PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Citibank Deutschland Internet-banking



Sven Udo
03.10.2005, 12:19
Wir hatten ja nun schon einige Banken im "Angebot". Jetzt ist die "Citibank-Deutschland" drann.
From Citibank Deutschland Mon Oct 3 xx:xx:xx 2005
X-Apparently-To: xxxxxxxx [at] yahoo.com via 217.146.176.66; Sun, 02 Oct 2005 xx:xx:xx -0700
X-YahooFilteredBulk: 67.171.179.146
X-Originating-IP: [67.171.179.146]
Return-Path: <support_ref_21392793136 [at] citibank.de>
Authentication-Results: mta133.mail.re2.yahoo.com from=citibank.de; domainkeys=neutral (no sig)
Received: from 67.171.179.146 (HELO c-67-171-179-146.hsd1.or.comcast.net) (67.171.179.146) by mta133.mail.re2.yahoo.com with SMTP; Sun, 02 Oct 2005 xx:xx:xx -0700
FCC: mailbox://support_ref_21392793136 [at] citibank.de/Sent
X-Identity-Key: id1
Datum: Sun, 02 Oct 2005 xx:xx:xx -0600
Von: "Citibank Deutschland" <support_ref_21392793136 [at] citibank.de> Zum Adressbuch hinzufügen
X-Accept-Language: en-us, en
(die wollen aus DE sein und haben kein DE Programm)
MIME-Version: 1.0
An:
Betreff: CITIBANK DEUTSCHLAND INTERNET-BANKING
Content-Type: multipart/related; boundary="------------070706040001060904090004"
Content-Length: 8991
http://img363.imageshack.us/img363/446/cryptogram6pu.th.gif (http://img363.imageshack.us/my.php?image=cryptogram6pu.gif)

http://210.125.84.10/rpm/

Goofy
03.10.2005, 14:08
Leo scheint ja neuerdings eine Vorliebe für koreanische Server zu haben.

KREONET-LLINE-KJIST
Kwangju Institute of Science and Technology

Zuständig:
kdlee[at]kjist.ac.kr
mit CC an: cert[at]kreonet.net

Wenn überhaupt etwas passiert, wird es sicher mindestens mehrere Tage dauern, bis die abschalten.

sis
03.02.2006, 18:09
Return-Path: <support_id_25... [at] citibank.de>
Received: from 194.25.134.74 ([86.63.163.67]) by .de
with smtp ID: [ID filtered]
FCC: mailbox://support_id_25... [at] citibank.de/Sent
X-Identity-Key: Id5
Date: Sat, 04 Feb 2006 xx:xx:xx +0600
From: Citibank Deutschland <support_id_25... [at] citibank.de>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: <...>
Subject: CITIBANK DEUTSCHLAND INTERNET BANKING
Leo ist konsequent: Der Phishing-Kram ist auf 61.79.104.15:180/r1/c/ gehostet

sis
05.02.2006, 17:15
Return-Path: <custservice_ref_... [at] citibank.de>
Received: from c-71-57-56-124.hsd1.il.comcast.net ([71.57.56.124]) by .de
with smtp ID: [ID filtered]
FCC: mailbox://custservice_ref_... [at] citibank.de/Sent
X-Identity-Key: Id1234
Date: Sun, 05 Feb 2006 xx:xx:xx -0200
From: CITIBANK DEUTSCHLAND <custservice_ref_... [at] citibank.de>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: <...>
Subject: Citibank Deutschland BankingNeuer Link, diesmal wieder in China: 218.28.165.168:180/r1/c/

schara56
03.08.2006, 08:57
Return-Path: <custsupport_2890473271id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: from x [82.149.228.140]
by localhost with POP3 (fetchmail-6.2.5.2)
for x (single-drop); Thu, 03 Aug 2006 xx:xx:xx +0200 (CEST)
Received: from 82.149.228.140 ([62.84.3.50])
by x (8.12.10/8.12.10) with SMTP ID: [ID filtered]
for <x>; Thu, 3 Aug 2006 xx:xx:xx +0200
Date: Thu, 3 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
Received: from norika-fujiwara.com (norika-fujiwara.com.ebaystatic.com [34.179.96.191])
by thrunet.com with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0800
From: "CITIBANK DE 2006" <operate_ref2163517id [at] www.citibank.de>
To: "x" <x>
Subject: {Spam?} Banking
X-USER_IP: 44.46.83.21
User-Agent: Calypso Version 3.20.01.01 (4)
X-Mailer: Calypso Version 3.20.01.01 (4)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="CJLIZNVL8WPSGK063M"
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (Wertung=8.081, benoetigt 6,
BAYES_70 2.25, FROM_HAS_ULINE_NUMS 0.96, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_IMAGE_ONLY_06 1.44, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
MSGID_FROM_MTA_HEADER 0.70, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_DSBL 0.71)
X-MailScanner-SpamScore: ssssssss
X-MailScanner-From: custsupport_2890473271id [at] www.citibank.de
X-Collected-By: GMX/x
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_ LINK_IMG_2,INFO_TLD,MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID,RCVD_ HELO_IP_MISMATCH,RCVD_NUMERIC_HELO)
X-GMX-UID: [UID filtered]

Lettisch gespamt (http://62.84.3.50) und gehostet in Chile
http://www.citibank.de.HomeBankingSecure.lasord.info/startsession.asp
Registrar: Melbourne IT


Return-Path: <customersupport_059991465840id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: (qmail invoked by alias); 02 Aug 2006 xx:xx:xx -0000
Received: from APlessis-Bouchard-153-1-87-225.w86-203.abo.wanadoo.fr (HELO APlessis-Bouchard-153-1-87-225.w86-203.abo.wanadoo.fr) [86.203.198.225]
by mx0.gmx.net (mx080) with SMTP; 02 Aug 2006 xx:xx:xx +0200
Received: from joker.com (unknown [40.247.104.165])
by fortunecity.com with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0800
Received: from fiiqmx.net (unknown [96.56.185.213])
by malaysia.net with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0500
From: "Citibank Deutschland 2006" <customersupport_80812365406id [at] www.citibank.de>
To: "x" <x>
Subject: Citibank Deutschland: ONLINE-BANKING -Wed, 02 Aug 2006 xx:xx:xx +0200
X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6
X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i586-alt-linux)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="ESBN638.0OU4KT91"
Date: Wed, 2 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,FROM_LOCAL_HEX,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESS AGE,HTML_SHORT_LINK_IMG_2,INFO_TLD,MIME_HTML_ONLY,POSSIBLE_DIALUP_3,POSSIBLE_DIA LUP_4)
X-GMX-UID: [UID filtered]

Französisch gespamt (ein Schelm wer nun böses denkt http://86.203.198.225) und gehostet in Kolumbien
http://www.citibank.de.HomeBankingSecure.dse39k.info/startsession.asp
Registrar: Melbourne IT

schara56
03.08.2006, 17:23
Gespammt über Hanaro (http://218.235.52.204)
http://www.citibank.de.HomeBankingSecure.gta33.mn/startsession.asp

> gta33.mn

gta33.mn nameserver = ns1.rafidns2k.net
gta33.mn nameserver = ns2.rafidns2k.net

http://ns1.rafidns2k.net internet address = http://58.102.73.2
http://ns2.rafidns2k.net internet address = http://83.14.246.114

Grisu_LZ22
03.08.2006, 18:54
Leo phisht wie verrückt.


Return-Path: <customerssupport-3062656409268ID: [ID filtered]
Received: from mailin10.aul.t-online.de (mailin10.aul.t-online.de [172.20.26.69])
by mhead18 with LMTP; Thu, 03 Aug 2006 xx:xx:xx +0200
X-Sieve: CMU Sieve 2.2
Received: from pool-72-75-84-93.washdc.east.verizon.net ([72.75.84.93]) by mailin10.sul.t-online.de
with smtp ID: [ID filtered]
Received: from arkansas.net (helo dod.arkansas.net [124.127.200.228])
by internet1x2.com with SMTP ID: [ID filtered]
for <meine addy>; Wed, 02 Aug 2006 xx:xx:xx -0800
From: "Citibank De, 2006" <onlinesupport-id-79716500id [at] www.citibank.de>
To: "ich" <meine addy>
X-Originating-Server: furman.geocities.com (helo computation.sigmarts.com [42.16.180.186])
User-Agent: Internet Mail Service (5.5.2650.21)
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="6IN8G4HIQXTCD1VUOD0L"
X-TOI-SPAM: u;0;2006-08-02Txx:xx:xxZ
X-TOI-VIRUSSCAN: unchecked
X-TOI-MSGID: [ID filtered]
X-Seen: false
X-ENVELOPE-TO: <meine addy>
X-NAS-BWL: No match found for 'onlinesupport-id-79716500ID: [ID filtered]
X-NAS-Language: Unknown
X-NAS-AutoBlock-Code: 4
X-NAS-AutoBlock-Description: E-Mails immer blockieren, die unsichtbaren oder nahezu unsichtbaren Text enthalten
Subject: [Norton AntiSpam] INFORMATION [Wed, 02 Aug 2006 xx:xx:xx -0800]
X-NAS-Classification: 1
X-NAS-MessageID: [ID filtered]
X-NAS-Validation: {0068DA99-8A07-42D3-8BFE-8DC2745F9022}



http://www.citibank.de.homebankingsecure.gp22db7.info/startsession.asp


ab damit in die Mülltonne.

OT:
Phishfighting klappt nicht :-((

/OT


:jedi:

schara56
04.08.2006, 08:15
Return-Path: <custservice-ref-5400577427565id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: from x [82.149.228.140]
by localhost with POP3 (fetchmail-6.2.5.2)
for x (single-drop); Fri, 04 Aug 2006 xx:xx:xx +0200 (CEST)
Received: from 82.149.228.140 ([166.230.139.176])
by x (8.12.10/8.12.10) with SMTP ID: [ID filtered]
for <x>; Fri, 4 Aug 2006 xx:xx:xx +0200
Date: Fri, 4 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
Received: from roy.kellychen.com (unknown [78.78.255.0])
by joker.com with SMTP ID: [ID filtered]
for <x>; Thu, 03 Aug 2006 xx:xx:xx -0800
From: "Citibank Deutschland" <onlinesupport_id_590894103id [at] www.citibank.de>
To: "x" <x>
Subject: {Spam?} Citibank Deutschland: Wichtige Information -Thu, 03 Aug 2006 xx:xx:xx -0800
X-Authenticated: #32234530
User-Agent: Internet Mail Service (5.5.2650.21)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="ZPHI3FI4D7SC2ETY"
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (Wertung=6.994, benoetigt 6,
BAYES_90 2.10, FROM_HAS_ULINE_NUMS 0.96, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32, MSGID_FROM_MTA_HEADER 0.70,
PRIORITY_NO_NAME 1.21, RCVD_IN_BL_SPAMCOP_NET 1.50)
X-MailScanner-SpamScore: ssssss
X-MailScanner-From: custservice-ref-5400577427565id [at] www.citibank.de
X-Collected-By: GMX/x
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_ LINK_IMG_2,MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID,RCVD_HELO_IP_M ISMATCH,RCVD_NUMERIC_HELO)
X-GMX-UID: [UID filtered]

http://www.citibank.de.HomeBankingSecure.gta33.mn/startsession.asp

Leider mag keiner mehr die Domain gta33.mn delegieren...

<spass>Mal ehrlich; wird langweilig - oder? Dauernd fliegen die Domains aus dem DNS...

Lieber Phisher, :clown:
daher schlage ich vor, dass in den künftigen Phishingmails der 'Kunde' einfach einen einfachen und unkomplizierten Eintrag in die Hosts macht. Funktioniert auf Windows, Linux und Unix und hat eine höhere Stabilität als die schwindligen DNS-Domains die immer nur zwei Tage existieren. Danach muss lediglich die Hosts gepflegt werden - dieses kann ja mit jeder neuen Phishingmail passieren. :p </spass>

Grisu_LZ22
04.08.2006, 14:48
Auch bei mir aufgeschlagen:

(mit Original Fehler - wohl zuviel Koks, Leo? :depp: )
http://www.citibank.de.homebankingsecure.gta33.mn/startsessionasp

da fehlt ein Punkt - daher :gibtnix:
OT:

Könnte mal jemand Leo ein Geschenk in der Art machen:

:bomb:
/OT

:jedi:

kjz1
04.08.2006, 21:05
Das ist nun mal ausnahmsweise kein Fehler von Leo. .mn gibt es wirklich, das ist die Mongolei. Siehe:

http://www.nic.mn/domain-info.php?fqdn=gta33.MN

Das bekommen nur die gewöhnlichen Whois-Programme nicht auf die Reihe, evtl. auch dieser wieder einer der vielen Taschenspielertricks von Leo zum Verschleiern.

- kjz

homer
06.08.2006, 20:44
Das ist nun mal ausnahmsweise kein Fehler von Leo. .mn gibt es wirklich, das ist die Mongolei.
Da war, denke ich, eher der Teil nach dem "/" gemeint: "/startsessionasp"

Lachsy
24.10.2006, 12:08
Received: from [82.233.116.166] (helo=mut38-4-82-233-116-166.fbx.proxad.net)
by mx30.web.de with smtp (WEB.DE 4.107 #114)
ID: [ID filtered]
Received: from kiowa.kotnet.org (unknown [108.210.188.164])
by im2.com with SMTP ID: [ID filtered]
for xxxxxxx; Mon, 23 Oct 2006 xx:xx:xx -0500
X-Sender: customercare_914809461483id [at] www.citibank.de
From: "Citibank Deutschland" <custsupport-2756190961897id [at] www.citibank.de>
To: "xxxxxxx
Subject: Citibank Deutschland INFORMIERT SIE -Mon, 23 Oct 2006 xx:xx:xx +0200
X-Sender: customercare_914809461483id [at] www.citibank.de
User-Agent: Calypso Version 3.30.00.00
X-Mailer: Calypso Version 3.30.00.00
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="YEF_FY74GFVYO_G6"
Message-ID: [ID filtered]
Date: Mon, 23 Oct 2006 xx:xx:xx +0200
Sender: infonum_3792669166374id [at] www.citibank.de

http://citibank.de.homebankingsecure.jorder.cc/page.do

Received: from [64.131.183.131] (helo=user-1087ds3.cable.mindspring.com)
by mx21.web.de with smtp (WEB.DE 4.107 #114)
ID: [ID filtered]
Received: from [66.0.133.177] (HELO denude.momhut.com)
by serverbeach.com with SMTP ID: [ID filtered]
for <xxxxxx>; Sun, 22 Oct 2006 xx:xx:xx -0800
Received: from [84.178.26.192] (HELO closet.smapxsmap.net)
by oldcatdns.com with SMTP ID: [ID filtered]
for <xxxxxxx>; Mon, 23 Oct 2006 xx:xx:xx +0300
From: "Citibank De, 2006" <support_ref22513952133id [at] www.citibank.de>
To: "xxxxxx
Subject: DIE EILIGE NACHRICHT Sun, 22 Oct 2006 xx:xx:xx -0100
Delivered-To: xxxxxxx
User-Agent: PObox II beta1.0
X-Mailer: PObox II beta1.0
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="8VE0.4QM33YIN0CKG5S6"
Message-ID: [ID filtered]
Date: Mon, 23 Oct 2006 xx:xx:xx +0200
Sender: operator-1729393id [at] www.citibank.de

http://citibank.de.homebankingsecure.itores.co.nz/page.do