Hier schlugen auf mehreren Mailkonten verschiedene Spams auf, wonach ich angeblich einen Gutschein der Fluglinie Ryanair gewonnen hätte.
header:
01: X-Account-Key: account1
02: X-UIDL: [UID filtered]
03: X-Mozilla-Status: 0001
04: X-Mozilla-Status2: 00000000
05: X-Mozilla-Keys:
06:
07: Return-Path: <return [at] mta152.degitalnotification.live>
08: Received: from mta152.degitalnotification.live ([93.110.184.154]) by
09: mx-ha.gmx.net (mxgmx016 [212.227.15.9]) with ESMTP (Nemesis) id
10: 1McoeO-1fn7W04BUo-00a0G2 for <*snip*>; Wed, 14 Nov 2018 xx:xx:xx
11: +0100
12: From:=?UTF-8?B?UnlhbkFpcg==?=<appleid [at] mta152.degitalnotification.live>
13: To:*snip*
14: Message-ID:<243157567.72064735.1540199614736.JavaMail.email [at] email.apple.com>
15: Subject:=?UTF-8?B?SWhyIEZsdWd0aWNrZXQgaXN0IGZlcnRpZyAh?= truelife
16: MIME-Version:1.0
17: Content-Type:multipart/alternative;
18: boundary="----=_Part_72064733_243161542.1540199614736"
19: Envelope-To: <*snip*>
20: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
21: X-Spam-Flag: NO
&
header:
01: X-Account-Key: account4
02: X-UIDL: [UID filtered]
03: X-Mozilla-Status: 0001
04: X-Mozilla-Status2: 00000000
05: X-Mozilla-Keys:
06:
07: Return-Path: <return [at] mta175.degitalnotification.live>
08: Received: from mta175.degitalnotification.live ([93.110.184.177]) by
09: mx-ha.gmx.net (mxgmx011 [212.227.15.9]) with ESMTP (Nemesis) id
10: 0LtEJ1-1fK9Yg24SZ-012nSI for <*snip*>; Wed, 14 Nov 2018 xx:xx:xx
11: +0100
12: From:=?UTF-8?B?UnlhbkFpcg==?=<appleid [at] mta175.degitalnotification.live>
13: To:*snip*
14: Message-ID:<243157567.72064735.1540199614736.JavaMail.email [at] email.apple.com>
15: Subject:=?UTF-8?B?SWhyIEZsdWd0aWNrZXQgaXN0IGZlcnRpZyAh?=
16: MIME-Version:1.0
17: Content-Type:multipart/alternative;
18: boundary="----=_Part_72064733_243161542.1540199614736"
19: Envelope-To: <*snip*>
20: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
21: X-Spam-Flag: NO
&
header:
01: X-Account-Key: account4
02: X-UIDL: [UID filtered]
03: X-Mozilla-Status: 0001
04: X-Mozilla-Status2: 00000000
05: X-Mozilla-Keys:
06:
07: Return-Path: <return [at] mta79.degitalnotification.live>
08: Received: from mta79.degitalnotification.live ([93.110.184.81]) by
09: mx-ha.gmx.net (mxgmx117 [212.227.17.5]) with ESMTP (Nemesis) id
10: 1Mi3WD-1fltgr3pvF-00e58o for <*snip*>; Wed, 21 Nov 2018 xx:xx:xx
11: +0100
12: From:=?UTF-8?B?UnlhbkFpcg==?=<appleid [at] meddevnetwork.com>
13: To:*snip*
14: Message-ID:<243157567.72064735.1540199614736.JavaMail.email [at] email.apple.com>
15: Subject:=?UTF-8?B?RHJpbmdlbmQhIEJpdHRlIGhvbGVuIFNpZSBJaHIgVGlja2V0IHp1csO8Y2su?=
16: MIME-Version:1.0
17: Content-Type:multipart/alternative;
18: boundary="----=_Part_72064733_243161542.1540199614736"
19: Envelope-To: <*snip*>
20: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
21: X-Spam-Flag: NO
&
header:
01: X-Account-Key: account1
02: X-UIDL: [UID filtered]
03: X-Mozilla-Status: 0001
04: X-Mozilla-Status2: 00000000
05: X-Mozilla-Keys:
06:
07: Return-Path: <return [at] mta80.degitalnotification.live>
08: Received: from mta80.degitalnotification.live ([93.110.184.82]) by
09: mx-ha.gmx.net (mxgmx016 [212.227.15.9]) with ESMTP (Nemesis) id
10: 1MS37h-1g1u9412tP-00TS3t for <*snip*>; Wed, 21 Nov 2018 xx:xx:xx
11: +0100
12: From:=?UTF-8?B?UnlhbkFpcg==?=<appleid [at] meddevnetwork.com>
13: To:*snip*
14: Message-ID:<243157567.72064735.1540199614736.JavaMail.email [at] email.apple.com>
15: Subject:=?UTF-8?B?RHJpbmdlbmQhIEJpdHRlIGhvbGVuIFNpZSBJaHIgVGlja2V0IHp1csO8Y2su?=
16: truelife
17: MIME-Version:1.0
18: Content-Type:multipart/alternative;
19: boundary="----=_Part_72064733_243161542.1540199614736"
20: Envelope-To: <*snip*>
21: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
22: X-Spam-Flag: NO
Alle Mail eenhalten rund 42000 (!!!) Zeilen Unfug, was die Mails auf 1,5 MB aufbläht. Der Mist besteht aus sinnfreien Zeielen innerhalb eines Style-Tags:
Code:
<style>
|zf89pbg3-mul8-3uj-tej-cg96nv32qwse
|d98zw1ou-hi3e-f0k-sax-8o1a7tvwp0f9
|x4omqprv-t3zk-u8a-lh2-scbuq5pkmdhn
|8cshuwdi-t7jh-lcw-b6a-pv4tq5umds9f
|q6js1fon-dzsb-p07-61b-ob2a4jcm657x
|b21yndxr-yc3n-6xo-dao-rycm68p43kjw
|60q2usmn-6hd8-xki-5sx-pnr8g5lqi3eo
|6m7zx4eg-1pnv-adi-fro-zsvn0x6pb4oc
|cvadufbh-fm7o-k79-wmk-4agfy3z09rn8
|f6je47lu-8rs6-zhi-q53-cab967hyumio
[...]
/<style>
Für was auch immer.
Wie man eine hübsche Spammail designt, weiß Spammy offensichtlich nicht. Er hat dazu eine anfür sich legitime Passwort-vergessen-E-Mail von Apple genommen, alles in dieser Nachricht auskommentiert, bis eben auf den Spaminhalt:
Code:
<center>
<img src="https://i.imgur.com/V4Apz84.jpg" usemap="#image-map">
<map name="image-map">
<area target="" alt="" title="" href="http://click.dictionary.com/click/hq0591?clksite=dyn&clkpage=&clkld=&clkmod=dynhdrmb&clkdest=https://t2m.io/1LkJ2Jch" coords="*snip*" shape="rect">
</map>
Das Spambild liegt beim Hoster Imgur:
whois:
Der somit durchaus nützliche Dienst wurde durch den Spammer missbraucht. Warum irgendwo selbst hosten und die Bandweite bezahlen, wenn das auch jemand anderes übernehmen kann?
Das Spambild in voller Pracht:
Link: whois:
________________________________________
In einer weiteren E-Mail wird ein 750€-Gutschein von amazon beworben. Auch hier alles wieder gleich. Anleihen bei Apple, Bekloppte Style-Zeilen, Bild bei Imgur:
header:
01: X-Account-Key: account1
02: X-UIDL: [UID filtered]
03: X-Mozilla-Status: 0001
04: X-Mozilla-Status2: 00000000
05: X-Mozilla-Keys:
06:
07: Return-Path: <return [at] mta184.degitalnotification.live>
08: Received: from mta184.degitalnotification.live ([93.110.184.186]) by
09: mx-ha.gmx.net (mxgmx016 [212.227.15.9]) with ESMTP (Nemesis) id
10: 1MasqP-1fmBzB1l7b-00cTEs for <*snip*>; Thu, 15 Nov 2018 xx:xx:xx
11: +0100
12: From:=?UTF-8?B?QW1hem9u?=<appleid [at] mta184.degitalnotification.live>
13: To:*snip*
14: Message-ID:<243157567.72064735.1540199614736.JavaMail.email [at] email.apple.com>
15: Subject:truelife =?UTF-8?B?SWhyZSBTY2h1bGUgaXN0IGZlcnRpZyEgdm9yIGRlbSAxNy8xMS8yMDE0?=
16: MIME-Version:1.0
17: Content-Type:multipart/alternative;
18: boundary="----=_Part_72064733_243161542.1540199614736"
19: Envelope-To: <*snip*>
20: X-GMX-Antispam: 0 (Mail was not recognized as spam); Detail=V3;
21: X-Spam-Flag: NO
Code:
<center>
<img src="https://i.imgur.com/mZ4ZCuh.png" usemap="#image-map">
<map name="image-map">
<area target="" alt="" title="" href="http://click.dictionary.com/click/hq0591?clksite=dyn&clkpage=&clkld=&clkmod=dynhdrmb&clkdest=https://t2m.io/MtJpwtVv" coords="*snip*" shape="rect">
</map>
Das Spambild in voller Pracht:
Link: whois: