Advertisement
Guest User

Malware IT

a guest
Jan 22nd, 2019
453
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.37 KB | None | 0 0
  1. X-En-Userinfo: ⁨39708f33ab0592bfca81265a2f1bee4f:931c98230c6409dcc37fa7e93b490c27⁩
  2. Envelope-To: xxx@xxx.com
  3. Received: ⁨from phx.hn.cl by phx.hn.cl with LMTP id KAMQGilNR1xbmh0ArMImTg for <pxxx@xxx.com>; Tue, 22 Jan 2019 14:04:41 -0300⁩
  4. Received: ⁨from bosmailout10.eigbox.net ([66.96.189.10]:51357) by phx.hn.cl with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <SRS0=pjGqw0=P6=k2mechanical.com=sadia@eigbox.net>) id 1glzTZ-0088iJ-Hl for xxx@xxx.com; Tue, 22 Jan 2019 14:04:41 -0300⁩
  5. Received: ⁨from bosmailscan09.eigbox.net ([10.20.15.9]) by bosmailout10.eigbox.net with esmtp (Exim) id 1glzTN-0002y2-Nx for xxx@xxx.com; Tue, 22 Jan 2019 12:04:25 -0500⁩
  6. Received: ⁨from [10.115.3.33] (helo=bosimpout13) by bosmailscan09.eigbox.net with esmtp (Exim) id 1glzTN-0006jV-BH for xxx@xxx.com; Tue, 22 Jan 2019 12:04:25 -0500⁩
  7. Received: ⁨from bosauthsmtp12.yourhostingaccount.com ([10.20.18.12]) by bosimpout13 with id TV4M1z00c0FdZ9W01V4Qab; Tue, 22 Jan 2019 12:04:25 -0500⁩
  8. Received: ⁨from [189.162.234.233] (port=61297 helo=10.5.11.111) by bosauthsmtp12.eigbox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim) id 1glzTJ-00060f-Hq for xxx@xxx.com; Tue, 22 Jan 2019 12:04:21 -0500⁩
  9. X-Antivirus-Status: ⁨Clean⁩
  10. X-En-Sp-Dir: ⁨OUT⁩
  11. X-Spam-Report: ⁨Spam detection software, running on the system "phx.hn.cl", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Buenos días, Vea la copia de la factura original. Esta es la mejor copia que tenemos, con firma. Puede descargar la vista usando este enlace. [...] Content analysis details: (8.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 2.5 URIBL_DBL_ABUSE_MALW Contains an abused malware URL listed in the Spamhaus DBL blocklist [URIs: ploeger.ru] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 0.6 FSL_BULK_SIG Bulk signature with no Unsubscribe 0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily⁩
  12. X-Spam-Bar: ⁨++++++++⁩
  13. Return-Path: ⁨<SRS0=pjGqw0=P6=k2mechanical.com=sadia@eigbox.net>⁩
  14. Return-Path: ⁨<SRS0=pjGqw0=P6=k2mechanical.com=sadia@eigbox.net>⁩
  15. Mime-Version: ⁨1.0⁩
  16. X-En-Sp-Sq: ⁨1⁩
  17. X-En-Origip: ⁨189.162.234.233⁩
  18. ⁨<38323468362862018819.F425009A733F3D30@xxx.com>⁩
  19. Sender: ⁨Sebastián Silva <sebastian.silva@peoplenet.cl> <sadia@k2mechanical.com>⁩
  20. Dkim-Signature: ⁨v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=k2mechanical.com; s=dkim; h=Sender:Content-Type:MIME-Version:Subject: Message-ID:To:From:Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=egLvB+yDqDnuW3ymhtnAWhAQy9ICYVVXMY07ubWAWXQ=; b=cY2yae3gjtCZ2X3ycWqzyCOYqO dimoJKlltvZjW9fo/q20P0/ZQb2Ke3JbXkL3i/QM1EAUa/MElpu9n1k6n9Xt1eboVX7Ynim7TgKZK 0xOW19FMf5PLMz0z+kpfY/iNSzTc6F4e4ugRpbgKedV3XadNpJtLpUyfLPhv9YtTgSr/clLQSoNjD nlxJS8z3dRpJZc2NKjpgiLSf3hvQUF9Aq0x+43njWKK9cXz7znG9GrcyhzDKGOW3JjZ9buHNQ0YOR dPV3OdShS2fBlKCwi2jgzykaTSUdimQL03ukbcbX3/Voiy4OJRPa5z8fo1KDHg/Pwh50NJVCbrWhE ZmCIwlCQ==;⁩
  21. Delivery-Date: ⁨Tue, 22 Jan 2019 14:04:41 -0300⁩
  22. X-Spam-Score: ⁨83⁩
  23. X-Spam-Status: ⁨Yes, score=8.3⁩
  24. X-En-Orighost: ⁨unknown⁩
  25. Content-Type: ⁨multipart/mixed; boundary="----=_Part_22655_756328239.33491994923194818990"⁩
  26. X-Antivirus: ⁨avast (VPS 19012202)⁩
  27. Delivered-To: xxx@xxx.com⁩
  28. X-Spam-Flag: ⁨YES⁩
  29. X-En-Authuser: ⁨sadia@k2mechanical.com⁩
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement