PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Mail mit Subject: PayPal Account Suspension Notice - PayPal Account Limited



SpamRam
12.09.2005, 19:49
Soeben bei mir aufgeschlagen, zum wiederholten Mal der selbe Inhalt.
Return-Path: <root [at] s001.puredns.nl>
X-Flags: 1000
Delivered-To: GMX delivery to poor [at] spamvictim.tld <---- SpamRam ---->
Received: (qmail invoked by alias); 12 Sep 2005 xx:xx:xx -0000
Received: from unknown (EHLO s001.puredns.nl) [213.201.235.51]
by mx0.gmx.net (mx054) with SMTP; 12 Sep 2005 xx:xx:xx +0200
Received: from root by s001.puredns.nl with local (Exim 4.44)
ID: [ID filtered]
for poor [at] spamvictim.tld; Mon, 12 Sep 2005 xx:xx:xx +0200
From: service [at] paypal.com
Reply-To: service [at] paypal.com
MIME-Version: 1.0 Content-Type: text/html\r\n
Content-Type: text/html Content-Transfer-Encoding: 8bit\r\n
Subject: PayPal Account Suspension Notice - PayPal Account Limited
Message-ID: [ID filtered]
Date: Mon, 12 Sep 2005 xx:xx:xx +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - s001.puredns.nl
X-AntiAbuse: Original Domain - gmx.net
X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
X-AntiAbuse: Sender Address Domain - s001.puredns.nl
To: poor [at] spamvictim.tld <---- SpamRam ---->
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: [UID filtered]

Zeile 17 oben finde ich besonders interessant!


<html>
<head>
<STYLE type=text/css>
#message .dummy {}
#message, #message TD {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;}
#message LI {line-height: 120%;}
.
.
.
#message .pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #000000;}
</STYLE>

<title>PayPal - Account Access Limited</title>
</head>
<xbody>
<table width="600" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td><A target="_blank" href="https://www.paypal.com/" >
<IMG src="http://www.paypal.com/images/paypal_logo.gif" width=117 height=35 alt="PayPal" border="0" vspace=10></A>
</td></tr></table>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr><td background="http://www.paypal.com/images/bg_clk.gif" width=100%>
<img src="http://www.paypal.com/images/pixel.gif" height="29" width="1" border="0"></td></tr>
<tr><td><img src="http://www.paypal.com/images/pixel.gif" height="10" width="1" border="0"></td></tr>
</table>

<table width="600" cellpadding=0 cellspacing=0 border=0 align=center>
<tr valign=top>
<td width=5><img src="http://www.paypal.com/images/pixel.gif" width=5 height=1></td>
<td width="100%" class="pptext" align="left">
<table width="100%" cellspacing="0" cellpadding="0" border="0" align="center">
<tr><td>
<br><br>
Dear xxxxx [at] gmx.net <---- SpamRam ---->
,

<br><br>
We recently reviewed your account, and suspect that your PayPal account may<br>
have been accessed by an unauthorized third party. Protecting the security<br>
of your account and of the PayPal network is our primary concern.<br>
Therefore, as a prevention measure, we have temporarely limited access to<br>
sensitive PayPal account features.<br>
Please click on the link below to confirm your information:<br><p>
<[SPAMLINK siehe unten !/SPAMLINK] >https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a><br>
<br>

For more information about how to protect your account, please visit<br>
PayPal's Security Center, accessible via the "Security Center" link located<br>
at the bottom of each page of the PayPal website. <br>
<br>
We apologize for any inconvenience this may cause, and appreciate your<br>
assistance in helping us maintain the integrity of the entire PayPal<br>
system. Thank you for your prompt attention to this matter.<br>
<br>
<br><br>

Sincerely,

<br><br>

The PayPal Fraud Management Team
<br>
</td><tr>
<td><br><img src="http://www.paypal.com/images/dot_row_long.gif" width=590 height=5></td>
</tr>
<tr>
<td class="pp_footer">
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.<br>

Copyright &copy; 2005 PayPal, Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

</td>
</tr>
</table>

</td>
</tr>
</table>
</xbody>
</html>


<a href="http://www.pharm21.com/https/www.paypal.com/secure/ssl/paypal/trusted/resolution_center/confirm/index.php">

Habe bereits an PayPal gemeldet und von PayPal in der Antwort das Folgende erhalten:
After review, we can confirm that the email you received was not sent by
PayPal. Any website which may be linked to this email is not authorized
or used by PayPal.

Our fraud prevention team is working to disable any website linked to
this email.
Naja, hoffen wir, dass sie Erfolg haben!

SpamRam
31.10.2005, 14:47
header:
01: Return-Path: <root [at] pluto.planethosted.com>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 31 Oct 2005 xx:xx:xx -0000
05: Received: from 196.70-84-73.reverse.theplanet.com (EHLO pluto.planethosted.com)
06: [70.84.73.196]
07: by mx0.gmx.net (mx019) with SMTP; 31 Oct 2005 xx:xx:xx +0100
08: Received: from root by pluto.planethosted.com with local (Exim 4.44)
09: ID: [ID filtered]
10: for xxxxx [at] gmx.net; Mon, 31 Oct 2005 xx:xx:xx -0500
11: From: service [at] paypal.com
12: Reply-To: service [at] paypal.com
13: MIME-Version: 1.0 Content-Type: text/html\r\n
14: Content-Type: text/html Content-Transfer-Encoding: 8bit\r\n
15: Subject: PayPal Account Suspension Notice - PayPal Account Limited
16: Message-ID: [ID filtered]
17: Date: Mon, 31 Oct 2005 xx:xx:xx -0500
18: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
19: report
20: X-AntiAbuse: Primary Hostname - pluto.planethosted.com
21: X-AntiAbuse: Original Domain - gmx.net
22: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
23: X-AntiAbuse: Sender Address Domain - pluto.planethosted.com
24: X-Source: /bin/bash
25: X-Source-Args: sh send.sh
26: X-Source-Dir: /root/public_html/cgi-bin/trimis
27: To: xxxxx [at] gmx.net
28: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
29: X-GMX-Antispam: 0 (Mail was not recognized as spam)
30: X-GMX-UID: [UID filtered]
Please click on the link below to confirm your information:<br><p>
<a href=" siehe unten ![/COLOR]/SPAMLINK]">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a>

http://210.127.248.92/~apache/resolution_center/index.php führt nach Korea.

[spamlink]http://www.pluto.planethosted.com


Geht gleich wieder zu PayPal!