Seite 1 von 3 123 LetzteLetzte
Ergebnis 1 bis 10 von 28

Thema: Chase - [Manhattan] Bank (nun müssten wir doch fast alle Banken durchhaben?)

  1. #1
    Senior Mitglied Avatar von Sven Udo
    Registriert seit
    23.07.2005
    Ort
    ...irgendwo in Deutschland
    Beiträge
    4.014

    Standard Chase - [Manhattan] Bank (nun müssten wir doch fast alle Banken durchhaben?)

    Oder, welche fehlt noch?
    header:
    01: X-Apparently-To: xxxxxxxx [at] yahoo.com.au via 66.218.93.225; Tue, 11 Oct 2005 xx:xx:xx
    02: -0700
    03: X-YahooFilteredBulk: 211.8.35.209
    04: X-Originating-IP: [211.8.35.209]
    05: Return-Path: <iijima [at] www.arena-corp.com>
    06: Authentication-Results: mta122.mail.mud.yahoo.com from=chase.com; domainkeys=neutral
    07: (no sig)
    08: Received: from 211.8.35.209 (EHLO www.arena-corp.com) (211.8.35.209) by
    09: mta122.mail.mud.yahoo.com with SMTP; Tue, 11 Oct 2005 xx:xx:xx -0700
    10: Received: from www.arena-corp.com (localhost [127.0.0.1]) by www.arena-corp.com
    11: (8.12.10/8.12.10) with ESMTP ID: [ID filtered]
    12: Received: (from iijima [at] localhost) by www.arena-corp.com (8.12.10/8.12.10/Submit) ID:
    13: [ID filtered]
    14: Date: Wed, 12 Oct 2005 xx:xx:xx +0900 (JST)
    15: Message-ID: [ID filtered]
    16: To: poor [at] spamvictim.tld
    17: Subject: Password Change Required
    18: From: "Chase Online Banking" <profile [at] chase.com> Add to Address Book
    19: Content-Type: text/html
    20: Content-Length: 1427
    [Link nur für registrierte Mitglieder sichtbar. ]
    Password change required!
    Dear sir,

    We recently have determined that different computers have logged onto your Chase user profile account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.

    If this is not completed by Octomber 15, 2005, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. Thank you for your cooperation.

    Click here to Change Your Password
    [Link nur für registrierte Mitglieder sichtbar. ]

    Thank you for your prompt attention to this matter.
    We apologize for any inconvenience.

    Thank you for using Chase!

    Please do not reply to this e-mail. Mail sent to this address cannot be answered.

  2. #2
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard WARNING: Confirm Your Chase OnlineSM

    Hier heute gleich 4 mal im Abstand weniger Minuten aufgeschlagen.

    header:
    01: Return-Path: <nobody [at] jaguar.websitewelcome.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
    04: Received: (qmail invoked by alias); 25 Oct 2005 13:36:13 -0000
    05: Received: from jaguar.websitewelcome.com (EHLO jaguar.websitewelcome.com)
    06: [67.19.132.34]
    07: by mx0.gmx.net (mx002) with SMTP; 25 Oct 2005 15:36:13 +0200
    08: Received: from nobody by jaguar.websitewelcome.com with local (Exim 4.52)
    09: id 1EUOyH-00014R-RI
    10: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 08:36:09 -0500
    11: To: xxxxx [at] gmx.net
    12: Subject: WARNING: Confirm Your Chase OnlineSM
    13: From: service [at] chase.com
    14: Content-Type: text/html;
    15: charset=iso-8859-1;
    16: Message-Id: <E1EUOyH-00014R-RI [at] jaguar.websitewelcome.com>
    17: Date: Tue, 25 Oct 2005 08:36:09 -0500
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - jaguar.websitewelcome.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    23: X-AntiAbuse: Sender Address Domain - jaguar.websitewelcome.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    26: X-GMX-UID: mVEsY6AMeSEkcBHObHQhaXN1IGRvb4Df

    header:
    01: Return-Path: <nobody [at] beast.boostserver.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
    04: Received: (qmail invoked by alias); 25 Oct 2005 14:34:11 -0000
    05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
    06: by mx0.gmx.net (mx020) with SMTP; 25 Oct 2005 16:34:11 +0200
    07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
    08: id 1EUPsf-0004Ud-B9
    09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:34:25 +0300
    10: To: xxxxx [at] gmx.net
    11: Subject: WARNING: Confirm Your Chase OnlineSM
    12: From: service [at] chase.com
    13: Content-Type: text/html;
    14: charset=iso-8859-1;
    15: Message-Id: <E1EUPsf-0004Ud-B9 [at] beast.boostserver.com>
    16: Sender: Nobody <nobody [at] beast.boostserver.com>
    17: Date: Tue, 25 Oct 2005 17:34:25 +0300
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    26: X-GMX-UID: NCcsY18meSEkZhHObHQhaXN1IGRvb0BL

    header:
    01: Return-Path: <nobody [at] beast.boostserver.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
    04: Received: (qmail invoked by alias); 25 Oct 2005 14:38:12 -0000
    05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
    06: by mx0.gmx.net (mx012) with SMTP; 25 Oct 2005 16:38:12 +0200
    07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
    08: id 1EUPwY-0007td-EJ
    09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:38:26 +0300
    10: To: xxxxx [at] gmx.net
    11: Subject: WARNING: Confirm Your Chase OnlineSM
    12: From: service [at] chase.com
    13: Content-Type: text/html;
    14: charset=iso-8859-1;
    15: Message-Id: <E1EUPwY-0007td-EJ [at] beast.boostserver.com>
    16: Sender: Nobody <nobody [at] beast.boostserver.com>
    17: Date: Tue, 25 Oct 2005 17:38:26 +0300
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    26: X-GMX-UID: AyYsY5UFeSEkfhHObHQhaXN1IGRvbwAS

    header:
    01: Return-Path: <nobody [at] beast.boostserver.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
    04: Received: (qmail invoked by alias); 25 Oct 2005 14:43:03 -0000
    05: Received: from holder.userdns.com (EHLO beast.boostserver.com) [69.25.59.115]
    06: by mx0.gmx.net (mx060) with SMTP; 25 Oct 2005 16:43:03 +0200
    07: Received: from nobody by beast.boostserver.com with local (Exim 4.52)
    08: id 1EUQ1B-0003Sa-2l
    09: for xxxxx [at] gmx.net; Tue, 25 Oct 2005 17:43:13 +0300
    10: To: xxxxx [at] gmx.net
    11: Subject: WARNING: Confirm Your Chase OnlineSM
    12: From: service [at] chase.com
    13: Content-Type: text/html;
    14: charset=iso-8859-1;
    15: Message-Id: <E1EUQ1B-0003Sa-2l [at] beast.boostserver.com>
    16: Sender: Nobody <nobody [at] beast.boostserver.com>
    17: Date: Tue, 25 Oct 2005 17:43:13 +0300
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - beast.boostserver.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    23: X-AntiAbuse: Sender Address Domain - beast.boostserver.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    26: X-GMX-UID: LyEsY0MieSEkThHObHQhaXN1IGRvb8DR
    mit identischem Inhalt:
    [html]
    <html>

    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>Chase OnlineSM</title>
    </head>

