20140508

Facebook-Phisher

Ich soll meine Nachrichten auf Facebook lesen, da sie sonst gelöscht werden. Dazu soll ich einen Link anklicken, an dessen Ende wieder ein "php-script" wartet.

Sämtliche Links führen zu "http://80.240.97.222/~rdsmngr/airbags.php" in der Russischen Föderation. Die letzten Anfragen bei urlquery.net galten der url "80.240.97.222/~rdsmngr/excitations.php"

Die Seite leitet übrigens weiter zur Domain "vakjlcep.com" (IP 124.109.1.160 in Thailand).





facebook
You haven't been to Facebook for a few days, and a lot happened while you were away.
Your unread messages will be deleted soon
View messages
   
Go to Facebook
This message was sent to MeinName@gmx.de. If you don't want to receive these emails from Facebook in the future, please unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303


Return-Path: fabrik-stier@mailnet.dyndns.biz
Received: from h217-220-35-55.albacom.net ([217.220.35.55]) by mx-ha.gmx.net (mxgmx012) with ESMTP (Nemesis) id 0Lusvh-1Wr8SR03eb-0108XJ for [MeinName@gmx.de]; Thu, 08 May 2014 00:29:46 +0200
Date: Thu, 8 May 2014 00:29:46 +0000
To: "MeinName+gmx.de" [MeinName@gmx.de]
From: Facebook Updates [fabrik-stier@mailnet.dyndns.biz]
Subject: Your unread messages will be deleted soon goldenrod
Message-ID: [c85db.5f1672.c26ed@h217-220-35-55.albacom.net]
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Envelope-To: [MeinName@gmx.de]
X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;
X-GMX-Antivirus: 0 (no virus found)
X-UI-Filterresults: junk:10;V01:K0:Urt5bVg1g9c=:SmZWWsNa5y1GFRfNgl0p82DuPlIr SKUXg6v9nqQLWyKoaubE8vI8OCUxoPYid3vKEU7D5lnbY1ALRcaM+IomBfSv90w5vOfSRlaHp CqVehwtC5vtCAzy99u/j5khWKkp+UYYPI0wCoHiOWi4Ue3FkTZ2DQ5XSpefMPXv+tdg1K3lmc 9WU12kAOZxpJ1JtVMUh/cb7x7fhBOsylWGvoB1DwgpZB5DwX0eGncsMqkjr9A+mPwQnOwXVFi P2We/jfl4djmlZExS5VP0PR62sNVKz8dj5GyqLsYLITFtSiip8cwQLlGR0Ak8H0g5mGXM9sCz fAj16xlZ9b7GZnZZIuVkI4yJqSm0oowMs38NRfphh6PncyLCn/mJd3tTFc9dCXwx6cGf+BXCC 2mlYkQ1T41j7UvzQaYrqPwh9dZxK+vbkB+1+ScuEvAB6Ga23+Gw7YrXbDJ1RQd6OaYbo7MUnp 1uI6Jk6rIRQmjZkJuktt3gAO6baLv0edxHqTnkdBq+HSMIdJvAXUw99kzwoNk7xY4b2HbQ8sD Z5HWuYhIuO6JgjAUluklMz8EchtNopQfMDmNs2JkYmF7o+pSNPMSeG6GGnbso56x9D+cWVinm JnFVdHAJ7Rs57PjY3hIHJM0STeJf0il+X3v3xnP8cdbWX6pv55eNRYiZtGsAgncNi85vq107+ cuVTQ44zCNXMh2Qhu+TukGQVXvuE5JQfUIUkelehke209Cyg3jzyK+Cw90+ISnbZ9hb5q/DEu ATUDGVE/PC8jGPtCEIgWun5vkZg8bb1d9fZQVupEbwcjguiHKVz/MvM4i71nZmq22tC/xdq6p XxsNMBOrmLtA8+X/vg/ADo4X0UzgsSkp8+JibMBuT/GLu35Xdo6bUC243UlTyf1pXr2DD/3ap z7X7FE8oe9fdiuiVinlfaM1H2kCORsSYCanFEFtPY2FeTKBLuvvcQ2MigBKHgRp0TqpY0Qman y+kslrEs3ObcYsQXQm6TYDTCcMQB+n1mEA+mWsIwSL45oN00BI6VpfBEQSpdoormo9hXnV6Bi ALCzQ6/6znzU/8o/OzpcJJSIj60Cg9IT3WM4IMX5OpZz7a7TryKADDl7jgymBnISEytycTUjp q8+zTcjFZjFvctHNmXuD2SlDpAU1bSQn9yYAyI8lVneXBPUxWniHF+rkglIAh4YEq38jEqjnL exMJ00T7jr3UbNb6TFqNvY8WtglKXY+/tLAhsoKR2ygJH3nJyimqN3sCmYz0gIUsyimGMGrvi dOQwRbRPqAtT+VfisYZUvdxfx5xZeoNk9YDIMoUzBsjmnFlmQo1fdbxEGDUrOphHwNl/qZRsc pHlaKucqSfpk67DM//RYme+JOoFppThQvA5ZOblRjZy0Pzhee6a0OjDYICRCR3IFqbnhB0vQI DJs2Qv+SxHCpU55IpLMKDTdmeh5DGnqYZH4Jnp9rpIN2tziOXZefEeKLfvmXFOk9JH5QwX8R5 bA6kK9aYhSvbZpKGHJVw9K+qJTMoNlu/yinKT3wEToTKcNN56M7/dpbbHFkzvClxLEqHLymm+ D20+YAuF30DjDnnzUoBNGyNF6Q6jqHK5RfBVCg3t/x4SDUmSJs7qdamnbXUcA==
by @
Labels: ,

Keine Kommentare:

Kommentar veröffentlichen

Hinweis: Nur ein Mitglied dieses Blogs kann Kommentare posten.

Abonnieren Kommentare zum Post (Atom)