Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Herunder er en header fra en mail sendt 18. oktober kl. 21:09
- Bemærk de "forkerte" tidsangivelser i de underliggende Received m.m.
- Det tyder på at disse linier er falske, og dermed at kilden er direkte fra serveren på 94.189.39.101
- ( med mindre uret på keeperen.nix01.kortermann-hosting.dk er indstillet forkert )
- Best regards / med venlig hilsen
- Bjørn Kristensen
- CSIRT.DK - TDC Koncern Sikkerhed
- CSIRT.DK - TDC Computer Security Incident Response Team
- mailto:csirt@csirt.tdc.dk
- Phone: +45 6665 9638
- Web: http://www.csirt.dk
- Return-Path: <levyd@bach.istc.kobe-u.ac.jp>
- Received: from nix01.kortermann-hosting.dk (nix01.kortermann-hosting.dk [94.189.39.101])
- by mtaig-aah03.mx.aol.com (Internet Inbound) with SMTP id E6EF470000092
- for <redacted>; Sun, 18 Oct 2015 15:09:24 -0400 (EDT)
- Received: from levyd by keeperen.nix01.kortermann-hosting.dk with local (Exim 4.39)
- id Wd4Z3Z-ySvqJV-Ku
- for redacted; Mon, 19 Oct 2015 05:24:37 +0200
- To: redacted@aol.com
- Subject: Find my strip photographs here sms me 1-240-283-43-78
- Message-Id: <Wd4Z3Z-ySvqJV-Ku@keeperen.nix01.kortermann-hosting.dk>
- From: "Markita Ringgold" <levyd@bach.istc.kobe-u.ac.jp>
- Date: Mon, 19 Oct 2015 05:24:37 +0200
- Mime-Version: 1.0
- Content-Type: text/html
- Content-Transfer-Encoding: 8bit
- Mime-Version: 1.0
- Content-Type: text/html
- Content-Transfer-Encoding: 8bit
- x-aol-global-disposition: S
- Authentication-Results: mx.aol.com;
- spf=none (aol.com: the domain bach.istc.kobe-u.ac.jp appears to have no SPF Record.) smtp.mailfrom=bach.istc.kobe-u.ac.jp;
- X-AOL-OVERRIDE-PIK-REASON: Y
- X-AOL-REROUTE: YES
- x-aol-sid: 3039ac1b01835623ee641e04
- X-AOL-IP: 94.189.39.101
- X-AOL-SPF: domain : bach.istc.kobe-u.ac.jp SPF : none
- --On 15. oktober 2015 14:25 +0200 TDC CSIRT <csirt@csirt.tdc.dk> to info@kortermann-hosting.dk cc wrote:
- Som aftalt.
- Herunder et klip fra en spam mail sendt fra 94.189.39.101 sendt 14. oktober kl. 20:03.
- Jeg kan se at der er en "ny" linie med
- Old-Return-Path: <nicolafriendi@jrshelby.com>
- Best regards / med venlig hilsen
- Bjørn Kristensen
- CSIRT.DK - TDC Koncern Sikkerhed
- CSIRT.DK - TDC Computer Security Incident Response Team
- mailto:csirt@csirt.tdc.dk
- Phone: +45 6665 9638
- Web: http://www.csirt.dk
- Received: from mxdrop143.xs4all.nl (mxdrop143.xs4all.nl [194.109.24.114]) by
- mxh.senderscore.net (Postfix) with ESMTP id 4F357800006 for
- <xs4allrec@senderscore.net>; Wed, 14 Oct 2015 12:03:34 -0600 (MDT)
- Received: from mxdrop143.xs4all.nl (localhost [127.0.0.1]) by
- mxdrop143.xs4all.nl (8.13.8/8.13.8) with ESMTP id t9EI3WL1060156
- (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for
- <xs4allrec@senderscore.net>; Wed, 14 Oct 2015 20:03:33 +0200 (CEST)
- (envelope-from trapspam@mxdrop143.xs4all.nl)
- Received: (from trapspam@localhost) by mxdrop143.xs4all.nl
- (8.13.8/8.13.8/Submit) id t9EI3V6t060147 for xs4allrec@senderscore.net; Wed,
- 14 Oct 2015 20:03:31 +0200 (CEST) (envelope-from trapspam)
- Old-Return-Path: <nicolafriendi@jrshelby.com>
- Received: from nix01.kortermann-hosting.dk (nix01.kortermann-hosting.dk
- [94.189.39.101]) by mxdrop143.xs4all.nl (8.13.8/8.13.8) with SMTP id
- t9EI3TQq060125 for <43d8dd47043223469a9ae84ad39a2205@xs4all.nl>; Wed, 14 Oct
- 2015 20:03:31 +0200 (CEST) (envelope-from nicolafriendi@jrshelby.com)
- Received: (qmail 6655 invoked by uid 50899); 14 Oct 2015 21:51:43 -0000
- Date: 14 Oct 2015 21:51:43 -0000
- Message-ID: <20151014215143.6655.qmail@poboxqi.nix01.kortermann-hosting.dk>
- From: "Kong" <nicolafriendi@jrshelby.com>
- Subject: Have a meeting with brunette Rebecca if you arent too shy text me
- 1.267.362.85.96
- Mime-Version: 1.0
- Content-Type: text/html
- X-XS4ALL-DNSBL-Checked: mxdrop143.xs4all.nl checked 94.189.39.101 against
- DNS blacklists
- X-CNFS-Analysis: v=2.1 cv=OKvapnuB c=1 sm=0 tr=0
- a=WkljmVdYkabdwxfqvArNOQ==:117 a=dWjRyVfzoQnp5V2rsX+FXg==:17
- a=LaawmEaFAAAA:8 a=5lJygRwiOn0A:10 a=JpzCfqTUAAAA:8 a=sRMj2x7ApWLmx3qTkf0A:9
- a=_W_S_7VecoQA:10 a=eDiX3X5HaY0A:10 a=rInBtkdg-xEA:10
- X-Virus-Scanned: by XS4ALL Virus Scanner
- X-Loop: trapspam@xs4all.nl
- X-Plus: 43d8dd47043223469a9ae84ad39a2205@xs4all.nl
- Content-Transfer-Encoding: 8bit
- To: 43d8dd47043223469a9ae84ad39a2205@xs4all.nl
- --On 7. oktober 2015 14:59 +0200 TDC CSIRT <csirt@csirt.tdc.dk> to info@kortermann-hosting.dk cc wrote:
- Jep, jeg sender et klip hvis der kommer noget.
- /Bjørn
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement