PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Porno Joe Job?



kjz1
27.03.2013, 14:46
Die bespammte Seite ist sicher nicht von schlechten Eltern, aber das Mail Subject müffelt doch sehr nach Joe Job:


Subject: child porn and zoophilia videos!

Received: from 14.2.7.109.rev.sfr.net ([109.7.2.14]) by mx-ha.gmx.net
(mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [109.7.2.14] (HELO XBQXK) by 14.2.7.109.rev.sfr.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]

http://www.xdating.com
IP: 46.137.179.168 ---> ec2-46-137-179-168.eu-west-1.compute.amazonaws.com

wieder Bandenkrieg bei der Russenmafia?

kjz1
28.03.2013, 12:15
Es geht weiter:

Received: from host-86-63-136-158.nplay.net.pl ([86.63.136.158]) by
mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [86.63.136.158] (HELO FWNKD) by host-86-63-136-158.nplay.net.pl (8.14.3/8.14.3) with SMTP ID: [ID filtered]


Subject: zoo movies 2012

http://www.watchmygf.com
IP: 216.18.164.37 ---> reflected.net

in illustrer Nachbarschaft:


meandmylatina.com
www.meandmylatina.com
dirtywivesexposed.com
www.dirtywivesexposed.com
sendjoinsgetpaid.com
amaland.com
help.amaland.com
help.fuckingawesome.com
myalternativegf.com
www.myalternativegf.com
mylesbogf.com
www.mylesbogf.com
mybbwgf.com
tour.mybbwgf.com
www.mybbwgf.com
watchmygf.com
www.watchmygf.com
jizzonmygf.com
www.jizzonmygf.com
myebonygf.com
www.myebonygf.com
obsessedwithmyself.com
www.obsessedwithmyself.com
famousmilf.com
www.famousmilf.com
thegfnetwork.com
www.thegfnetwork.com
mygflovesanal.com
www.mygflovesanal.com
meandmyasian.com
www.meandmyasian.com
homemadecelebrityporn.com
tube.homemadecelebrityporn.com
www.homemadecelebrityporn.com
celebrityspanker.com
www.celebrityspanker.com
trashedgirlfriends.com
www.trashedgirlfriends.com
boyfriendnudes.com
www.boyfriendnudes.com
sexymalecelebrities.com
www.sexymalecelebrities.com
dirtyteencelebrities.com
www.dirtyteencelebrities.com
slutswithphones.com
www.slutswithphones.com
realitystarscandals.com
www.realitystarscandals.com
girlfriendorgasms.com
www.girlfriendorgasms.com
hackedgfvideos.com
www.hackedgfvideos.com
help.gossipmembers.com
paparazzistalkers.com
www.paparazzistalkers.com
fubilov.com
www.fubilov.com
tagteamtranny.com
www.tagteamtranny.com
watchmygf.net
www.watchmygf.net

kjz1
28.03.2013, 14:39
Bei der Russenmafia ist weiter Krieg angesagt:

Received: from smtp.endes.it ([88.81.191.72]) by mx-ha.gmx.net
(mxgmx010) with ESMTP (Nemesis) ID: [ID filtered]
2013 xx:xx:xx +0100
Received: from [88.81.191.72] (HELO GULF) by smtp.endes.it (8.14.3/8.14.3) with SMTP ID: [ID filtered]

IP: 88.81.191.72 ---> Easynet Italy


Subject: zoo movies 2012

http://www.sexpillguru.com
IP: 8.29.134.165 ---> Beyond Hosting

Goofy
31.03.2013, 12:25
Der Vollständigkeit halber sei noch einmal darauf hingewiesen, dass solche Webseiten sehr oft mit bösartigen Exploits verwanzt sind. Solche Webseiten besucht man am besten gar nicht, auch nicht mit abgeschaltetem Javascript - es gibt nämlich auch noch andere Exploits. Zum Beispiel Flash-Exploits oder Cross-Over-Exploits u.v.m., solche Exploits gibt es zwar beim Internet Explorer häufiger, aber auch für Firefox und andere Browser taucht so etwas immer mal wieder auf.

Besonders bei pr0n-Seiten aus dem extremen Bereich darf immer wieder mit bösartigen Dingen gerechnet werden. Also: für Recherchezwecke allenfalls einen Nur-Text-Browser wie z.B. Lynx nehmen. Der stellt natürlich keine Bildchen und flash-Filmchen dar, aber ich meine, das kann man sich nun wirklich ersparen.

TillP
31.03.2013, 22:16
Besonders bei pr0n-Seiten aus dem extremen Bereich darf immer wieder mit bösartigen Dingen gerechnet werden. Also: für Recherchezwecke allenfalls einen Nur-Text-Browser wie z.B. Lynx nehmen. Der stellt natürlich keine Bildchen und flash-Filmchen dar, aber ich meine, das kann man sich nun wirklich ersparen.

Wer auf die Bilder nicht verzichten will, kann auf BitBox: https://www.bsi.bund.de/DE/Themen/ProdukteTools/BitBox/BitBox_node.html zurückgreifen.
Ein gehärteter Firefox komplett fertig nutzbar in einer virtuellen Maschine. Damit ist man dann auf der sicheren Seite.
(Ja, theoretisch ist es denkbar, über einen Exploit den Browser anzugreifen, das gehärtete Linux in der virtuellen Maschine zu übernehmen, von dort erkennen, dass man in einer virtuellen Maschine läuft, aus dieser virtuellen Maschine ausbrechen und das Hostsystem anzugreifen. Theoretisch.)

kjz1
03.04.2013, 11:43
Es geht weiter:

Received: from 122.52.173.87.pldt.net ([122.52.173.87]) by mx-ha.gmx.net
(mxgmx104) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [122.52.173.87] (HELO SGY) by 122.52.173.87.pldt.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]


Subject: Only fresh CC

http://www.watchmygf.com


Received: from 59-126-84-207.HINET-IP.hinet.net ([59.126.84.207]) by
mx-ha.gmx.net (mxgmx007) with ESMTP (Nemesis) id
0MfzBV-1U267x2Ks1-00NQ28 for xxxxx; Wed, 03 Apr 2013 xx:xx:xx +0200
Received: from [59.126.84.207] (HELO FGIUMDQCP)
by 59-126-84-207.HINET-IP.hinet.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]


Subject: Check US CC data

http://www.xdating.com

vorgespiegelt wird auch:

http://www.liveundnackt.com

kjz1
05.04.2013, 18:49
Heute eingetrudelt:

Received: from i-195-137-98-62.freedom2surf.net ([195.137.98.62]) by
mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [195.137.98.62] (HELO ZPF) by i-195-137-98-62.freedom2surf.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]


Subject: Download cp movies

http://www.osez.org
IP: 94.125.167.248 ---> nx3148.nexylan.net

kjz1
06.04.2013, 12:49
Weiter Krieg bei der Porno-Mafia:

Received: from 194-144-135-62.du.xdsl.is ([194.144.135.62]) by mx-ha.gmx.net
(mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [194.144.135.62] (HELO LPUY) by 194-144-135-62.du.xdsl.is (8.14.3/8.14.3)
with SMTP ID: [ID filtered]


Subject: access to CC data archive

http://www.watchmygf.com

http://www.liveundnackt.com

GoodReputation
06.04.2013, 19:05
Alle IPs die Ihr hier zitiert habt stehen in Blacklists (nicht nur Spamhaus). Welchen Sinn macht es hier einzelne infizierte Hosts/IPs zu beschreiben ?

kjz1
06.04.2013, 19:52
Welchen Sinn macht es hier einzelne infizierte Hosts/IPs zu beschreiben ?

Dokumentation. Manchmal ergeben sich daraufhin im Nachhinein Querverbindungen, die natürlich prima vista nicht offensichtlich waren.

kjz1
19.04.2013, 10:41
Weiterhin Porno-Krieg bei der Russen-Mafia:

Received: from segment-202-191.sify.net ([202.191.222.106]) by mx-ha.gmx.net
(mxgmx005) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [202.191.222.106] (HELO TCL) by segment-202-191.sify.net (8.14.3/8.14.3)
with SMTP ID: [ID filtered]


Subject: Credit Cards from the US

http://www.watchmygf.com
IP: 216.18.164.37 ---> reflected.net

kjz1
08.05.2013, 21:16
Heute möchte die Russenmafia wieder Schutzgeld erpressen von:

Received: from 91-225-8-88.laguna.net.pl ([91.225.8.88]) by mx-ha.gmx.net
(mxgmx113) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [91.225.8.88] (HELO MVV) by 91-225-8-88.laguna.net.pl (8.14.3/8.14.3)
with SMTP ID: [ID filtered]
Subject: Your lovely zoophilia movies!

http://mydirtyhobby.com

IP: 31.192.117.40 ---> Swiftwill, Inc./Telia

kjz1
09.05.2013, 21:54
Die Russenmafia im Pillz-Krieg schön zu erkennen, denn die Ratware 'verstümmelte' immer wieder dieselben Header-Zeilen):

Received: from mail-in-09.arcor-online.net ([151.189.21.49]) by
mx-ha.gmx.net
(mxgmx105) with ESMTP (Nemesis) ID: [ID filtered]
Received: from mail-in-14-z2.arcor-online.net
(mail-in-14-z2.arcor-online.net [151.189.8.31])
by mx.arcor.de (Postfix) with ESMTP ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from mail-in-01.arcor-online.net (mail-in-01.arcor-online.net
[151.189.21.41]) by mail-in-14-z2.arcor-online.net (Postfix) with ESMTP ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from dtdrnuhh (unknown [113.166.73.102])
(Authenticated sender: gwidera1 [at] arcor.de)
by mail-in-01.arcor-online.net (Postfix) with ESMTPA ID: [ID filtered]
Thu, 9 May 2013 xx:xx:xx +0200 (CEST)

IP: 113.166.73.102 ---> VNPT-NET, Vietnam

gecrackt: gwidera1 [at] arcor.de

http://bwssum6.pdsda.net/RealPills.html
IP: 222.124.202.178 ---> 178.subnet222-124-202.static.astinet.telkom.net.id


Received: from deliver.uni-koblenz.de ([127.0.0.1])
by localhost (deliver.uni-koblenz.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP ID: [ID filtered]
X-CHKRCPT: Envelopesender noch alb_santana [at] verizon.net
Received: from vms173017pub.verizon.net (vms173017pub.verizon.net
[206.46.173.17]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Thu, 9 May 2013 xx:xx:xx +0200 (CEST)
Received: from rzsxsj ([unknown] [171.4.58.135]) by vms173017.mailsrvcs.net
(Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
with ESMTPA ID: [ID filtered]

IP: 171.4.58.135 ---> mx-ll-171.4.58-135.dynamic.3bb.co.th

gecrackt: alb_santana [at] verizon.net

http://desiretoinspire.com.au/NicePills.htm
IP: 216.14.117.86 ---> EBOUNDHOST.com


Received: from mail.nn.ertelecom.ru ([91.144.184.9]) by mx-ha.gmx.net
(mxgmx002) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [117.221.225.2] (port=20184 helo=wvbwttd)
by mail.nn.ertelecom.ru with esmtpa (Exim)
ID: [ID filtered]
Thu, 09 May 2013 xx:xx:xx +0400

IP: 117.221.225.2 ---> NOC BSNL Bangalore, India

gecrackt: canek33 [at] ninodom.ru

http://jomuz.com/FreeEDmed.html
IP: 74.208.237.194 ---> 1&1 Internet Inc.


sind alles immer nur Redirects auf die eigentliche Seite:

http://medicwedne.com
IP: 94.242.254.96 ---> ip-static-94-242-254-96.as5577.net/Andy BIERLAIR, Luxembourg

sutherlandmonteverdi [at] yahoo.com

kjz1
14.05.2013, 21:05
Weiterhin Russen-Krieg mit Pharmacy Express:

Received: from cohosting5.cbn.net.ID: [ID filtered]
(mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [31.210.37.242] (port=59263 helo=optiktunggal.com)
by cohosting5.cbn.net.ID: [ID filtered]
(Exim 4.80)
(envelope-from <sm-ot-peb [at] optiktunggal.com>)
ID: [ID filtered]

gecrackt: sm-ot-peb [at] optiktunggal.com

IP: 31.210.37.242 ---> aladag.habermi.com/Mars-Customer77

http://niawas.warp0.com/dh9ax90.html
IP: 64.136.20.42 ---> Juno Online Services, Inc.

weiter auf:

http://doctorgoer.com
IP: 94.242.254.96 ---> ip-static-94-242-254-96.as5577.net/LU-ROOT-20081021

kjz1
15.05.2013, 14:41
Und wieder mal die Russenmafia:

Received: from iron02.uio.telmex.ec.intranet ([200.124.224.121]) by
mx-ha.gmx.net (mxgmx011) with ESMTP (Nemesis) id
0MgH6E-1UqJza0XeY-00NmCv for xxxxx; Wed, 15 May 2013 xx:xx:xx +0200

IP: 200.124.224.121 ---> host-200-124-224-121.telmex.com.ec

http://hornytube.xxx
IP: 87.250.153.105 ---> srv02.dsonline.nl/Net Ground Vlan 403, NL

spicepepperltd [at] gmail.com

Registriert übrigens beim Schlüsseldienst. Ach ja, immer wieder dieselben Namen...

kjz1
06.06.2013, 19:00
Und wieder von der Russenmafia:

Received: from bas5-toronto46-1168057418.dsl.bell.ca ([69.159.36.74]) by
mx-ha.gmx.net (mxgmx111) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [69.159.36.74] (HELO TGJR) by bas5-toronto46-1168057418.dsl.bell.ca (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100

http://50plussexdating.nl

IP: 31.7.4.172 ---> web1.luckyguys.shockmedia.nl

kjz1
09.06.2013, 15:58
Die Russenmafia macht weiter mit:

Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
Received: from 123-PC.mshome.net ([188.209.241.220]) by mx-ha.gmx.net
(mxgmx007) with ESMTP (Nemesis) ID: [ID filtered]

IP: 188.209.241.220 ---> 220-241-209-188.globnet.md

http://xlovecam.nl

IP: 91.208.175.119 ---> AC Webconnecting BV, NL

kjz1
09.06.2013, 22:41
Auch hier geht's weiter mit der Russen-Mafia:

Received: from Zarin-PC.cpe.cableonda.net ([190.219.60.102]) by
mx-ha.gmx.net (mxgmx113) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [190.219.60.102] (HELO LYNXDMVB) by Zarin-PC.cpe.cableonda.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100

http://cam4.fr

IP: 95.211.208.200 ---> LeaseWeb

wieder mal Spamweb, da sollte einen nichts mehr wundern...

kjz1
12.06.2013, 20:38
Die Russenmafia schlägt wieder zu:

Received: from bas5-toronto46-1279610296.dsl.bell.ca ([76.69.77.184]) by
mx-ha.gmx.net (mxgmx109) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [76.69.77.184] (HELO EGGOB) by bas5-toronto46-1279610296.dsl.bell.ca (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729100

http://ixxx.com

kjz1
14.06.2013, 17:59
Die Russenmafia bietet heute auf:

Received: from host93.190-227-48.telecom.net.ar ([190.227.48.93]) by
mx-ha.gmx.net (mxgmx003) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [190.227.48.93] (HELO PZAI) by host93.190-227-48.telecom.net.ar (8.14.3/8.14.3) with SMTP ID: [ID filtered]

http://ru.cam4.com
IP: 199.59.88.246 ---> Mojohost

admin [at] surecomnv.com

kjz1
15.06.2013, 20:12
Heute hat die Russenmafia im Visier:

Received: from 201-048-060-156.static.ctbc.com.br ([201.48.60.156]) by
mx-ha.gmx.net (mxgmx009) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [201.48.60.156] (HELO UPZPZOZO) by 201-048-060-156.static.ctbc.com.br (8.14.3/8.14.3) with SMTP ID: [ID filtered]
+429496729300

http://xvideoslive.com

IP: 216.127.52.234 ---> naiadsystems.com/Accretive Networks

hostmaster [at] icftechnology.com

kjz1
27.06.2013, 15:44
Die Russenmafia läßt mal wieder grüßen:

Received: from 200.77.192.61.static.cablered.com.mx ([200.77.192.61]) by
mx-ha.gmx.net (mxgmx005) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [200.77.192.61] (HELO YVX) by 200.77.192.61.static.cablered.com.mx (8.14.3/8.14.3) with SMTP ID: [ID filtered]

http://xlovecam.nl

IP: 91.208.175.119 ---> AC Webconnecting BV

kjz1
06.07.2013, 17:06
Und ewig rüpelt die Russenmafia:

Received: from ip-95-87-28-205.trakiacable.net ([95.87.28.205]) by mx-ha.gmx.net (mxgmx103) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [95.87.28.205] (HELO RNIFOXTC) by ip-95-87-28-205.trakiacable.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]

http://pub.webcamo.com

IP: 212.23.180.222 ---> vmpub80-222-cld.sfr-sh.net/Societe Francaise du Radiotelephone S.A.

kjz1
07.07.2013, 10:17
Der Porno-Krieg der Russenmafia geht weiter mit:

Received: from F108.in.net.pl ([89.234.217.108]) by mx-ha.gmx.net (mxgmx003) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [89.234.217.108] (HELO HQSUD) by F108.in.net.pl (8.14.3/8.14.3) with SMTP ID: [ID filtered]

http://TUKIF.COM

IP: 178.170.104.226 ---> IKOULA

Martin Belz
08.07.2013, 10:14
Habe ich schon erlebt!

Ich habe eine Seite mit, Virtual Box in der Ubuntu lief, besucht.
Promt wollte ein Hack, die Virtual Box EXE ersetzen!!!
Zum Glück verhinderte dieses meine Firewall und mein Antivirus.
Also vorsichtigt sein ....

kjz1
22.07.2013, 09:20
Die Russenmafia ist immer noch unterwegs:

Received: from 61-221-212-34.HINET-IP.hinet.net ([61.221.212.34]) by mx-ha.gmx.net (mxgmx012) with ESMTP (Nemesis) ID: [ID filtered]
Received: from [61.221.212.34] (HELO VISG) by 61-221-212-34.HINET-IP.hinet.net (8.14.3/8.14.3) with SMTP ID: [ID filtered]

http://tukif.com
IP: 178.170.104.226 ---> IKOULA, FR

kjz1
02.08.2013, 21:19
Heute aus den Gefilden der Russenmafia:

Received: from 203.177.28.219 ([203.177.28.219])
by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (smartin [at] svrw.ru@171.170.34.30)
by 203.177.28.219 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx +0800
X-Originating-IP: 171.170.34.30
Subject: Legal drugs

IP: 203.177.28.219 ---> GLOBET-PH

http://svmrc.in
IP: 178.32.60.53 ---> OVH

Andererseits: OVH ist hier ja hinlänglich bekannt, da hosten auch keine Heiligen.

kjz1
03.08.2013, 17:04
Die Mafiosi prügeln sich wieder:

Received: from 91.224.254.14 ([91.224.254.14])
by mx.kundenserver.de (node=mxbap1) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (lcdanfor [at] dioki.hr@91.170.119.118)
by 91.224.254.14 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx +0200
X-Originating-IP: 91.170.119.118

IP: 91.224.254.14 ---> Mediateleset Ltd, Ukraine
91.170.119.118 -> Proxad, FR


Legal Cocaine forum
http://allrc.biz

IP: 103.31.186.21 ---> lh22301.voxility.net, Romania

Nun ja, Voxility, das bürgt ja mal wieder für 1A Schwarzhut-Qualität.

kjz1
04.08.2013, 10:21
Und mal wieder:

Received: from pool-71-161-81-234.cncdnh.east.myfairpoint.net
([71.161.94.186]) by mx-ha.gmx.net (mxgmx009) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (dom [at] lh.ru@160.33.221.153) by 71.161.94.186 with ESMTPA; Sat, 3 Aug 2013 xx:xx:xx -0500


Trojan Fake Police / Virus Gendarmerie Nationale : violation de la loi
francaise http://www.malekal.com

IP: 188.165.204.75 ---> ns310939.ovh.net

Wieder mal OVH....

Aber:

http://blog.dynamoo.com/2013/08/malekalcom-joe-job.html

und:

4917

kjz1
05.08.2013, 09:22
Heute bei der Russenmafia:

Received: from sc-ita-250-4.mksnet.com.br ([177.70.73.10]) by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
Received: from unknown (HELO localhost) (erose [at] schoenherr.de@32.61.198.47) by sc-ita-250-4.mksnet.com.br with ESMTPA; Sun, 4 Aug 2013 xx:xx:xx -0300
X-Originating-IP: 32.61.198.47 ---> AT&T Global Network Services


Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do...
http://www.cpro.su (*NEW domain!)

IP: 190.93.252.20 ---> CloudFlare Latin America

Gehostet also in der Cloud in Südamerika und die Inhalte scheinen auch nicht ganz koscher zu sein. Also wohl Kriminelle unter sich bzw. Bandenkrieg der Russenmafia.

kjz1
06.08.2013, 11:29
Weiter bei der Russenmafia:

Received: from 115.119.78.218 ([115.119.78.218]) by mx-ha.gmx.net (mxgmx104) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (danielle [at] removeearthlink.net@79.88.25.119) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800

X-Originating-IP: 79.88.25.119 ---> 119.25.88.79.rev.sfr.net

IP: 115.119.78.218 ---> 115.119.78.218.static-hyderabad.vsnl.net.in


Legal drugs forum
Smoking blends
http://rcblog.cc
IP: 89.45.14.31 ---> IM Internet Media SRL, MD


Received: from 115.119.78.218 (115.119.78.218.static-hyderabad.vsnl.net.in [115.119.78.218])
by mx.kundenserver.de (node=mxbap0) with ESMTP (Nemesis) ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (yjkim [at] co.gem.id.us@26.227.159.173) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800

X-Originating-IP: 26.227.159.173 ---> DoD Network Information Center


Forum about Powders, pills, smoking blends
http://allrc.biz
IP: 103.31.186.21 ---> lh22301.voxility.net/Saulhost, Romania

Natürlich alles mal wieder Hoster mit 'erstklassiger' Reputation. Die X-Originating-IP dürfte gefaket sein.

hoppala
06.08.2013, 14:41
X-Originating-IP: 79.88.25.119 ---> 119.25.88.79.rev.sfr.net
X-Originating-IP: 26.227.159.173 ---> DoD Network Information Center

Die X-Originating-IP dürfte gefaket sein.

Exakt.
Die Received-Zeilen mit HELO localhost, zwei @ in den Klammern und "by <numerische IP>" sind frei ausgedacht und werden von keinem real existierenden Mailsystem so generiert. Insofern ist das ein 100% sicheres Spam-Zeichen, und wenn man in seinem Mailsystem auf Header filtern kann, kann man damit diesen ganzen Rotz draußen halten.

hoppala

kjz1
06.08.2013, 14:59
Zumindestens Yahoo macht das so ähnlich (ohne Fake):

Yahoo:
X-Rocket-Received: from dlxlg (iheaven2006 [at] 119.114.98.76 with login) by smtp204.mail.cnb.yahoo.com with SMTP; 12 Apr 2013 xx:xx:xx +0000 UTC

Fake:
Received: from unknown (HELO localhost) (danielle [at] removeearthlink.net@79.88.25.119) by 115.119.78.218 with ESMTPA; Mon, 5 Aug 2013 xx:xx:xx -0800

Ich schätze, dass man dort abgekupfert hat.

kjz1
07.08.2013, 11:25
Die Russenmafia startet eine konzertierte Aktion; leider war die Ratware/C&C-Server kaputt, deshalb teilweise mit verstümmelten Headern:

Received: from 121.254.73.119 ([121.254.73.119]) by mx-ha.gmx.net
(mxgmx008) with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost) (r.croy [at] bc.edu@42.165.150.97)
by 121.254.73.119 with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0800

Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net
(mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]

Received: from radio178-73.neasonline.no ([77.223.178.73]) b


Trojan Fake Police / Virus Gendarmerie Nationale : violation de la loi
francaise http://malekal.com


for <poor [at] spamvictim.tld>; Wed, 7 Aug 2013 xx:xx:xx +0200 (CEST)
Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net (mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (patrickf [at] mbay.net@38.166.177.238) by radio178-73.neasonline.no with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0100


Trade Forex, Commodities, Stocks and Indices with Up to 81% Return!
- Exclusive 60 second option
- Onetouch weekly options up to 500% return
- Up to $5000 welcome bonus

Start trading: http://redwoodoptions.com

IP: 199.83.130.9 ---> 199.83.130.9.ip.incapdns.net

kjz1
12.08.2013, 09:32
Es war Wochenende und die Russenmafia hatte mal wieder Diarrhoe:

Received: from radio178-73.neasonline.no ([77.223.178.73]) by mx-ha.gmx.net
(mxgmx001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (patrickf [at] mbay.net@38.166.177.238) by radio178-73.neasonline.no with ESMTPA; Wed, 7 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 38.166.177.238


Trade Forex, Commodities, Stocks and Indices with Up to 81


Received: from 3.red-80-29-71.adsl.static.ccgg.telefonica.net ([80.29.71.3])
by mx-ha.gmx.net (mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (erod [at] webmail.co.za@174.156.91.124) by 3.red-80-29-71.adsl.static.ccgg.telefonica.net with ESMTPA; Mon, 12 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 174.156.91.124


Legal powders
Herbal Highs forum
http://svmrc.in
IP: 178.32.60.53 ---> OVH Ltd.


Received: from 3.red-80-29-71.adsl.static.ccgg.telefonica.net (3.red-80-29-71.adsl.static.ccgg.telefonica.net [80.29.71.3]) by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (christian.dupraz [at] mbcmw.com@64.155.35.163) by 3.red-80-29-71.adsl.static.ccgg.telefonica.net with ESMTPA; Mon, 12 Aug 2013 xx:xx:xx +0100
X-Originating-IP: 64.155.35.163


Synthetic drugs
Forum about Legal powders
http://rcblog.cc
IP: 89.45.14.31 ---> ptr.31.startdedicated.pw/IM Internet Media SRL, Romania

kjz1
15.08.2013, 11:59
Die Russenmafia pöbelt weiter:

Received: from 37.112.32.68 ([37.112.37.248]) by mx.kundenserver.de (node=mxbap0) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lolo [at] nysaes.cornell.edu@197.216.46.117) by 109x195x234x141.dynamic.rostov.ertelecom.ru with ESMTPA; Thu, 15 Aug 2013 xx:xx:xx +0400


Trade Forex, Commodities, Stocks and Indices with Up to 81% Return!
- Exclusive 60 second option
- Onetouch weekly options up to 500% return
- Up to $5000 welcome bonus

Start trading: http://www.redwoodoptions.com

IP: 149.126.72.9 ---> 149.126.72.9.ip.incapdns.net

kjz1
16.08.2013, 11:05
Heute bei der Russenmafia:

Received: from 119.226.154.98 (segment-119-226.sify.net [119.226.154.98]) by mx.kundenserver.de (node=mxbap1) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (melissab [at] electro-com.ru@234.210.117.46) by 119.226.154.98 with ESMTPA; Fri, 16 Aug 2013 xx:xx:xx +0530


Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie
is not allowed here. Do not enter if you don't know what to do...
http://cpro.su (*NEW domain!)

IP: 103.31.186.89 ---> lh20666.voxility.net, Romania

kjz1
17.08.2013, 20:17
Den Joe gibts immer im Doppelpack. Angeblich ist das Ganze auch als 'negatives Listwashing' bekannt:

Received: from 221.243.168.45 ([221.243.168.45]) by mx-ha.gmx.net
(mxgmx007) with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost)
(mario.wunder [at] oceanfree.net@214.112.216.56)
by 221.243.168.45 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0900

IP: 221.243.168.45 ---> 221x243x168x45.ap221.ftth.ucom.ne.jp


Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)


Received: from 221.243.168.45 (221x243x168x45.ap221.ftth.ucom.ne.jp
[221.243.168.45]) by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost)
(jillschuchard [at] kwteamwerk.com@45.111.128.103)
by 221.243.168.45 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0900

IP: 221.243.168.45


Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)


Received: from 218.248.1.194 ([218.248.1.194]) by mx-ha.gmx.net (mxgmx109)
with ESMTP (Nemesis) ID: [ID filtered]
Aug 2013 xx:xx:xx +0200
Received: from unknown (HELO localhost) (development [at] rrd.com@159.27.104.118)
by 218.248.1.194 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0530

IP: 218.248.1.194 ---> static.ill.218.248.1.194/24.bsnl.in


Forum about VIP PARTY POWDER
Smoke Blends forum
http://allrc.biz


Received: from 218.248.1.194 (static.ill.218.248.1.194/24.bsnl.in
[218.248.1.194])
by mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis)
ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (tap9 [at] chinatelecom.com.cn@48.99.81.43)
by 218.248.1.194 with ESMTPA; Sat, 17 Aug 2013 xx:xx:xx +0530

IP: 218.248.1.194


Pure DMAA Powder forum
Buy "bath salts"
http://rcblog.cc

kjz1
18.08.2013, 16:19
Und wieder mal der Doppelpack von der Russenmafia:

Received: from 220.213.202.38 ([220.213.202.38]) by mx-ha.gmx.net (mxgmx109) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (majima [at] fnbbemidji.com@214.215.170.201) by 220.213.202.38 with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0900

IP: 220.213.202.38 ---> ag220-213-202-38.ccnw.ne.jp

eceived: from 220.213.202.38 (ag220-213-202-38.ccnw.ne.jp [220.213.202.38]) by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (dcorr [at] alliedlock.com@47.190.71.103) by ag220-213-202-38.ccnw.ne.jp with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0900


Private Hacking and Carding Forum / New Domain
Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do...
http://www.cpro.su (*NEW domain!)
IP: 103.31.186.89 ---> lh20666.voxility.net, Romania

kjz1
19.08.2013, 11:18
Und wieder die Russenmafia im Doppelpack:

Received: from 89.158.115.43 ([89.158.115.43]) by mx-ha.gmx.net (mxgmx013) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lucasj [at] ebnett.no@52.24.60.76) by 89.158.115.43 with ESMTPA; Sun, 18 Aug 2013 xx:xx:xx +0100

IP: 89.158.115.43 ---> 89-158-115-43.rev.dartybox.com


Legal Cocaine
Forum about Bath Salts
http://svmrc.in


Received: from 203.44.171.60 ([203.44.171.60]) by mx-ha.gmx.net (mxgmx002) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (solson [at] sio.midco.net@161.229.209.133) by 203.44.171.60 with ESMTPA; Mon, 19 Aug 2013 xx:xx:xx +1000

IP: 203.44.171.60 ---> 203-44-171-60.tpips.telstra.com


Legal Drug Reviews
Legal highs forum
http://allrc.biz

kjz1
20.08.2013, 10:30
Die Russenmafia dreht durch, sind da etwa Skript-Kiddies am Werk?

Received: from 93.85.224.11 ([93.85.224.11]) by mx-ha.gmx.net (mxgmx003) with
ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (bonniedrew [at] cyberpine.net@141.55.125.70) by 93.85.224.11 with ESMTPA; Mon, 19 Aug 2013 xx:xx:xx +0400

IP: 93.85.224.11 ---> ip224-11.17.dsl.minsktelecom.by

Received: from 106.120.131.210 ([223.72.254.178]) by mx.kundenserver.de (node=mxeu3) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (andrewluff [at] lpl.com@56.195.222.213) by 211.103.241.226 with ESMTPA; Tue, 20 Aug 2013 xx:xx:xx +0800

IP: 223.72.254.178 ---> China Mobile Communications Corporation


Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://www.cpro.su (*NEW domain!)

IP: 103.31.186.89 ---> Saulhost Hosting, Romania/Voxility


Received: from 95.181.203.213 ([95.181.203.213]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (cayadi [at] erthlink.net@148.187.225.61) by 95.181.203.213 with ESMTPA; Tue, 20 Aug 2013 xx:xx:xx +0400

IP: 95.181.203.213 ---> South-East Transtelecom Joint Stock Co.


ìÕÞÛÉÅ ÄÉÅÔÙ ÄÌÑ ÐÏÈÕÄÅÎÉÑ, ÒÁÚÇÒÕÚÏÞÎÙÅ ÄÎÉ É ÍÅÔÏÄÙ ÂÏÒØÂÙ Ó ÃÅÌÌÀÌÉÔÏÍ.
ëÁË ÐÏÈÕÄÅÔØ ÚÁ ÎÅÄÅÌÀ ÉÌÉ ÂÙÓÔÒÏ ÐÏÈÕÄÅÔØ ÎÁ 10 ËÇ. ðÒÏ×ÅÒÅÎÎÙÅ ÍÅÔÏÄÙ
ÏÞÉÝÅÎÉÑ ÏÒÇÁÎÉÚÍÁ É ÏÓÎÏ×Ù ÐÒÁ×ÉÌØÎÏÇÏ ÐÉÔÁÎÉÑ: http://www.taliya.ru
IP: 193.105.210.111 ---> ISPHOST, Ukraine

kjz1
23.08.2013, 11:29
Zum Wochenende geht es wieder los:

Received: from 124.241.45.170 ([124.241.33.50]) by mx-ha.gmx.net (mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (commeet.comn [at] mahanusa.com@65.69.49.136) by 124.241.33.50 with ESMTPA; Fri, 23 Aug 2013 xx:xx:xx +0900

IP: 124.241.33.50 ---> 124-241-033-050.pool.fctv.ne.jp


Welcome to Private Hacking and Carding Forum. We talking and sharing about
CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding Tips. Newbie is
not allowed here. Do not enter if you don't know what to do... http://cpro.su
(*NEW domain!)

IP: 141.101.118.164 ---> Cloudflare

kjz1
26.08.2013, 15:41
Am Wochenede werden die Russkis munter:

Received: from 206.125.131.78 ([206.125.131.78]) by mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (umur.sagon [at] cpar.ca@115.190.189.221) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600

Received: from 206.125.131.78 ([206.125.131.78]) by mx-ha.gmx.net (mxgmx006) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (umur.sagon [at] cpar.ca@115.190.189.221) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600

IP: 206.125.131.78 ---> host-3464332110.shawneelink.net



Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)

IP: 103.31.186.89 ---> lh20666.voxility.net

kjz1
26.08.2013, 20:14
Nachschlag:

Received: from 206.125.131.78 (host-3464332110.shawneelink.net [206.125.131.78]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) ID: [ID filtered]
xx:xx:xx +0200
Received: from unknown (HELO localhost) (mmu [at] yahoo.com@239.218.149.211) by 206.125.131.78 with ESMTPA; Sat, 24 Aug 2013 xx:xx:xx -0600


Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... http://cpro.su (*NEW domain!)


Received: from 180.40.121.238 ([180.40.121.216]) by mx-ha.gmx.net
(mxgmx112) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (ladislav.jech [at] hostgym.com@215.79.27.57) by 180.40.121.216 with ESMTPA; Mon, 26 Aug 2013 xx:xx:xx +0900

IP: 180.40.121.216 ---> p27216-em01otemachi.tokyo.ocn.ne.jp


Forum about VIP PARTY POWDER
http://rcblog.cc

IP: 89.45.14.31 ---> ptr.31.startdedicated.pw/IM Internet Media SRL, MD

kjz1
27.08.2013, 09:10
Die Kiddies geben keine Ruhe:

Received: from 210.236.24.250 ([211.12.236.251]) by mx-ha.gmx.net (mxgmx105) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (lou2426 [at] howardmiller.com@73.70.75.84) by 211.12.237.78 with ESMTPA; Tue, 27 Aug 2013 xx:xx:xx +0900

Received: from 210.236.24.250 (osaki236251.urban.ne.jp [211.12.236.251]) by mx.kundenserver.de (node=mxbap2) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (ccole [at] westonaero.com@180.234.36.90) by 211.12.237.78 with ESMTPA; Tue, 27 Aug 2013 xx:xx:xx +0900

IP: 211.12.236.251 ---> osaki236251.urban.ne.jp


Welcome to Private Hacking and Carding Forum. We talking and sharing
about CVV, Paypal, Accounts, Bank Logs, Hacking Tools and Carding
Tips. Newbie is not allowed here. Do not enter if you don't know what
to do... www.cpro.su (*NEW domain!)

IP: 103.31.186.89 ---> lh20666.voxility.net