[nsp-sec] Google dropbox

Helge Aksdal helge.aksdal at telenor.com
Mon Jun 13 06:09:59 EDT 2011 

Hi,

dig +short mx one.co.il
30 aspmx3.googlemail.com.
30 aspmx4.googlemail.com.
30 aspmx5.googlemail.com.
10 aspmx.l.google.com.
20 alt1.aspmx.l.google.com.
20 alt2.aspmx.l.google.com.
30 aspmx2.googlemail.com.

webtech.services at one.co.il is a Google dropbox being used in phishing e-mails, proof
below:

| Return-Path: <usedrvs at online.no>
| Received: from sv03.e.nsc.no (vip1scan.telenor.net [148.123.15.75])
| 	by mail20.nsc.no (8.14.4/8.14.4) with ESMTP id p5D7liNE000045
| 	for <xxxxxx at 7.online.no>; Mon, 13 Jun 2011 09:59:58 +0200 (MEST)
| Received: from mail28.e.nsc.no (mail28.e.nsc.no [193.213.115.28]) by sv03.nsc.no with ESMTP id BT-MMP-473289 for frivi-h at 7.online.no; Mon, 13 Jun 2011 10:00:29 +0200
| Received: (from mailuser at localhost)
| 	by mail28.nsc.no (8.14.4/8.14.4) id p5D7xvll011791
| 	for xxxxxxx at 7.online.no; Mon, 13 Jun 2011 09:59:57 +0200 (MEST)
| Received: from bb-mgwt.bigbutton.com.au (mgwt.bigbutton.com.au [203.57.68.25] (may be forged))
| 	by mail28.nsc.no (8.14.4/8.14.4) with ESMTP id p5D7xRXY009602;
| 	Mon, 13 Jun 2011 09:59:31 +0200 (MEST)
| Received: from bb-monomail.localdomain (smtp.webspider.com.au [203.57.68.1])
| 	by bb-mgwt.bigbutton.com.au (Postfix) with ESMTP id 71BA0119F41;
| 	Mon, 13 Jun 2011 17:29:26 +0930 (CST)
| Received: from User (adsl-65-42-151-201.dsl.chcgil.ameritech.net [65.42.151.201])
| 	by bb-monomail.localdomain (Postfix) with ESMTP id 8080D1C2292;
| 	Mon, 13 Jun 2011 17:57:37 +1000 (EST)
| Reply-To: <webtech.services at one.co.il>
| From: "Telenor Online Technical Support Team" <usedrvs at online.no>
| Subject: MESSAGE NO: LXMTNK
| Date: Mon, 13 Jun 2011 13:29:22 +0530
| MIME-Version: 1.0
| Content-Type: multipart/related;
| 	boundary="----=_NextPart_000_00B5_01C2A9A6.4F06A482"
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Mailer: Microsoft Outlook Express 6.00.2600.0000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
| Message-Id: <20110613075741.8080D1C2292 at bb-monomail.localdomain>
| To: undisclosed-recipients at sv03.e.nsc.no
| X-Xxroufqwki: sw=gld ver=1.2 d=0s st=ok
| X-XClient-IP-Addr: 203.57.68.25

-- 
Helge Aksdal 
Telenor

More information about the nsp-security mailing list