Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Received: from EXCHPAPP07.corp.twcable.com (10.64.163.148) by
- EXCHPAPP04.corp.twcable.com (10.64.163.145) with Microsoft SMTP Server (TLS)
- id 15.0.1178.4 via Mailbox Transport; Tue, 27 Dec 2016 11:07:50 -0500
- Received: from EXCHPAPP12.corp.twcable.com (10.64.163.153) by
- exchpapp07.corp.twcable.com (10.64.163.148) with Microsoft SMTP Server (TLS)
- id 15.0.1178.4; Tue, 27 Dec 2016 11:07:50 -0500
- Received: from cdpipgw01.twcable.com (165.237.59.22) by
- EXCHPAPP12.corp.twcable.com (10.64.163.153) with Microsoft SMTP Server id
- 15.0.1178.4 via Frontend Transport; Tue, 27 Dec 2016 11:07:50 -0500
- X-SENDER-IP: 107.14.64.159
- X-SENDER-REPUTATION: 2.5
- IronPort-PHdr: =?us-ascii?q?9a23=3ArK7Ixh2bZMDFf6j4smDT+DRfVm0co7zxezQtwd8Z?=
- =?us-ascii?q?se0WKfad9pjvdHbS+e9qxAeQG96Kt7Qc06GI6ejJYi8p2d65qncMcZhBBVcuqP?=
- =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?=
- =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMizexe69+IAm5oQjQqMUdnJdvJLs2xhbVuHVDZv?=
- =?us-ascii?q?5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnM?=
- =?us-ascii?q?URGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LptRRT1ii?=
- =?us-ascii?q?kIKiQ5/XnJhMJwgqxVvQmsqwBjz4LIfI2ZKOZycr/bcNgHRWRBRMFRVylZD4O9?=
- =?us-ascii?q?aYsPAe0BPf1GoIbhvlcOqxy+BROyC+P3zj9JhmT70rEg3OQlDQHJwhAvH9IUvH?=
- =?us-ascii?q?vKsdr1KaEfWv22wqnQ1TjPcu9a1DXn5ITVfR0tu/CBUL1qfcbMyUQiExvJgkie?=
- =?us-ascii?q?pID4JT+ZyPkBvmiB4+Z+Wu+jlXQrpg51rzWp28wikJPGhpgPxVDB7Sh5wJg6Jd?=
- =?us-ascii?q?m/SENjfNGkFoVQtzuGOItxW88iW2ZouD0myr0Dtp+3YDUGxI45yB7acfOHcoyI?=
- =?us-ascii?q?7gj5VOaLOzt3mHVleLenixaz90iv1PH8W9Gp3FpWrCdJiMTAu38X2xHS5cWLUO?=
- =?us-ascii?q?Zx80el1DqX0gDc8OBEIUQ6larBLJ4hx6Y9lpsVsUTNGS/2g1v5g7OPekUi/eio?=
- =?us-ascii?q?8froYq3ipp6cLIJ7lhvxMqAymsOhHes4MhICUHaG9uShzLHj51H2QK1Wjv0qla?=
- =?us-ascii?q?nUqIrVKt8Gpq6iHQBYyYAj5AujADu8ytQYh2MLI05CeBKC3MDVPATHKu3jAN+l?=
- =?us-ascii?q?mRKnlzI46erBO+jgBJvKNXXI1bHmZ7tl7190wwM30d1U59RZBqxSc7rIRkbtuY?=
- =?us-ascii?q?mAXVcCOAuuzrO/BQ=3D=3D?=
- X-IronPort-Anti-Spam-Filtered: true
- X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AmAwCfkGJYfZ9ADmtdHAEBBAEBCgEBF?=
- =?us-ascii?q?wEBBAEBCgEBgwwBAQEBAX6BDI5EmDwBkj6CCgEeA4YAgVRBEgEBAQEBAQEBAQE?=
- =?us-ascii?q?BEgEBCRYJTYIzGIJidzAEXQSIcAWcHpIlh3sGgm4BAQgBAQEBAQEiiFKDKxSDb?=
- =?us-ascii?q?0CCZYIXGQWGZgGJG4p7ggyESIpeDYF1UYQ4gxiGQI4vhA8mDIYvgU9RiFcBAQE?=
- X-IPAS-Result: =?us-ascii?q?A0AmAwCfkGJYfZ9ADmtdHAEBBAEBCgEBFwEBBAEBCgEBgww?=
- =?us-ascii?q?BAQEBAX6BDI5EmDwBkj6CCgEeA4YAgVRBEgEBAQEBAQEBAQEBEgEBCRYJTYIzG?=
- =?us-ascii?q?IJidzAEXQSIcAWcHpIlh3sGgm4BAQgBAQEBAQEiiFKDKxSDb0CCZYIXGQWGZgG?=
- =?us-ascii?q?JG4p7ggyESIpeDYF1UYQ4gxiGQI4vhA8mDIYvgU9RiFcBAQE?=
- X-IronPort-AV: E=Sophos;i="5.33,417,1477972800";
- d="scan'208";a="1479571892"
- X-ALLOW-LIST: Sender email address is on the allow list
- Received: from dnvrco-postmx01.email.rr.com ([107.14.64.159])
- by cdpipgw01.twcable.com with ESMTP; 27 Dec 2016 11:02:21 -0500
- Received: by dnvrco-postmx01.email.rr.com (Postfix)
- id 78CC312523F9; Tue, 27 Dec 2016 16:07:49 +0000 (UTC)
- Delivered-To: newabuseaddress@dnvrco-postmx01.email.rr.com
- Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19])
- by dnvrco-postmx01.email.rr.com (Postfix) with ESMTP id 6D51312523E0
- for <abuse@rr.com>; Tue, 27 Dec 2016 16:07:49 +0000 (UTC)
- Received: from smtp02.caltech.edu (localhost [127.0.0.1])
