PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : wieder mal ein Joe von der Russenmafia



kjz1
22.05.2014, 11:22
Da ist wohl mal wieder in RU ein Sender missliebig:

X-CHKRCPT: Envelopesender noch paulalfunk [at] arnet.com.ar
Received: from smtp-out-01c.arnet.com.ar (smtp-out-01c.arnet.com.ar
[200.45.0.210]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]

gecrackt: paulalfunk [at] arnet.com.ar


Предлагаем Вашему вниманию информационный ресурс Новокузнецка и
Кузбасса, впервые предложивший кузбассовцам новостной и аналитический
видеоконтент. Наша задача - оперативно, а главное, объективно освещать
события в крупнейшем городе Кемеровской области, Новокузнецке. Команда
из профессиональных журналистов, операторов и режиссеров ежедневно
делает огромную работу для того, чтобы кузбассовцы знали, что происходит
в их регионе: http://nk-tv.net

IP: 148.251.234.171 ---> Hetzner

kjz1
23.05.2014, 10:56
Es geht weiter:

Received: from mail.insy.kz (mail.insy.kz [212.154.241.226])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Fri, 23 May 2014 xx:xx:xx +0200 (CEST)
Received: from [101.96.33.64] (helo=localhost)
by mail.insy.kz with esmtpa (Exim 4.63)
(envelope-from <zik_2 [at] zik.kz>)
ID: [ID filtered]
for xxxxx; Fri, 23 May 2014 xx:xx:xx +0600


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
24.05.2014, 18:15
Fast nur noch Spams von der Russenmafia in der Ukraine. Wann holt die NSA mal den groъen Seitenschneider raus...

Received: from server2.hostedevolution.com (unknown [96.127.134.21])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sat, 24 May 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [77.122.209.101])
by server2.hostedevolution.com (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Sat, 24 May 2014 xx:xx:xx -0500 (CDT)

IP: 77.122.209.101 ---> dynamic-77-122-209-101.ricona.net.ua


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kissmyads.biz [at] allperson.ru

kjz1
25.05.2014, 18:42
Die Russenmafia in der Ukraine rotzt weiter:

Received: from mail01.ipcare.de (mail01.ipcare.de [194.195.3.129]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
Received: from [93.79.238.193] (helo=localhost) by mail01.ipcare.de with esmtpa (Exim 4.72)
(envelope-from <pop105048 [at] localhost>) ID: [ID filtered]

IP: 93.79.238.193 ---> Volia, Ukraine


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
26.05.2014, 10:30
GrЭsse von den Mafia-Ganoven:

Received: from a2-salada7.whservidor.com
(a2-salada7-dedicado.whservidor.com [200.147.34.83])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 26 May 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by a2-salada7.whservidor.com (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sun, 25 May 2014 xx:xx:xx -0300 (BRT)
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char F2 hex):
Subject: \362\305\313\314\301\315\301
Received: from a2-salada7.whservidor.com ([127.0.0.1])
by localhost (a2-salada7.host.intranet [127.0.0.1])
(UOL-patch-amavisd-new, port 50024)
with ESMTP ID: [ID filtered]
Sun, 25 May 2014 xx:xx:xx -0300 (BRT)
Received: from insvr1016.in.whservidor.com (insvr1016.in.whservidor.com
[187.61.61.185])
by a2-salada7.whservidor.com (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sun, 25 May 2014 xx:xx:xx -0300 (BRT)
Received: from [176.194.93.41] (helo=localhost)
by insvr1016.in.whservidor.com with esmtpa (Exim 4.69)
(envelope-from <arildo [at] itgatreinamento.com.br>)
ID: [ID filtered]
for xxxxx; Sun, 25 May 2014 xx:xx:xx -0300

IP: 176.194.93.41 ---> ip-176-194-93-41.bb.netbynet.ru

gecrackt: arildo [at] itgatreinamento.com.br


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} www.kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
26.05.2014, 17:09
Und hier noch etwas, was stark nach denselben Russen-Ganoven mЭffelt:

Received: from know-smtprelay-omd-3.server.virginmedia.net
(know-smtprelay-omd-3.server.virginmedia.net [81.104.62.35])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 26 May 2014 xx:xx:xx +0200 (CEST)
Received: from localhost ([178.187.91.136]) by know-smtprelay-3-imp with bizsmtp ID: [ID filtered]

X-Originating-IP: [178.187.91.136] ---> 178.187.91-136.xdsl.ab.ru


Your Search Technology Partner
We'll take you to the next level by offering you the most Innovative
Search Technology and Marketing Strategies. The Result: Improved
Profitability in a Changing Economy.
http://www.trafficengine.net

IP: 216.246.127.12 ---> unknown.ord.scnet.net

kjz1
28.05.2014, 14:41
Die Ganoven aus der rechtsbefreiten Zone lassen grЭъen:

May 2014 xx:xx:xx CEST
Received: from mail.borsoft.hu (mail.borsoft.hu [81.0.105.2])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 28 May 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [159.224.49.9])
by mail.borsoft.hu (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 28 May 2014 xx:xx:xx +0200 (CEST

IP: 159.224.49.9 ---> 9.49.224.159.triolan.net, Ukraine


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} www.kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
04.06.2014, 21:07
Die Russenmafia war wieder fleissig, gecrackte Mailaccounts sind wohl im Tausenderpack billiger:

Received: from nexus9.polaris.ca (nexus9.polaris.ca [50.21.183.30])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Mon, 2 Jun 2014 xx:xx:xx +0200 (CEST)
X-No-Relay: not in my network
Received: from localhost (79-100-141-53.btc-net.bg [79.100.141.53])
by nexus9.polaris.ca (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Sun, 1 Jun 2014 xx:xx:xx -0400 (EDT)

Received: from mail.tektonic.net (mail.tektonic.net [108.161.128.3])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Mon, 2 Jun 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 24679 invoked by UID: [UID filtered]
Received: from unknown (HELO localhost) (veer [at] tektonic.net@178.168.91.46)
by mail.tektonic.net with ESMTPA; 2 Jun 2014 xx:xx:xx

Received: from dimail3.emirates.net.ae (dimail3.emirates.net.ae
[213.42.1.74])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Tue, 3 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from dpmail1 ([213.42.1.68]) by dimail3.emirates.net.ae
(I&ES Mail Server 4.2)
with ESMTP ID: [ID filtered]
xxxxx; Tue, 03 Jun 2014 xx:xx:xx +0400 (GST)
Received: from localhost ([unknown] [46.109.149.10]) by
dpmail1.emirates.net.ae
(I&ES Mail Server 4.2)
with ESMTPA ID: [ID filtered]
xxxxx; Tue, 03 Jun 2014 xx:xx:xx +0400 (GST)

Received: from mx1.serpuhov.biz (mx1.serpuhov.biz [185.6.124.3])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Tue, 3 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [128.204.45.224])
by mx1.serpuhov.biz (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Tue, 3 Jun 2014 xx:xx:xx +0000 (UTC)

Received: from www247b.sakura.ne.jp (www247b.sakura.ne.jp [219.94.155.107])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Tue, 3 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from www247b.sakura.ne.jp (ksav31.sakura.ne.jp [210.224.165.211])
by www247b.sakura.ne.jp (8.14.5/8.14.5) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 4 Jun 2014 xx:xx:xx +0900 (JST)
(envelope-from h.takahashi [at] nijiiro.tv)
X-Nat-Received: from [219.94.155.107]:49338 [ident-empty]
by smtp-proxy.isp with TPROXY ID: [ID filtered]
Received: from localhost (86-246-209-188.globnet.md [188.209.246.86]
(may be forged))
(authenticated bits=0)
by www247b.sakura.ne.jp (8.14.5/8.14.5) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 4 Jun 2014 xx:xx:xx +0900 (JST)
(envelope-from h.takahashi [at] nijiiro.tv)

Received: from cphost2.telkomhosting.com (cphost2.telkomhosting.com
[125.160.17.122])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Wed, 4 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from [178.150.209.116] (port=62426)
by cphost2.telkomhosting.com with esmtpa (Exim 4.80.1)
(envelope-from <marketing [at] purimedika.com>)
ID: [ID filtered]
for xxxxx; Wed, 04 Jun 2014 xx:xx:xx +0700

Schadlast:

http://www.kissmyads.biz

http://trafficengine.net

kjz1
06.06.2014, 10:59
Und tДglich grЭъt das Murmeltier:

Received: from mail.presidencia.tl (mail.presidencia.tl [180.189.161.137])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Fri, 6 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [77.34.160.206])
by mail.presidencia.tl (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Fri, 6 Jun 2014 xx:xx:xx +0000 (UTC)

IP: 77.34.160.206 ---> POL NOC, RU

http://kissmyads.biz
IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
07.06.2014, 17:45
Wieder aus dem Land, wo nur noch das Chaos regiert:

Received: from m1plded01-01.prod.mesa1.secureserver.net
(m1plded01-01.prod.mesa1.secureserver.net [64.202.189.125])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sat, 7 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from SAGROUP.home ([97.74.118.223])
by m1plded01-01.prod.mesa1.secureserver.net with : DED :
ID: [ID filtered]

x-originating-ip: 97.74.118.223 ---> ip-97-74-118-223.ip.secureserver.net


Received: from bnet.bnet.com (server.b-net-bg.com [46.10.230.80])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sat, 7 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [5.105.115.193])
by bnet.bnet.com (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Wed, 22 Apr 2015 xx:xx:xx +0300 (EEST)

IP: 5.105.115.193 ---> 5-105-115-193.mytrinity.com.ua


Your Search Technology Partner
We'll take you to the next level by offering you the most Innovative
Search Technology and Marketing Strategies. The Result: Improved
Profitability in a Changing Economy.
www.trafficengine.net
IP: 107.170.191.188 ---> Digital Ocean, Inc.

kjz1
08.06.2014, 18:38
NatЭrlich weiter von den Ganoven:

Received: from bnet.bnet.com (server.b-net-bg.com [46.10.230.80])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sat, 7 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [5.105.115.193])
by bnet.bnet.com (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Wed, 22 Apr 2015 xx:xx:xx +0300 (EEST)



Received: from domail2.emirates.net.ae (domail2.emirates.net.ae
[86.96.226.149])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sun, 8 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from dpmail4.emirates.net.ae ([213.42.3.217])
by domail2.emirates.net.ae (I&ES Mail Server 4.2)
with ESMTP ID: [ID filtered]
Received: from localhost ([118.46.8.129]) by dpmail4.emirates.net.ae
(I&ES Mail Server 4.2)
with ESMTPA ID: [ID filtered]

IP: 118.46.8.129 ---> KORNET

gecrackt: fc [at] dubaigrandhotel.ae

http://trafficengine.net
IP: 107.170.191.188 ---> Digital Ocean, Inc.

kjz1
10.06.2014, 20:48
Die Mafia lДъt nicht lange bitten:

Received: from mail1.brilliant-group.com (mail1.brilliant-group.com
[210.17.246.183])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Tue, 10 Jun 2014 xx:xx:xx +0200 (CEST)
Date: Tue, 10 Jun 2014 xx:xx:xx +0800
Received: from localhost ([176.194.193.142])
(authenticated user ctp01 [at] brilliant-group.com)
by mail1.brilliant-group.com (Kerio MailServer 6.3.1)
for xxxxx; Tue, 10 Jun 2014 xx:xx:xx +0800

IP: 176.194.193.142 ---> ip-176-194-193-142.bb.netbynet.ru

gecrackt: ctp01 [at] brilliant-group.com



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} www.kissmyads.biz

kjz1
15.06.2014, 14:30
Die Mafia gibt keine Ruhe:

Received: from hagiwarasekizai.co.jp (hagiwarasekizai.co.jp
[210.152.149.129])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sun, 15 Jun 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 7817 invoked from network); 15 Jun 2014 xx:xx:xx +0900
Received: from ip-46-238-39-83.home.megalan.bg (HELO localhost)
(46.238.39.83) by hagiwarasekizai.co.jp with ESMTPA; 15 Jun 2014 xx:xx:xx +0900



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} www.kissmyads.biz

kjz1
15.06.2014, 22:37
Und wieder aus dem Dreckspfuhl, der sich Ukraine nent:

Received: from www.eastem.com (eastem.com [210.253.120.39])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sun, 15 Jun 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 12532 invoked from network); 15 Jun 2014 xx:xx:xx -0000
Received: from unknown (HELO localhost) (93.76.6.243)
by eastem.com with SMTP; 15 Jun 2014 xx:xx:xx -0000



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kissmyads.biz

kjz1
16.06.2014, 14:45
Die Russenmafia lДъt wieder grЭъen:

Received: from smtp1.microware.hu (smtp1.microware.hu [80.77.117.21])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Mon, 16 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from [178.168.194.228] (helo=localhost)
by smtp1.microware.hu with esmtpa (envelope-from
<erhardt [at] sopron-restaurant.at>)
ID: [ID filtered]
for xxxxx; Mon, 16 Jun 2014 xx:xx:xx +0200
IP: 178.168.194.228 ---> Mobile TeleSystems JLLC, BY

Received: from mail.mobilmediastudio.com (mobilmediastudio.com
[212.92.23.131])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx>; Mon, 16 Jun 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 6040 invoked from network); 16 Jun 2014 xx:xx:xx -0000
Received: from 37.194.230.98
(norbert [at] mobilmediastudio.com@37.194.230.98) by nuage2 (envelope-from
<norbert [at] mobilmediastudio.com>, UID: [UID filtered]
(spamassassin: 3.1.7-deb. perlscan: 2.01st.
Clear:RC:1(37.194.230.98):.
Processed in 0.021222 secs); 16 Jun 2014 xx:xx:xx -0000
Received: from l37-194-230-98.novotelecom.ru (HELO localhost)
(norbert [at] mobilmediastudio.com@37.194.230.98)
by mobilmediastudio.com with ESMTPA; 16 Jun 2014 xx:xx:xx -0000



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kissmyads.biz

kjz1
16.06.2014, 14:49
Auch ein Joe?

Received: from smtpo01.poczta.onet.pl (smtpo01.poczta.onet.pl
[213.180.142.132])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sun, 15 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (204.209.201.205.brainstorminternet.net
[205.201.209.204])
(Authenticated sender: agusia1988o [at] buziaczek.pl)
by smtp.poczta.onet.pl (Onet) with ESMTPA ID: [ID filtered]
for xxxxx; Sun, 15 Jun 2014 xx:xx:xx +0200 (CEST)

gecrackt: agusia1988o [at] buziaczek.pl


Received: from nk-kosan.willnet.ad.jp (nk-kosan.willnet.ad.jp
[123.108.2.142])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Mon, 16 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from [46.61.63.122] (helo=localhost)
by nk-kosan.willnet.ad.jp with esmtpa (Exim 4.60)
(envelope-from <k-sakawaki [at] nk-kosan.co.jp>)
ID: [ID filtered]
for xxxxx; Mon, 16 Jun 2014 xx:xx:xx +0900

gecrackt: k-sakawaki [at] nk-kosan.co.jp



Hello,
Do you have a business and are tired of paying too many taxes? We have a
unique solution for you that you have never thought before - make huge
electricity bill and turn it into darkcoins and bitcoins in no time! You
just have to keep all your computers running 24/7, pay for the
electricity and receive bitcoins and/or alternative cryptocurrencies
anonymously. The amount of bitcoins you will receive will be at least
worth as much as your electricity bill with the potential to
substantially appreciate in price. Join us today at
http://dedicatedpool.com and chat with your specialist at

kjz1
18.06.2014, 18:43
Und wieder die Ganoven aus der Ukraine:

Received: from exc2.CECALNG.COM (mail.cecalng.com [206.188.19.218])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 18 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost ([82.199.201.24]) by exc2.CECALNG.COM with
Microsoft SMTPSVC(6.0.3790.4675);
Wed, 18 Jun 2014 xx:xx:xx -0500

IP: 82.199.201.24 ---> host-24.192.199.82.ucom.am

Ich habe mal den gekauderwelschten Zeichensatz analysiert, es ist kyrillisch/Ukraine:


Надоело платить за контекстную рекламу? Наша партнёрская программа работает по модели СРА ("cost per action" - оплата за действие). Платите только за продажи, а товар продадут вебмастера, которые знают толк в интернет коммерции{:|.} http://kissmyads.biz

IP: 178.248.234.6 ---> OOO KMA Tehnolodzhis, RU

kjz1
25.06.2014, 20:32
Das mЭffelt mir nach dieser Sparte, Strassenkampf der Russenmafia-Gangs:

Received: from know-smtprelay-omd-10.server.virginmedia.net
(know-smtprelay-omd-10.server.virginmedia.net [81.104.62.42])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Wed, 25 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from localhost ([89.28.88.207]) by know-smtprelay-10-imp with bizsmtp ID: [ID filtered]

X-Originating-IP: [89.28.88.207] ---> 89-28-88-207.starnet.md

gecrackt: iwberry [at] virginmedia.com


Thousands of people all over the world already saving up on taxes with
http://dedicatedpool.com! Join us and you will learn 100% legal methods
how mining darkcoin, bitcoin and other cryptocurrencies will save you
your tax money!

--
Ryan, dedicatedpool.com support/admin

IP: 72.46.130.51 ---> extremely-fast.com/Versaweb, LLC

kjz1
28.06.2014, 18:00
Die Russenmafia lДъt wieder grЭъen:

Received: from mail02.ipcare.de (mail02.ipcare.de [194.195.3.130])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sat, 28 Jun 2014 xx:xx:xx +0200 (CEST)
Received: from [176.60.21.154] (helo=localhost)
by mail02.ipcare.de with esmtpa (Exim 4.72)
(envelope-from <pop105048 [at] localhost>)
ID: [ID filtered]
for xxxxx; Sat, 28 Jun 2014 xx:xx:xx +0200

IP: 176.60.21.154 ---> Mobile TeleSystems JLLC, BY


Hello,
Have you heard about bitcoins? I bet you did. Do you know how to make
money on it? Don't worry, we are professionals in bitcoin and
alternative cryptocurrencies world and we will help you monetize your
computing hardware into bitcoins in no time. Come and joins us at
http://dedicatedpool.com
--
Ryan, dedicatedpool.com support/admin

IP: 72.46.130.51 ---> extremely-fast.com/Versaweb, LLC

kjz1
02.07.2014, 10:38
Wieder Krieg bei der Russenmafia:

Received: from 177.184.109.229 ([177.184.108.47]) by mx.emig.kundenserver.de (mxeue001) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (corrugatedg0 [at] doehler.ru@213.233.228.174) by 177.184.108.47 with ESMTPA; Tue, 1 Jul 2014 xx:xx:xx -0300

IP: 213.233.228.174 ---> dsl-213-233-228-174.solcon.nl


Do you have income but you don't want Obama to steal it from you? Come
and join us and turn your electricity cost into cash!
The only pool you can trust - come and mine bitcoins/altcoins with us.
We will provide you detailed guide on how to setup equipment in your
house that will turn electricity into bitcoins!
No taxes no problems: http://dark.v2.dedicatedpool.com

IP: 72.46.130.51/198.41.184.140 ---> Versaweb/Cloudflare

kjz1
02.07.2014, 16:18
Die Mafia halt wohl ein grЖъeres Botnet gebucht:

Received: from srv.aktifyasam.org.tr
(static.165.158.9.176.clients.your-server.de [176.9.158.165])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Wed, 2 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from [78.28.204.42] (helo=localhost)
by srv.aktifyasam.org.tr with esmtpa (Exim 4.80.1)
(envelope-from <tunay [at] egedernegi.org.tr>)
ID: [ID filtered]
for xxxxx; Wed, 02 Jul 2014 xx:xx:xx +0300

IP: 78.28.204.42 ---> Telia Latvija


Received: from 177.184.109.229 ([177.184.108.47]) by mx-ha.gmx.net (mxgmx009) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (elen [at] mz26.ru@156.42.39.135) by 177.184.108.47 with ESMTPA; Tue, 1 Jul 2014 xx:xx:xx -0300

IP: 156.42.39.135 ---> Maricopa


Received: from 177.184.109.229 ([177.184.108.47]) by mx-ha.gmx.net (mxgmx107) with ESMTP (Nemesis) ID: [ID filtered]
Received: from unknown (HELO localhost) (yrist93 [at] avtodom.ru@188.31.177.177) by 177.184.108.47 with ESMTPA; Tue, 1 Jul 2014 xx:xx:xx

IP: 188.31.177.177 ---> 188.31.177.177.threembb.co.uk


The age of cryptocurrencies is here! Register at
http://dedicatedpool.com and you will learn how to benefit from bitcoin,
darkcoin and other cryptocurrencies by saving on tax payments! 100%
legal! 100% guarantee!

kjz1
03.07.2014, 14:35
Der Krieg geht weiter, im Spamming sind Russland und die Ukraine noch immer friedlich vereint, da gibt anscheinend es die Entente der Ganoven:

Received: from s4.it-src.de (mail.simply-communicate.de [85.25.133.226])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Wed, 2 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from [109.87.29.234] (port=2819 helo=localhost)
by s4.it-src.de with esmtpa (Exim 4.60)
(envelope-from <web32p39 [at] localhost>)
ID: [ID filtered]
for xxxxx; Wed, 02 Jul 2014 xx:xx:xx +0200