    <body>

    <p><img border="0" src="https://chaseonline.chase.com/content/ecpweb/sso/image/chaseNew.gif" width="138" height="27"></p>
    <p>Dear [Link nur für registrierte Mitglieder sichtbar. ],<br>
    <br>
    This is your official notification from Chase Bank that the service(s) listed below<br>
    will be deactivated and deleted if not renewed immediately. Previous notifications<br>
    have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary
    Contact, you must renew (overview) the service(s) listed below or it will be deactivated<br>
    and deleted.<br>
    <br>
    1. SERVICE : Chase Bank Chase OnlineSM will Bill Payment.<br>
    EXPIRATION: October 25, 2005<br>
    <br>
    2. We recently reviewed your account, and suspect that your Chase OnlineSM Account may<br>
    have been accessed by and unauthorized third party. Protecting the security of your<br>
    account and of the Chase Networks is our primary concern.<br>
    <br>
    <br>
    Login to your Chase OnlineSM Account to verify your details.<br>
    Please click on the link below to confirm your information:<br>
    </p>
    <p><a href="http://www-chaseonline-chase.com/chaseonline/">https://chaseonline.chase.com/chaseonline/logon/sso_logon.jsp</a><br>
    <br>
    We apologize for any inconvenience this may cause, and appreciate your<br>
    assistance in helping us maintain the integrity of the entire Chase OnlineSM system.<br>
    <br>
    <br>
    Thank you for your prompt attention to this matter.<br>
    Chase Bank OnlineSM Support, N.A.</p>
    <p>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp; <span class="footerText">© 2005
    JPMorgan Chase &amp; Co.<br>
    </span></p>

    </body>

    </html>
    [/html] whois: [Link nur für registrierte Mitglieder sichtbar. ]
    Registrant:

    THOMAS STRUNK
    1537 E.34 ST
    CLEVELAND, OH 44114
    US
    Email: [Link nur für registrierte Mitglieder sichtbar. ]

  3. #3
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard Nochmal versucht!

    header:
    01: Return-Path: <nobody [at] escalade.websitewelcome.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to ich [at] gmx.net
    04: Received: (qmail invoked by alias); 13 Dec 2005 22:18:56 -0000
    05: Received: from escalade.websitewelcome.com (EHLO escalade.websitewelcome.com)
    06: [67.19.27.66]
    07: by mx0.gmx.net (mx022) with SMTP; 13 Dec 2005 23:18:56 +0100
    08: Received: from nobody by escalade.websitewelcome.com with local (Exim 4.52)
    09: id 1EmCun-0001oV-0l
    10: for ich [at] gmx.net; Tue, 13 Dec 2005 10:22:09 -0600
    11: To: ich [at] gmx.net
    12: Subject: WARNING: Confirm Your Chase OnlineSM
    13: From: service [at] chase.com
    14: Content-Type: text/html;
    15: charset=iso-8859-1;
    16: Message-Id: <E1EmCun-0001oV-0l [at] escalade.websitewelcome.com>
    17: Date: Tue, 13 Dec 2005 10:22:09 -0600
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - escalade.websitewelcome.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    23: X-AntiAbuse: Sender Address Domain - escalade.websitewelcome.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 0 (Mail was not recognized as spam)

    ... und das ist der Text:

    Dear [Link nur für registrierte Mitglieder sichtbar. ],

    This is your official notification from Chase Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary Contact, you must renew (overview) the service(s) listed below or it will be deactivated and deleted.

    1. SERVICE : Chase Bank Chase OnlineSM will Bill Payment.
    EXPIRATION: 2 Days

    2. We recently reviewed your account, and suspect that your Chase OnlineSM Account may have been accessed by and unauthorized third party. Protecting the security of your account and of the Chase Networks is our primary concern.

    Login to your Chase OnlineSM Account to verify your details.
    Please click on the link below to confirm your information:
    {https://chaseonline.chase.com/chase-online/logon/sso_logon.jsp}
    whois: [Link nur für registrierte Mitglieder sichtbar. ]

    We apologize for any inconvenience this may cause, and appreciate your
    assistance in helping us maintain the integrity of the entire Chase OnlineSM system.


    Thank you for your prompt attention to this matter.
    Chase Bank OnlineSM Support, N.A.

    © 2005 JPMorgan Chase & Co.

    -------
    Als Absender und Return-Adresse fungiert: whois: [Link nur für registrierte Mitglieder sichtbar. ], das scheint ein "Absender-Verschleierungs-Service" zu sein: Whois Privacy Protection Service Inc.

    Der Klick-Link geht wohl nach Brasilien und ganz korrektes Englisch ist das Ganze auch nicht (siehe rot)! Macht mir alles nix, bin keine Chase-Kunde!
    Geändert von SpamRam (14.12.2005 um 00:13 Uhr)

  4. #4
    Graue Pestilenz Avatar von Fidul
    Registriert seit
    16.07.2005
    Beiträge
    6.405

    Standard

    Leite die Mail an abuse{at}hostgator.com weiter. Die sollen sich um ihren Kunden kümmern, über dessen Account der Dreck verschickt wurde.
    Wir kriegen euch alle!

  5. #5
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard

    Zitat Zitat von Fidul
    Leite die Mail an abuse{at}hostgator.com weiter.
    Hab ich denn auch getan! ... und an Chase schon sowieso und ans GMX-Spam-Team auch!

  6. #6
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard ... und nochmal Chase


    header:
    01: Return-Path: <www [at] web0.fast.net.uk>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
    04: Received: (qmail invoked by alias); 13 Mar 2006 xx:xx:xx -0000
    05: Received: from web0.fast.net.uk (EHLO web0.fast.net.uk) [212.42.162.12]
    06: by mx0.gmx.net (mx063) with SMTP; 13 Mar 2006 xx:xx:xx +0100
    07: Received: from web0.fast.net.uk (localhost [127.0.0.1])
    08: by web0.fast.net.uk (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
    09: for <poor [at] spamvictim.tld>; Mon, 13 Mar 2006 xx:xx:xx GMT
    10: (envelope-from poor [at] spamvictim.tld)
    11: Received: (from www [at] localhost)
    12: by web0.fast.net.uk (8.13.1/8.13.1/Submit) ID: [ID filtered]
    13: Mon, 13 Mar 2006 xx:xx:xx GMT
    14: (envelope-from www)
    15: Date: Mon, 13 Mar 2006 xx:xx:xx GMT
    16: Message-ID: [ID filtered]
    17: To: poor [at] spamvictim.tld
    18: Subject: Important Notification
    19: From: <security [at] chase.com>
    20: MIME-Version: 1.0
    21: Content-Type: text/html
    22: Content-Transfer-Encoding: 8bit
    23: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    24: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    Chase Personal Banking always look
    forward for the high security of our clients. Some customers have been receiving
    an email claiming to be from Chase Manhattan advising them to follow a link
    to what appear to be a Chase web site, where they are prompted to enter their
    personal Online Banking details.JPMorgan Chase & Co. is in no way involved
    with this email and the web site does not belong to us.
    Wer da noch nicht wach geworden ist, hat es nicht besser verdient, wenn ihm sein Konto abgeräumt wird.
    Due to the recent update of the
    servers, you are requested to please update your account info at the following
    link.
    Dann kommt der Link angeblich, so wirds angezeigt, zu
    https: // chaseonline.chase.com/ chaseonline/reidentify/sso_reidentify.jsp?LOB=RBGLogon

    tatsächlich aber zu: whois: [Link nur für registrierte Mitglieder sichtbar. ]modules/agendax/images/www.chase.com/
    Da gibt es im Moment keine Amtwort!
    #> whois edu.tw [Querying whois.twnic.net]
    [Unable to connect to remote host]
    #> whois 163.27.70.36 [Querying whois.apnic.net]
    [Unable to connect to remote host]
    Ich bin bei Chase sowieso kein Kunde, daher kann mir die Sicherheit bei Chase egal sein.

    Die Meldungen gehen gleich raus! (abuse [at] chase.com und bei GMX als Spam gemeldet)
    Geändert von SpamRam (13.03.2006 um 14:17 Uhr)

  7. #7
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard ... und heute schon wieder!


    header:
    01: Return-Path: <service [at] chaseonline.com>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
    04: Received: (qmail invoked by alias); 14 Mar 2006 xx:xx:xx -0000
    05: Received: from filip.braila.rdsnet.ro (HELO xx) [82.77.91.38]
    06: by mx0.gmx.net (mx026) with SMTP; 14 Mar 2006 xx:xx:xx +0100
    07: From: service [at] chaseonline.com
    08: To: poor [at] spamvictim.tld
    09: Date: Tue, 14 Mar 2006 xx:xx:xx +0100
    10: Message-ID: [ID filtered]
    11: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    12: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    13: X-GMX-UID: [UID filtered]
    14: X-PM-PLACEHOLDER: .
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <!-- saved from url=(0033) [Link nur für registrierte Mitglieder sichtbar. ] -->
    <HTML><HEAD><TITLE>Access Your Accounts</TITLE>
    <META http-equiv=Content-Type content="text/html; charset=utf-8">
    Da wurde die komplette Seite von CHASE genommen und nur der Kontakt-Link wurde verbogen! Das nenne ich Arbeitsvereinfachung oder Rationalisierung!

    whois: [Link nur für registrierte Mitglieder sichtbar. ]/admin/LogonForm.htm

    Der Mail-Text ist natürlich das übliche Gelaber:
    You have received this email because we have strong reason to believe that your chase account had been recently compromised. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter.

    If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your chase account has not been fraudulently used and to combat fraud.
    Wem kann man da auf die Füße treten?
    Geändert von SpamRam (14.03.2006 um 15:30 Uhr)

  8. #8
    BOFH Avatar von exe
    Registriert seit
    17.07.2005
    Ort
    Serverraum
    Beiträge
    5.936

    Standard

    Ist scheinbar ein "Vollprofi" der Phisher. Die Seite wurde mit dem Internet Explorer herunter geladen und gespeichert. Außderm hostet er seine Phishigsite bei einem Freeprovider. Ich hab denen mal eine Abuse geschickt.
    Dieser Beitrag kann Spuren von Ironie und billiger Polemik enthalten. Die Schöpfungshöhe ist technisch bedingt.

    Wir müssen die Religion des anderen respektieren, aber nur in dem Sinn und dem Umfang, wie wir auch seine Theorie respektieren, wonach seine Frau hübsch und seine Kinder klug sind.
    Richard Dawkins

  9. #9
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard Gleich noch einer (war bei GMX im Spamverdacht gelandet!)

    @exe: Danke!


    header:
    01: Return-Path: <nobody [at] diplomat.websitewelcome.com>
    02: X-Flags: 1001
    03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
    04: Received: (qmail invoked by alias); 14 Mar 2006 xx:xx:xx -0000
    05: Received: from diplomat.websitewelcome.com (EHLO diplomat.websitewelcome.com)
    06: [70.85.227.66]
    07: by mx0.gmx.net (mx072) with SMTP; 14 Mar 2006 xx:xx:xx +0100
    08: Received: from nobody by diplomat.websitewelcome.com with local (Exim 4.52)
    09: ID: [ID filtered]
    10: for poor [at] spamvictim.tld; Tue, 14 Mar 2006 xx:xx:xx -0600
    11: To: poor [at] spamvictim.tld
    12: Subject: Please Confirm Chase OnlineSM Account.
    13: From: service [at] chase.com
    14: Content-Type: text/html;
    15: charset=iso-8859-1;
    16: Message-ID: [ID filtered]
    17: Date: Tue, 14 Mar 2006 xx:xx:xx -0600
    18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    19: report
    20: X-AntiAbuse: Primary Hostname - diplomat.websitewelcome.com
    21: X-AntiAbuse: Original Domain - gmx.net
    22: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
    23: X-AntiAbuse: Sender Address Domain - diplomat.websitewelcome.com
    24: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    25: X-GMX-Antispam: 5 (Score=2.477; MIME_HTML_ONLY NO_REAL_NAME SUB_ONLINE
    26: MIME_HEADER_CTYPE_ONLY)
    27: X-GMX-UID: [UID filtered]
    28: X-PM-PLACEHOLDER: .
    ... und wieder so ein schöner Name für den Mail-Server!

    [html]
    Zitat aus dem Mail-Body:
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>Chase OnlineSM</title>
    </head>
    <body>
    [/html] Diesmal mit Anrede:
    Dear [Link nur für registrierte Mitglieder sichtbar. ],
    Der tatsächliche Link ein wenig "verdunkelt"

    http:// %36%31%2E%31%30%36%2E%32%37%2E%31%33%33/%72%65%6C%6F%63%61%74%65%2E%68%74%6D%6C
    und in Klartext:
    whois: [Link nur für registrierte Mitglieder sichtbar. ]relocate.html (Ergebnis: [Unable to connect to remote host] Korea ist weit!)

    Es wird css verwendet aber wenn ich es richtig sehe, fehlt die Klassen-Definition für <span class="footerText">.

  10. #10
    Mitglied Avatar von SpamRam
    Registriert seit
    11.09.2005
    Beiträge
    910

    Standard Es reißt nicht ab


    header:
    01: Return-Path: <apache [at] ns1.race-dezert.net>
    02: X-Flags: 1000
    03: Delivered-To: GMX delivery to poor [at] spamvictim.tld
    04: Received: (qmail invoked by alias); 14 Mar 2006 xx:xx:xx -0000
    05: Received: from ns1.race-dezert.net (EHLO ns1.race-dezert.net) [67.15.80.18]
    06: by mx0.gmx.net (mx042) with SMTP; 14 Mar 2006 xx:xx:xx +0100
    07: Received: from ns1.race-dezert.net (localhost.localdomain [127.0.0.1])
    08: by ns1.race-dezert.net (8.12.11/8.12.11) with ESMTP ID: [ID filtered]
    09: for <poor [at] spamvictim.tld>; Tue, 14 Mar 2006 xx:xx:xx -0800
    10: Received: (from apache [at] localhost)
    11: by ns1.race-dezert.net (8.12.11/8.12.11/Submit) ID: [ID filtered]
    12: Tue, 14 Mar 2006 xx:xx:xx -0800
    13: Date: Tue, 14 Mar 2006 xx:xx:xx -0800
    14: Message-ID: [ID filtered]
    15: To: poor [at] spamvictim.tld
    16: Subject: Fraudulent activity detected in your Chase.com account
    17: From: Chase Banking <fraudwatch [at] chase.com>
    18: MIME-Version: 1.0
    19: Content-Type: text/html
    20: Content-Transfer-Encoding: 8bit
    21: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
    22: X-GMX-Antispam: 0 (Mail was not recognized as spam)
    23: X-GMX-UID: [UID filtered]
    24: X-PM-PLACEHOLDER: .
    [Link nur für registrierte Mitglieder sichtbar. ]
    Der Phish-Link taucht gleich 4-mal auf, dreimal im Text und zusätzlich im Button "SECURE LOGIN" versteckt.
    whois: [Link nur für registrierte Mitglieder sichtbar. ]

    Angegebener Mailserver: whois: [Link nur für registrierte Mitglieder sichtbar. ]

    Der HTML-Mail-Text ist durch Dutzende TABs "aufgelockert" und dadurch sehr unübersichtlich gemacht.
    Auch dies ist wohl wieder eine Original-Seite mit verbogenen Links.
    Geändert von SpamRam (15.03.2006 um 02:07 Uhr)

Seite 1 von 3 123 LetzteLetzte

Lesezeichen

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
Partnerlink:
REDDOXX Anti-Spam Lösungen