCun-0001oV-0l [at] escalade.websitewelcome.com>
17: Date: Tue, 13 Dec 2005 10:22:09 -0600
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - escalade.websitewelcome.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
23: X-AntiAbuse: Sender Address Domain - escalade.websitewelcome.com
24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
25: X-GMX-Antispam: 0 (Mail was not recognized as spam)

... und das ist der Text:

Dear Ich@gmx.net,

This is your official notification from Chase Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary Contact, you must renew (overview) the service(s) listed below or it will be deactivated and deleted.

1. SERVICE : Chase Bank Chase OnlineSM will Bill Payment.
EXPIRATION: 2 Days

2. We recently reviewed your account, and suspect that your Chase OnlineSM Account may have been accessed by and unauthorized third party. Protecting the security of your account and of the Chase Networks is our primary concern.

Login to your Chase OnlineSM Account to verify your details.
Please click on the link below to confirm your information:
{https://chaseonline.chase.com/chase-online/logon/sso_logon.jsp}
^whois:http://cards-chase.com/chaseonline/index.html

We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the integrity of the entire Chase OnlineSM system.


Thank you for your prompt attention to this matter.
Chase Bank OnlineSM Support, N.A.

© 2005 JPMorgan Chase & Co.

-------
Als Absender und Return-Adresse fungiert: ^whois:http://www.escalade.websitewelcome.com, das scheint ein "Absender-Verschleierungs-Service" zu sein: Whois Privacy Protection Service Inc.

Der Klick-Link geht wohl nach Brasilien und ganz korrektes Englisch ist das Ganze auch nicht (siehe rot)! Macht mir alles nix, bin keine Chase-Kunde!

[Fidul]

Leite die Mail an abuse{at}hostgator.com weiter. Die sollen sich um ihren Kunden kümmern, über dessen Account der Dreck verschickt wurde.

[SpamRam]

Leite die Mail an abuse{at}hostgator.com weiter.

Hab ich denn auch getan! ... und an Chase schon sowieso und ans GMX-Spam-Team auch!

[SpamRam]

header:

01: Return-Path: <www [at] web0.fast.net.uk>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
04: Received: (qmail invoked by alias); 13 Mar 2006 xx:xx:xx -0000
05: Received: from web0.fast.net.uk (EHLO web0.fast.net.uk) [212.42.162.12]
06:   by mx0.gmx.net (mx063) with SMTP; 13 Mar 2006 xx:xx:xx +0100
07: Received: from web0.fast.net.uk (localhost [127.0.0.1])
08:     by web0.fast.net.uk (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
09:     for <poor [at] spamvictim.tld>; Mon, 13 Mar 2006 xx:xx:xx GMT
10:     (envelope-from poor [at] spamvictim.tld)
11: Received: (from www [at] localhost)
12:     by web0.fast.net.uk (8.13.1/8.13.1/Submit) ID: [ID filtered]
13:     Mon, 13 Mar 2006 xx:xx:xx GMT
14:     (envelope-from www)
15: Date: Mon, 13 Mar 2006 xx:xx:xx GMT
16: Message-ID: [ID filtered]
17: To: poor [at] spamvictim.tld
18: Subject: Important Notification
19: From: <security [at] chase.com>
20: MIME-Version: 1.0
21: Content-Type: text/html
22: Content-Transfer-Encoding: 8bit
23: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
24: X-GMX-Antispam: 0 (Mail was not recognized as spam)

Chase Personal Banking always look
forward for the high security of our clients. Some customers have been receiving
an email claiming to be from Chase Manhattan advising them to follow a link
to what appear to be a Chase web site, where they are prompted to enter their
personal Online Banking details.JPMorgan Chase & Co. is in no way involved
with this email and the web site does not belong to us.

Wer da noch nicht wach geworden ist, hat es nicht besser verdient, wenn ihm sein Konto abgeräumt wird.

Due to the recent update of the
servers, you are requested to please update your account info at the following
link.

Dann kommt der Link angeblich, so wirds angezeigt, zu
https: // chaseonline.chase.com/ chaseonline/reidentify/sso_reidentify.jsp?LOB=RBGLogon

tatsächlich aber zu: ^whois:http://alishan.cyc.edu.tw/modules/agendax/images/www.chase.com/
Da gibt es im Moment keine Amtwort!

#> whois edu.tw [Querying whois.twnic.net]
[Unable to connect to remote host]
#> whois 163.27.70.36 [Querying whois.apnic.net]
[Unable to connect to remote host]

Ich bin bei Chase sowieso kein Kunde, daher kann mir die Sicherheit bei Chase egal sein.

Die Meldungen gehen gleich raus! (abuse [at] chase.com und bei GMX als Spam gemeldet)