X-SA-Exim-Connect-IP: 109.87.29.234 ---> 234.29.87.109.triolan.net, Ukraine


Received: from P2829892.fsrsupport.com (unknown [66.135.60.179])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Thu, 3 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from localhost ([176.194.208.87]) by fsrsupport.com with
MailEnable ESMTP; Thu, 3 Jul 2014 xx:xx:xx -0400
IP: 66.135.60.179 ---> ip-176-194-208-87.bb.netbynet.ru


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} www.kma.biz
IP: 178.248.234.6 ---> highloadlab.com/msu.ru, Russia


Received: from mail.calox.com (mail.calox.com [108.168.212.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Thu, 3 Jul 2014 xx:xx:xx +0200 (CEST)
X-No-Relay: not in my network
Received: from localhost (unknown [109.86.135.82])
by mail.calox.com (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Thu, 3 Jul 2014 xx:xx:xx -0500 (CDT)
IP: 109.86.135.82 ---> 82.135.86.109.triolan.net, Ukraine


Thousands of people all over the world already saving up on taxes with
http://dedicatedpool.com! Join us and you will learn 100% legal methods
how mining darkcoin, bitcoin and other cryptocurrencies will save you
your tax money!
IP: 72.46.130.51/198.41.184.140 ---> Versaweb/Cloudflare

kjz1
04.07.2014, 08:54
Man hat noch Botnet-KapazitДt frei:

Received: from mail.dubaisigorta.com.tr (mail.dubaisigorta.com.tr
[91.93.195.14])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Fri, 4 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 7772 invoked by UID: [UID filtered]
Received: from unknown (HELO localhost) (zadesigorta [at] dubaisigorta.com.tr@109.174.116.34) by mail.dubaisigorta.com.tr with ESMTPA; 4 Jul 2014 xx:xx:xx -0000

IP: 109.174.116.34 ---> OJSC "MTS" Broadband B2B Infrastructure, Russia



Hello,
Darkcoin and bitcoin is the future in the global payment system - do not
let it pass by you! Seize this amazing opportunity and become a member
of ever-growing bitcoin community. We will guide you through the steps
how to use your computers or buy computing equipment and convert your
machine power into bitcoins by mining cryptocurrencies. Sounds
difficult? Believe me; it is not difficult at all. We guarantee that in
less than 1 day you will be fully equipped to earn your first ever
bitcoin with your own computer. Don't waste your time and visit us at
http://dedicatedpool.com and chat with us
http://dedicatedpool.com/?page=about&action=chat
--
Ryan, dedicatedpool.com support/admin

kjz1
05.07.2014, 16:02
Dank der rechtsbefreiten Zone (AKA Ukraine) tummeln sich Ganoven ganz ungeniert:

Received: from mail03.ipcare.de (mail03.ipcare.de [194.195.3.131])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sat, 5 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from [178.158.252.15] (helo=localhost) by mail03.ipcare.de with esmtpa (Exim 4.72) (envelope-from <pop105048 [at] localhost>) ID: [ID filtered]

IP: 178.158.252.15 ---> Maximum-Net, Ukraine


Hello,
Darkcoin and bitcoin is the future in the global payment system - do not
let it pass by you! Seize this amazing opportunity and become a member
of ever-growing bitcoin community. We will guide you through the steps
how to use your computers or buy computing equipment and convert your
machine power into bitcoins by mining cryptocurrencies. Sounds
difficult? Believe me; it is not difficult at all. We guarantee that in
less than 1 day you will be fully equipped to earn your first ever
bitcoin with your own computer. Don't waste your time and visit us at
http://dedicatedpool.com


Received: from mail.zp.ua (mail-zp.express.net.ua [80.254.0.12])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sat, 5 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [109.251.157.91])
(Authenticated sender: tuisadeso1972 [at] mail.zp.ua)
by mail.zp.ua (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Sat, 5 Jul 2014 xx:xx:xx +0300 (EEST)

IP: 109.251.157.91 ---> 109.251.157.91.freenet.com.ua



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

IP: 178.248.234.6 ---> highloadlab.com/MSU, Russia

kjz1
06.07.2014, 17:40
Heute wieder:

Received: from mail.dubaisigorta.com.tr (mail.dubaisigorta.com.tr
[91.93.195.14])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Sun, 6 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 24343 invoked by UID: [UID filtered]
Received: from unknown (HELO localhost)
(zadesigorta [at] dubaisigorta.com.tr@205.201.209.204)
by mail.dubaisigorta.com.tr with ESMTPA; 6 Jul 2014 xx:xx:xx -0000

gecrackt: zadesigorta [at] dubaisigorta.com.tr

IP: 205.201.209.204 ---> 204.209.201.205.brainstorminternet.net

Wie merkbefreit ist das denn:


<abuse [at] brainstorminternet.net>: host
relay1.brainstorminternet.net[206.124.11.98] saID: [ID filtered]
content (in reply to end of DATA command)

Spam-Filter auf der Abuse Mailbox?

abuse [at] brainstorminternet.net


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

IP: 178.248.234.6 ---> highloadlab.com, QRATOR-106, Russia

kjz1
07.07.2014, 12:14
Und tДglich grЭъt das Mumel...aДhhh... die Russenmafia:

Received: from smtp-01.idc2.mandic.com.br
(static.200.219.210.141.datacenter1.com.br [200.219.210.141])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 7 Jul 2014 xx:xx:xx +0200 (CEST)
Received: by smtp-01.smtp.mandic.prv (Postfix, from userID: [ID filtered]
ID: [ID filtered]
Received: from localhost (unknown [159.224.235.191])
by smtp-01.smtp.mandic.prv (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Sun, 6 Jul 2014 xx:xx:xx -0300 (BRT)

IP: 159.224.235.191 ---> 191.235.224.159.triolan.net, Ukraine


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

kjz1
07.07.2014, 18:36
Und noch Nachschlag:

Received: from relay5.ciudad.com.ar (relay5.ciudad.com.ar [200.42.138.191])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 7 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [200.42.138.133])
by relay5.ciudad.com.ar (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 7 Jul 2014 xx:xx:xx -0300 (ART)
Received: from relay2.ciudad.com.ar ([127.0.0.1])
by localhost (zrm2.int.cmd.com.ar [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP ID: [ID filtered]
Mon, 7 Jul 2014 xx:xx:xx -0300 (ART)
Received: by relay2.ciudad.com.ar (Postfix, from userID: [ID filtered]
ID: [ID filtered]
Received: from localhost (unknown [178.46.120.116])
by relay2.ciudad.com.ar (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Mon, 7 Jul 2014 xx:xx:xx -0300 (ART)

IP: 178.46.120.116 ---> USI_ADSL_USERS, Russia


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

kjz1
10.07.2014, 13:35
Weiter bei der Russenmafia:

Received: from ixprt.com (ixprt.com [202.71.152.196])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Thu, 10 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from ([127.0.0.1]) with MailEnable ESMTP; Thu, 10 Jul 2014


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

kjz1
16.07.2014, 12:17
neues Botnetz geordert?

Received: from delegait.com.au (delegait.com.au [216.55.181.91])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Wed, 16 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 14756 invoked from network); 16 Jul 2014 xx:xx:xx +1000
Received: from unknown (HELO localhost) (5.178.229.52)
by delegait.com.au with ESMTPA; 16 Jul 2014 xx:xx:xx +1000

IP: 5.178.229.52 ---> Caucasus Online LLC


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят
недоброжелатели от нашего имени! Рекламные рассылки никоим образом не
относятся к нам.

kjz1
20.07.2014, 20:31
Die Dreckskiste ist wohl immer noch offen:

Received: from delegait.com.au (delegait.com.au [216.55.181.91])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sun, 20 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 12209 invoked from network); 21 Jul 2014 xx:xx:xx +1000
Received: from unknown (HELO localhost) (89.149.103.235)
by delegait.com.au with ESMTPA; 21 Jul 2014 xx:xx:xx +1000

IP: 89.149.103.235 ---> JV "Sun Communications" S.R.L., MD


Надоело платить за контекстную рекламу? Наша партнёрская программа работает по модели СРА ("cost per action" - оплата за действие). Платите только за продажи, а товар продадут вебмастера, которые знают толк в интернет коммерции{:|.} http://kma.biz

Уважаемые партнеры! На данный момент нашу CPA сеть спамят недоброжелатели от нашего имени! Рекламные рассылки никоим образом не относятся к нам.

kjz1
22.07.2014, 09:25
Und weiter dank dem rechtsbefreiten Chaosland:

Received: from mail.zp.ua (mail-zp.express.net.ua [80.254.0.12])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Tue, 22 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [77.122.234.8])
(Authenticated sender: adinmater1975 [at] mail.zp.ua)
by mail.zp.ua (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Tue, 22 Jul 2014 xx:xx:xx +0300 (EEST)

IP: 77.122.234.8 ---> dynamic-77-122-234-008.ricona.net.ua

gecrackt: adinmater1975 [at] mail.zp.ua


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

kjz1
24.07.2014, 12:12
Die Mafia schlДgt wieder zu:

Received: from mux.co.jp (mux.co.jp [210.153.21.45])
by xxxxx (Postfix) with SMTP ID: [ID filtered]
for xxxxx; Thu, 24 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 1818 invoked by SAV 20140724.001 by UID: [UID filtered]
xx:xx:xx +0900
X-Authentication: kaori.takeuchi was authenticated by 210.153.21.45
at 24 Jul 2014 xx:xx:xx +0900
Received: from unknown (HELO localhost) (95.160.27.20)
by ps44.suite2.arena.ne.jp (210.153.21.45) with SMTP; 24 Jul 2014
xx:xx:xx +0900

IP: 95.160.27.20 ---> 095160027020.swiebodzin.vectranet.pl

gecrackt: kaori.takeuchi [at] mux.co.jp


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

kjz1
26.07.2014, 17:32
Und wieder ein Crack aus der rechtsbefreiten Zone:

Received: from rs2.hostsila.org (rs2.hostsila.org [80.91.191.92])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sat, 26 Jul 2014 xx:xx:xx +0200 (CEST)
Received: from [93.89.216.124] (port=52087 helo=localhost)
by rs2.hostsila.org with esmtpa (Exim 4.82)
(envelope-from <office [at] sevplast.com.ua>)
ID: [ID filtered]
for xxxxx; Sat, 26 Jul 2014 xx:xx:xx +0300

IP: 93.89.216.124 ---> ONLINETECH-MAK-VPDN, UA

gecrackt: office [at] sevplast.com.ua



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

kjz1
30.07.2014, 15:15
Die rechtsbefreite Zone lДъt wieder grЭъen:

Received: from e-b5.co.jp (e-b5.co.jp [202.212.216.17])
by xxxxx (Postfix) with SMTP ID: [ID filtered]
for xxxxx; Wed, 30 Jul 2014 xx:xx:xx +0200 (CEST)
Received: (qmail 7292 invoked by SAV 20140729.009 by UID: [UID filtered]
xx:xx:xx +0900
X-Authentication: b5-infomart was authenticated by 202.212.216.17
at 30 Jul 2014 xx:xx:xx +0900
Received: from unknown (HELO localhost) (109.86.135.82)
by ps4.suite2.arena.ne.jp (202.212.216.17) with SMTP; 30 Jul 2014
xx:xx:xx +0900

IP: 109.86.135.82 ---> TRIOLAN, Ukrainia


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kma.biz

kjz1
05.08.2014, 15:33
Weiter geht's:

Received: from bnet.bnet.com (server.b-net-bg.com [46.10.230.80])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Tue, 5 Aug 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (80-48-126-82.smsiarkowiec.pl [80.48.126.82])
by bnet.bnet.com (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Mon, 22 Jun 2015 xx:xx:xx +0300 (EEST)

IP: 80.48.126.82 ---> 80-48-126-82.smsiarkowiec.pl


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

kjz1
06.08.2014, 20:07
das rechtsbefreite Chaos:

Received: from lotcatering.pl (unknown [193.150.165.99])
(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Wed, 6 Aug 2014 xx:xx:xx +0200 (CEST)
X-No-Relay: not in my network
Received: from localhost (unknown [178.163.100.129])
by lotcatering.pl (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Wed, 6 Aug 2014 xx:xx:xx +0200 (CEST)

IP: 178.163.100.129 ---> RU-INFOLINE


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://www.kma.biz

kjz1
07.08.2014, 12:31
Die Ganoven haben wohl ein neues Bontnet angeheuert, oder: neue Runde im russisch-ukrainischen Cyber-War:

Received: from business-s26.business-s26.de (unknown [80.190.193.122])
by xxxxx (Postfix) with ESMTP ID: [ID filtered]
for xxxxx; Thu, 7 Aug 2014 xx:xx:xx +0200 (CEST)
Received: from localhost (unknown [31.23.129.75])
by business-s26.business-s26.de (Postfix) with ESMTPA ID: [ID filtered]
for xxxxx; Thu, 7 Aug 2014 xx:xx:xx +0200 (CEST)

IP: 31.23.129.75 ---> OJSC Rostelecom Macroregional Branch South, Russia


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции{:|.} http://kma.biz

kjz1
16.08.2014, 19:57
In der rechtsbefreiten Chaos-Zone macht jeder Kriminelle, was er will:

Received: from mail3.porarserver.com (mail3.porarserver.com [202.43.34.77])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Sat, 16 Aug 2014 xx:xx:xx +0200 (CEST)
Received: from localhost ([176.102.207.196])
by mail3.porarserver.com (IceWarp 10.2.2) with ASMTP ID: [ID filtered]
for xxxxx; Sun, 17 Aug 2014 xx:xx:xx +0700

IP: 176.102.207.196 ---> user-196-207-102-176.fobos.pl.ua.207.102.176.in-addr.arpa, Fobos, Ukrainia



Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции: http://kma.biz

kjz1
18.08.2014, 10:27
Die rechtsbefreite Chaos-Zone meldet wieder:

Received: from smtpout4.mclink.it (smtpout4.mclink.it [195.110.128.205])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by xxxxx (Postfix) with ESMTPS ID: [ID filtered]
for xxxxx; Mon, 18 Aug 2014 xx:xx:xx +0200 (CEST)
Received: from smtpoutgw1.mclink.it (relayirp.mclink.it [195.110.128.82])
by smtpout4.mclink.it (8.13.6/8.13.6) with ESMTP ID: [ID filtered]
for xxxxx; Mon, 18 Aug 2014 xx:xx:xx +0200 (CEST)
(envelope-from prvs=13066e3bfb=fenacom.tr [at] enasco.it)
Date: 18 Aug 2014 xx:xx:xx +0200
Received: from mail.50epiu.it (HELO posta.enasco.it) ([195.110.135.204])
by smtpoutgw1.mclink.it with ESMTP; 18 Aug 2014 xx:xx:xx +0200
Received: from localhost by enasco.it (MDaemon PRO v13.0.5)
with ESMTP ID: [ID filtered]
for xxxxx; Mon, 18 Aug 2014 xx:xx:xx +0200

X-MDRemoteIP: 159.224.1.116 ---> 116.1.224.159.triolan.net, Ukrainia

gecrackt: fenacom.tr [at] enasco.it


Надоело платить за контекстную рекламу? Наша партнёрская программа
работает по модели СРА ("cost per action" - оплата за действие). Платите
только за продажи, а товар продадут вебмастера, которые знают толк в
интернет коммерции: http://www.kma.biz

kjz1
09.09.2014, 17:29
Zur Zeit laufen mal wieder massive Joe Jobs von der Russenmafia. DDoS-Attacken kЖnnen ja heute von speziellen Dienstleistern abgewehrt werden, das zieht kaum noch. Als was mach die Mafia: kauft sich Adresslisten von bekannten Anti-Spammern (ich scheine auch dazu zu gehЖren...) und bombt diese dann mit Joe Jobs zu. Das blЖde daran: da diese Listen relativ klein sein dЭrften, kann man schon mit einem recht kleinen Botnetz die Adressen von Anti-Spammern recht massiv zumЭllen.

Und Google lДъt sich viel zu leicht zur Adressverschleierung missbrauchen. Ich zДhle mal die Opfer auf:

http://www.legalizer.info Legal drugs, legal drugs forum

http://pohudeu.com Spam in kyrillisch
Link dazu: http://pohudeu.com/spamvertising/

http://kma.biz altbekannt, in kyrillisch

Dear partners!
Our CPA network is spammed by ill-wishers in the name of our company.
We have no connection to this publicity distribution!

http://www.almajd.ps Hot warfare news from the Middle East

hoppala
10.09.2014, 09:51
...: kauft sich Adresslisten von bekannten Anti-Spammern (ich scheine auch dazu zu gehЖren...) und bombt diese dann mit Joe Jobs zu.

Muss ich jetzt beleidigt sein, weil ich diese Spams nicht bekomme und offenbar nicht auf den Listen stehe, oder kann ich das meiner relativ robusten Spam-Abwehr zugute halten? :-)

hoppala

kjz1
11.09.2014, 11:00
Ich wЭrde eher sagen: freudig Эberrascht. Ansonsten: die versendenden IPs sind alle schon bei Spamcop als 'open proxy' markiert. Sofern man also Spamcop zum Scoren einsetzt, sollte das diesen MЭll recht zuverlДssig aussondern.

Mein Spamfilter erkennt da auch den grЖъten teil, insofern nur ein lДstiges эbel. Bei dieser Welle haben die Ganoven auch bestimmte Email-Adressen im Visier ('Legal Software' zu Spottpreisen). Da gibt jemand viel Geld an die Russenmafia aus, um sein MЭtchen zu kЭhlen. Aber im 'wilden Osten' gilt halt momentan das Faustrecht, also 'Wild-Ost'...

kjz1
14.09.2014, 15:59
Auch nach fast 2 Wochen halten die Joe Jobs mit unverminderter Wucht an. Da muss jemand abgrundtiefen Hass, viel Geld und eine gewaltige Portion kriminelle Energie besitzen. Wie gesagt: Russenmafia halt, erst schiessen, RЭbe runter und dann gar nicht erst fragen. Normalerweise war so ein Spuk nДmlich bisher immer in 3-4 Tagen vorbei.

kjz1
17.09.2014, 16:08
Der Run hДlt unvermindert an. Kennzeichen: man hat anscheinend tausende kompromittierte Mail-Accounts geklauft, Эber die der Dreck jetzt rausgeblasen wird, Bsp.:

Received: from unknown (HELO localhost) (iliia [at] lambert.co.at@112.192.105.155) by 113.186.203.229 with ESMTPA; Wed, 17 Sep 2014 xx:xx:xx +0700

Received: from unknown (HELO localhost) (pe23 [at] econetmobile.co.zw@201.129.232.54) by AS28168-187-63-233-98.minasmaistelecom.com.br with ESMTPA; Wed, 17 Sep 2014 xx:xx:xx -0300

Received: from unknown (HELO localhost) (zmedic [at] vads.co.id@155.120.191.72) by 89.184.30.118 with ESMTPA; Wed, 17 Sep 2014 xx:xx:xx +0400

hoppala
17.09.2014, 17:05
Diese Received-Zeilen sind nicht echt, sondern von der Spamware selbst zur Ablenkung erzeugt. Sie eignen sich Эbrigens hervorragend als Filterkriterium, ich habe noch nicht eine einzige legitime Mail gesehen, die eine solche Received-Zeile hatte :-)

hoppala

kjz1
17.09.2014, 20:20
Wobei ich aber einen Teil der Mailadressen ЭberprЭft haben, da liefert der Mailserver den Code 250 zurЭck. Die Adressen existieren also. Warum sollten die Ganoven dort echte Adressen (die ja auch etwas auf dem Schwarzmarkt kosten) hinterlegen, wenn es auch ein Fake tДte? Solche Konstrukte mit dem @IP sehe ich Жfters, so etwas ist besonders bei Mugus beliebt. Da geht die Sendekette dann: Zombie-PC loggt sich mit den Credentials einer gecrackten Adresse auf einem regulДren Mailserver ein und blДst dann den Dreck raus. Von den Zombies direkt nimmt ja sowieso niemand mehr Mail an, da muss man schon die 'Ehrenrunde' Эber einen regulДren Mailserver drehen. Und dafЭr braucht man halt auch 'regulДre' Accounts.

kjz1
05.10.2014, 10:24
Die Welle hДlt unverДndert an. Ich bin ja schon lange dabei, aber dass mit so viel Hass und Energie versucht wird, Domains per Joe Job zu dDoSen, das habe ich noch nie erlebt. Jetzt hat man noch weitere Domains ins Visier genommen:

http://tpnv.ru

http://www.artm.pro

Da schlДgt ein Mitglied der Russenmafia anscheinend in blinder Wut mit 'taktischen Atomwaffen' um sich auf alles, was ihm nicht in den Kram passt.

kjz1
20.10.2014, 15:15
Mittlerweile hat die Flut erheblich nachgelassen, die Russenmafia beschrДnkt sich wieder auf die Usprungs-Hassdomain http://www.kma.biz.