Archiv verlassen und diese Seite im Standarddesign anzeigen : Porno Joe Job?
Die bespammte Seite ist sicher nicht von schlechten Eltern, aber das Mail Subject müffelt doch sehr nach Joe Job:
Subject: child porn and zoophilia videos!
Received: from 14.2.7.109.rev.sfr.net ([109.7.2.14]) by mx-ha.gmx.net
(mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [109.7.2.14] (HELO XBQXK) by 14.2.7.109.rev.sfr.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
http://www.xdating.com
IP: 46.137.179.168 ---> ec2-46-137-179-168.eu-west-1.compute.amazonaws.com
wieder Bandenkrieg bei der Russenmafia?
Es geht weiter:
Received: from host-86-63-136-158.nplay.net.pl ([86.63.136.158]) by
mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [86.63.136.158] (HELO FWNKD) by host-86-63-136-158.nplay.net.pl (8.14.3/8.14.3) with SMTP ID: [ID filtered]
Subject: zoo movies 2012
http://www.watchmygf.com
IP: 216.18.164.37 ---> reflected.net
in illustrer Nachbarschaft:
meandmylatina.com
www.meandmylatina.com
dirtywivesexposed.com
www.dirtywivesexposed.com
sendjoinsgetpaid.com
amaland.com
help.amaland.com
help.fuckingawesome.com
myalternativegf.com
www.myalternativegf.com
mylesbogf.com
www.mylesbogf.com
mybbwgf.com
tour.mybbwgf.com
www.mybbwgf.com
watchmygf.com
www.watchmygf.com
jizzonmygf.com
www.jizzonmygf.com
myebonygf.com
www.myebonygf.com
obsessedwithmyself.com
www.obsessedwithmyself.com
famousmilf.com
www.famousmilf.com
thegfnetwork.com
www.thegfnetwork.com
mygflovesanal.com
www.mygflovesanal.com
meandmyasian.com
www.meandmyasian.com
homemadecelebrityporn.com
tube.homemadecelebrityporn.com
www.homemadecelebrityporn.com
celebrityspanker.com
www.celebrityspanker.com
trashedgirlfriends.com
www.trashedgirlfriends.com
boyfriendnudes.com
www.boyfriendnudes.com
sexymalecelebrities.com
www.sexymalecelebrities.com
dirtyteencelebrities.com
www.dirtyteencelebrities.com
slutswithphones.com
www.slutswithphones.com
realitystarscandals.com
www.realitystarscandals.com
girlfriendorgasms.com
www.girlfriendorgasms.com
hackedgfvideos.com
www.hackedgfvideos.com
help.gossipmembers.com
paparazzistalkers.com
www.paparazzistalkers.com
fubilov.com
www.fubilov.com
tagteamtranny.com
www.tagteamtranny.com
watchmygf.net
www.watchmygf.net
Bei der Russenmafia ist weiter Krieg angesagt:
Received: from smtp.endes.it ([88.81.191.72]) by mx-ha.gmx.net
(mxgmx010) with ESMTP (Nemesis) ID: [ID filtered]
2013 xx:xx:xx +0100
Received: from [88.81.191.72] (HELO GULF) by smtp.endes.it (8.14.3/8.14.3) with SMTP ID: [ID filtered]
IP: 88.81.191.72 ---> Easynet Italy
Subject: zoo movies 2012
http://www.sexpillguru.com
IP: 8.29.134.165 ---> Beyond Hosting
Der Vollständigkeit halber sei noch einmal darauf hingewiesen, dass solche Webseiten sehr oft mit bösartigen Exploits verwanzt sind. Solche Webseiten besucht man am besten gar nicht, auch nicht mit abgeschaltetem Javascript - es gibt nämlich auch noch andere Exploits. Zum Beispiel Flash-Exploits oder Cross-Over-Exploits u.v.m., solche Exploits gibt es zwar beim Internet Explorer häufiger, aber auch für Firefox und andere Browser taucht so etwas immer mal wieder auf.
Besonders bei pr0n-Seiten aus dem extremen Bereich darf immer wieder mit bösartigen Dingen gerechnet werden. Also: für Recherchezwecke allenfalls einen Nur-Text-Browser wie z.B. Lynx nehmen. Der stellt natürlich keine Bildchen und flash-Filmchen dar, aber ich meine, das kann man sich nun wirklich ersparen.
