[tor-relays] Phishy
Geoff Down
geoffdown at fastmail.net
Mon Feb 3 22:27:39 UTC 2014
Your mailserver received it from an Orange France IP 217.109.27.97 .
Before that you can't really trust the headers.
GD
>
> On 02/03/2014 10:33 PM, phrag wrote:
> > FYI: Just got this to my Tor relay mail address, with a zip file
> > attached extracting to a '.scr' win exe. Curiously routed via a .gov.uk
> > mail relay...
> >
> > GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
> >
> > MD5: dba1e52929f6ca9d1a1bf87e4ff469cf GB2546241.zip
> > MD5: fb1141494829b144b0075035022cfbb9 GB03022014.scr
> >
> > Samples available on request. Full mail headers attached.
> >
> > ==========
> >
> > From defeats871 at richszabo.com Mon Feb 03 14:06:39 2014
> > Return-path: <defeats871 at richszabo.com>
> > Received: from [217.109.27.97] (helo=WNACDHPXR)
> > Received: from mail1.bemta14.messagelabs.com by server.justinarcher.net
> > Received: from gateway-102.energis.gsi.gov.uk (HELO
> > mx.hosting-w.gsi.gov.uk) (62.25.106.208) by
> > server-10.tower-205.messagelabs.com
> > X-Env-Sender: gateway.confirmation at gateway.gov.uk
> >
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--
http://www.fastmail.fm - The way an email service should be
More information about the tor-relays
mailing list