PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Mein Neue Foto



oliveer
08.10.2005, 22:53
Received: from [218.222.84.179] (helo=U084179.ppp.dion.ne.jp)
by mx32.web.de with smtp (WEB.DE 4.105 #323)
ID: [ID filtered]
for xxx; Sat, 08 Oct 2005 xx:xx:xx +0200
Received: from mail.com (mail-com-bk.mr.outblaze.com [64.71.166.194])
by U084179.ppp.dion.ne.jp (Postfix) with ESMTP ID: [ID filtered]
for <xxx>; Sat, 08 Oct 2005 xx:xx:xx -0500
From: "Dejection R. Peripheries" <macrotron [at] mail.com>
To: Oliveer <xxx>
Subject: Mein Neue Foto
Date: Sat, 08 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-Virus-Scanned: by amavisd-milter at U084179.ppp.dion.ne.jp
Sender: macrotron [at] mail.com


Hallo!
Wie geht es Ihnen?
Wo werden Sie so lang gewesen?
Ich versprach senden an Sie einige Fotos über mich!
Also, und jetzt können Sie meine Fotos auf meinem Photoalbum sehen!
My Foto Album (http://bestphotoalbum.net)



Tja, irgendwie doch keine Fotos :mad: Schade :rolleyes:


in diesem Sinne


Oliver

Investi
08.10.2005, 23:14
Tja, irgendwie doch keine Fotos :mad: Schade :rolleyes:
Aber dafür einen hervorragenden Verantwortlichen. Als Kinder haben wir immer gesagt:

"Wenn Dummheit weh tun würde ..."

Versuch Dich doch mal mit den Domains
- http://www.my-photos.de
- http://www.my-files.de

Ist bei mir am 05.10.2005 auch eingetroffen:
Return-Path: <esler [at] ondagrupera.com>
Delivery-Date: Wed, 05 Oct 2005 xx:xx:xx +0200
Received: from [221.219.184.19] (helo=louiskoo.com)
by mxeu9.kundenserver.de with ESMTP (Nemesis),
ID: [ID filtered]
Received: from ondagrupera.com (ondagrupera.com [216.187.103.170])
by louiskoo.com (Postfix) with ESMTP ID: [ID filtered]
for <xxxx>; Wed, 05 Oct 2005 xx:xx:xx -0500
From: "Devin L. Bennie" <esler [at] ondagrupera.com>
To: Abuse <xxxxx>
Subject: [SPAM] [SPAM?]: Mein Neue Foto
Date: Wed, 05 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1082
X-Virus-Scanned: by Ameriserv.net Anti-Virus E-Gateway
Envelope-To: xxxxxx
X-SpamScore: 1.864
tests= DATE_IN_PAST_06_12 MIME_HTML_NO_CHARSET
X-Spam-Flag: Yes
X-Spam-Level: 6/5

doc33
09.10.2005, 17:32
Selbe Mail ging bei mir auch ein und wenn ich den Link öffne dann meldet sich meine Norton Firewall ziemlich heftig zu Wort und warnt vor gefährlichen Scripten und auch Trojanern.

Received: from [220.79.79.154] (helo=dbzmail.com)
by mx32.web.de with smtp (WEB.DE 4.105 #323)
ID: [ID filtered]
for poor [at] spamvictim.tld; Sat, 08 Oct 2005 xx:xx:xx +0200
Received: from kellychen.com (kellychen-com-bk.mr.outblaze.com [205.158.62.177])
by dbzmail.com (Postfix) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 07 Oct 2005 xx:xx:xx -0500
From: "Essequibo J. Erythrocyte" <ma_s [at] kellychen.com>
To: x <poor [at] spamvictim.tld>
Subject: Mein Neue Foto
Date: Fri, 07 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505.0000
X-Virus-Scanned: Norton
Sender: ma_s [at] kellychen.com

Sven Udo
10.10.2005, 02:16
Hilfe, die "Soviets" kommen zurück :skull: From Soviets I. Carousal Sun Oct 9 xx:xx:xx 2005
X-Apparently-To: xxxxxxxx [at] yahoo.com.au via 66.218.93.232; Sun, 09 Oct 2005 xx:xx:xx -0700
X-YahooFilteredBulk: 82.3.140.138
X-Originating-IP: [82.3.140.138]
Return-Path: <chdioux [at] sesmail.com>
Authentication-Results: mta127.mail.mud.yahoo.com from=sesmail.com; domainkeys=neutral (no sig)
Received: from 82.3.140.138 (HELO cpc2-dove1-4-0-cust138.asfd.cable.ntl.com) (82.3.140.138) by mta127.mail.mud.yahoo.com with SMTP; Sun, 09 Oct 2005 xx:xx:xx -0700
Received: from sesmail.com (sesmail-com-bk.mr.outblaze.com [205.158.62.181]) by cpc2-dove1-4-0-cust138.asfd.cable.ntl.com (Postfix) with ESMTP ID: [ID filtered]
From: "Soviets I. Carousal" <chdioux [at] sesmail.com> Add to Address Book
To: "xxxxxxxxxxxx" <poor [at] spamvictim.tld>
Subject: Mein Neue Foto
Date: Sun, 09 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000
X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
Content-Length: 843 Hallo!
Wie geht es Ihnen?
Wo werden Sie so lang gewesen?
Ich versprach senden an Sie einige Fotos über mich!
Also, und jetzt können Sie meine Fotos auf meinem Photoalbum sehen!
My Foto Album http://bestphotoalbum.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Da kommt ja bei mir eine illustere Gesellschaft zusammen:

http://bestphotoalbum.net/ is a URL.
Domain Dossier will continue with bestphotoalbum.net.

