Die Stornierungslinks beider Rechnungen führen zunächst zur IP-Adresse 209.191.185.195 (Internap Network Services Corporation /USA), das ist dieselbe IP-Adresse wie schon bei der letzten Spam vom 20. Januar (fatherville.com / ccc-boise.org).
Von dort geht es wie beim letzten Mal weiter zur Phishing-Domain "www.danish.co.in" (IP 216.245.216.144 / Limestone Networks, Inc. / USA) ...
Return-Path: [egoe@cpanel-01.spacedump.se]
Received: from cpanel-01.spacedump.se ([212.63.200.1]) by mx-ha.gmx.net (mxgmx006) with ESMTPS (Nemesis) id 0MfAZW-1agYxX2HsI-00OlMy for [contact@spammirr.or]; Tue, 02 Feb 2016 18:21:29 +0100
Received: from egoe by cpanel-01.spacedump.se with local (Exim 4.86) (envelope-from [egoe@cpanel-01.spacedump.se]) id 1aQef8-00052y-Ol for contact@spammirr.or; Tue, 02 Feb 2016 18:22:46 +0100
To: contact@spammirr.or
Subject: Your Invoice No. #461291893941724
From: iTunes Store [itunes357@apple467.apps277.applestore.com]
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
X-Priority: 1
Message-Id: [E1aQef8-00052y-Ol@cpanel-01.spacedump.se]
Date: Tue, 02 Feb 2016 18:22:46 +0100
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel-01.spacedump.se
X-AntiAbuse: Original Domain - spammirr.or
X-AntiAbuse: Originator/Caller UID/GID - [20024 20020] / [47 12]
X-AntiAbuse: Sender Address Domain - cpanel-01.spacedump.se
X-Get-Message-Sender-Via: cpanel-01.spacedump.se: authenticated_id: egoe/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: cpanel-01.spacedump.se: egoe
Envelope-To: [contact@spammirr.or]
------------------------------------
Return-Path: [gcstm@optim.netskiver.com]
Received: from optim.netskiver.com ([209.191.188.198]) by mx-ha.gmx.net (mxgmx101) with ESMTPS (Nemesis) id 0MgM4g-1afS5z2iFK-00NfGF for [contact@spammirr.or]; Tue, 02 Feb 2016 18:14:21 +0100
Received: from gcstm by optim.netskiver.com with local (Exim 4.86) (envelope-from [gcstm@optim.netskiver.com]) id 1aQeWx-0004Na-0r for contact@spammirr.or; Tue, 02 Feb 2016 09:14:19 -0800
To: contact@spammirr.or
Subject: Your Invoice No. #736283947391524
From: iTunes Store [itunes297@apple577.apps227.applestore.com]
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
X-Priority: 1
Message-Id: [E1aQeWx-0004Na-0r@optim.netskiver.com]
Date: Tue, 02 Feb 2016 09:14:19 -0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - optim.netskiver.com
X-AntiAbuse: Original Domain - spammirr.or
X-AntiAbuse: Originator/Caller UID/GID - [532 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - optim.netskiver.com
X-Get-Message-Sender-Via: optim.netskiver.com: authenticated_id: gcstm/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: optim.netskiver.com: gcstm
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/gcstm/public_html/paf/eb.php
X-Source-Dir: gcstm.co.uk:/public_html/paf
Envelope-To: [contact@spammirr.or]
Your Apple ID was used to buy a iOS App "Map Gps PRO 2016" from the App Store on a computer or device that had not previously been associated with your Apple ID.
Order total: $29.99
If you initiated this download, you can disregard this email. It was only sent to alert you in case you did not initiate the download yourself.
If you have not authorize this charge, log in[http://fatherville.com/q/] as soon as possible to cancel the payment!
When the payment will be canceled you will get a full refund.
Keine Kommentare:
Kommentar veröffentlichen
Hinweis: Nur ein Mitglied dieses Blogs kann Kommentare posten.