Archiv verlassen und diese Seite im Standarddesign anzeigen : Citibank Deutschland Internet-banking
Sven Udo
03.10.2005, 12:19
Wir hatten ja nun schon einige Banken im "Angebot". Jetzt ist die "Citibank-Deutschland" drann.
From Citibank Deutschland Mon Oct 3 xx:xx:xx 2005
X-Apparently-To: xxxxxxxx [at] yahoo.com via 217.146.176.66; Sun, 02 Oct 2005 xx:xx:xx -0700
X-YahooFilteredBulk: 67.171.179.146
X-Originating-IP: [67.171.179.146]
Return-Path: <support_ref_21392793136 [at] citibank.de>
Authentication-Results: mta133.mail.re2.yahoo.com from=citibank.de; domainkeys=neutral (no sig)
Received: from 67.171.179.146 (HELO c-67-171-179-146.hsd1.or.comcast.net) (67.171.179.146) by mta133.mail.re2.yahoo.com with SMTP; Sun, 02 Oct 2005 xx:xx:xx -0700
FCC: mailbox://support_ref_21392793136 [at] citibank.de/Sent
X-Identity-Key: id1
Datum: Sun, 02 Oct 2005 xx:xx:xx -0600
Von: "Citibank Deutschland" <support_ref_21392793136 [at] citibank.de> Zum Adressbuch hinzufügen
X-Accept-Language: en-us, en
(die wollen aus DE sein und haben kein DE Programm)
MIME-Version: 1.0
An:
Betreff: CITIBANK DEUTSCHLAND INTERNET-BANKING
Content-Type: multipart/related; boundary="------------070706040001060904090004"
Content-Length: 8991
http://img363.imageshack.us/img363/446/cryptogram6pu.th.gif (http://img363.imageshack.us/my.php?image=cryptogram6pu.gif)
http://210.125.84.10/rpm/
Leo scheint ja neuerdings eine Vorliebe für koreanische Server zu haben.
KREONET-LLINE-KJIST
Kwangju Institute of Science and Technology
Zuständig:
kdlee[at]kjist.ac.kr
mit CC an: cert[at]kreonet.net
Wenn überhaupt etwas passiert, wird es sicher mindestens mehrere Tage dauern, bis die abschalten.
Return-Path: <support_id_25... [at] citibank.de>
Received: from 194.25.134.74 ([86.63.163.67]) by .de
with smtp ID: [ID filtered]
FCC: mailbox://support_id_25... [at] citibank.de/Sent
X-Identity-Key: Id5
Date: Sat, 04 Feb 2006 xx:xx:xx +0600
From: Citibank Deutschland <support_id_25... [at] citibank.de>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: <...>
Subject: CITIBANK DEUTSCHLAND INTERNET BANKING
Leo ist konsequent: Der Phishing-Kram ist auf 61.79.104.15:180/r1/c/ gehostet
Return-Path: <custservice_ref_... [at] citibank.de>
Received: from c-71-57-56-124.hsd1.il.comcast.net ([71.57.56.124]) by .de
with smtp ID: [ID filtered]
FCC: mailbox://custservice_ref_... [at] citibank.de/Sent
X-Identity-Key: Id1234
Date: Sun, 05 Feb 2006 xx:xx:xx -0200
From: CITIBANK DEUTSCHLAND <custservice_ref_... [at] citibank.de>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: <...>
Subject: Citibank Deutschland BankingNeuer Link, diesmal wieder in China: 218.28.165.168:180/r1/c/
schara56
03.08.2006, 08:57
Return-Path: <custsupport_2890473271id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: from x [82.149.228.140]
by localhost with POP3 (fetchmail-6.2.5.2)
for x (single-drop); Thu, 03 Aug 2006 xx:xx:xx +0200 (CEST)
Received: from 82.149.228.140 ([62.84.3.50])
by x (8.12.10/8.12.10) with SMTP ID: [ID filtered]
for <x>; Thu, 3 Aug 2006 xx:xx:xx +0200
Date: Thu, 3 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
Received: from norika-fujiwara.com (norika-fujiwara.com.ebaystatic.com [34.179.96.191])
by thrunet.com with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0800
From: "CITIBANK DE 2006" <operate_ref2163517id [at] www.citibank.de>
To: "x" <x>
Subject: {Spam?} Banking
X-USER_IP: 44.46.83.21
User-Agent: Calypso Version 3.20.01.01 (4)
X-Mailer: Calypso Version 3.20.01.01 (4)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="CJLIZNVL8WPSGK063M"
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (Wertung=8.081, benoetigt 6,
BAYES_70 2.25, FROM_HAS_ULINE_NUMS 0.96, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_IMAGE_ONLY_06 1.44, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
MSGID_FROM_MTA_HEADER 0.70, RCVD_IN_BL_SPAMCOP_NET 1.50,
RCVD_IN_DSBL 0.71)
X-MailScanner-SpamScore: ssssssss
X-MailScanner-From: custsupport_2890473271id [at] www.citibank.de
X-Collected-By: GMX/x
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_ LINK_IMG_2,INFO_TLD,MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID,RCVD_ HELO_IP_MISMATCH,RCVD_NUMERIC_HELO)
X-GMX-UID: [UID filtered]
Lettisch gespamt (http://62.84.3.50) und gehostet in Chile
http://www.citibank.de.HomeBankingSecure.lasord.info/startsession.asp
Registrar: Melbourne IT
Return-Path: <customersupport_059991465840id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: (qmail invoked by alias); 02 Aug 2006 xx:xx:xx -0000
Received: from APlessis-Bouchard-153-1-87-225.w86-203.abo.wanadoo.fr (HELO APlessis-Bouchard-153-1-87-225.w86-203.abo.wanadoo.fr) [86.203.198.225]
by mx0.gmx.net (mx080) with SMTP; 02 Aug 2006 xx:xx:xx +0200
Received: from joker.com (unknown [40.247.104.165])
by fortunecity.com with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0800
Received: from fiiqmx.net (unknown [96.56.185.213])
by malaysia.net with SMTP ID: [ID filtered]
for <x>; Wed, 02 Aug 2006 xx:xx:xx -0500
From: "Citibank Deutschland 2006" <customersupport_80812365406id [at] www.citibank.de>
To: "x" <x>
Subject: Citibank Deutschland: ONLINE-BANKING -Wed, 02 Aug 2006 xx:xx:xx +0200
X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF: 6.15.0.6
X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i586-alt-linux)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="ESBN638.0OU4KT91"
Date: Wed, 2 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,FROM_LOCAL_HEX,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESS AGE,HTML_SHORT_LINK_IMG_2,INFO_TLD,MIME_HTML_ONLY,POSSIBLE_DIALUP_3,POSSIBLE_DIA LUP_4)
X-GMX-UID: [UID filtered]
Französisch gespamt (ein Schelm wer nun böses denkt http://86.203.198.225) und gehostet in Kolumbien
http://www.citibank.de.HomeBankingSecure.dse39k.info/startsession.asp
Registrar: Melbourne IT
schara56
03.08.2006, 17:23
Gespammt über Hanaro (http://218.235.52.204)
http://www.citibank.de.HomeBankingSecure.gta33.mn/startsession.asp
> gta33.mn
gta33.mn nameserver = ns1.rafidns2k.net
gta33.mn nameserver = ns2.rafidns2k.net
http://ns1.rafidns2k.net internet address = http://58.102.73.2
http://ns2.rafidns2k.net internet address = http://83.14.246.114
Grisu_LZ22
03.08.2006, 18:54
Leo phisht wie verrückt.
Return-Path: <customerssupport-3062656409268ID: [ID filtered]
Received: from mailin10.aul.t-online.de (mailin10.aul.t-online.de [172.20.26.69])
by mhead18 with LMTP; Thu, 03 Aug 2006 xx:xx:xx +0200
X-Sieve: CMU Sieve 2.2
Received: from pool-72-75-84-93.washdc.east.verizon.net ([72.75.84.93]) by mailin10.sul.t-online.de
with smtp ID: [ID filtered]
Received: from arkansas.net (helo dod.arkansas.net [124.127.200.228])
by internet1x2.com with SMTP ID: [ID filtered]
for <meine addy>; Wed, 02 Aug 2006 xx:xx:xx -0800
From: "Citibank De, 2006" <onlinesupport-id-79716500id [at] www.citibank.de>
To: "ich" <meine addy>
X-Originating-Server: furman.geocities.com (helo computation.sigmarts.com [42.16.180.186])
User-Agent: Internet Mail Service (5.5.2650.21)
X-Mailer: Internet Mail Service (5.5.2650.21)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="6IN8G4HIQXTCD1VUOD0L"
X-TOI-SPAM: u;0;2006-08-02Txx:xx:xxZ
X-TOI-VIRUSSCAN: unchecked
X-TOI-MSGID: [ID filtered]
X-Seen: false
X-ENVELOPE-TO: <meine addy>
X-NAS-BWL: No match found for 'onlinesupport-id-79716500ID: [ID filtered]
X-NAS-Language: Unknown
X-NAS-AutoBlock-Code: 4
X-NAS-AutoBlock-Description: E-Mails immer blockieren, die unsichtbaren oder nahezu unsichtbaren Text enthalten
Subject: [Norton AntiSpam] INFORMATION [Wed, 02 Aug 2006 xx:xx:xx -0800]
X-NAS-Classification: 1
X-NAS-MessageID: [ID filtered]
X-NAS-Validation: {0068DA99-8A07-42D3-8BFE-8DC2745F9022}
http://www.citibank.de.homebankingsecure.gp22db7.info/startsession.asp
ab damit in die Mülltonne.
OT:
Phishfighting klappt nicht :-((
/OT
:jedi:
schara56
04.08.2006, 08:15
Return-Path: <custservice-ref-5400577427565id [at] www.citibank.de>
X-Flags: 1001
Delivered-To: GMX delivery to x
Received: from x [82.149.228.140]
by localhost with POP3 (fetchmail-6.2.5.2)
for x (single-drop); Fri, 04 Aug 2006 xx:xx:xx +0200 (CEST)
Received: from 82.149.228.140 ([166.230.139.176])
by x (8.12.10/8.12.10) with SMTP ID: [ID filtered]
for <x>; Fri, 4 Aug 2006 xx:xx:xx +0200
Date: Fri, 4 Aug 2006 xx:xx:xx +0200
Message-ID: [ID filtered]
Received: from roy.kellychen.com (unknown [78.78.255.0])
by joker.com with SMTP ID: [ID filtered]
for <x>; Thu, 03 Aug 2006 xx:xx:xx -0800
From: "Citibank Deutschland" <onlinesupport_id_590894103id [at] www.citibank.de>
To: "x" <x>
Subject: {Spam?} Citibank Deutschland: Wichtige Information -Thu, 03 Aug 2006 xx:xx:xx -0800
X-Authenticated: #32234530
User-Agent: Internet Mail Service (5.5.2650.21)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="ZPHI3FI4D7SC2ETY"
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (Wertung=6.994, benoetigt 6,
BAYES_90 2.10, FROM_HAS_ULINE_NUMS 0.96, HTML_FONTCOLOR_UNSAFE 0.10,
HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32, MSGID_FROM_MTA_HEADER 0.70,
PRIORITY_NO_NAME 1.21, RCVD_IN_BL_SPAMCOP_NET 1.50)
X-MailScanner-SpamScore: ssssss
X-MailScanner-From: custservice-ref-5400577427565id [at] www.citibank.de
X-Collected-By: GMX/x
X-GMX-Antivirus: 0 (no virus found)
X-GMX-Antispam: 5 (S_ULINE_NUMS,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_ LINK_IMG_2,MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,MSGID_FROM_MTA_ID,RCVD_HELO_IP_M ISMATCH,RCVD_NUMERIC_HELO)
X-GMX-UID: [UID filtered]
http://www.citibank.de.HomeBankingSecure.gta33.mn/startsession.asp
Leider mag keiner mehr die Domain gta33.mn delegieren...
<spass>Mal ehrlich; wird langweilig - oder? Dauernd fliegen die Domains aus dem DNS...