Besonders bei pr0n-Seiten aus dem extremen Bereich darf immer wieder mit bösartigen Dingen gerechnet werden. Also: für Recherchezwecke allenfalls einen Nur-Text-Browser wie z.B. Lynx nehmen. Der stellt natürlich keine Bildchen und flash-Filmchen dar, aber ich meine, das kann man sich nun wirklich ersparen.
Wer auf die Bilder nicht verzichten will, kann auf BitBox: https://www.bsi.bund.de/DE/Themen/ProdukteTools/BitBox/BitBox_node.html zurückgreifen.
Ein gehärteter Firefox komplett fertig nutzbar in einer virtuellen Maschine. Damit ist man dann auf der sicheren Seite.
(Ja, theoretisch ist es denkbar, über einen Exploit den Browser anzugreifen, das gehärtete Linux in der virtuellen Maschine zu übernehmen, von dort erkennen, dass man in einer virtuellen Maschine läuft, aus dieser virtuellen Maschine ausbrechen und das Hostsystem anzugreifen. Theoretisch.)
Es geht weiter:
Received: from 122.52.173.87.pldt.net ([122.52.173.87]) by mx-ha.gmx.net
(mxgmx104) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [122.52.173.87] (HELO SGY) by 122.52.173.87.pldt.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: Only fresh CC
http://www.watchmygf.com
Received: from 59-126-84-207.HINET-IP.hinet.net ([59.126.84.207]) by
mx-ha.gmx.net (mxgmx007) with ESMTP (Nemesis) id
0MfzBV-1U267x2Ks1-00NQ28 for xxxxx; Wed, 03 Apr 2013 xx:xx:xx +0200
Received: from [59.126.84.207] (HELO FGIUMDQCP)
by 59-126-84-207.HINET-IP.hinet.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: Check US CC data
http://www.xdating.com
vorgespiegelt wird auch:
http://www.liveundnackt.com
Heute eingetrudelt:
Received: from i-195-137-98-62.freedom2surf.net ([195.137.98.62]) by
mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [195.137.98.62] (HELO ZPF) by i-195-137-98-62.freedom2surf.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]
Subject: Download cp movies
http://www.osez.org
IP: 94.125.167.248 ---> nx3148.nexylan.net
Weiter Krieg bei der Porno-Mafia:
Received: from 194-144-135-62.du.xdsl.is ([194.144.135.62]) by mx-ha.gmx.net
(mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [194.144.135.62] (HELO LPUY) by 194-144-135-62.du.xdsl.is (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: access to CC data archive
http://www.watchmygf.com
http://www.liveundnackt.com
GoodReputation
06.04.2013, 19:05
Alle IPs die Ihr hier zitiert habt stehen in Blacklists (nicht nur Spamhaus). Welchen Sinn macht es hier einzelne infizierte Hosts/IPs zu beschreiben ?
Welchen Sinn macht es hier einzelne infizierte Hosts/IPs zu beschreiben ?
Dokumentation. Manchmal ergeben sich daraufhin im Nachhinein Querverbindungen, die natürlich prima vista nicht offensichtlich waren.
Weiterhin Porno-Krieg bei der Russen-Mafia:
Received: from segment-202-191.sify.net ([202.191.222.106]) by mx-ha.gmx.net
(mxgmx005) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [202.191.222.106] (HELO TCL) by segment-202-191.sify.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: Credit Cards from the US
http://www.watchmygf.com
IP: 216.18.164.37 ---> reflected.net
Heute möchte die Russenmafia wieder Schutzgeld erpressen von:
Received: from 91-225-8-88.laguna.net.pl ([91.225.8.88]) by mx-ha.gmx.net
(mxgmx113) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [91.225.8.88] (HELO MVV) by 91-225-8-88.laguna.net.pl (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: Your lovely zoophilia movies!
http://mydirtyhobby.com
IP: 31.192.117.40 ---> Swiftwill, Inc./Telia
Die Russenmafia im Pillz-Krieg schön zu erkennen, denn die Ratware 'verstümmelte' immer wieder dieselben Header-Zeilen):
Received: from mail-in-09.arcor-online.net ([151.189.21.49]) by
mx-ha.gmx.net
(mxgmx105) with ESMTP (Nemesis) ID: [ID filtered]
Received: from mail-in-14-z2.arcor-online.net
(mail-in-14-z2.arcor-online.net [151.189.8.31])
by mx.arcor.de (Postfix) with ESMTP ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from mail-in-01.arcor-online.net (mail-in-01.arcor-online.net
[151.189.21.41]) by mail-in-14-z2.arcor-online.net (Postfix) with ESMTP ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from dtdrnuhh (unknown [113.166.73.102])
(Authenticated sender: gwidera1 [at] arcor.de)
by mail-in-01.arcor-online.net (Postfix) with ESMTPA ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
IP: 113.166.73.102 ---> VNPT-NET, Vietnam
gecrackt: gwidera1 [at] arcor.de
http://bwssum6.pdsda.net/RealPills.html
IP: 222.124.202.178 ---> 178.subnet222-124-202.static.astinet.telkom.net.id
Received: from deliver.uni-koblenz.de ([127.0.0.1])
by localhost (deliver.uni-koblenz.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP ID: [ID filtered]
X-CHKRCPT: Envelopesender noch alb_santana [at] verizon.net
Received: from vms173017pub.verizon.net (vms173017pub.verizon.net
[206.46.173.17]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from rzsxsj ([unknown] [171.4.58.135]) by vms173017.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTPA ID: [ID filtered]
IP: 171.4.58.135 ---> mx-ll-171.4.58-135.dynamic.3bb.co.th
gecrackt: alb_santana [at] verizon.net
http://desiretoinspire.com.au/NicePills.htm
IP: 216.14.117.86 ---> EBOUNDHOST.com
Received: from mail.nn.ertelecom.ru ([91.144.184.9]) by mx-ha.gmx.net
(mxgmx002) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [117.221.225.2] (port=20184 helo=wvbwttd)
by mail.nn.ertelecom.ru with esmtpa (Exim)
ID: [ID filtered]
Thu, 09 May 2013 xx:xx:xx +0400
IP: 117.221.225.2 ---> NOC BSNL Bangalore, India
gecrackt: canek33 [at] ninodom.ru
http://jomuz.com/FreeEDmed.html
IP: 74.208.237.194 ---> 1&1 Internet Inc.
sind alles immer nur Redirects auf die eigentliche Seite:
http://medicwedne.com
IP: 94.242.254.96 ---> ip-static-94-242-254-96.as5577.net/Andy BIERLAIR, Luxembourg
sutherlandmonteverdi [at] yahoo.com
Weiterhin Russen-Krieg mit Pharmacy Express:
Received: from cohosting5.cbn.net.ID: [ID filtered]
(mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [31.210.37.242] (port=59263 helo=optiktunggal.com)
by cohosting5.cbn.net.ID: [ID filtered]
(Exim 4.80)
(envelope-from <sm-ot-peb [at] optiktunggal.com>)
ID: [ID filtered]
gecrackt: sm-ot-peb [at] optiktunggal.com
IP: 31.210.37.242 ---> aladag.habermi.com/Mars-Customer77
http://niawas.warp0.com/dh9ax90.html
IP: 64.136.20.42 ---> Juno Online Services, Inc.
weiter auf:
http://doctorgoer.com
IP: 94.242.254.96 ---> ip-static-94-242-254-96.as5577.net/LU-ROOT-20081021
Und wieder mal die Russenmafia:
Received: from iron02.uio.telmex.ec.intranet ([200.124.224.121]) by
mx-ha.gmx.net (mxgmx011) with ESMTP (Nemesis) id
0MgH6E-1UqJza0XeY-00NmCv for xxxxx; Wed, 15 May 2013 xx:xx:xx +0200
IP: 200.124.224.121 ---> host-200-124-224-121.telmex.com.ec
http://hornytube.xxx
IP: 87.250.153.105 ---> srv02.dsonline.nl/Net Ground Vlan 403, NL
spicepepperltd [at] gmail.com
Registriert übrigens beim Schlüsseldienst. Ach ja, immer wieder dieselben Namen...