- by smtp02.caltech.edu (Postfix) with ESMTP id 0A9536C0619
- for <abuse@rr.com>; Tue, 27 Dec 2016 08:07:49 -0800 (PST)
- X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new
- Received: from v-is-server2.is.caltech.edu (is-charta2.is.caltech.edu [131.215.242.49])
- by smtp-server.its.caltech.edu (Postfix) with ESMTP id AAE1E6C0E9C
- for <abuse@rr.com>; Tue, 27 Dec 2016 08:07:47 -0800 (PST)
- To: <abuse@rr.com>
- From: <infosec-noreply@caltech.edu>
- Date: Tue, 27 Dec 2016 08:07:47 -0800
- Subject: 107.147.230.220 blocked at caltech.edu
- Message-ID: <20161227160748.AAE1E6C0E9C@smtp02.caltech.edu>
- Return-Path: infosec-noreply@caltech.edu
- Content-Type: text/plain
- X-MS-Exchange-Organization-Network-Message-Id: 4100d9a2-4b18-42ae-2612-08d42e7281f7
- X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
- X-TM-AS-Product-Ver: SMEX-11.0.0.1191-8.000.1202-22786.005
- X-TM-AS-Result: No--5.474800-8.000000-31
- X-TM-AS-User-Approved-Sender: No
- X-TM-AS-User-Blocked-Sender: No
- X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXyGDz;1311900;0;This mail has
- been scanned by Trend Micro ScanMail for Microsoft Exchange;
- X-MS-Exchange-Organization-SCL: 0
- X-MS-Exchange-Organization-AuthSource: exchpapp12.corp.twcable.com
- X-MS-Exchange-Organization-AuthAs: Anonymous
- MIME-Version: 1.0
- 107.147.230.220 was observed probing caltech.edu for security holes. It
- has been blocked at our border routers. It may be compromised.
- For more info contact security@caltech.edu
- Please include the entire subject line of the original message
- Greg
- (time zone of log is PST, which is UTC-0800, date is MMDD)
- log entries are from Cisco netflow, time is flow start time
- date time srcIP srcPort dstIP dstPort flags proto #pkts
- 2016-12-27 04:11:52.353 107.147.230.220 46332 131.215.178.193 22 ....S. 6 1
- 2016-12-27 04:18:22.463 107.147.230.220 46332 134.4.80.228 22 ....S. 6 2
- 2016-12-27 04:20:27.527 107.147.230.220 46332 131.215.204.213 22 ....S. 6 1
- 2016-12-27 04:22:58.447 107.147.230.220 46332 131.215.141.83 22 ....S. 6 1
- 2016-12-27 04:25:29.420 107.147.230.220 46332 134.4.30.141 22 ....S. 6 2
- 2016-12-27 04:52:58.595 107.147.230.220 46332 131.215.195.112 22 ....S. 6 1
- 2016-12-27 05:02:04.633 107.147.230.220 46332 134.4.116.233 22 ....S. 6 2
- 2016-12-27 05:09:21.405 107.147.230.220 46332 134.4.173.17 22 ....S. 6 2
- 2016-12-27 05:30:18.457 107.147.230.220 46332 131.215.171.218 22 ....S. 6 1
- 2016-12-27 05:35:59.479 107.147.230.220 46332 134.4.96.236 22 ....S. 6 1
- 2016-12-27 05:43:40.387 107.147.230.220 46332 134.4.71.2 22 ....S. 6 2
- 2016-12-27 06:03:00.430 107.147.230.220 46332 134.4.181.201 22 ....S. 6 2
- 2016-12-27 06:08:28.416 107.147.230.220 46332 134.4.53.57 22 ....S. 6 2
- 2016-12-27 06:09:17.470 107.147.230.220 46332 131.215.99.227 22 ....S. 6 1
- 2016-12-27 06:09:21.418 107.147.230.220 46332 131.215.254.164 22 ....S. 6 1
- 2016-12-27 06:11:04.435 107.147.230.220 46332 134.4.242.95 22 ....S. 6 2
- 2016-12-27 06:16:33.535 107.147.230.220 46332 192.12.19.208 22 ....S. 6 1
- 2016-12-27 06:18:31.553 107.147.230.220 46332 134.4.73.46 22 ....S. 6 2
- 2016-12-27 06:28:11.380 107.147.230.220 46332 131.215.152.166 22 ....S. 6 1
- 2016-12-27 06:38:29.274 107.147.230.220 46332 134.4.145.149 22 ....S. 6 2
- contact info from:
- spamcop hosttracker
- whois
- contact: abuse@rr.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement