Someone's scraping NANOG for phishing purposes again
Rich Kulawiec
rsk at gsp.org
Fri Feb 10 18:22:31 UTC 2017
On Fri, Feb 10, 2017 at 11:56:02AM -0600, Andrew Latham wrote:
> On a great many mailing lists, Suresh is spot on as this looks more like
> infected user but headers would be good.
Here are a couple recent specimens that appear to fit this pattern:
--------------------------------------------------------
Received: from route-level2.fsdata.se (route-level2.fsdata.se [89.221.252.217])
by taos.firemountain.net (8.15.1/8.14.9) with ESMTPS id v190EnHs001330
(version=TLSv1 cipher=AES128-SHA bits=128 verify=NO)
for <rsk at gsp.org>; Wed, 8 Feb 2017 19:15:01 -0500 (EST)
From: <info at onlinemarket.se>
To: Jon Lewis <jlewis at lewis.org>, jamie rishaw <j at arpa.com>,
Michael Thomas
<mike at mtcc.com>, Rich Kulawiec <rsk at gsp.org>
Subject: =?utf-8?B?d2hhdCBhIG5pY2Ugc3VycHJpc2U=?=
Date: Wed, 8 Feb 2017 19:14:20 -0500
Message-ID: <1355759249.20170209031420 at onlinemarket.se>
--------------------------------------------------------
--------------------------------------------------------
Received: from mcegress-14-lw-3.correio.biz (mcegress-14-lw-3.correio.biz [191.252.14.3])
by taos.firemountain.net (8.15.1/8.14.9) with ESMTP id v0B5dsb7001374
for <rsk at gsp.org>; Wed, 11 Jan 2017 00:40:06 -0500 (EST)
From: "Mikael Abrahamsson" <jdenoy at jdlabs.fr>
To: "John Curran" <jcurran at arin.net>,
"Paul Graydon"
<paul at paulgraydon.co.uk>,
"Rich Kulawiec" <rsk at gsp.org>, "Seth Mattinen" <sethm at rollernet.us>
Subject: =?utf-8?B?ZmFudGFzdGljIHBsYWNl?=
Date: Wed, 11 Jan 2017 01:38:43 -0400
Message-ID: <1961406061.20170111083843 at jdlabs.fr>
--------------------------------------------------------
---rsk
More information about the NANOG
mailing list