BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)
Glen A. Pearce
nanog at ve4.ca
Sun Apr 23 03:28:30 UTC 2023
Well, I eventually had a friend open the attachment on his Linux machine
and once he confirmed it was safe to open and found there was nothing
in it other than the list of IP addresses, user names and time stamps but
there were a whole bunch of addresses listed I opened the attachment in
Notepad.
All 43 IP addresses listed turned out to not be ones that are not and have
not been in use the entire time I've had the IP block.
So it's still mysterious why someone would have sent this as it appears to
not be malware but it's entirely junk information, so no reason to explain
why either the German Police or a scammer would have sent it.
Maybe the German Police used to have a server at that address for some
purpose and neglected to turn off the forward DNS when it was
decommissioned and Deutsche Telekom AG didn't remove the old
reverse DNS when they re-assigned the space to a new customer and
that new customer stood up a mail server to sent these. Though for
what purpose I'm unsure.
It's as odd as the (automatically generated) abuse E-mail I recently got
from a Spanish ISP (Comvive Servidores SL) claiming to have received
a network attack from an address that is also not in use. (Which was
one of the ones listed in this E-mail.)
Thanks to everyone that did reply with their input.
--
Glen A. Pearce
gap at ve4.ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17
More information about the NANOG
mailing list