Aus meiner nie enden wollenden Sammlung:
Hier sieht man, wie anscheinend ein und dieselbe Bande verschiedene Skripte abspult:
header:
01: Received: from 189.126.bnu.widc.com.br (EHLO neo.morus.com.br)
02: [189.126.3.105]
03: by mx0.gmx.net (mx075) with SMTP; 13 May 2010 xx:xx:xx +0200
04: Received: from static-151-204-174-85.ny325.east.verizon.net
05: ([151.204.174.85] helo=User)
06: by neo.morus.com.br with esmtpa (Exim 4.69)
07: (envelope-from <saw [at] go.com>)
08: ID: [ID filtered]
header:
01: Received: from smtp5.freeserve.com (EHLO smtp5.freeserve.com)
02: [193.252.22.152]
03: by mx0.gmx.net (mx021) with SMTP; 13 May 2010 xx:xx:xx +0200
04: Received: from smtp5.freeserve.com (localhost [127.0.0.1])
05: by mwinf3422.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
06: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
07: Received: from me-wanadoo.net (localhost [127.0.0.1])
08: by mwinf3422.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
09: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
10: Received: from me-wanadoo.net (localhost [127.0.0.1])
11: by mwinf3422.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
12: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
13: Received: from User (static-151-204-174-85.NY325.east.verizon.net
14: [151.204.174.85])
15: by mwinf3422.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
16: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
header:
01: Received: from smtp6.freeserve.com (smtp5.freeserve.com [193.252.22.151])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
04: Received: from smtp6.freeserve.com (localhost [127.0.0.1])
05: by mwinf3523.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
06: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
07: Received: from me-wanadoo.net (localhost [127.0.0.1])
08: by mwinf3523.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
09: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
10: Received: from me-wanadoo.net (localhost [127.0.0.1])
11: by mwinf3523.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
12: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
13: Received: from User (unknown [82.128.82.6])
14: by mwinf3523.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
15: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
IP: 82.128.82.6 ---> Multilinks Telecommunications Limited, Nigeria
Muguphon: +234-8028018611 ---> Celtel Nigeria Limited/Zain
header:
01: Received: from smtp6.freeserve.com (smtp5.freeserve.com [193.252.22.151])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
04: Received: from smtp6.freeserve.com (localhost [127.0.0.1])
05: by mwinf3514.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
06: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
07: Received: from me-wanadoo.net (localhost [127.0.0.1])
08: by mwinf3514.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
09: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
10: Received: from me-wanadoo.net (localhost [127.0.0.1])
11: by mwinf3514.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
12: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
13: Received: from User (mail.westfirm.com [98.22.59.13])
14: by mwinf3514.me.freeserve.com (SMTP Server) with ESMTP ID: [ID filtered]
15: Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
gecracktes SquirrelMail:
header:
01: Received: from vivosmail.intviv.com (dns2.ivivos.com [168.75.146.228])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
06: Received: (qmail 2547 invoked by UID: [UID filtered]
07: Received: from unknown (HELO mail.admagnets.com)
08: (info [at] admagnets.com@127.0.0.1)
09: by vivosmail.intviv.com with ESMTPA; 13 May 2010 xx:xx:xx -0000
10: Received: from 82.128.17.55
11: (SquirrelMail authenticated user poor [at] spamvictim.tld)
12: by mail.admagnets.com with HTTP;
13: Thu, 13 May 2010 xx:xx:xx -0400
IP: 82.128.17.55 ---> ml82.128.17.55.multilinks.com, Nigeria
header:
01: Received: from vivosmail.intviv.com (dns2.ivivos.com [168.75.146.228])
02: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
03: (No client certificate requested)
04: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
05: for xxxxx; Thu, 13 May 2010 xx:xx:xx +0200 (CEST)
06: Received: (qmail 7559 invoked by UID: [UID filtered]
07: Received: from unknown (HELO mail.admagnets.com)
08: (info [at] admagnets.com@127.0.0.1)
09: by vivosmail.intviv.com with ESMTPA; 13 May 2010 xx:xx:xx -0000
10: Received: from 82.128.17.55
11: (SquirrelMail authenticated user poor [at] spamvictim.tld)
12: by mail.admagnets.com with HTTP;
13: Thu, 13 May 2010 xx:xx:xx -0400
header:
01: Received: from mx4.hotmail.com
02: (209.72.131.216.client.static.strong14.reliablehosting.com [216.131.72.209])
03: by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
04: ID: [ID filtered]
05: xx:xx:xx +0200
header:
01: Received: from mx4.hotmail.com
02: (209.72.131.216.client.static.strong14.reliablehosting.com [216.131.72.209])
03: by mx.kundenserver.de (node=mxeu2) with ESMTP (Nemesis)
04: ID: [ID filtered]
05: xx:xx:xx +0200
header:
01: Received: from smtp27.orange.fr (smtp27.orange.fr [80.12.242.95])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Fri, 14 May 2010 xx:xx:xx +0200 (CEST)
04: Received: from me-wanadoo.net (localhost [127.0.0.1])
05: by mwinf2706.orange.fr (SMTP Server) with ESMTP ID: [ID filtered]
06: Fri, 14 May 2010 xx:xx:xx +0200 (CEST)
07: Received: from me-wanadoo.net (localhost [127.0.0.1])
08: by mwinf2706.orange.fr (SMTP Server) with ESMTP ID: [ID filtered]
09: Fri, 14 May 2010 xx:xx:xx +0200 (CEST)
10: Received: from User (ANantes-157-1-26-83.w86-214.abo.wanadoo.fr
11: [86.214.33.83])
12: by mwinf2706.orange.fr (SMTP Server) with ESMTP ID: [ID filtered]
13: Fri, 14 May 2010 xx:xx:xx +0200 (CEST)
Muguphon: +44-702-401-0706 ---> Magrathea Telecommunications Limited, UK
header:
01: Received: from mx4.hotmail.com
02: (181.38.68.68.client.static.strong-sf6.reliablehosting.com [68.68.38.181])
03: by mx.kundenserver.de (node=mxbap1) with ESMTP (Nemesis)
04: ID: [ID filtered]
05: xx:xx:xx +0200
Muguphon: +27-78-654-9088 ---> MTN, ZA
Mugufax: +27-86-6581-659 ---> premium rate number, ZA
header:
01: Received: from n5-vm0.bullet.mail.gq1.yahoo.com
02: (n5-vm0.bullet.mail.gq1.yahoo.com [67.195.8.62])
03: by xxxxx (Postfix) with SMTP ID: [ID filtered]
04: for xxxxx; Sat, 15 May 2010 xx:xx:xx +0200 (CEST)
05: Received: from [67.195.9.83] by n5.bullet.mail.gq1.yahoo.com with NNFMP;
06: 15 May 2010 xx:xx:xx -0000
07: Received: from [98.137.27.217] by t3.bullet.mail.gq1.yahoo.com with
08: NNFMP; 15 May 2010 xx:xx:xx -0000
09: Received: from [127.0.0.1] by omp127.mail.gq1.yahoo.com with NNFMP; 15
10: May 2010 xx:xx:xx -0000
11: Received: from [41.203.79.249] by web180513.mail.gq1.yahoo.com via HTTP;
12: Sat, 15 May 2010 xx:xx:xx PDT
IP: 41.203.79.249 ---> Globacom Ltd., Nigeria
Muguphon: +22999778840 ---> mobile number, Benin
header:
01: Received: from postbode01.versateladsl.be (postbode01.c.iops.be
02: [212.53.5.91])
03: (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
04: (No client certificate requested)
05: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
06: for xxxxx; Sat, 15 May 2010 xx:xx:xx +0200 (CEST)
07: Received: (qmail 3680 invoked by UID: [UID filtered]
08: Received: from unknown (HELO webmail.base.be) ([10.190.0.57])
09: (envelope-sender <poor [at] spamvictim.tld>)
10: by relay03.versateladsl.be (qmail-ldap-1.03) with SMTP
11: for < >; 14 May 2010 xx:xx:xx -0000
header:
01: Received: from aircloud.net (unknown [69.42.24.8])
02: by xxxxx (Postfix) with ESMTP ID: [ID filtered]
03: for xxxxx; Sun, 16 May 2010 xx:xx:xx +0200 (CEST)
04: Received: from User [82.128.68.186] by aircloud.net with ESMTP
05: (SMTPD32-8.13) ID: [ID filtered]
IP: 82.128.68.186 ---> Multilinks Telecommunications Limited, Nigeria
- kjz