API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 21st, 2015
233
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.32 KB | None | 0 0
raw download clone embed print report
  1. Herunder er en header fra en mail sendt 18. oktober kl. 21:09
  2. Bemærk de "forkerte" tidsangivelser i de underliggende Received m.m.
  3. Det tyder på at disse linier er falske, og dermed at kilden er direkte fra serveren på 94.189.39.101
  4. ( med mindre uret på keeperen.nix01.kortermann-hosting.dk er indstillet forkert )
  5.  
  6. Best regards / med venlig hilsen
  7. Bjørn Kristensen
  8.  
  9. CSIRT.DK - TDC Koncern Sikkerhed
  10. CSIRT.DK - TDC Computer Security Incident Response Team
  11. mailto:csirt@csirt.tdc.dk
  12. Phone: +45 6665 9638
  13. Web: http://www.csirt.dk
  14.  
  15.  
  16. Return-Path: <levyd@bach.istc.kobe-u.ac.jp>
  17. Received: from nix01.kortermann-hosting.dk (nix01.kortermann-hosting.dk [94.189.39.101])
  18. by mtaig-aah03.mx.aol.com (Internet Inbound) with SMTP id E6EF470000092
  19. for <redacted>; Sun, 18 Oct 2015 15:09:24 -0400 (EDT)
  20. Received: from levyd by keeperen.nix01.kortermann-hosting.dk with local (Exim 4.39)
  21. id Wd4Z3Z-ySvqJV-Ku
  22. for redacted; Mon, 19 Oct 2015 05:24:37 +0200
  23. To: redacted@aol.com
  24. Subject: Find my strip photographs here sms me 1-240-283-43-78
  25. Message-Id: <Wd4Z3Z-ySvqJV-Ku@keeperen.nix01.kortermann-hosting.dk>
  26. From: "Markita Ringgold" <levyd@bach.istc.kobe-u.ac.jp>
  27. Date: Mon, 19 Oct 2015 05:24:37 +0200
  28. Mime-Version: 1.0
  29. Content-Type: text/html
  30. Content-Transfer-Encoding: 8bit
  31. Mime-Version: 1.0
  32. Content-Type: text/html
  33. Content-Transfer-Encoding: 8bit
  34. x-aol-global-disposition: S
  35. Authentication-Results: mx.aol.com;
  36. spf=none (aol.com: the domain bach.istc.kobe-u.ac.jp appears to have no SPF Record.) smtp.mailfrom=bach.istc.kobe-u.ac.jp;
  37. X-AOL-OVERRIDE-PIK-REASON: Y
  38. X-AOL-REROUTE: YES
  39. x-aol-sid: 3039ac1b01835623ee641e04
  40. X-AOL-IP: 94.189.39.101
  41. X-AOL-SPF: domain : bach.istc.kobe-u.ac.jp SPF : none
  42.  
  43.  
  44.  
  45. --On 15. oktober 2015 14:25 +0200 TDC CSIRT <csirt@csirt.tdc.dk> to info@kortermann-hosting.dk cc wrote:
  46.  
  47. Som aftalt.
  48. Herunder et klip fra en spam mail sendt fra 94.189.39.101 sendt 14. oktober kl. 20:03.
  49. Jeg kan se at der er en "ny" linie med
  50. Old-Return-Path: <nicolafriendi@jrshelby.com>
  51. Best regards / med venlig hilsen
  52. Bjørn Kristensen
  53. CSIRT.DK - TDC Koncern Sikkerhed
  54. CSIRT.DK - TDC Computer Security Incident Response Team
  55. mailto:csirt@csirt.tdc.dk
  56. Phone: +45 6665 9638
  57. Web: http://www.csirt.dk
  58. Received: from mxdrop143.xs4all.nl (mxdrop143.xs4all.nl [194.109.24.114]) by
  59. mxh.senderscore.net (Postfix) with ESMTP id 4F357800006 for
  60. <xs4allrec@senderscore.net>; Wed, 14 Oct 2015 12:03:34 -0600 (MDT)
  61. Received: from mxdrop143.xs4all.nl (localhost [127.0.0.1]) by
  62. mxdrop143.xs4all.nl (8.13.8/8.13.8) with ESMTP id t9EI3WL1060156
  63. (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for
  64. <xs4allrec@senderscore.net>; Wed, 14 Oct 2015 20:03:33 +0200 (CEST)
  65. (envelope-from trapspam@mxdrop143.xs4all.nl)
  66. Received: (from trapspam@localhost) by mxdrop143.xs4all.nl
  67. (8.13.8/8.13.8/Submit) id t9EI3V6t060147 for xs4allrec@senderscore.net; Wed,
  68. 14 Oct 2015 20:03:31 +0200 (CEST) (envelope-from trapspam)
  69. Old-Return-Path: <nicolafriendi@jrshelby.com>
  70. Received: from nix01.kortermann-hosting.dk (nix01.kortermann-hosting.dk
  71. [94.189.39.101]) by mxdrop143.xs4all.nl (8.13.8/8.13.8) with SMTP id
  72. t9EI3TQq060125 for <43d8dd47043223469a9ae84ad39a2205@xs4all.nl>; Wed, 14 Oct
  73. 2015 20:03:31 +0200 (CEST) (envelope-from nicolafriendi@jrshelby.com)
  74. Received: (qmail 6655 invoked by uid 50899); 14 Oct 2015 21:51:43 -0000
  75. Date: 14 Oct 2015 21:51:43 -0000
  76. Message-ID: <20151014215143.6655.qmail@poboxqi.nix01.kortermann-hosting.dk>
  77. From: "Kong" <nicolafriendi@jrshelby.com>
  78. Subject: Have a meeting with brunette Rebecca if you arent too shy text me
  79. 1.267.362.85.96
  80. Mime-Version: 1.0
  81. Content-Type: text/html
  82. X-XS4ALL-DNSBL-Checked: mxdrop143.xs4all.nl checked 94.189.39.101 against
  83. DNS blacklists
  84. X-CNFS-Analysis: v=2.1 cv=OKvapnuB c=1 sm=0 tr=0
  85. a=WkljmVdYkabdwxfqvArNOQ==:117 a=dWjRyVfzoQnp5V2rsX+FXg==:17
  86. a=LaawmEaFAAAA:8 a=5lJygRwiOn0A:10 a=JpzCfqTUAAAA:8 a=sRMj2x7ApWLmx3qTkf0A:9
  87. a=_W_S_7VecoQA:10 a=eDiX3X5HaY0A:10 a=rInBtkdg-xEA:10
  88. X-Virus-Scanned: by XS4ALL Virus Scanner
  89. X-Loop: trapspam@xs4all.nl
  90. X-Plus: 43d8dd47043223469a9ae84ad39a2205@xs4all.nl
  91. Content-Transfer-Encoding: 8bit
  92. To: 43d8dd47043223469a9ae84ad39a2205@xs4all.nl
  93. --On 7. oktober 2015 14:59 +0200 TDC CSIRT <csirt@csirt.tdc.dk> to info@kortermann-hosting.dk cc wrote:
  94. Jep, jeg sender et klip hvis der kommer noget.
  95. /Bjørn
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!