@Wuschel_MUC,
es handelt sich dabei um folgende Bank
Druckbare Version
@Wuschel_MUC,
es handelt sich dabei um folgende Bank
Wenn mein Englisch nicht so bescheiden wäre, würde ich´s machen ;)
_____
header:01: Return-Path: <info [at] bloomberg.co.ua>02: X-Original-To: info [at] meine-email.de03: Delivered-To: poor [at] spamvictim.tld04: Received: from dspam (localhost [127.0.0.1])05: by (mailbox/lda) with SMTP ID: [ID filtered]06: for <poor [at] spamvictim.tld>; Thu, 2 Mar 2017 xx:xx:xx +0100 (CET)07: Authentication-Results: ; spf=pass (sender SPF authorized)08: smtp.mailfrom=bloomberg.co.ua (client-ip=212.47.214.66; helo=bloomberg.co.ua;09: envelope-from=info [at] bloomberg.co.ua; receiver=info [at] meine-email.de)10: X-Virus-Status: Clean11: X-Virus-Scanned: clamav-milter 0.99.2 at12: Authentication-Results: ; dmarc=none header.from=bloomberg.co.ua13: Authentication-Results: ; spf=pass smtp.mailfrom=info [at] bloomberg.co.ua14: Received: from bloomberg.co.ua (m2.bloomberg.co.ua [212.47.214.66])15: by (Postfix) with ESMTP ID: [ID filtered]16: for <poor [at] spamvictim.tld>; Thu, 2 Mar 2017 xx:xx:xx +0100 (CET)17: Received: from bloomberg.co.ua (m1.bloomberg.co.ua [212.47.214.65])18: by bloomberg.co.ua (Postfix) with ESMTPA ID: [ID filtered]19: Thu, 2 Mar 2017 xx:xx:xx +0200 (EET)20: Message-ID: [ID filtered]21: Reply-To: "Generika Testpacke" <info [at] bloomberg.co.ua>22: From: "Generika Testpacke" <info [at] bloomberg.co.ua>23: To: <poor [at] spamvictim.tld>24: Subject: Generika - schnell, sicher und ohne Rezept25: Date: Thu, 02 Mar 2017 xx:xx:xx +030026: MIME-Version: 1.027: Content-Type: multipart/related;28: type="multipart/alternative";29: boundary="----=_NextPart_000_0006_01D29312.4B00E550"30: X-Priority: 331: X-MSMail-Priority: Normal32: X-Mailer: Microsoft Windows Live Mail 14.0.8117.41633: X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.41634: X-DSPAM-Result: Innocent35: X-DSPAM-Processed: Thu Mar 2 xx:xx:xx 201736: X-DSPAM-Confidence: 0.989937: X-DSPAM-Probability: 0.000038: X-DSPAM-Signature: 58b7d76b22271616720364
whois: weiter zu whois:
Eben noch so n´ Mist reingeflogen:
header:01: Received: from sveninc.co.ua (v22017024345445591.nicesrv.de [37.120.186.107])02: by sveninc.co.ua (Postfix) with ESMTPA ID: [ID filtered]03: Fri, 3 Mar 2017 xx:xx:xx +0200 (EET)04: Message-ID: [ID filtered]05: Reply-To: "Online Apotheke" <yxyadvt [at] sveninc.co.ua>06: From: "Online Apotheke" <yxyadvt [at] sveninc.co.ua>
whois:
header:01: Return-Path: <info [at] onedayin.biz.ua>02: X-Original-To: info [at] meinedomain.de03: Delivered-To: poor [at] spamvictim.tld04: Received: from dspam (localhost [127.0.0.1])05: by mail.lima-city.de (mailbox/lda) with SMTP ID: [ID filtered]06: for <poor [at] spamvictim.tld>; Mon, 6 Mar 2017 xx:xx:xx +0100 (CET)07: Authentication-Results: mail.lima-city.de; spf=pass (sender SPF authorized)08: smtp.mailfrom=onedayin.biz.ua (client-ip=91.214.70.63; helo=onedayin.biz.ua;09: envelope-from=info [at] onedayin.biz.ua; receiver=info [at] meinedomain.de)10: X-Virus-Status: Clean11: X-Virus-Scanned: clamav-milter 0.99.2 at mail.lima-city.de12: Authentication-Results: mail.lima-city.de; dmarc=none header.from=onedayin.biz.ua13: Authentication-Results: mail.lima-city.de; spf=pass smtp.mailfrom=info [at] onedayin.biz.ua14: Received: from onedayin.biz.ua (m2.onedayin.biz.ua [91.214.70.63])15: by mail.lima-city.de (Postfix) with ESMTP ID: [ID filtered]16: for <poor [at] spamvictim.tld>; Mon, 6 Mar 2017 xx:xx:xx +0100 (CET)17: Received: from onedayin.biz.ua (onedayin.biz.ua [91.214.70.36])18: by onedayin.biz.ua (Postfix) with ESMTPA ID: [ID filtered]19: Mon, 6 Mar 2017 xx:xx:xx +0200 (EET)20: Message-ID: [ID filtered]21: From: "Online Apotheke" <info [at] onedayin.biz.ua>
Screenshot:
whois: whois:
Kreativität in der Interpunktion :lil:
header:01: From - Sun Mar 12 xx:xx:xx 201702: X-Account-Key: account103: X-UIDL: [UID filtered]04: X-Mozilla-Status: 000105: X-Mozilla-Status2: 0000000006: X-Mozilla-Keys:07:08: Return-Path: <Onboaiynu.Uiwysgn [at] dnao-optisn120828013.de>09: Received: from mailin58.aul.t-online.de ([172.20.27.247])10: by ehead412.aul.t-online.de (Dovecot) with LMTP ID: [ID filtered]11: Sun, 12 Mar 2017 xx:xx:xx +010012: Received: from dnao-optisn120828013.de ([91.106.50.217]) by13: mailin58.aul.t-online.de14: with smtp ID: [ID filtered]15: Message-ID: [ID filtered]16: Date: Sat, 11 Mar 2017 xx:xx:xx -080017: Reply-To: "Info" <Onboaiynu.Uiwysgn [at] dnao-optisn120828013.de>18: From: "Info" <Onboaiynu.Uiwysgn [at] dnao-optisn120828013.de>
leitet weiter zu whois:
Beim nächsten Spamrun versetzen sie den Punkt um einen Buchstaben, in der vagen Hoffnung, so die Filter auszutricksen.
header:01: Received: from mail.kolinopet.eu (x4.kolinopet.eu [142.54.177.229])02: by x (Postfix) with ESMTP ID: [ID filtered]03: for <x>; Fri, 9 Jun 2017 xx:xx:xx +0200 (CEST)04: Received: from kolinopet.eu (mail.kolinopet.eu [142.54.177.226])05: by mail.kolinopet.eu (Postfix) with ESMTPA ID: [ID filtered]06: Fri, 9 Jun 2017 xx:xx:xx +0300 (EEST)
Beworbene Domain IP Adresse(n) Weiterleitung (j/n) whois: whois:52.0.7.30 [X] ja / [ ] nein whois:/categories/potency whois:46.161.14.39 [ ] ja / [X] nein
Diese Spam scheint auch mit diesem Thread (https://www.antispam-ev.de/forum/showthread.php?t=39226) zusammen zu hängen.
Wieder Pillenspam:
header:01: Received: from nm26-vm3.bullet.mail.ir2.yahoo.com02: (nm26-vm3.bullet.mail.ir2.yahoo.com [212.82.97.45])03: by xxxxx (Postfix) with ESMTPS04: for <xxxxx>; Fri, 14 Jul 2017 xx:xx:xx +0200 (CEST)05: Received: from [212.82.98.62] by nm26.bullet.mail.ir2.yahoo.com with06: NNFMP; 14 Jul 2017 xx:xx:xx -000007: Received: from [46.228.39.91] by tm15.bullet.mail.ir2.yahoo.com with08: NNFMP; 14 Jul 2017 xx:xx:xx -000009: Received: from [127.0.0.1] by smtp128.mail.ir2.yahoo.com with NNFMP; 1410: Jul 2017 xx:xx:xx -0000
Vermutlich ein ebay-Händler, bei dem ich etwas erworben hatte und dessen Adressbuch dann 'nach Hause' telefoniert wurde. Und das war's dann...
whois:
IP: 179.188.11.44 ---> hm8911.locaweb.com.br
weiter auf:
whois:
IP: 37.48.92.150 ---> abradechaffingly.xyz/NL-LEASEWEB
Leaseweb, und dann noch bei den ultraliberalen Niederländern, da ist Hopfen und Malz verloren.
Nach langer Pause meldet sich die russische Pillenmafia mal wieder, und es ist alles dabei, was in der Schwarzhut-Branche schon seit Jahren mit Ganoven kooperiert:
header:01: Received: from server06.citromail.hu (server06.citromail.hu [91.83.45.6])02: by xxxxx (Postfix) with ESMTPS03: for <xxxxx>; Fri, 4 Aug 2017 xx:xx:xx +0200 (CEST)04: Received: (qmail 12808 invoked by UID: [UID filtered]05: To: <poor [at] spamvictim.tld>06: Subject: =?UTF-8?B?RmFsbCBwcm9tbzogZnJlZSB0YWJz?=07: Received: from AWBL12-158.qubee.com.bd [180.234.12.158]08: by with HTTP; Fri, 04 Aug 2017 xx:xx:xx +0200
whois: (Registrar: Enom)
IP: 104.24.105.101 ---> Cloudflare
weiter auf:
whois:
IP: 137.74.56.8 ---> OVH/ip8.ip-137-74-56.eu
Sehr schön auch dies hier, wo sich der russische Registrar gleich die Selbstabsolution spendet:
Wieder mal dieselben Kriminellen:
header:01: Received: from server10.citromail.hu (server10.citromail.hu [91.83.45.10])02: by xxxxx (Postfix) with ESMTPS03: for <xxxxx>; Sun, 6 Aug 2017 xx:xx:xx +0200 (CEST)04: Received: (qmail 7655 invoked by UID: [UID filtered]05: Received: from 207.110.112.181.static.anycast.cnt-grms.ec [181.112.110.207]06: by with HTTP; Sun, 06 Aug 2017 xx:xx:xx +0200
whois:
IP: 54.183.130.144 ---> Amazon/Hootsuite Media
weiter auf:
whois:
IP: 176.53.25.8 ---> 176-53-25-8.7x24web.net.tr/Sayfa, TR
Und wieder ist die Russenmafia unterwegs:
header:01: Received: from mail.online.ua (mail.online.ua [77.120.110.136])02: by xxxxx (Postfix) with ESMTPS03: for <xxxxx>; Fri, 11 Aug 2017 xx:xx:xx +0200 (CEST)04: Received: from [192.168.21.22] (helo=mail4.online.lan)05: by mail.online.ua with smtp ID: [ID filtered]
whois:
IP: 54.183.130.144 ---> Amazon/hootsuite.com
weiter auf:
whois:
IP: 78.107.252.174 ---> 0891021126.static.corbina.ru