Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Suspect emails and Avasin 14
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Suspect emails and Avasin 14
Suspect emails and Avasin 14
29-03-2012 7:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
A relative and I are both Plusnetters. I have received a message purporting to be from his Hotmail account.
It looks like a Spam or similar message even though it has gone through PN checkers and my AVG.
Is PN's Spam check failing?
It looks like a Spam or similar message even though it has gone through PN checkers and my AVG.
Is PN's Spam check failing?
From - Thu Mar 29 19:06:14 2012
X-Account-Key: account1
X-UIDL: UID3513-1215182652
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-path: <ba****an@hotmail.co.uk>
Envelope-to: go***n@ge***u.plus.com
Delivery-date: Thu, 29 Mar 2012 17:28:48 +0100
Received: from [212.159.9.108] (helo=avasin14.plus.net)
by inmx16.plus.net with esmtp (PlusNet MXCore v2.00) id 1SDIDQ-0008EB-FK
for go***n@ge***u.plus.com; Thu, 29 Mar 2012 17:28:48 +0100
Received: from blu0-omc1-s12.blu0.hotmail.com ([65.55.116.23])
by avasin14.plus.net with Plusnet Cloudmark Gateway
id rUUl1i00A0WMjQp01UUoWB; Thu, 29 Mar 2012 17:28:48 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=GLGK45xK c=1 sm=1 a=atrOReL0qIvrErWvimfC0g==:17
a=qoIZvz38YFYA:10 a=ydry2IkHkR4A:10 a=R6UODsCMFFgA:10 a=ecXdFOLGAAAA:8
a=EBOSESyhAAAA:8 a=QQA-oEH5oLoCTFvmAd0A:9 a=w31CQc5T5CT1IL9lxDsA:7
a=wPNLvfGTeEIA:10 a=nglqkvrNVMfQ69sFy66j0Q==:117
Received: from BLU0-SMTP149 ([65.55.116.7]) by blu0-omc1-s12.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 29 Mar 2012 09:28:45 -0700
X-Originating-IP: [190.188.57.22]
X-Originating-Email: [ba***an@hotmail.co.uk]
Message-ID: <BLU0-SMTP1490C704CAFCD407224D57D8F480@phx.gbl>
Received: from [192.168.1.1] ([190.188.57.22]) by BLU0-SMTP149.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 29 Mar 2012 09:28:44 -0700
From: b***n ne**an <ba***an@hotmail.co.uk>
Date: Thu, 29 Mar 2012 13:28:43 +0000
To: go***n@ge***u.plus.com
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="------------49d37fb3861a533b40412bcd"
X-OriginalArrivalTime: 29 Mar 2012 16:28:44.0691 (UTC) FILETIME=[029AF630:01CD0DC9]
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: incredible
X-Antivirus: AVG for E-mail 2012.0.1913 [2114/4902]
X-AVG-ID: ID337E0E70-36F6A20C
--------------49d37fb3861a533b40412bcd
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
<b><span style="font-size: 26pt;">
<a alt="4xws98v6wx8cxrmduzx
3su0u5s6qzc71v5hlgk6
0ttkpixnw6kx7si6f12b"
id="vaqtw6ia22b7nnff326
sxwpobztxj6m06cd3bvn"
href="x7c5wlgpeivy96.ww5.me/dd_go***n@ge***u.plus.com/k8u2
n5whpgepfvhpfl0mh3_ViewMsg" >
Click here to see the attached video</a>
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4902 - Release Date: 03/29/12
--------------49d37fb3861a533b40412bcd
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
<b><span style="font-size: 26pt;">
<a alt="4xws98v6wx8cxrmduzx
3su0u5s6qzc71v5hlgk6
0ttkpixnw6kx7si6f12b"
id="vaqtw6ia22b7nnff326
sxwpobztxj6m06cd3bvn"
href="x7c5wlgpeivy96.ww5.me/dd_go***n@ge***u.plus.com/k8u2
n5whpgepfvhpfl0mh3_ViewMsg" >
Click here to see the attached video</a>
<a></a><p class=""avgcert"" align="left" color="#000000">No virus found in this message.<br>
Checked by AVG - <a href='http://www.avg.com'>www.avg.com</a><br>
Version: 2012.0.1913 / Virus Database: 2114/4902 - Release Date: 03/29/12</p>
--------------49d37fb3861a533b40412bcd--
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 1 of 3
(1,478 Views)
2 REPLIES 2
Re: Suspect emails and Avasin 14
29-03-2012 11:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It looks like the message originated in Argentina, sent to hotmail over a TLS (Transport Layer Security) protected connection. I think this implies the originator must have logged into the hotmail account. Has your relative's hotmail account been hacked?
As for the Plusnet Cloudmarks not picking it up as spam, obviously the content doesn't look sufficiently suspicious (to a machine) and the originating server should be reputable. I assume the Hotmail server took the same view since it didn't refuse to send it.
As for the Plusnet Cloudmarks not picking it up as spam, obviously the content doesn't look sufficiently suspicious (to a machine) and the originating server should be reputable. I assume the Hotmail server took the same view since it didn't refuse to send it.
David
Message 2 of 3
(377 Views)
Re: Suspect emails and Avasin 14
30-03-2012 12:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Reading through Google search results "blu0-omc1-s12.blu0.hotmail.com " looks a bit fishy,possibly suitable for black listing?
No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Message 3 of 3
(377 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page