Und wieder von der Russenmafia:
Received: from bas5-toronto46-1168057418.dsl.bell.ca ([69.159.36.74]) by
mx-ha.gmx.net (mxgmx111) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [69.159.36.74] (HELO TGJR) by bas5-toronto46-1168057418.dsl.bell.ca (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100
http://50plussexdating.nl
IP: 31.7.4.172 ---> web1.luckyguys.shockmedia.nl
Die Russenmafia macht weiter mit:
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
Received: from 123-PC.mshome.net ([188.209.241.220]) by mx-ha.gmx.net
(mxgmx007) with ESMTP (Nemesis) ID: [ID filtered]
IP: 188.209.241.220 ---> 220-241-209-188.globnet.md
http://xlovecam.nl
IP: 91.208.175.119 ---> AC Webconnecting BV, NL
Auch hier geht's weiter mit der Russen-Mafia:
Received: from Zarin-PC.cpe.cableonda.net ([190.219.60.102]) by
mx-ha.gmx.net (mxgmx113) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [190.219.60.102] (HELO LYNXDMVB) by Zarin-PC.cpe.cableonda.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100
http://cam4.fr
IP: 95.211.208.200 ---> LeaseWeb
wieder mal Spamweb, da sollte einen nichts mehr wundern...
Die Russenmafia schlägt wieder zu:
Received: from bas5-toronto46-1279610296.dsl.bell.ca ([76.69.77.184]) by
mx-ha.gmx.net (mxgmx109) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [76.69.77.184] (HELO EGGOB) by bas5-toronto46-1279610296.dsl.bell.ca (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100
http://ixxx.com
Die Russenmafia bietet heute auf:
Received: from host93.190-227-48.telecom.net.ar ([190.227.48.93]) by
mx-ha.gmx.net (mxgmx003) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [190.227.48.93] (HELO PZAI) by host93.190-227-48.telecom.net.ar (8.14.3/8.14.3) with SMTP ID: [ID filtered]
http://ru.cam4.com
IP: 199.59.88.246 ---> Mojohost
admin [at] surecomnv.com
Heute hat die Russenmafia im Visier:
Received: from 201-048-060-156.static.ctbc.com.br ([201.48.60.156]) by
mx-ha.gmx.net (mxgmx009) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [201.48.60.156] (HELO UPZPZOZO) by 201-048-060-156.static.ctbc.com.br (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729300
http://xvideoslive.com
IP: 216.127.52.234 ---> naiadsystems.com/Accretive Networks
hostmaster [at] icftechnology.com
Die Russenmafia läßt mal wieder grüßen:
Received: from 200.77.192.61.static.cablered.com.mx ([200.77.192.61]) by
mx-ha.gmx.net (mxgmx005) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [200.77.192.61] (HELO YVX) by 200.77.192.61.static.cablered.com.mx (8.14.3/8.14.3) with SMTP ID: [ID filtered]
http://xlovecam.nl
IP: 91.208.175.119 ---> AC Webconnecting BV
Und ewig rüpelt die Russenmafia:
Received: from ip-95-87-28-205.trakiacable.net ([95.87.28.205]) by mx-ha.gmx.net (mxgmx103) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [95.87.28.205] (HELO RNIFOXTC) by ip-95-87-28-205.trakiacable.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]
http://pub.webcamo.com
IP: 212.23.180.222 ---> vmpub80-222-cld.sfr-sh.net/Societe Francaise du Radiotelephone S.A.
Der Porno-Krieg der Russenmafia geht weiter mit:
Received: from F108.in.net.pl ([89.234.217.108]) by mx-ha.gmx.net (mxgmx003) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [89.234.217.108] (HELO HQSUD) by F108.in.net.pl (8.14.3/8.14.3) with SMTP ID: [ID filtered]
http://TUKIF.COM
IP: 178.170.104.226 ---> IKOULA
Martin Belz
08.07.2013, 10:14
Habe ich schon erlebt!
Ich habe eine Seite mit, Virtual Box in der Ubuntu lief, besucht.
Promt wollte ein Hack, die Virtual Box EXE ersetzen!!!
Zum Glück verhinderte dieses meine Firewall und mein Antivirus.
Also vorsichtigt sein ....
Die Russenmafia ist immer noch unterwegs:
Received: from 61-221-212-34.HINET-IP.hinet.net ([61.221.212.34]) by mx-ha.gmx.net (mxgmx012) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [61.221.212.34] (HELO VISG) by 61-221-212-34.HINET-IP.hinet.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]
http://tukif.com
IP: 178.170.104.226 ---> IKOULA, FR
Heute aus den Gefilden der Russenmafia:
Received: from 203.177.28.219 ([203.177.28.219])
by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (smartin [at] svrw.ru@171.170.34.30)
by 203.177.28.219 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx +0800
X-Originating-IP: 171.170.34.30
Subject: Legal drugs
IP: 203.177.28.219 ---> GLOBET-PH
http://svmrc.in
IP: 178.32.60.53 ---> OVH
Andererseits: OVH ist hier ja hinlänglich bekannt, da hosten auch keine Heiligen.
Die Mafiosi prügeln sich wieder:
Received: from 91.224.254.14 ([91.224.254.14])
by mx.kundenserver.de (node=mxbap1) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (lcdanfor [at] dioki.hr@91.170.119.118)
by 91.224.254.14 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx +0200
X-Originating-IP: 91.170.119.118
IP: 91.224.254.14 ---> Mediateleset Ltd, Ukraine
91.170.119.118 -> Proxad, FR
Legal Cocaine forum
http://allrc.biz
IP: 103.31.186.21 ---> lh22301.voxility.net, Romania
Nun ja, Voxility, das bürgt ja mal wieder für 1A Schwarzhut-Qualität.
Und mal wieder:
Received: from pool-71-161-81-234.cncdnh.east.myfairpoint.net
([71.161.94.186]) by mx-ha.gmx.net (mxgmx009) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (dom [at] lh.ru@160.33.221.153) by 71.161.94.186 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx -0500
Trojan Fake Police / Virus Gendarmerie Nationale : violation de la loi
francaise http://www.malekal.com
IP: 188.165.204.75 ---> ns310939.ovh.net
Wieder mal OVH....
Aber:
http://blog.dynamoo.com/2013/08/malekalcom-joe-job.html
und:
4917
Heute bei der Russenmafia:
Received: from sc-ita-250-4.mksnet.com.br ([177.70.73.10]) by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
Received: from unknown (HELO localhost) (erose [at] schoenherr.de@32.61.198.47) by sc-ita-250-4.mksnet.com.br with ESMTPA; Sun, 4 Aug 2013 xx:xx:xx -0300
X-Originating-IP: 32.61.198.47 ---> AT&T Global Network Services
Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do...
http://www.cpro.su (*NEW domain!)
IP: 190.93.252.20 ---> CloudFlare Latin America
Gehostet also in der Cloud in Südamerika und die Inhalte scheinen auch nicht ganz koscher zu sein. Also wohl Kriminelle unter sich bzw. Bandenkrieg der Russenmafia.
Weiter bei der Russenmafia:
Received: from 115.119.78.218 ([115.119.78.218]) by mx-ha.gmx.net (mxgmx104) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (danielle [at] removeearthlink.net@79.88.25.119) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800
X-Originating-IP: 79.88.25.119 ---> 119.25.88.79.rev.sfr.net
IP: 115.119.78.218 ---> 115.119.78.218.static-hyderabad.vsnl.net.in
Legal drugs forum
Smoking blends
http://rcblog.cc
IP: 89.45.14.31 ---> IM Internet Media SRL, MD
Received: from 115.119.78.218 (115.119.78.218.static-hyderabad.vsnl.net.in [115.119.78.218])
by mx.kundenserver.de (node=mxbap0) with ESMTP (Nemesis) ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (yjkim [at] co.gem.id.us@26.227.159.173) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800
X-Originating-IP: 26.227.159.173 ---> DoD Network Information Center
Forum about Powders, pills, smoking blends
http://allrc.biz
IP: 103.31.186.21 ---> lh22301.voxility.net/Saulhost, Romania
Natürlich alles mal wieder Hoster mit 'erstklassiger' Reputation. Die X-Originating-IP dürfte gefaket sein.
X-Originating-IP: 79.88.25.119 ---> 119.25.88.79.rev.sfr.net
X-Originating-IP: 26.227.159.173 ---> DoD Network Information Center
Die X-Originating-IP dürfte gefaket sein.
Exakt.
Die Received-Zeilen mit HELO localhost, zwei @ in den Klammern und "by <numerische IP>" sind frei ausgedacht und werden von keinem real existierenden Mailsystem so generiert. Insofern ist das ein 100% sicheres Spam-Zeichen, und wenn man in seinem Mailsystem auf Header filtern kann, kann man damit diesen ganzen Rotz draußen halten.
hoppala
Zumindestens Yahoo macht das so ähnlich (ohne Fake):
Yahoo:
X-Rocket-Received: from dlxlg (iheaven2006 [at] 119.114.98.76 with login) by smtp204.mail.cnb.yahoo.com with SMTP; 12 Apr 2013 xx:xx:xx +0000 UTC
Fake:
Received: from unknown (HELO localhost) (danielle [at] removeearthlink.net@79.88.25.119) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800
Ich schätze, dass man dort abgekupfert hat.
Die Russenmafia startet eine konzertierte Aktion; leider war die Ratware/C&C-Server kaputt, deshalb teilweise mit verstümmelten Headern:
Received: from 121.254.73.119 ([121.254.73.119]) by mx-ha.gmx.net
(mxgmx008) with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost) (r.croy [at] bc.edu@42.165.150.97)
by 121.254.73.119 with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0800
Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net
(mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from radio178-73.neasonline.no ([77.223.178.73]) b
Trojan Fake Police / Virus Gendarmerie Nationale : violation de la loi
francaise http://malekal.com
for <poor [at] spamvictim.tld>; Wed, 7 Aug 2013 xx:xx:xx +0200 (CEST)
Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net (mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (patrickf [at] mbay.net@38.166.177.238) by radio178-73.neasonline.no with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0100
Trade Forex, Commodities, Stocks and Indices with Up to 81% Return!
- Exclusive 60 second option
- Onetouch weekly options up to 500% return
- Up to $5000 welcome bonus
Start trading: http://redwoodoptions.com
IP: 199.83.130.9 ---> 199.83.130.9.ip.incapdns.net
Es war Wochenende und die Russenmafia hatte mal wieder Diarrhoe:
Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net
(mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (patrickf [at] mbay.net@38.166.177.238) by radio178-73.neasonline.no with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 38.166.177.238
Trade Forex, Commodities, Stocks and Indices with Up to 81
Received: from 3.red-80-29-71.adsl.static.ccgg.telefonica.net ([80.29.71.3])
by mx-ha.gmx.net (mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (erod [at] webmail.co.za@174.156.91.124) by 3.red-80-29-71.adsl.static.ccgg.telefonica.net with ESMTPA; Mon, 12 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 174.156.91.124
Legal powders
Herbal Highs forum
http://svmrc.in
IP: 178.32.60.53 ---> OVH Ltd.
Received: from 3.red-80-29-71.adsl.static.ccgg.telefonica.net (3.red-80-29-71.adsl.static.ccgg.telefonica.net [80.29.71.3]) by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (christian.dupraz [at] mbcmw.com@64.155.35.163) by 3.red-80-29-71.adsl.static.ccgg.telefonica.net with ESMTPA; Mon, 12 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 64.155.35.163
Synthetic drugs
Forum about Legal powders
http://rcblog.cc
IP: 89.45.14.31 ---> ptr.31.startdedicated.pw/IM Internet Media SRL, Romania
Die Russenmafia pöbelt weiter:
Received: from 37.112.32.68 ([37.112.37.248]) by mx.kundenserver.de (node=mxbap0) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lolo [at] nysaes.cornell.edu@197.216.46.117) by 109x195x234x141.dynamic.rostov.ertelecom.ru with ESMTPA; Thu, 15 Aug 2013 xx:xx:xx +0400
Trade Forex, Commodities, Stocks and Indices with Up to 81% Return!
- Exclusive 60 second option
- Onetouch weekly options up to 500% return
- Up to $5000 welcome bonus
Start trading: http://www.redwoodoptions.com
IP: 149.126.72.9 ---> 149.126.72.9.ip.incapdns.net
Heute bei der Russenmafia:
Received: from 119.226.154.98 (segment-119-226.sify.net [119.226.154.98]) by mx.kundenserver.de (node=mxbap1) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (melissab [at] electro-com.ru@234.210.117.46) by 119.226.154.98 with ESMTPA; Fri, 16 Aug 2013 xx:xx:xx +0530
Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie
is not allowed here. Do not enter if you don't know what to do...
http://cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> lh20666.voxility.net, Romania
Den Joe gibts immer im Doppelpack. Angeblich ist das Ganze auch als 'negatives Listwashing' bekannt:
Received: from 221.243.168.45 ([221.243.168.45]) by mx-ha.gmx.net
(mxgmx007) with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost)
(mario.wunder [at] oceanfree.net@214.112.216.56)
by 221.243.168.45 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0900
IP: 221.243.168.45 ---> 221x243x168x45.ap221.ftth.ucom.ne.jp
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)
Received: from 221.243.168.45 (221x243x168x45.ap221.ftth.ucom.ne.jp
[221.243.168.45]) by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost)
(jillschuchard [at] kwteamwerk.com@45.111.128.103)
by 221.243.168.45 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0900
IP: 221.243.168.45
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)
Received: from 218.248.1.194 ([218.248.1.194]) by mx-ha.gmx.net (mxgmx109)
with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost) (development [at] rrd.com@159.27.104.118)
by 218.248.1.194 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0530
IP: 218.248.1.194 ---> static.ill.218.248.1.194/24.bsnl.in
Forum about VIP PARTY POWDER
Smoke Blends forum
http://allrc.biz
Received: from 218.248.1.194 (static.ill.218.248.1.194/24.bsnl.in
[218.248.1.194])
by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (tap9 [at] chinatelecom.com.cn@48.99.81.43)
by 218.248.1.194 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0530
IP: 218.248.1.194
Pure DMAA Powder forum
Buy "bath salts"
http://rcblog.cc
Und wieder mal der Doppelpack von der Russenmafia:
Received: from 220.213.202.38 ([220.213.202.38]) by mx-ha.gmx.net (mxgmx109) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (majima [at] fnbbemidji.com@214.215.170.201) by 220.213.202.38 with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0900
IP: 220.213.202.38 ---> ag220-213-202-38.ccnw.ne.jp
eceived: from 220.213.202.38 (ag220-213-202-38.ccnw.ne.jp [220.213.202.38]) by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (dcorr [at] alliedlock.com@47.190.71.103) by ag220-213-202-38.ccnw.ne.jp with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0900
Private Hacking and Carding Forum / New Domain
Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do...
http://www.cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> lh20666.voxility.net, Romania
Und wieder die Russenmafia im Doppelpack:
Received: from 89.158.115.43 ([89.158.115.43]) by mx-ha.gmx.net (mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lucasj [at] ebnett.no@52.24.60.76) by 89.158.115.43 with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0100
IP: 89.158.115.43 ---> 89-158-115-43.rev.dartybox.com
Legal Cocaine
Forum about Bath Salts
http://svmrc.in
Received: from 203.44.171.60 ([203.44.171.60]) by mx-ha.gmx.net (mxgmx002) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (solson [at] sio.midco.net@161.229.209.133) by 203.44.171.60 with ESMTPA; Mon, 19 Aug 2013 xx:xx:xx +1000
IP: 203.44.171.60 ---> 203-44-171-60.tpips.telstra.com
Legal Drug Reviews
Legal highs forum
http://allrc.biz
Die Russenmafia dreht durch, sind da etwa Skript-Kiddies am Werk?
Received: from 93.85.224.11 ([93.85.224.11]) by mx-ha.gmx.net (mxgmx003) with
ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (bonniedrew [at] cyberpine.net@141.55.125.70) by 93.85.224.11 with ESMTPA; Mon, 19 Aug 2013 xx:xx:xx +0400
IP: 93.85.224.11 ---> ip224-11.17.dsl.minsktelecom.by
Received: from 106.120.131.210 ([223.72.254.178]) by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (andrewluff [at] lpl.com@56.195.222.213) by 211.103.241.226 with ESMTPA; Tue, 20 Aug 2013 xx:xx:xx +0800
IP: 223.72.254.178 ---> China Mobile Communications Corporation
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://www.cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> Saulhost Hosting, Romania/Voxility
Received: from 95.181.203.213 ([95.181.203.213]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (cayadi [at] erthlink.net@148.187.225.61) by 95.181.203.213 with ESMTPA; Tue, 20 Aug 2013 xx:xx:xx +0400
IP: 95.181.203.213 ---> South-East Transtelecom Joint Stock Co.
ìÕÞÛÉÅ ÄÉÅÔÙ ÄÌÑ ÐÏÈÕÄÅÎÉÑ, ÒÁÚÇÒÕÚÏÞÎÙÅ ÄÎÉ É ÍÅÔÏÄÙ ÂÏÒØÂÙ Ó ÃÅÌÌÀÌÉÔÏÍ.
ëÁË ÐÏÈÕÄÅÔØ ÚÁ ÎÅÄÅÌÀ ÉÌÉ ÂÙÓÔÒÏ ÐÏÈÕÄÅÔØ ÎÁ 10 ËÇ. ðÒÏ×ÅÒÅÎÎÙÅ ÍÅÔÏÄÙ
ÏÞÉÝÅÎÉÑ ÏÒÇÁÎÉÚÍÁ É ÏÓÎÏ×Ù ÐÒÁ×ÉÌØÎÏÇÏ ÐÉÔÁÎÉÑ: http://www.taliya.ru
IP: 193.105.210.111 ---> ISPHOST, Ukraine
Zum Wochenende geht es wieder los:
Received: from 124.241.45.170 ([124.241.33.50]) by mx-ha.gmx.net (mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (commeet.comn [at] mahanusa.com@65.69.49.136) by 124.241.33.50 with ESMTPA; Fri, 23 Aug 2013 xx:xx:xx +0900
IP: 124.241.33.50 ---> 124-241-033-050.pool.fctv.ne.jp
Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do... http://cpro.su
(*NEW domain!)
IP: 141.101.118.164 ---> Cloudflare
Am Wochenede werden die Russkis munter:
Received: from 206.125.131.78 ([206.125.131.78]) by mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (umur.sagon [at] cpar.ca@115.190.189.221) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600
Received: from 206.125.131.78 ([206.125.131.78]) by mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (umur.sagon [at] cpar.ca@115.190.189.221) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600
IP: 206.125.131.78 ---> host-3464332110.shawneelink.net
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> lh20666.voxility.net
Nachschlag:
Received: from 206.125.131.78 (host-3464332110.shawneelink.net [206.125.131.78]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (mmu [at] yahoo.com@239.218.149.211) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)
Received: from 180.40.121.238 ([180.40.121.216]) by mx-ha.gmx.net
(mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (ladislav.jech [at] hostgym.com@215.79.27.57) by 180.40.121.216 with ESMTPA; Mon, 26 Aug 2013 xx:xx:xx +0900
IP: 180.40.121.216 ---> p27216-em01otemachi.tokyo.ocn.ne.jp
Forum about VIP PARTY POWDER
http://rcblog.cc
IP: 89.45.14.31 ---> ptr.31.startdedicated.pw/IM Internet Media SRL, MD
Die Kiddies geben keine Ruhe:
Received: from 210.236.24.250 ([211.12.236.251]) by mx-ha.gmx.net (mxgmx105) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lou2426 [at] howardmiller.com@73.70.75.84) by 211.12.237.78 with ESMTPA; Tue, 27 Aug 2013 xx:xx:xx +0900
Received: from 210.236.24.250 (osaki236251.urban.ne.jp [211.12.236.251]) by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (ccole [at] westonaero.com@180.234.36.90) by 211.12.237.78 with ESMTPA; Tue, 27 Aug 2013 xx:xx:xx +0900
IP: 211.12.236.251 ---> osaki236251.urban.ne.jp
Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... www.cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> lh20666.voxility.net
Powered by vBulletin® Version 4.2.3 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.