Address lookup
canonical name bestphotoalbum.net.
aliases
addresses 62.219.85.199
68.187.213.82
82.131.7.68

Domain Whois record
Queried whois.internic.net with "dom bestphotoalbum.net"...
Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: BESTPHOTOALBUM.NET
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com

Queried whois.joker.com with "bestphotoalbum.net"...
domain: bestphotoalbum.net
owner: Jeffrey Baccus
email: ver84kd [at] gmail.com
address: 9313 Western Trail
city: Irving
state: TX
postal-code: 75063
country: US

% Information related to '62.219.85.0 - 62.219.87.255'
inetnum: 62.219.85.0 - 62.219.87.255
netname: NV-BEER-SHEVA-TECHNOLOGY-COLLEGE
descr: NACE-LAN
country: IL
admin-c: YK76-RIPE
tech-c: BHT2-RIPE
status: ASSIGNED PA
remarks: please send ABUSE complains to abuse [at] bezeqint.net
remarks: INFRA-AW
mnt-by: AS8551-MNT
mnt-lower: AS8551-MNT
changed: hostmaster [at] bezeqint.net 20041102
source: RIPE

homer
10.10.2005, 08:06
Das ist hier am WE auch öfters angekommen. Hier mal einer der Header:
Return-Path: <erskine [at] queretaro.com>
Received: from 20118163202.host.telemar.net.br (HELO earthlink.net)
(201.18.163.202) by 0 with SMTP; 10 Oct 2005 00:XX:XX -0000
Received: from queretaro.com (queretaro-com.mr.outblaze.com
[208.36.123.75]) by earthlink.net (Postfix) with ESMTP ID: [ID filtered]
<poor [at] spamvictim.tld>; Sun, 09 Oct 2005 10:XX:XX -0500
From: "Clans K. Khachaturian" <erskine [at] queretaro.com>
To: me <poor [at] spamvictim.tld>
Subject: Mein Neue Foto
Date: Sun, 09 Oct 2005 10:XX:XX -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123
X-AntiVirus: OK! AntiVir MailGate Version 2.0.1; AVE: 6.15.0.0; VDF:
6.15.0.6
Spamvertized wurde http://bestphotoalbum.net

oliveer
10.10.2005, 08:21
Received: from [218.158.40.214] (helo=allsaintsfan.com)
by mx26.web.de with smtp (WEB.DE 4.105 #323)
ID: [ID filtered]
for xxx; Mon, 10 Oct 2005 xx:xx:xx +0200
Received: from ezagenda.com (ezagenda-com-bk.mr.outblaze.com [205.158.62.177])
by allsaintsfan.com (Postfix) with ESMTP ID: [ID filtered]
for <xxx>; Sun, 09 Oct 2005 xx:xx:xx -0500
From: "Cubbyhole C. Epoxy" <ganadist [at] ezagenda.com>
To: Oliveer <xxx>
Subject: Mein Neue Foto
Date: Sun, 09 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-Virus-Scanned: by Ameriserv.net Anti-Virus E-Gateway
Sender: ganadist [at] ezagenda.com


Mich hat der auch mal wieder belästigt. :mad:


in diesem Sinne


Oliver

Raencker
10.10.2005, 10:25
Und auch bei mir ist der aufgeschlagen:

Return-Path: <mark_smirnenski [at] yahoo.co.uks>
Delivery-Date: Mon, 10 Oct 2005 xx:xx:xx +0200
Received: from [24.232.166.80] (helo=OL80-166.fibertel.com.ar)
by mxeu8.kundenserver.de with ESMTP (Nemesis),
ID: [ID filtered]
Received: from yahoo.co.uks (yahoo.co.uks [115.29.12.19])
by OL80-166.fibertel.com.ar (Postfix) with ESMTP ID: [ID filtered]
for <***********************>; Sun, 09 Oct 2005 xx:xx:xx -0500
From: "Tuna O. Oglethorpe" <mark_smirnenski [at] yahoo.co.uks>
To: ****** <***********************>
Subject: Mein Neue Foto
Date: Sun, 09 Oct 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Virus-Scanned: by AMaViS perl-11 mion
Envelope-To: ***********************

Goofy
10.10.2005, 18:02
bestphotoalbum.net wird ganz offensichtlich auf einem Botnetz gehostet, ähnlich wie die neulich hier gesehenen Phishing-Domains von Leo.

68.187.213.82

62.219.85.199

82.131.7.68

68.187.213.82

213.54.152.79

172.176.156.61

84.130.69.229

70.246.221.175

ns1.fastsecurity.net 67.84.62.212 Optimum Online (Cable)
ns2.fastsecurity.net 217.34.33.173 btopenworld

dk99hi
10.10.2005, 19:17
84.130.69.229


DTAG-DIAL19 - da ist spätestens nach 24h hängen im Schacht. (Zwangstrennung) :D

Goofy
10.10.2005, 19:26
Zwangstrennung...
Das ist für die kein Problem.
Bei erneuter Einwahl sendet der Trojaner sicherlich seine neue IP an den "Master" in Russland.

dk99hi
10.10.2005, 19:35
Das schon, aber ich hab heute einen Spam bekommen für

http://84.165.203.183/eBay/index.htm

Nach der Trennung ist der Spam für die Katz :cool: