Je später der Abend, desto dreister der Mugu:
header:01: Received: from bnld.nld.com.vn (unknown [210.245.22.124]) by xxxxx (Postfix)02: with ESMTP ID: [ID filtered]
Post bitte an:
- kjz
Druckbare Version
Je später der Abend, desto dreister der Mugu:
header:01: Received: from bnld.nld.com.vn (unknown [210.245.22.124]) by xxxxx (Postfix)02: with ESMTP ID: [ID filtered]
Post bitte an:
- kjz
Noch ein paar:
Den hatten wir auch schon....
header:01: Received: from mail.cpatu.com.uy (r200-40-190-2.ae-static.anteldata.net.uy02: [200.40.190.2]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from localhost (localhost [127.0.0.1]) by mail.cpatu.com.uy (Postfix)04: with ESMTP ID: [ID filtered]05: Received: from mail.cpatu.com.uy ([127.0.0.1]) by localhost (mail.cpatu.com.uy06: [127.0.0.1]) (amavisd-new, port 10024) with LMTP ID: [ID filtered]07: Received: from User (unknown [192.168.3.1]) by mail.cpatu.com.uy (Postfix) with08: ESMTP ID: [ID filtered]
Post geht an:
Und den wohl auch:
header:01: Received: from successhk.com (unknown [202.67.202.123]) by xxxxx (Postfix) with02: ESMTP ID: [ID filtered]03: Received: from User [196.3.183.72] by successhk.com with ESMTP (SMTPD32-8.05)04: ID: [ID filtered]
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
Muguphon: +234 802 582 4103 ---> Vmobile, Nigeria/Zain
- kjz
Jede Menge Mugus:
header:01: Received: from IMPaqm1.telefonica.net (impaqm1.telefonica.net [213.4.149.61])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from IMPmailhost1.adm.correo ([10.20.102.38]) by04: IMPaqm1.telefonica.net with bizsmtp ID: [ID filtered]05: Received: from cps3 ([10.20.100.3]) by IMPmailhost1.adm.correo with BIZ IMP ID:06: [ID filtered]07: X-TE-authinfo: authemail="??" |auth_email="??"08: X-TE-AcuTerraCos: auth_cuTerraCos="terra-wm"09: Received: from [83.229.90.44] by correo6.terra.es with HTTP (authenticated as10: edmond22222 [at] terra.es); Thu, 12 Mar 2009 xx:xx:xx +0100
IP: 83.229.90.44 ---> Supernet, Nigeria
Post geht an:
header:01: Received: from mail03.syd.optusnet.com.au (mail03.syd.optusnet.com.au02: [211.29.132.184]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([41.211.228.31]) (authenticated sender05: info.optuscn94 [at] optusnet.com.au) by mail03.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID:06: [ID filtered]
IP: 41.211.228.31 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
Muguphon: +44 870 288 7323 ---> Interweb Design Ltd, UK
Und heute hat dasselbe Mugulein ganz besonders vorgesorgt:
header:01: Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au02: [211.29.132.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([41.211.226.118]) (authenticated sender05: info.optuscd95 [at] optusnet.com.au) by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID:06: [ID filtered]
IP: 41.211.226.118 --> DIRECT ON PC LTD, Nigeria
Post geht an:
Muguphones:
+44-700-5921640 ---> PNC Telecom Services Limited, UK
+44 7624198271 ---> Manx Telecom, Isle of Man
+44 870 288 7323 ---> Interweb Design Ltd, UK
Und noch ein Mugu, der nach Mail-Accounts phisht:
header:01: Received: from norte.esfera.cl (norte.esfera.cl [192.80.24.26]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from sur.esfera.cl (unknown [200.111.14.29]) by norte.esfera.cl04: (Postfix) with ESMTP ID: [ID filtered]05: Received: from esfera.cl (localhost [127.0.0.1]) by sur.esfera.cl06: (8.xx.EnergyDrink/Esfera smtp v_bop) with ESMTP ID: [ID filtered]
Man beachte:
X-OriginatingIP: 41.220.75.3 ---> MTN, Nigeria (die Dauer-Mugu IP)
Post geht an:
- kjz
Katherine ist wieder da, jetzt aber nur noch mit 1 Mailadresse. Was wohl mit den anderen 2 passiert ist.... :D
header:01: Received: from mail.twghintranet.org ([210.177.173.70]) by mx.kundenserver.de02: (node=mxeu5) with ESMTP (Nemesis) ID: [ID filtered]03: xx:xx:xx +010004: Received: from User ([60.10.134.103]) by mail.twghintranet.org (IceWarp 9.3.2)05: with ASMTP ID: [ID filtered]
IP: 60.10.134.103 ---> CNCGROUP Hebei
Post geht nur noch an:
- kjz
Und schon wieder einer...
header:01: X-Envelope-From: <davidpewi3 [at] gmail.com>02: X-Envelope-To: <meine Adresse>03: X-Delivery-Time: 123698940504: X-UID: [UID filtered]05: Return-Path: <davidpewi3 [at] gmail.com>06: X-RZG-FWD-BY: meine Adresse07: Received: from RZmta-intern (client mail forwarder)08: by mailin.webmailer.de (voltan mi25) (RZmta 18.25)09: for <meine Adresse>; Sat, 14 Mar 2009 xx:xx:xx +0100 (MET)10: X-RZG-CLASS-ID: [ID filtered]11: Received: from boettgertomomfs.com ([68.124.236.110])12: by mailin.webmailer.de (voltan mi25) (RZmta 18.25)13: with ESMTP ID: [ID filtered]14: Sat, 14 Mar 2009 xx:xx:xx +0100 (MET)15: Received: from User ([196.213.111.202]) by boettgertomomfs.com with Microsoft16: SMTPSVC(6.0.3790.3959);17: Fri, 13 Mar 2009 xx:xx:xx -070018: Reply-To: <dr.davidpewi3 [at] gmail.com>19: From: "Dr. DavID: [ID filtered]20: Subject: CAN YOU HANDLE THIS TRANSFER???21: Date: Fri, 13 Mar 2009 xx:xx:xx +020022: MIME-Version: 1.023: Content-Type: text/plain;24: charset="Windows-1251"25: Content-Transfer-Encoding: 7bit26: X-Priority: 327: X-MSMail-Priority: Normal28: X-Mailer: Microsoft Outlook Express 6.00.2600.000029: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.000030: Bcc:31: Message-ID: [ID filtered]32: X-OriginalArrivalTime: 13 Mar 2009 xx:xx:xx.0109 (UTC)33: FILETIME=[AFEF08D0:01C9A3EB]
Diesmal geht es um 43.860.000,00 $
Die Antworten hätte er gerne an
Dr. David Chabalala Pewi
Email:
Phone: +27-73-846-3099
Der Schrott wurde bereits von meinem Mailserver entfernt.
Gruß,
- syntax
Der Mugu, der Optus in AU immer exploitet, scheint sich zum 'Dauer-Gast' zu entwickeln:
header:01: Received: from mail09.syd.optusnet.com.au (mail09.syd.optusnet.com.au02: [211.29.132.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([41.211.228.216]) (authenticated sender05: info.optuscn02 [at] optusnet.com.au) by mail09.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID:06: [ID filtered]
IP: 41.211.228.216 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
Muguphone:
Tel: +44-7024023681 ---> Magrathea Telecommunications Limited, UK
FAX: +44-8704952404 ---> Stylecom Limited, UK
ausserdem hätten wir noch:
header:01: Received: from IMPaqm2.telefonica.net (impaqm2.telefonica.net02: [213.4.149.62]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from IMPmailhost2.adm.correo ([10.20.102.39]) by04: IMPaqm2.telefonica.net with bizsmtp ID: [ID filtered]05: Received: from cps9 ([10.20.100.209]) by IMPmailhost2.adm.correo with BIZ IMP06: ID: [ID filtered]07: X-TE-authinfo: authemail="??" |auth_email="??"08: X-TE-AcuTerraCos: auth_cuTerraCos="terra-wm"09: Received: from [41.211.239.186] by correo17.terra.es with HTTP (authenticated10: as obadiahmailafi9 [at] terra.es); Sat, 14 Mar 2009 xx:xx:xx +0100
IP: 41.211.239.186 ---> DIRECT ON PC LTD, Nigeria
Post geht an:
Muguphon: +234 70257-28574 ---> Pank Shin, Nigeria
Squirrelmail läßt sich in KE auch noch immer exploiten:
header:01: Received: from mail.nema.go.ke (mail.nema.go.ke [80.240.202.162]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from mail.nema.go.ke (mail.nema.go.ke [127.0.0.1]) by mail.nema.go.ke04: (Postfix) with ESMTP ID: [ID filtered]05: Received: from 127.0.0.1 (proxying for 192.168.0.21, 127.0.0.1) (SquirrelMail06: authenticated user info) by mail.nema.go.ke with HTTP; Sat, 14 Mar 2009 xx:xx:xx +0300 (EAT)
Post geht an:
Muguphon: +2348057547555 ---> Globacom, Nigeria
- kjz
Optus und Sify scheinen sich ihre Merkbefreiung redlich verdienen zu wollen:
header:01: Received: from mail02.syd.optusnet.com.au (mail02.syd.optusnet.com.au02: [211.29.132.183]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User (c122-107-155-148.eburwd5.vic.optusnet.com.au05: [122.107.155.148]) (authenticated sender mrkes [at] optusnet.com.au) by06: mail02.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
Post geht an:
- kjz
Katherine kann es einfach nicht lassen:
header:01: Received: from mail1.mywave.at (mail1.mywave.at [85.193.128.12]) by02: mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) ID: [ID filtered]03: Received: from User (host-41-207-0-84.afnet.net [41.207.0.84]) by04: mail1.mywave.at (Postfix) with ESMTP ID: [ID filtered]
IP: 41.207.0.84 ---> AFNET, CI
Post geht an:
header:01: Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local04: with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Mar 2009 xx:xx:xx +0000
Post geht an:
Muguphon: +229-9320-1763 ---> BBCom, Benin
- kjz
Sister Jorgensen direkt im Doppelpack:
header:01: Received: from adlim.com.br (smtp.adlim.com.br [200.249.47.1]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: BrmaOutput: [41.221.174.107]05: Received: from User ([41.221.174.107]) (authenticated bits=0) by adlim.com.br06: (8.12.11.20060308/8.12.11) with ESMTP ID: [ID filtered]
header:01: Received: from ss93.shared.server-system.net (ss93.shared.server-system.net02: [64.13.208.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client03: certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([41.221.174.107]) (authenticated bits=0) by05: ss93.shared.server-system.net (8.12.11.20060308/8.12.11) with ESMTP ID: [ID filtered]
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
header:01: Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local04: with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Mar 2009 xx:xx:xx +0000
Post geht an:
Muguphon: +229-9320-1763 ---> BBCom, Benin
header:01: Received: from sccmmhc91.asp.att.net (sccmmhc91.asp.att.net [204.127.203.211])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: DKIM-Signature: v=1; q=dns/txt; d=mchsi.com; s=dkim01;04: i=poor [at] spamvictim.tld; a=rsa-sha256;05: c=relaxed/relaxed; t=1237251699; h=Content-Type:MIME-Version:06: Message-Id:Date:From; bh=Icrrx1hmSpgqI246jup0AIIggHdCOntCVKYv+0pTBE07: Q=; b=MTYJzzGQRVbjSN5kksHCKcn9sWhsn2WftZz6A265pMuZG9EPpgtvNIOfMFmpQ08: K0fYuCh9QKWlJJAQ4TNc4ieaA==09: Received: from sccqwbc17 (scommcenter17.asp.att.net[204.127.203.179]) by10: mchsi.com (sccmmhc91) with SMTP ID: [ID filtered]11: Received: from [67.222.8.32] by sccqwbc17; Tue, 17 Mar 2009 xx:xx:xx +0000
IP: 67.222.8.32 ---> host.bahrain-dns.net
Post geht an:
- kjz
Weiter geht's:
header:01: Received: from 156.89.233.72.static.reverse.ltdomains.com (EHLO02: server.hammersurepa.com) [72.233.89.156] by mx0.gmx.net (mx077) with SMTP; 17 Mar 200903: xx:xx:xx +010004: Received: from localhost ([127.0.0.1] helo=72.233.89.156) by05: server.hammersurepa.com with esmtpa (Exim 4.69) (envelope-from06: <ndemanosiviwe01 [at] gmail.com>) ID: [ID filtered]07: Received: from 41.202.20.190 ([41.202.20.190]) (SquirrelMail authenticated user08: 005 [at] cbcy-london.co.uk) by 72.233.89.156 with HTTP; Thu, 12 Mar 2009 xx:xx:xx -0000 (UTC)
IP: 41.202.20.190 ---> dhcp20190.myzipnet.com, Ghana
Post hätte gerne:
header:01: Received: from hpsmtp-eml15.KPNXCHANGE.COM (EHLO hpsmtp-eml15.kpnxchange.com)02: [213.75.38.115] by mx0.gmx.net (mx116) with SMTP; 18 Mar 2009 xx:xx:xx +010003: Received: from cpsmtp-he03.kpnxchange.com ([213.75.38.23]) by04: hpsmtp-eml15.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 18 Mar 2009 xx:xx:xx05: +010006: Received: from User ([124.122.188.60]) by cpsmtp-he03.kpnxchange.com with07: Microsoft SMTPSVC(6.0.3790.3959); Wed, 18 Mar 2009 xx:xx:xx +0100
IP: 124.122.188.60 ---> ppp-124-122-188-60.revip2.asianet.co.th
Post geht an:
Muguphon: + 44 792 408 6767 ---> Manx Telecom, Isle of Man
Besonders perfide, weil es hier angeblich um verwaistes Vermögen von Holocaust-Opfern gehen soll:
header:01: Received: from 21.32.be.static.xlhost.com (EHLO mx4.hotmail.com)02: [209.190.50.33] by mx0.gmx.net (mx100) with SMTP; 18 Mar 2009 xx:xx:xx +0100
Post geht an:
- kjz
Und wieder:
header:01: Received: from jakenweb.Jaken.com (unknown [74.0.158.219]) by xxxxx (Postfix)02: with ESMTP ID: [ID filtered]03: Received: from User ([196.3.183.73]) by jakenweb.Jaken.com with Microsoft04: SMTPSVC(6.0.3790.1830); Wed, 18 Mar 2009 xx:xx:xx -0700
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
Muguphon: +44 7031 9788 84 ---> Magrathea Telecommunications Limited, UK
header:01: Received: from dns.tongx.com.tw (unknown [59.120.91.111]) by xxxxx (Postfix)02: with ESMTP ID: [ID filtered]03: Received: from User (unknown [83.229.48.148]) by dns.tongx.com.tw (Postfix)04: with ESMTP ID: [ID filtered]
IP: 83.229.48.148 ---> Cyberspace Link 4 PHC, Nigeria/Sky-Vision
Post geht an:
header:01: Received: from huiquandyeing.com (unknown [60.12.88.114]) by xxxxx (Postfix)02: with ESMTP ID: [ID filtered]03: Received: from User ([82.128.44.204]) [authenticated user04: test [at] huiquandyeing.com) by huiquandyeing.com (huiquandyeing.com [192.168.1.138])05: (MDaemon.PRO.v6.8.5.R) with ESMTP ID: [ID filtered]
IP: 192.168.1.138 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
- kjz
Wieder was vom Dauer-Mugu:
header:01: Received: from untref.untref.edu.ar (untref.edu.ar [200.58.113.38]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from [127.0.0.1] (helo=localhost) by untref.untref.edu.ar with esmtp04: (Exim 4.63) (envelope-from <rtfc [at] opentransfer.com>) ID: [ID filtered]05: Received: from mtnngprs.com (mtnngprs.com [41.220.75.3]) by www.untref.edu.ar06: (IMP) with HTTP for <poor [at] spamvictim.tld@localhost>; Thu, 19 Mar 2009 xx:xx:xx -0300
Man beachte:
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
header:01: Received: from mx.inode.at (mx11.lb01.inode.at [62.99.145.13]) (using TLSv102: with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix)03: with ESMTP ID: [ID filtered]04: Received: from [213.47.214.141] (port=5280 helo=webmail) by smartmx-11.inode.at05: with esmtp (Exim 4.69) (envelope-from <jacobthemover [at] yahoo.com>) ID: [ID filtered]06: Received: from [127.0.0.1] (helo=inode.at) by webmail with smtp (Exim 4.67)07: (envelope-from <jacobthemover [at] yahoo.com>) ID: [ID filtered]08: Received: from 41.220.75.3 (SquirrelMail authenticated user erich.wanisch [at] inode.at) by09: webmail.inode.at with HTTP; Fri, 20 Mar 2009 xx:xx:xx +0100 (CET)
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
- kjz
Immer wieder dieselben Schwarzhüte:
header:01: Received: from server2.badboyhost.com (ip216-239-69-247.vif.net 216.239.69.247])02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested)03: by xxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from [58.213.153.48] (helo=User) by server2.badboyhost.com with05: esmtpa (Exim 4.69) (envelope-from <robertmull0 [at] yahoo.com>) ID: [ID filtered]
IP: 58.213.153.48 ---> NANJING-PROVICE-PUBLICITY-DEPT
Post geht an:
direkt doppelt:
header:01: Received: from mail.si-sv3206.com (EHLO mail.si-sv3206.com) [67.228.189.68] by02: mx0.gmx.net (mx002) with SMTP; 20 Mar 2009 xx:xx:xx +010003: Received: from 41.174.3.243 [41.174.3.243] by mail.si-sv3206.com with SMTP;04: Fri, 20 Mar 2009 xx:xx:xx -0500
header:01: Received: from mail.si-sv3206.com (EHLO mail.si-sv3206.com) [67.228.189.68] by02: mx0.gmx.net (mx081) with SMTP; 20 Mar 2009 xx:xx:xx +010003: Received: from 41.174.3.243 [41.174.3.243] by mail.si-sv3206.com with SMTP;04: Fri, 20 Mar 2009 xx:xx:xx -0500
IP: 41.174.3.243 ---> Neotel Pty Ltd, ZA
Post geht an:
Muguphone: +27-78-2960-455 ---> MTN, ZA
header:01: Received: from mail04.syd.optusnet.com.au (mail04.syd.optusnet.com.au02: [211.29.132.185]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([59.154.25.30]) (authenticated sender05: sangub [at] optusnet.com.au) by mail04.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID: [ID06: filtered]
Post geht an:
- kjz
Und noch eine alte Bekannte (schon am 17. 3.):
Zitat:
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
header:01: Received: from mail.peoplesolutions.cc (mail.peoplesolutions.cc02: [209.3.193.155]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from User [41.221.174.107] by mail.peoplesolutions.cc with ESMTP04: (SMTPD-8.22) ID: [ID filtered]
IP: 41.221.174.107 ---> SWIFT NETWORKS, Nigeria
Post geht an:
- kjz
Auf's Neue:
header:01: Received: from smtpgate4.pacific.net.sg (smtpgate4.pacific.net.sg02: [203.120.68.34]) by xxxxx (Postfix) with SMTP ID: [ID filtered]03: Received: (qmail 32367 invoked from network); 21 Mar 2009 xx:xx:xx -000004: Received: from wm1.pacific.net.sg (HELO localhost) (contactme [at] 192.169.41.131) by05: smtpgate4.pacific.net.sg with ESMTPA; 21 Mar 2009 xx:xx:xx -000006: Received: from 192.168.0.22 (192.168.0.22 [192.168.0.22]) by07: wm1.web.pacific.net.sg (Horde MIME library) with HTTP; Sun, 22 Mar 2009 xx:xx:xx +0800
Post geht an:
header:01: Received: from smtp-gw29.mailanyone.net (smtp-gw29.mailanyone.net02: [208.70.128.55]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from mailanyone.net by smtp-gw29.mailanyone.net with esmtpa (MailAnyone05: extSMTP michael_squeo [at] centum.ca) ID: [ID filtered]
Post geht an:
- kjz
Es geschehen noch Zeichen und Wunder:
Zitat:
Thank you for your report dated 22 March 2009.
We have investigated and traced the source of the SPAM email that was relayed.
We have removed the compromised account from our network.
Abuse Response Team
PACNET
- kjzZitat:
I appreciate the information you have provided us. I have
closed the account, which you reported, in
accordance with our Terms of Use (TOU). It is a strict violation of the
TOU for our members to send objectionable or unwanted material of any
kind or nature using our service.
Einen hab' ich noch, wieder mal ein gecrackter Uni-Account:
header:01: Received: from caduceus1.gmu.edu (caduceus1.gmu.edu [129.174.0.40]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User ([97.104.31.194]) by caduceus1.gmu.edu (Sun Java System04: Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTPA ID: [ID filtered]
IP: 97.104.31.194 --> cpe-97-104-31-194.cfl.res.rr.com
Post geht an:
- kjz
neue Mugus frisch auf den Tisch:
header:01: Received: from o2.pl (host78-210-static.107-82-b.business.telecomitalia.it02: [82.107.210.78]) by spammotel.com (Postfix) with SMTP ID: [ID filtered]03: Received: from pc05 ([127.0.0.1]) by pc05 ([127.0.0.1]) with SMTPSVC;04: Mon, 23 Mar 2009 xx:xx:xx +0100
header:01: Received: from o2.pl (host78-210-static.107-82-b.business.telecomitalia.it02: [82.107.210.78]) by spammotel.com (Postfix) with SMTP ID: [ID filtered]03: Received: from pc05 ([127.0.0.1]) by pc05 ([127.0.0.1]) with SMTPSVC;04: Mon, 23 Mar 2009 xx:xx:xx +0100
Post geht an:
header:01: Received: from gatewayshoes.com.br (189-39-81-90.reverso.wideway.net.br02: [189.39.81.90]) by spammotel.com (Postfix) with ESMTP ID: [ID filtered]03: Received: from User ([125.89.161.189]) (authenticated bits=0) by04: gatewayshoes.com.br (8.12.11.20060308/8.12.11) with ESMTP ID: [ID filtered]
BrmaOutput: [125.89.161.189] ---> CHINANET Guangdong
Post geht an:
header:01: Received: from cluster-ldap.tutby.com (mail.tut.by [195.137.160.40]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from [41.219.243.26] (account au2008_82 [at] tut.by HELO User) by04: cluster-ldap.tutby.com (CommuniGate Pro SMTP 5.2.12) with ESMTPA ID: [ID filtered]
IP: 41.219.243.26 ---> dial-pool82.lg.starcomms.net, Nigeria
Post geht an:
- kjz
Hier mal wieder der notorische Dauer-Mugu (mit gecracktem Uni-Account):
header:01: Received: from jsu.ac.ir (unknown [78.39.195.23]) (using TLSv1 with cipher02: DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx (Postfix) with03: ESMTP ID: [ID filtered]04: Received: from jsu.ac.ir (jsu.ac.ir [127.0.0.1]) by jsu.ac.ir (8.14.2/8.14.2)05: with ESMTP ID: [ID filtered]
Man beachte:
X-OriginatingIP: 41.220.75.3 (zaherzade) ---> mtnngprs.com/MTN, Nigeria
Post geht an:
Und der 'Optus-Mugu':
header:01: Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au02: [211.29.132.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User (ml82.128.2.115.multilinks.com [82.128.2.115])05: (authenticated sender info.fbise [at] optusnet.com.au) by mail11.syd.optusnet.com.au06: (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
IP: 82.128.2.115 ---> Multilinks, Nigeria
Post geht an:
Muguphon:
TEL; 234 803823048 ---> MTN, Nigeria
FAX; 234 805609056 ---> Globacom, Nigeria
- kjz
Nachschub:
header:01: Received: from mail.cablecolor.hn (mail.cablecolor.hn [205.240.200.30]) by02: xxxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from [41.221.167.30] (helo=User) by mail.cablecolor.hn with esmtpa04: (Exim 4.63) (envelope-from <viviannasim27 [at] yahoo.com>) ID: [ID filtered]
IP: 41.221.167.30 ---> Swift, Nigeria
Post geht an:
header:01: Received: from c2bthomr10.btconnect.com (c2bthomr10.btconnect.com02: [213.123.20.128]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from User ([211.229.16.49]) by c2bthomr10.btconnect.com with ESMTP04: ID: [ID filtered]
IP: 211.229.16.49 ---> Kornet, KR
Post geht an:
Und hier war der Mugu zu dumm, um einen Eimer Wasser umzutreten:
So wird das natürlich nichts, wenn man nur an 'con man' denkt.... Ich korrigiere mal:Zitat:
Reply-To: <>
- kjz
Der 'Optus'-Mugu:
header:01: Received: from mail11.syd.optusnet.com.au (mail11.syd.optusnet.com.au02: [211.29.132.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from User ([59.154.25.30]) (authenticated sender Gjaramillo) by05: mail11.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
Post geht an:
Muguphon: +234-803-363-1189 ---> MTN, Nigeria
header:01: Received: from main.kbuzz.net (unknown [174.133.65.10]) (using TLSv1 with02: cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from dhcp1640.myzipnet.com ([41.202.16.40] helo=User) by05: main.kbuzz.net with esmtpa (Exim 4.69) (envelope-from <sarah [at] gmail.com>) ID: [ID06: filtered]
IP: 41.202.16.40 ---> Zipnet-Network, Ghana
Post geht an:
- kjz
Hier das 'Spiel': Guter Mugu - Böser Mugu.... Dabei sollte doch eigentlich klar sein, dass es keine guten Mugus gibt....
header:01: Received: from fallback.edevote.nl (worldwebmedia4.nl [213.193.237.69]) by02: xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from UnknownHost [203.92.57.41] by fallback.edevote.nl with SMTP;04: Fri, 27 Mar 2009 xx:xx:xx +0100
Post geht an:Zitat:
Subject: Wanring !!! Fraud
Dearest,
My name is Ruth Ruggiero, I live at 8763 Pelican Dr.La Grange IL
60525,United States.
I am one of those that executed a contract in Nigeria years ago and they
refused to pay me, I had paid over $70,000USD trying to get my payment
all to no avail.
Somebody directed me to travel down to Nigeria with all my contract
documents to meet Barrister Mat Oto who is the member of CONTRACT
PAYMENT COMMITTEE and LEGAL ADVISER to the COMMITTEE, and I contacted
him and he explained everything to me on telephone and advised me to
come down to Nigeria which I did.
He said that those contacting us through emails are fake. Then he took
me to the paying bank, which is Central Bank of Nigeria, and I am the
happiest woman on this earth because I have received my contract funds
of $8.2Million USD.
On the process of searching for my file,I saw your information on
awaiting payment list in the office of Barrister Mat Oto.Though I did
not capture all your information lest your fax number.
Am sorry contacting you late as I planed doing it as soon as I arrive
back USA.
I have been so busy because we are trying to set up a factory here with
the money we received.
So if you care,do contact Barrister Mat Oto with the information below
and just explain yourself to him as I know he is honest and humble person.
Alternatively mention my name to him he will attend to you.
Name: Barrister Mat Oto
Email:
phone number +234-1-432490123
Address: 123,Palm Avenue Palm Grove,
Lagos Nigeria.
You really have to stop your dealing with those contacting you okay
because they will dry you up until you have nothing to eat.
The only money I paid was just $8,200 for Federal Inland Revenue
Services (F.I.R.S).
So you have to take note of that. You can reach me on this telefax
number:1-208-248-3647
Thanks,
Ruth Ruggiero
Muguphon:
phone +234-1-432490123 ---> Lagos, Nigeria
fax +1-208-248-3647 ---> Time Warner Telecom Of Idaho, Llc - Id
- kjz
Und noch ein 'deutscher Mugu' aus der Mugu-Hochburg Bremen:
header:01: Received: from p57915F24.dip.t-dialin.net (EHLO mx4.hotmail.com)02: [87.145.95.36] by mx0.gmx.net (mx113) with SMTP; 27 Mar 2009 xx:xx:xx +0100
Also, AUFMERKSAMKEIT! für:Zitat:
Aufmerksamkeit.
Sehr geehrter:
Zuerst muß ich um Ihre Zuversicht in dieser Angelegenheit bitten,da
dies aufgrund der Situation als streng VERTRAULICH anzusehen ist.. Ich
erwaehne jedoch im Vorfeld, daß
eine Offerte diesen Ausmaßes selbstverstaendlich abschrecken kann. Ich
hoffe,dass dies keine Besorgnis bei ihnen erregen wird, aber ich
versichere Ihnen, daß alles seine Richtigkeit hat. Wir
haben wegen der Dringlichkeit,entschieden Sie auf dem Postwege zu
informieren.
Als Erstes moechte ich mich bei ihnen vorstellen. Mein Name is Frau
Claudia Wolfgang, ein Managerin bei der Chartered Bank England PLC. Ich
kam an ihren
Namen durch meine Suche nach eine entsprechenden Person,um eine sehr
vertrauliche Angelegenheit
abzuwickeln,die Übertragung von einer betraechtlichen Summe Geld,welches
aus einer Erbschaftstammt,zur folge haette.
Hier nun mein Vorschlag: Ein Ausländer,der verstorbene Ingenieur
Jurgen Kaufmann,ein Hollander aus Namibia, kam 1999 bei einem
Flugzeugunglueck ums Leben.Seither sind
keine Erbe ermittelt worden.Er war bis vor seinem Tode als Unternehmer
taetig.
Herr Kaufmann war unser Kunde hier bei der Chartered Bank
PLC.,England,und hatte ein
Kontoguthaben von USD$ 38,000,000 (Achtunddreißigtausend
Siebenhundertfünfzig Millionen United States Dollars),
Diese Summe liegt jetzt bei der Bank und wartet auf eine Person,die
berechtigten Anspruch darauf hat.Sollte kein Anspruchsteller gefunden
werden,geht die komplette Summe an dieRegierung von Großbritannien.
Daher haben meine Kollegen und ich beschlossen,vor Ablauf der
Frist,eineentsprechende Person zu benennen.Mit Ihrer Erlaubnis wuerden
wir Sie als Verwandten des
verstorbenen Kaufmann deklarieren, damit Sie den Anspruch in Hoehe von
USD$ 38,000,000M erhalten wuerden.Infolge
dessen koennten Sie als der Nutznießer (Verwandte der Kaufmann) dieser
Summe gelten.Die Urkunden und die Beweise zu
diesem Vorgang werde ich Ihnen selbstverstaendlich erbringen und zu
IhrerVerfuegung stellen. Wir versichern Ihnen eine 100% risikofreie
Abwicklung. Ihr Anteil wäre dann
in einem persoenlichen Gespraech zu eroertern,da wir natuerlich auch in
eigenem Interesse handeln .Ihr Anteil wäre 25% von der totalen Gange.
Falls dies fuer Sie von Interesse sein sollte,wuerde ich Sie bitten mit
uns in Kontakt zu treten.Zu diesem Zwecke senden Sie mir bitte Ihre
persönliiche Daten wie Voll
Namen, Adresse Telefon/Fax nummer und ihre vertrauliche E-mail Adresse,
damit
ich Ihnen die relevanten details dieser Offerte zukommen lassen kann:
(.uk )
Mit freundlichen Grüßen,
Claudia Wolfgang
- kjz
Wieder mal ein PHP-Skript (Horde Framework Mailer) nicht abgesichert:
header:01: Received: from mail.hosting.cybertrails.com (server-8.hosting.cybertrails.com02: [162.42.209.8]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: (qmail 19941 invoked by UID: [UID filtered]04: Received: from 82.128.34.120 ([82.128.34.120]) by 162.42.209.128 (Horde05: Framework) with HTTP; Sun, 29 Mar 2009 xx:xx:xx -0700
IP: 82.128.34.120 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
- kjz
Katherine kann es einfach nicht lassen:
header:01: Received: from shinepainting.com (s143.n16.vds2000.com [66.84.16.143]) by02: mx.kundenserver.de (node=mxeu1) with ESMTP (Nemesis) ID: [ID filtered]03: Received: from User (host-41-207-0-116.afnet.net [41.207.0.116]) (authenticated04: bits=0) by shinepainting.com (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
Man beachte:
X-Orig: host-41-207-0-116.afnet.net [41.207.0.116], CI
Post geht an:
Und noch einer:
header:01: Received: from edge1.avusa.co.za (edge1.avusa.co.za [196.44.3.100]) (using02: TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from rbkhub01.avusa.johnnic.dom (172.16.64.164) by edge1.avusa.co.za05: (172.16.64.174) with Microsoft SMTP Server (TLS) ID: [ID filtered]06: Received: from mx3.johncom.co.za (172.16.64.39) by rbkhub01.avusa.johnnic.dom07: (172.16.64.164) with Microsoft SMTP Server ID: [ID filtered]08: xx:xx:xx +020009: Received: from 196.44.1.137 (localhost [127.0.0.1]) by mx3.johncom.co.za10: (8.13.1/8.13.1) with ESMTP ID: [ID filtered]11: Received: from 62.173.54.90 (SquirrelMail authenticated user linux) by12: mx3.johncom.co.za with HTTP; Mon, 30 Mar 2009 xx:xx:xx +0200 (SAST)
IP: 62.173.54.90 ---> ipNX Nigeria Limited
Post geht an:
- kjz
Der Mugu kommt mir irgendwie auch bekannt vor, ansonsten wohl (wieder mal) ein ungenügend abgesicherter Freemailer:
header:01: Received: from mail.aiesec.net (mail.aiesec.net [195.219.234.99]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User (unknown [58.26.4.3]) by mail.aiesec.net (Postfix) with04: ESMTP ID: [ID filtered]
IP: 58.26.4.3 ---> INSTITUTE FOR HEALTH SYSTEMS RESEARCH, MY
Post geht an:
Muguphon bei altbekannter .....Company:
Direct Tel: +44 703 180 6846 ---> Magrathea Telecommunications Limited, UK
- kjz
Tja, Mugus haben's halt schwer :D, da muss man sich schon mehrfach absichern.....
header:01: Received: from EXFE02.easyxchange.co.uk (ex02.easyxchange.co.uk02: [62.233.64.253]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from User ([196.3.183.72]) by EXFE02.easyxchange.co.uk with Microsoft04: SMTPSVC(6.0.3790.1830); Tue, 31 Mar 2009 xx:xx:xx +0100
IP: 196.3.183.72 ---> Suburban telecom, Nigeria
Post geht an:
Muguphon: +34634157561 ---> Vodafone España, S.a.
- kjz
Nachschub:
header:01: Received: from swip.net (mailfe15.tele2.it [212.247.155.205]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: X-Cloudmark-Score: 0.000000 []04: X-Cloudmark-Analysis: v=1.0 c=1 a=-Ud56-JNSNEA:1005: a=UZ1+beSXdrTmeETz1XykGQ==:17 a=NiEIbLnrxaPFdmVXKhcA:906: a=94gOCdWv8_RLqvef5-wA:7 a=8qpR8FETQ1WKo0Emv6VxhpO-iEcA:407: a=qJMeZhlYfXQA:10 a=EHIbpXcMlxoA:10 a=eHyt4q1bod-lKDc7:2108: a=GUsR_muNWa9yp1QW:2109: Received: from [62.163.86.18] (account eu341021 [at] tele2.it) by mailbe01.swip.net10: (CommuniGate Pro WEBUSER 5.2.6) with HTTP ID: [ID filtered]
IP: 62.163.86.18 ---> a86018.upc-a.chello.nl
Post hätte gerne:
Muguphon: +31-643-776-188 ---> T-Mobile Netherlands B.V.
header:01: Received: from mout5.freenet.de (mout5.freenet.de [195.4.92.95]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from [195.4.92.24] (helo=14.mx.freenet.de) by mout5.freenet.de with05: esmtpa (ID: [ID filtered]06: Received: from [196.3.183.73] (port=46758 helo=User) by 14.mx.freenet.de with07: esmtpa (ID: [ID filtered]
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
- kjz
Noch 2, einen davon hatte ich schon am 31. 3. Bei der Aiesec steht anscheinend immer noch der Hosenlatz offen:
header:01: Received: from mail.aiesec.net (mail.aiesec.net [195.219.234.99]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User (unknown [58.26.4.3]) by mail.aiesec.net (Postfix) with04: ESMTP ID: [ID filtered]
IP: 58.26.4.3 ---> INSTITUTE FOR HEALTH SYSTEMS RESEARCH, MY
Post geht an:
Muguphon: +44 703 180 6846 ---> Magrathea Telecommunications Limited, UK
header:01: Received: from smtp.cyber.net.pk (smtp.cyber.net.pk [202.163.97.85]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from conversion-daemon.smtp.cyber.net.pk by smtp.cyber.net.pk (Sun Java04: System Messaging Server 6.2-4.01 (built Sep 1 2005)) ID: [ID filtered]05: Received: from mail-node.cyber.net.pk ([192.168.20.19]) by smtp.cyber.net.pk06: (Sun Java System Messaging Server 6.2-4.01 (built Sep 1 2005)) with ESMTP ID: [ID filtered]07: Received: from cyber.net.pk (mail-node.cyber.net.pk [192.168.20.19]) by08: jesmail-lh.cyber.net.pk (Sun Java System Messaging Server 6.2 (built Dec 2 2004)) with ESMTP09: ID: [ID filtered]10: Received: from [192.168.20.121] (Forwarded-For: 192.168.0.17,11: [41.204.224.17]) by jesmail-lh.cyber.net.pk (mshttpd); Thu, 02 Apr 2009 xx:xx:xx -0800
IP: 41.204.224.17 ---> DIRECTONPC-Wireless-ISP-NETBLK, Nigeria
Post geht an:
- kjz
Mugu Hochburg Bremen?
Habsch was verpasst?
So viele Internetcafes haben die dort auch nicht.
Kann ich hier vor Ort helfen?
Ich muss zugeben ein paar Jahre ausgesetzt zu haben, sowohl im Scambaiting als auch mich überhaupt mit der Materie zu befassen. Erst seit ich zum Krisenteam gehörte um unser entfürtes Schiff zurück zu bekommen bin ich wieder dabei, die Kriminalität ist mir doch etwas zu viel geworden. Die Behörden haben in diesen Jahren schließlich immer noch nichts gescheites vorangebracht.
Wenn jemand Info's hat, ich bin immer dabei...
Es wurde schon oft der Polizei z.B. eine Einwahl-IP (==>>kein Internet-Cafe!) auf dem Silbertablett geliefert. Da kommt dann immer nur der Kommentar: "nöjah, da könn wir nix machen, das ist eine straffreie Vorbereitungshandlung".
Richtige Razzien so wie in Spanien oder Amsterdam hat es m.W. in Bremen nie gegeben.
Das scheint da bisher stillschweigend geduldet zu werden.
Neuer Tag, neue Mugus:
header:01: Received: from relay3.bagan.net.mm (relay3.bagan.net.mm [203.81.162.126]) by02: xxxxx (Postfix) with SMTP ID: [ID filtered]03: Received: (qmail 13397 invoked from network); 2 Apr 2009 xx:xx:xx -000004: Received: from owm.bagan.net.mm (HELO myanmar.com.mm) (203.81.71.113) by05: relay3.bagan.net.mm with SMTP; 2 Apr 2009 xx:xx:xx -0000
Man beachte:
X-OriginatingIP: 213.185.118.245 (palmbeach) ---> VIENNA TECHNOLOGIES customer, Nigeria
Post geht an:
header:01: Received: from hpsmtp-eml16.kpnxchange.com (hpsmtp-eml16.KPNXCHANGE.COM02: [213.75.38.116]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from cpsmtp-he03.kpnxchange.com ([213.75.38.23]) by04: hpsmtp-eml16.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Apr 2009 xx:xx:xx05: +020006: Received: from User ([69.114.228.155]) by cpsmtp-he03.kpnxchange.com with07: Microsoft SMTPSVC(6.0.3790.3959); Thu, 2 Apr 2009 xx:xx:xx +0200
IP: 69.114.228.155 ---> ool-4572e49b.dyn.optonline.net
Post geht an:
Muguphon:
Phone: +234 1 473 5643 ---> Lagos, Nigeria
Fax: +234 1 473 5643
Und Anhänge gibt's auch noch:
- kjz
Wieder 3:
header:01: Received: from imc-035.imconline.net (unknown [66.155.35.253]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User [196.3.183.73] by imc-035.imconline.net with ESMTP04: (SMTPD-10.02) ID: [ID filtered]
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
Muguphon: +234 807 076 0985 ---> mobile number, Nigeria
header:01: Received: from web4312.mail.ogk.yahoo.co.jp (web4312.mail.ogk.yahoo.co.jp02: [124.83.212.92]) by xxxxx (Postfix) with SMTP ID: [ID filtered]03: Received: (qmail 12171 invoked by UID: [UID filtered]04: DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;05: s=yj20050223; d=yahoo.co.jp;06: h=Message-ID:Received:X-RocketDSI:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;07: b=ehstqcaDKp+wTWEua2Bw9Pmnb8uTvdxPJAWuFSnhlTdO9w3WlE8ZNI64DRW6XP3KDI0AFVAuh5YF9X/fmIlB3J/JuGH8p08: dW/V4pcCj0Exic7oK/ta69C3q1SMuFSzUt09: ;10: Message-ID: [ID filtered]11: Received: from [82.128.33.252] by web4312.mail.ogk.yahoo.co.jp via HTTP;12: Fri, 03 Apr 2009 xx:xx:xx JST
IP: 82.128.33.252 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
header:01: Received: from smtp2e.orange.fr (smtp2e.orange.fr [80.12.242.113]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User (ABayonne-152-1-15-156.w83-193.abo.wanadoo.fr04: [83.193.37.156]) by mwinf2e26.orange.fr (SMTP Server) with ESMTP ID: [ID filtered]
Post geht an:
- kjz
Frische Mugus:
header:01: Received: from cocboise.org (mail.cocboise.org [70.58.63.10]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User ([82.128.26.140]) by cocboise.org with Microsoft04: SMTPSVC(6.0.3790.1830); Fri, 3 Apr 2009 xx:xx:xx -0700
IP: 82.128.26.140 ---> Multilinks Telecommunications Limited, Nigeria
Post geht an:
Den Mugu gab es doch schon mal (am 2. 4. 09):
header:01: Received: from mout1.freenet.de (mout1.freenet.de [195.4.92.91]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from [195.4.92.22] (helo=12.mx.freenet.de) by mout1.freenet.de with05: esmtpa (ID: [ID filtered]06: Received: from [41.191.85.205] (port=54497 helo=User) by 12.mx.freenet.de with07: esmtpa (ID: [ID filtered]
IP: 41.191.85.205 ---> FAST COM CYBER, Benin
Post geht an:
Muguphon: +229-98-239474 ---> Benin
- kjz
Wieder der Freenet-Mugu:
header:01: Received: from mout2.freenet.de (mout2.freenet.de [195.4.92.92]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from [195.4.92.20] (helo=10.mx.freenet.de) by mout2.freenet.de with05: esmtpa (ID: [ID filtered]06: Received: from [196.3.183.73] (port=34147 helo=User) by 10.mx.freenet.de with07: esmtpa (ID: [ID filtered]
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
Und noch einer:
header:01: Received: from web-4.ars-sth.se.crystone.se (web-4.crystone.se [83.168.244.15])02: by xxxxx (Postfix) with SMTP ID: [ID filtered]03: Received: (qmail 12007 invoked by UID: [UID filtered]
Da wird im Header auch gleich noch das ungesicherte Skript genannt:
X-PHP-Script: whois:/images/mass.php for 83.229.48.149
Post geht an:
Muguphon: +44-7035912785 ---> Open Telecom International Ltd., UK
- kjz
Auf ein Neues:
header:01: Received: from mail.tnreginet.net (unknown [210.212.62.101]) by xxxxx (Postfix)02: with SMTP ID: [ID filtered]03: Received: from localhost (localhost [127.0.0.1]) by mail.tnreginet.net04: (Postfix) with ESMTP ID: [ID filtered]05: Received: from mail.tnreginet.net ([127.0.0.1]) by localhost06: (mail.tnreginet.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP ID: [ID07: filtered]08: Received: from User (mail.centera.com.au [203.59.99.26]) by mail.tnreginet.net09: (Postfix) with ESMTP ID: [ID filtered]
Post geht an:
header:01: Received: from mail.dover.k12.nh.us (mail.dover.k12.nh.us [75.147.19.92]) by02: xxxxx (Postfix) with ESMTP ID: [ID filtered]
Post geht an:
header:01: Received: from winfesmtp3.menara.local (smtp-xe3.menara.ma [196.217.246.112])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp3.menara.local04: with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Apr 2009 xx:xx:xx +0000
Post geht an:
- kjz
Frische Mugus:
header:01: Received: from p579178CD.dip.t-dialin.net (EHLO mx4.hotmail.com)02: [87.145.120.205] by mx0.gmx.net (mx085) with SMTP; 07 Apr 2009 xx:xx:xx +0200
Dieser wohl aus DE:
IP: 87.145.120.205, die Spur führt (mal wieder) nach Bremen, anscheinend die deutsche 'Mugu-Hauptstadt'.
Post bitte an:Zitat:
VON SITZ DES VIZE PRASIDENTEN
INTERNATIONALE PROMOTIOM-GEWINNZUTEILUNG
REFERENZNUMMER: ELP-25456009-ESP
BEARBEITUNGSNUMMER:ELP/25456009/AGA
OFFIZIELLE GEWINNBENACHRITIGUNG
Wir sind erfreut ihnen mitteilen zu konnen, das die gewinnliste LOTTO
PROGRAMM an 25/ 02/ 2009 erschienen ist.
Dir offizielle liste der gewinner erschien am 06/ 04/ 2009 Ihr email
wurde auf dem los mit dir nummer: 025.11464992.750 und mit der
seriennummer:2113-06 registried. Die glucksnummer: 10-16-25-41-46, haben
in der 3. kategorie gewonnen.
Sie sind damit gewinner von: EURO 615, 810,00 (SECHS HUNDERT UND
FUNFZEHN TAUSEND UND ACHTHUNDERTZEHN.) Die summe ergibt sich einer
gewinnausschuttung von EURO:16,626,870,00 (SECHZEHN MILLIONEN
SECHSHUNDERT SECHS UND ZWANZIG TAUSEND ACHT HUNDERT UND SIEBZIG) Die
summe wurde durch 27gewinnern aus der glieichen kategorie geteilt.
HERZLICHEN GLUCKWUNSCH!!!
Dir gewinn ist bei einer sicherheitsfirma hinterlegt und in ihren namen
versichert. um keine komplikationen bei der abwicklung der zahlung zu
verursachen bitten wir sie diese offizielle mitteilung , diskret zu
behandeln.,es ist ein teil unseres sicherheitsprotokolls und garantiet
ihnen einen reibunglosen Ablauf.
Alle gewinner werden per computer aus 500.000 email aus ganz europa
,asien, australien und amerika als teil unserer Internationalen
promotion programms ausgewahlt, Welches wir einmal im jahr veranstalten.
Bitte kontaktieren sie unseren auslands sachbearbeiter DON ANTONIO
ROBERT bei der sicherheitfirma SANSA SEGUROS S.L on EMAIL;
Bitte denken sie daran, jeder gewinnanspruch muss
bis zum 20/4/2009 Angemeldete sein. Jeder nicht angemeldet
Gewinnanspruch verfallt und geht zuruck an das MINISTERIO DE ECONOMIA Y
HACIENDA Bitte denken sie auch daran das 5% ihres gewinnes an die
sicherheitsfirma bilbao S.L. geht. Dir 5% sind erst nach erhalt des
gewinnes fallig da der gewinn in ihren namen versichert ist.
WICHTIG: um verzogerungen und komplikationen zu vermeiden, bitte immer
referenznummer und bearbeitungsnummer angeben. Adressanderungen bitte
immer so schell wie moglich mitteilen mit ihrer komplekt namen und
telephone number dabei Per email an die sicherheitdfirma SANSA SECURITY
COMPANY S.Lon
header:01: Received: from linux.kenosu.co.jp (unknown [210.133.119.178]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]
Post geht an:
Muguphon: +22998710577 ---> Benin
header:01: Received: from smtp2c.orange.fr (smtp2c.orange.fr [80.12.242.155]) by xxxxx02: (Postfix) with ESMTP ID: [ID filtered]03: Received: from User (c-68-41-38-253.hsd1.mi.comcast.net [68.41.38.253]) by04: mwinf2c24.orange.fr (SMTP Server) with ESMTP ID: [ID filtered]
Post geht an:
- kjz
Mugus in Hülle und Fülle, dabei auch 'alte Bekannte':
header:01: Received: from relay.aragon.es (relay.aragon.es [195.55.229.45]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from midcorreo1.dga.es (midcorreo1.dga.es [172.27.12.75]) by05: relay.aragon.es (8.13.8/8.13.8/Debian-3) with ESMTP ID: [ID filtered]
Post geht an:
Muguphon: +44-703-115-2750 ---> Easynet Group Plc, UK
header:01: Received: from rijtesten.rijtesten.be (rijtesten.colocated.redunix.net02: [78.41.207.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No03: client certificate requested) by xxxxx (Postfix) with ESMTP ID: [ID filtered]04: Received: from [210.245.85.63] (helo=User) by rijtesten.rijtesten.be with05: esmtpa (Exim 4.68) (envelope-from <Jmoore102 [at] web2mail.com>) ID: [ID filtered]
Post geht an:
>
Muguphon: +234-806-615-4068 ---> MTN, Nigeria
der 'Dauer-Mugu':
header:01: Received: from pustik.unhalu.ac.ID: [ID filtered]02: Received: from www.unhalu.ac.id (localhost [127.0.0.1]) by pustik.unhalu.ac.ID:03: [ID filtered]04: Received: from 41.220.75.3 (SquirrelMail authenticated user mukhsar) by05: www.unhalu.ac.id with HTTP; Mon, 6 Apr 2009 xx:xx:xx -0700 (PDT)
Man beachte:
IP: 41.220.75.3 ---> MTN, Nigeria
Post geht an:
Muguphon: +31 (0) 84 740 8620 ---> J2 Global (Netherlands) B.V.
der 'Freenet-Mugu':
header:01: Received: from mout4.freenet.de (mout4.freenet.de [195.4.92.94]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from [195.4.92.17] (helo=7.mx.freenet.de) by mout4.freenet.de with05: esmtpa (ID: [ID filtered]06: Received: from [68.206.46.105] (port=4430 helo=User) by 7.mx.freenet.de with07: esmtpa (ID: [ID filtered]
IP: 68.206.46.105 ---> cpe-68-206-46-105.gt.res.rr.com
Post geht an:
header:01: Received: from mx4.hotmail.com (81.199.227.197.satcom-systems.net02: [81.199.227.197]) by mx.kundenserver.de (node=mxeu0) with ESMTP (Nemesis) ID: [ID03: filtered]
IP: 81.199.227.197 ---> 81.199.227.197.satcom-systems.net (wieder mal Gilat, IL)
Post geht an:
Muguphon: +234-708-9519276 ---> Pank Shin, Nigeria
- kjz
Wieder der Freenet-Mugu:
header:01: Received: from mout1.freenet.de (mout1.freenet.de [195.4.92.91]) (using TLSv102: with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by xxxxx03: (Postfix) with ESMTP ID: [ID filtered]04: Received: from [195.4.92.12] (helo=2.mx.freenet.de) by mout1.freenet.de with05: esmtpa (ID: [ID filtered]06: Received: from [196.3.183.73] (port=52165 helo=User) by 2.mx.freenet.de with07: esmtpa (ID: [ID filtered]
IP: 196.3.183.73 ---> Suburban telecom, Nigeria
Post geht an:
Und den Mugu hatten wir auch schon am 7.4.:
header:01: Received: from winfesmtp1.menara.local (smtp-xe1.menara.ma [196.217.246.110])02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from EXVS21.menara.local ([192.168.5.54]) by winfesmtp1.menara.local04: with Microsoft SMTPSVC(6.0.3790.1830); Fri, 10 Apr 2009 xx:xx:xx +0000
Post geht an:
Muguphon: +229-98-34-98-33 ---> Benin
header:01: Received: from hpsmtp-eml15.kpnxchange.com (hpsmtp-eml15.KPNXCHANGE.COM02: [213.75.38.115]) by xxxxx (Postfix) with ESMTP ID: [ID filtered]03: Received: from cpsmtp-he02.kpnxchange.com ([213.75.38.22]) by04: hpsmtp-eml15.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959);Thu, 9 Apr 2009 xx:xx:xx05: +020006: Received: from User ([82.93.33.87]) by cpsmtp-he02.kpnxchange.com with07: Microsoft SMTPSVC(6.0.3790.3959); Thu, 9 Apr 2009 xx:xx:xx +0200
IP: 82.93.33.87 ---> a82-93-33-87.adsl.xs4all.nl
Post geht an:
- kjz
Interessante Beobachtung:
Zunächst der normale Mugu Spam:
header:01: Received: from monmonki.com (EHLO monmonki.com) [216.70.123.107] by mx0.gmx.net02: (mx066) with SMTP; 10 Apr 2009 xx:xx:xx +020003: Received: (qmail 17445 invoked from network); 2 Apr 2009 xx:xx:xx +080004: Received: from unknown (HELO User) (41.210.36.38) by monmonki.com with SMTP; 2 Apr 200905: xx:xx:xx +0800
IP: 41.210.36.38 ---> Ghana Telecom ADSL
Man schaue aufs Whois: whois:
Dort ist als Ansprechpartner genannt:
M. K. N.
Also eine Beschwerde an Ghanatel. Was bekomme ich kurz darauf zurück:
header:01: Received: from smxhq901.ghanatel.com.gh (EHLO smxhq901.ghanatel.com.gh)02: [80.87.64.5] by mx0.gmx.net (mx020) with SMTP; 10 Apr 2009 xx:xx:xx +020003: Received: from mnfodzo by smxhq901.ghanatel.com.gh with local (Exim 4.69)04: (envelope-from <mnfodzo [at] smxhq901.ghanatel.com.gh>) ID: [ID filtered]
Also von besagtem .
Interessant jetzt der Inhalt der Mail:
Also wird meine Beschwerde über Mugu-Spam mit einem weiteren Mugu-Spam beantwortet. Lässt für mich nur einen Schluss zu: Ghanatel scheint ein so korrupter Sumpf zu sein, dass hier die Spammer direkt in der Telco (also an der Quelle) sitzen. Und 'Katherine' ist hier im Thread ja nur allzu gut als 'Mugu-Skript' bekannt.Zitat:
Hello,
I will not be reading my mail for a while.
Your mail regarding 'Please stop this 419/advance fee fraud scammer!
spammers mail dropbox at: ,
' will be read when I return.
AM MRS KATE MARCUS ,I AM A BUSINESS OWNER I HAVE WILL MY OIL
COMPANY,INCLUDING THE
SUM OF 100 MILLION DOLLARS ($100000000) AND MY INVESTMENT TO YOU. I WOULD
LIKE YOU TO
CONTACT MY ATTORNEY TO THAT EFFECT.HIS NAME IS BARRISTER JOHN WHITE. HE WILL
GUIDE YOU
ON WHATEVER YOU NEED TO INHERIT THE COMPANY AND CLAIM THE MONEY.YOU CAN
REACH
HIM ON
() HERE IS HIS PHONE NUMBER
+2348051063348. I
AM GOING
FOR AN OPERATION AND I DON'T KNOW IF I CAN MAKE IT DUE TO MY MEDICAL
Deshalb bitte Post an:
Muguphon: +2348051063348 ---> Globacom, Nigeria
Wobei whois: (i.e. Globacom) im Whois auch noch eine nicht funktionierende Emailadresse hat. Mit anderen Worten: viele 'ISPs' in Afrika scheinen ganz dick im Mugu-Geschäft als Helfershelfer mit drinzustecken. 'Hilfe' sollte man von dieser Seite also keine erwarten.
- kjz