Lieber Phisher, :clown:
daher schlage ich vor, dass in den künftigen Phishingmails der 'Kunde' einfach einen einfachen und unkomplizierten Eintrag in die Hosts macht. Funktioniert auf Windows, Linux und Unix und hat eine höhere Stabilität als die schwindligen DNS-Domains die immer nur zwei Tage existieren. Danach muss lediglich die Hosts gepflegt werden - dieses kann ja mit jeder neuen Phishingmail passieren. :p </spass>
Grisu_LZ22
04.08.2006, 14:48
Auch bei mir aufgeschlagen:
(mit Original Fehler - wohl zuviel Koks, Leo? :depp: )
http://www.citibank.de.homebankingsecure.gta33.mn/startsessionasp
da fehlt ein Punkt - daher :gibtnix:
OT:
Könnte mal jemand Leo ein Geschenk in der Art machen:
:bomb:
/OT
:jedi:
Das ist nun mal ausnahmsweise kein Fehler von Leo. .mn gibt es wirklich, das ist die Mongolei. Siehe:
http://www.nic.mn/domain-info.php?fqdn=gta33.MN
Das bekommen nur die gewöhnlichen Whois-Programme nicht auf die Reihe, evtl. auch dieser wieder einer der vielen Taschenspielertricks von Leo zum Verschleiern.
- kjz
Das ist nun mal ausnahmsweise kein Fehler von Leo. .mn gibt es wirklich, das ist die Mongolei.
Da war, denke ich, eher der Teil nach dem "/" gemeint: "/startsessionasp"
Received: from [82.233.116.166] (helo=mut38-4-82-233-116-166.fbx.proxad.net)
by mx30.web.de with smtp (WEB.DE 4.107 #114)
ID: [ID filtered]
Received: from kiowa.kotnet.org (unknown [108.210.188.164])
by im2.com with SMTP ID: [ID filtered]
for xxxxxxx; Mon, 23 Oct 2006 xx:xx:xx -0500
X-Sender: customercare_914809461483id [at] www.citibank.de
From: "Citibank Deutschland" <custsupport-2756190961897id [at] www.citibank.de>
To: "xxxxxxx
Subject: Citibank Deutschland INFORMIERT SIE -Mon, 23 Oct 2006 xx:xx:xx +0200
X-Sender: customercare_914809461483id [at] www.citibank.de
User-Agent: Calypso Version 3.30.00.00
X-Mailer: Calypso Version 3.30.00.00
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="YEF_FY74GFVYO_G6"
Message-ID: [ID filtered]
Date: Mon, 23 Oct 2006 xx:xx:xx +0200
Sender: infonum_3792669166374id [at] www.citibank.de
http://citibank.de.homebankingsecure.jorder.cc/page.do
Received: from [64.131.183.131] (helo=user-1087ds3.cable.mindspring.com)
by mx21.web.de with smtp (WEB.DE 4.107 #114)
ID: [ID filtered]
Received: from [66.0.133.177] (HELO denude.momhut.com)
by serverbeach.com with SMTP ID: [ID filtered]
for <xxxxxx>; Sun, 22 Oct 2006 xx:xx:xx -0800
Received: from [84.178.26.192] (HELO closet.smapxsmap.net)
by oldcatdns.com with SMTP ID: [ID filtered]
for <xxxxxxx>; Mon, 23 Oct 2006 xx:xx:xx +0300
From: "Citibank De, 2006" <support_ref22513952133id [at] www.citibank.de>
To: "xxxxxx
Subject: DIE EILIGE NACHRICHT Sun, 22 Oct 2006 xx:xx:xx -0100
Delivered-To: xxxxxxx
User-Agent: PObox II beta1.0
X-Mailer: PObox II beta1.0
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="8VE0.4QM33YIN0CKG5S6"
Message-ID: [ID filtered]
Date: Mon, 23 Oct 2006 xx:xx:xx +0200
Sender: operator-1729393id [at] www.citibank.de
http://citibank.de.homebankingsecure.itores.co.nz/page.do
Powered by vBulletin® Version 4.2.3 Copyright ©2024 Adduco Digital e.K. und vBulletin Solutions, Inc. Alle Rechte vorbehalten.