API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 22nd, 2017
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.92 KB | None | 0 0
raw download clone embed print report
  1. Received: from EXCHPAPP07.corp.twcable.com (10.64.163.148) by
  2. EXCHPAPP04.corp.twcable.com (10.64.163.145) with Microsoft SMTP Server (TLS)
  3. id 15.0.1178.4 via Mailbox Transport; Tue, 27 Dec 2016 11:07:50 -0500
  4. Received: from EXCHPAPP12.corp.twcable.com (10.64.163.153) by
  5. exchpapp07.corp.twcable.com (10.64.163.148) with Microsoft SMTP Server (TLS)
  6. id 15.0.1178.4; Tue, 27 Dec 2016 11:07:50 -0500
  7. Received: from cdpipgw01.twcable.com (165.237.59.22) by
  8. EXCHPAPP12.corp.twcable.com (10.64.163.153) with Microsoft SMTP Server id
  9. 15.0.1178.4 via Frontend Transport; Tue, 27 Dec 2016 11:07:50 -0500
  10. X-SENDER-IP: 107.14.64.159
  11. X-SENDER-REPUTATION: 2.5
  12. IronPort-PHdr: =?us-ascii?q?9a23=3ArK7Ixh2bZMDFf6j4smDT+DRfVm0co7zxezQtwd8Z?=
  13. =?us-ascii?q?se0WKfad9pjvdHbS+e9qxAeQG96Kt7Qc06GI6ejJYi8p2d65qncMcZhBBVcuqP?=
  14. =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?=
  15. =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMizexe69+IAm5oQjQqMUdnJdvJLs2xhbVuHVDZv?=
  16. =?us-ascii?q?5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnM?=
  17. =?us-ascii?q?URGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LptRRT1ii?=
  18. =?us-ascii?q?kIKiQ5/XnJhMJwgqxVvQmsqwBjz4LIfI2ZKOZycr/bcNgHRWRBRMFRVylZD4O9?=
  19. =?us-ascii?q?aYsPAe0BPf1GoIbhvlcOqxy+BROyC+P3zj9JhmT70rEg3OQlDQHJwhAvH9IUvH?=
  20. =?us-ascii?q?vKsdr1KaEfWv22wqnQ1TjPcu9a1DXn5ITVfR0tu/CBUL1qfcbMyUQiExvJgkie?=
  21. =?us-ascii?q?pID4JT+ZyPkBvmiB4+Z+Wu+jlXQrpg51rzWp28wikJPGhpgPxVDB7Sh5wJg6Jd?=
  22. =?us-ascii?q?m/SENjfNGkFoVQtzuGOItxW88iW2ZouD0myr0Dtp+3YDUGxI45yB7acfOHcoyI?=
  23. =?us-ascii?q?7gj5VOaLOzt3mHVleLenixaz90iv1PH8W9Gp3FpWrCdJiMTAu38X2xHS5cWLUO?=
  24. =?us-ascii?q?Zx80el1DqX0gDc8OBEIUQ6larBLJ4hx6Y9lpsVsUTNGS/2g1v5g7OPekUi/eio?=
  25. =?us-ascii?q?8froYq3ipp6cLIJ7lhvxMqAymsOhHes4MhICUHaG9uShzLHj51H2QK1Wjv0qla?=
  26. =?us-ascii?q?nUqIrVKt8Gpq6iHQBYyYAj5AujADu8ytQYh2MLI05CeBKC3MDVPATHKu3jAN+l?=
  27. =?us-ascii?q?mRKnlzI46erBO+jgBJvKNXXI1bHmZ7tl7190wwM30d1U59RZBqxSc7rIRkbtuY?=
  28. =?us-ascii?q?mAXVcCOAuuzrO/BQ=3D=3D?=
  29. X-IronPort-Anti-Spam-Filtered: true
  30. X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AmAwCfkGJYfZ9ADmtdHAEBBAEBCgEBF?=
  31. =?us-ascii?q?wEBBAEBCgEBgwwBAQEBAX6BDI5EmDwBkj6CCgEeA4YAgVRBEgEBAQEBAQEBAQE?=
  32. =?us-ascii?q?BEgEBCRYJTYIzGIJidzAEXQSIcAWcHpIlh3sGgm4BAQgBAQEBAQEiiFKDKxSDb?=
  33. =?us-ascii?q?0CCZYIXGQWGZgGJG4p7ggyESIpeDYF1UYQ4gxiGQI4vhA8mDIYvgU9RiFcBAQE?=
  34. X-IPAS-Result: =?us-ascii?q?A0AmAwCfkGJYfZ9ADmtdHAEBBAEBCgEBFwEBBAEBCgEBgww?=
  35. =?us-ascii?q?BAQEBAX6BDI5EmDwBkj6CCgEeA4YAgVRBEgEBAQEBAQEBAQEBEgEBCRYJTYIzG?=
  36. =?us-ascii?q?IJidzAEXQSIcAWcHpIlh3sGgm4BAQgBAQEBAQEiiFKDKxSDb0CCZYIXGQWGZgG?=
  37. =?us-ascii?q?JG4p7ggyESIpeDYF1UYQ4gxiGQI4vhA8mDIYvgU9RiFcBAQE?=
  38. X-IronPort-AV: E=Sophos;i="5.33,417,1477972800";
  39. d="scan'208";a="1479571892"
  40. X-ALLOW-LIST: Sender email address is on the allow list
  41. Received: from dnvrco-postmx01.email.rr.com ([107.14.64.159])
  42. by cdpipgw01.twcable.com with ESMTP; 27 Dec 2016 11:02:21 -0500
  43. Received: by dnvrco-postmx01.email.rr.com (Postfix)
  44. id 78CC312523F9; Tue, 27 Dec 2016 16:07:49 +0000 (UTC)
  45. Delivered-To: newabuseaddress@dnvrco-postmx01.email.rr.com
  46. Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu [131.215.239.19])
  47. by dnvrco-postmx01.email.rr.com (Postfix) with ESMTP id 6D51312523E0
  48. for <abuse@rr.com>; Tue, 27 Dec 2016 16:07:49 +0000 (UTC)
  49. Received: from smtp02.caltech.edu (localhost [127.0.0.1])
  50. by smtp02.caltech.edu (Postfix) with ESMTP id 0A9536C0619
  51. for <abuse@rr.com>; Tue, 27 Dec 2016 08:07:49 -0800 (PST)
  52. X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new
  53. Received: from v-is-server2.is.caltech.edu (is-charta2.is.caltech.edu [131.215.242.49])
  54. by smtp-server.its.caltech.edu (Postfix) with ESMTP id AAE1E6C0E9C
  55. for <abuse@rr.com>; Tue, 27 Dec 2016 08:07:47 -0800 (PST)
  56. To: <abuse@rr.com>
  57. From: <infosec-noreply@caltech.edu>
  58. Date: Tue, 27 Dec 2016 08:07:47 -0800
  59. Subject: 107.147.230.220 blocked at caltech.edu
  60. Message-ID: <20161227160748.AAE1E6C0E9C@smtp02.caltech.edu>
  61. Return-Path: infosec-noreply@caltech.edu
  62. Content-Type: text/plain
  63. X-MS-Exchange-Organization-Network-Message-Id: 4100d9a2-4b18-42ae-2612-08d42e7281f7
  64. X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
  65. X-TM-AS-Product-Ver: SMEX-11.0.0.1191-8.000.1202-22786.005
  66. X-TM-AS-Result: No--5.474800-8.000000-31
  67. X-TM-AS-User-Approved-Sender: No
  68. X-TM-AS-User-Blocked-Sender: No
  69. X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXyGDz;1311900;0;This mail has
  70. been scanned by Trend Micro ScanMail for Microsoft Exchange;
  71. X-MS-Exchange-Organization-SCL: 0
  72. X-MS-Exchange-Organization-AuthSource: exchpapp12.corp.twcable.com
  73. X-MS-Exchange-Organization-AuthAs: Anonymous
  74. MIME-Version: 1.0
  75.  
  76.  
  77. 107.147.230.220 was observed probing caltech.edu for security holes. It
  78. has been blocked at our border routers. It may be compromised.
  79.  
  80. For more info contact security@caltech.edu
  81. Please include the entire subject line of the original message
  82.  
  83. Greg
  84.  
  85. (time zone of log is PST, which is UTC-0800, date is MMDD)
  86. log entries are from Cisco netflow, time is flow start time
  87. date time srcIP srcPort dstIP dstPort flags proto #pkts
  88. 2016-12-27 04:11:52.353 107.147.230.220 46332 131.215.178.193 22 ....S. 6 1
  89. 2016-12-27 04:18:22.463 107.147.230.220 46332 134.4.80.228 22 ....S. 6 2
  90. 2016-12-27 04:20:27.527 107.147.230.220 46332 131.215.204.213 22 ....S. 6 1
  91. 2016-12-27 04:22:58.447 107.147.230.220 46332 131.215.141.83 22 ....S. 6 1
  92. 2016-12-27 04:25:29.420 107.147.230.220 46332 134.4.30.141 22 ....S. 6 2
  93. 2016-12-27 04:52:58.595 107.147.230.220 46332 131.215.195.112 22 ....S. 6 1
  94. 2016-12-27 05:02:04.633 107.147.230.220 46332 134.4.116.233 22 ....S. 6 2
  95. 2016-12-27 05:09:21.405 107.147.230.220 46332 134.4.173.17 22 ....S. 6 2
  96. 2016-12-27 05:30:18.457 107.147.230.220 46332 131.215.171.218 22 ....S. 6 1
  97. 2016-12-27 05:35:59.479 107.147.230.220 46332 134.4.96.236 22 ....S. 6 1
  98. 2016-12-27 05:43:40.387 107.147.230.220 46332 134.4.71.2 22 ....S. 6 2
  99. 2016-12-27 06:03:00.430 107.147.230.220 46332 134.4.181.201 22 ....S. 6 2
  100. 2016-12-27 06:08:28.416 107.147.230.220 46332 134.4.53.57 22 ....S. 6 2
  101. 2016-12-27 06:09:17.470 107.147.230.220 46332 131.215.99.227 22 ....S. 6 1
  102. 2016-12-27 06:09:21.418 107.147.230.220 46332 131.215.254.164 22 ....S. 6 1
  103. 2016-12-27 06:11:04.435 107.147.230.220 46332 134.4.242.95 22 ....S. 6 2
  104. 2016-12-27 06:16:33.535 107.147.230.220 46332 192.12.19.208 22 ....S. 6 1
  105. 2016-12-27 06:18:31.553 107.147.230.220 46332 134.4.73.46 22 ....S. 6 2
  106. 2016-12-27 06:28:11.380 107.147.230.220 46332 131.215.152.166 22 ....S. 6 1
  107. 2016-12-27 06:38:29.274 107.147.230.220 46332 134.4.145.149 22 ....S. 6 2
  108.  
  109.  
  110. contact info from:
  111. spamcop hosttracker
  112. whois
  113. contact: abuse@rr.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!