header:
01: Return-Path: <myaccount [at] spectrumemails.com>
02: Received: from mailin81.aul.t-online.de ([172.20.26.81])
03: by ehead20b14.aul.t-online.de with LMTP
04: ID: [ID filtered]
05: (envelope-from <poor [at] spamvictim.tld>); Mon, 02 May 2022 xx:xx:xx +0200
06: Received: from mail105.syd.optusnet.com.au ([211.29.132.249]) by
07: mailin81.mgt.mul.t-online.de
08: with esmtp ID: [ID filtered]
09: Received: from WIN-OUIPN1NC171.shape.host (ciw-web4.tidmodel.telstra.net
10: [203.50.253.53])
11: (Authenticated sender: poor [at] spamvictim.tld)
12: by mail105.syd.optusnet.com.au (Postfix) with ESMTPA ID: [ID filtered]
13: Tue, 3 May 2022 xx:xx:xx +1000 (AEST)
14: Content-Type: multipart/alternative; boundary="===============1044733356=="
15: MIME-Version: 1.0
16: Subject: =?utf-8?q?Ihr_Zugang_ist_vor=C3=BCbergehend_gesperrt?=
17: To: Recipients <poor [at] spamvictim.tld>
18: From: Host Europe GmbH <myaccount [at] spectrumemails.com>
19: Date: Mon, 02 May 2022 xx:xx:xx -0700
20: X-Optus-CM-Score: 0
21: X-Optus-CM-Analysis: v=2.4 cv=deDjYVbe c=1 sm=1 tr=0 ts=62703eb3
22: a=3KJYnV8KojGluO7pWAoLZQ==:117 a=3KJYnV8KojGluO7pWAoLZQ==:17
23: a=HpEJnUlJZJkA:10 a=5KLPUuaC_9wA:10 a=KXl77lDgDEgIEtoqJYcA:9
24: a=gDBIIvuRdt1X9CASW1EA:9 a=wPNLvfGTeEIA:10 a=3g80flMcAAAA:8
25: a=RCxIoAcXAAAA:8 a=ETLqmzZGKBA20mnSudwA:9 a=K7Qi5jMp8WhK4QBb:21
26: a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=O23WzTs1fjcA:10
27: a=0OyK1hNxjygyYUz0MvAA:9 a=xI_05mhQC0MPknte:18 a=HXjIzolwW10A:10
28: a=ZY0vaN7bXGUhaO5WUBe7:22
29: X-TOI-VIRUSSCAN: unchecked
30: X-TOI-EXPURGATEID: [ID filtered]
31: X-TOI-MSGID: [ID filtered]
32: X-ENVELOPE-TO: <poor [at] spamvictim.tld>
33: You will not see this in a MIME-aware mail reader.
34: --===============1044733356==
35: Content-Type: text/plain; charset="iso-8859-1"
36: MIME-Version: 1.0
37: Content-Transfer-Encoding: quoted-printable
38: Content-Description: Mail message body
39: =
40: =20
41: --===============1044733356==
42: Content-Type: multipart/related; boundary="===============1459375470=="
43: MIME-Version: 1.0
44: --===============1459375470==
45: Content-Type: text/html; charset="iso-8859-1"
46: MIME-Version: 1.0
47: Content-Transfer-Encoding: quoted-printable
48: Content-Description: Mail message body
49: <HTML><head>
50: <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-885=
51: 9-1" />
52: <title>Your Recent Bank of the West Experience</title>
53: <style type=3D"text/css">
54: /* Take care of image borders and formatting */
55: img { max-width:100% !important; outline:none; text-decoration:none; -m=
56: s-interpolation-mode: bicubic; }
57: a img { border:none; }
58: /* Responsive Styles*/
59: @media only screen and (max-width:600px){
60: /* set column image maximum width for mobile screens */
61: img[class=3D"columnImage"]{ height:auto !important; max-width:280px !=
62: important; width:100% !important; }
63: table[id=3D"emailContainer"]{ width:100% !important; }
64: table[class=3D"mobileButton"] { width:60% !important; }
65: }
66: p {
67: margin: 0;
68: }
69: .multipleChoiceLinkContainer a {
70: color: #00925B;
71: text-decoration: none;
72: }
73: .ratingGridLinkContainer a {
74: color: #00925B;
75: text-decoration: none;
76: }
77: </style>
78: <style type=3D"text/css">
79: @media only screen and (max-device-width : 667px){
80: .ratingGridRadioContainerCell {
81: padding: 0px 5px !important;
82: }
83: .ratingGridRadioContainer {
84: width: 20px !important;
85: height: 20px !important;
86: }
87: }
88: </style>
89: <link href=3D"https://fonts.googleapis.com/css2?family=3DRoboto:wght [at] 300;40=
90: 0&display=3Dswap" rel=3D"stylesheet">
91: </head>
Diese Mail kam soeben hier an. Im Spam-Ordner wird kein Text und kein Anhang angezeigt. Es scheint eine 95 kB große .png-Datei angehängt gewesen zu sein. Um an den Header heranzukommen, speicherte ich sie. Der Virenscanner schlug an. Mit einem Hex-Editor kam ich an den Header heran.

Bei Host Europe habe ich natürlich kein Konto.

Weg mit der Mail, bevor sie doch irgendwie Schaden anrichtet!