Skip to content
Datahjelperne

Datahjelperne

Primary Menu
  • Datahjelperne Pluss
  • Artikkel
    • Artikler
    • Teknologi
    • Mobil og nettbrett
      • Mobil
        • Data tilbehør
        • Mobil tilbehør
      • Nettbrett
        • Nettbrett tilbehør
    • Nettverk
    • Foto og Video
    • App
    • Lyd og Bilde
    • Smartklokke
    • Konkurranse
    • Programvare
    • Crypto
    • Nytt
    • Kommentar
  • Svindel
    • Svindel
    • E-post svindel
    • Crypto svindel
    • Nettside svindel
    • SMS Svindel
    • Facebook svindel
    • telefon svindel
  • Min Konto
  • Om Oss
  • Tips en venn – Vinn 1 million
  • Kontakt oss
  • Home
  • Artikler
  • Artikkel
  • Er du avsender på trussel og spam mail ?

Er du avsender på trussel og spam mail ?

Jørund Heimholt 1. juni 2020

Del dette:

  • Twitter
  • Facebook
  • Skriv ut
  • Reddit
  • LinkedIn
  • Telegram
  • E-post
stephen-phillips-hostreviews-co-uk-3Mhgvrk4tjM-unsplash
Kilde bilde:

Her har jeg fått samtykke av Torbjørn Nesso til å vise hans mail som eksempel. Da han fikk mail trussel fra hackere.

Når du åpner mailen så ser det ut som mailen er sendt og motatt via hans epost adresse. For å sjekke sånne mail så har jeg spurt mange om å få en mail tilsendt som vedlegg. Videresender man mail endrer man koden og jeg får ikke vite orginal avsender.

All info jeg trenger finner jeg i epost hodet på eposten. Dette vil være gresk for mange, men jeg vil poste hele epost hodet først. Så alle kan se. Deretter blir det analysert.

Received: from VE1EUR01HT170.eop-EUR01.prod.protection.outlook.com
 (2603:10a6:7:7d::20) by HE1PR0502MB2924.eurprd05.prod.outlook.com with HTTPS
 via HE1PR0102CA0043.EURPRD01.PROD.EXCHANGELABS.COM; Sat, 19 Oct 2019 01:55:32
 +0000
Received: from VE1EUR01FT029.eop-EUR01.prod.protection.outlook.com
 (10.152.2.51) by VE1EUR01HT170.eop-EUR01.prod.protection.outlook.com
 (10.152.2.244) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2367.14; Sat, 19 Oct
 2019 01:55:31 +0000
Received: from ip103-18.dv9.com (103.200.218.18) by
 VE1EUR01FT029.mail.protection.outlook.com (10.152.2.224) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2367.14 via Frontend Transport; Sat, 19 Oct 2019 01:55:31 +0000
Received: from tathui.com (196.41.123.182-colocation.cybersmart.co.za [196.41.123.182])
	by ip103-18.dv9.com (Postfix) with ESMTPA id 8DC501887B25
	for <torbjorn_nesso@hotmail.no>; Sat, 19 Oct 2019 09:55:28 +0800 (+08)
From: "torbjorn_nesso@hotmail.no" <torbjorn_nesso@hotmail.no>
To: "torbjorn_nesso@hotmail.no" <torbjorn_nesso@hotmail.no>
Subject: Be sure to read this message! Your personal data is threatened!
Thread-Topic: Be sure to read this message! Your personal data is threatened!
Thread-Index: AQHVhiBKI6bFFKxWPkaLeqDBSWpWIQ==
Date: Sat, 19 Oct 2019 01:54:38 +0000
Message-ID: <20191019035438.EEE4A4E1EABEC322@hotmail.no>
Reply-To: "torbjorn_nesso@hotmail.no" <torbjorn_nesso@hotmail.no>
Content-Language: en-US
X-MS-Exchange-Organization-AuthSource:
 VE1EUR01FT029.eop-EUR01.prod.protection.outlook.com
X-MS-Has-Attach:
X-MS-Exchange-Organization-Network-Message-Id:
 7b18442d-8d3c-423f-7a25-08d754376c6f
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-PCL: 2
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
received-spf: Pass (protection.outlook.com: domain of tathui.com designates
 103.200.218.18 as permitted sender) receiver=protection.outlook.com;
 client-ip=103.200.218.18; helo=ip103-18.dv9.com;
x-ms-publictraffictype: Email
x-ms-exchange-organization-originalclientipaddress: 103.200.218.18
x-ms-exchange-organization-originalserveripaddress: 10.152.2.224
X-Microsoft-Antispam-Mailbox-Delivery:
 dkl:0;rwl:0;ucf:0;jmr:0;ex:1;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(1007183)(4900115)(4920090)(6367075)(4950130)(4990090)(9140004);RF:JunkEmail;
X-Message-Info:
 qoGN4b5S4ypAJXAsLuidcgEMCUTOQHot64GC3Z7DUFJt9tAA/AFbvlTGf3aLBJa5WkW1wuJ0Mze9lBuF+AWicnmxqCOckkqBV86hnLT9avhHIlj8o4mwXg+fZPwuCt/4BBSz3dX79ZErasbUmLCvH0CaR7f9ZP2/C15KFXmh7iRjYE2+594xTLGqBVIzyVte/vY+tASe7UtQvlUvKQYY0A==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
 =?iso-8859-1?Q?p1lZlnfQb3Nh3h4/DsI6IF+AaFc9kUV3iNb5K+2di6TeMtFpSd0mFbbay9?=
 =?iso-8859-1?Q?bFIoPsrlfOrozzxHkOvFhyhAS3kAQ8r0C/voJI9ejMuNWJHouxldkut6gw?=
 =?iso-8859-1?Q?3N8nKOhFptr2fDEhxXk5x6rUbRgf0HDgI5h2oGSHJiJyL2XO32+iFIJZXY?=
 =?iso-8859-1?Q?ulwQ8eFrH5pq52/16UBav4iWhGyWkmhSAfrInhr/99OAWL0Xeq6BL9Dsfx?=
 =?iso-8859-1?Q?TiORHmObtJUawegiYT1pJchLbzMyvaTeIT3sfWslRZJmkKhT71lxU+76sv?=
 =?iso-8859-1?Q?dqrT/Sm12XABRfA4KfYSuTiyA3WqEQv4jOeMJEh3P6/6clNdkAS601DAZZ?=
 =?iso-8859-1?Q?2z942ZSUF/ZhkPmZDH4wZJR9wGYYR714gMAFBdg/yqeTIlWpeUItyCneoC?=
 =?iso-8859-1?Q?tK0H1AywUZVynqsYORWMW6eqFB/o46Z8oFDVpSJOAjcuX0LwOmy+VI/GMU?=
 =?iso-8859-1?Q?3LYukZBm0secbHQ1ZMiGhe49HJYchJgC3Yj0y32g6qTpeTwC9eRADaEYiy?=
 =?iso-8859-1?Q?HJwZdEEPVYklVJcLQi1NHxlZ05nn6vthkSYaUwIQt3zHo46oBTedzpC0+R?=
 =?iso-8859-1?Q?yvq+rlW6Derd5qDR5+m3SanEyl4Ts7BtRMFJwazV+R4iWV6IUNCXDVmiIt?=
 =?iso-8859-1?Q?BiGfcqWLG7dFjW9cTaQEyiyD1rU0sQZcrOFM08PqPv2DtHyz3XW9dlgFrr?=
 =?iso-8859-1?Q?kA4kxLp/b07A6JZ5uor+yXdNJH1YdcKlChN2/fDs31eim2BCMvjKxBeW9M?=
 =?iso-8859-1?Q?PAFItSklbctg2UCImUdU+pPLjJyJhsGyvE2JRWcx59k9pYT1JLA0MdYYbh?=
 =?iso-8859-1?Q?Cta57KBP8UC2fKsaIPhYHKepys3MLccBtm2xWkhOzlP+EfY3R75EJrb8Sq?=
 =?iso-8859-1?Q?NhErEHBehdxP+uU2GEvAUX1i908ZrJr7OIQRb496kWagyMfrU2ZFK0aRWT?=
 =?iso-8859-1?Q?y+pQLwR45GC+sCMEbNBiENwQEIOYDDmpS0GYesNHdVbwQPFAOS5OHqD5Vj?=
 =?iso-8859-1?Q?hpHDMcuGZPJuxkfpUxv5dqVNxzPLhfK/WuyVYqCSYeJxYZcES1ifui/o2+?=
 =?iso-8859-1?Q?LA=3D=3D?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Nå falt sikkert mange av lasset, men det er her du kan finne opprinnelig avsender. Å lese all den koden er litt tungvint derfor så bruker jeg noen nettverktøy til å analysere koden.

Jeg lar google analyser meldingshodet. Der ser jeg av avsender adresse og ip adresse er: 196.41.123.182-colocation.cybersmart.co.za. Så utifra det jeg ser her er mailen sendt ifra ett maildomene i sørafrika. Google gir meg en enkel analyse, men jeg trenger litt mere info om mailen. Så jeg kjører mail igjennom en ny analyse på nett.

Her finner jeg samme dv9 på begge, men orginal avsender er forksjellig fra google: tathui.com 196.41.123.182. Ip adressen er lik. Til slutt sjekker jeg SPF og DKIM.

Her får jeg opp en 2 avsender mail: d@rua.agari.com og d@ruf.agari.com. Dette kan være mellomtjenere som gjør at mailen går igjennom spamfilter.

Dmark SPF og DKIM er sikkerhetssytemer som gjør at mail ikke kan forfalskes. Så har du en bedrift? Da bør du ha dette på mail løsningen din.

Så hvis SPF, Dmark og DKIM er satt på hos spammerne også. Så vil mailen mest sannsynlig gå igjennom spamssytemene.

Så hva er konklusjonen her?

  • Får du mail med deg selv som avsender. Så er mailen forfalsket, men det kan være lurt å sjekke opp.
  • Din mail konto er ikke hacket.
  • Formålet med spammail med deg selv som avsender er å skape frykt.
  • Som du ser av mail analyse så er ikke Torbjørn Nesso avsender på trussel mail.

Relatert

Continue Reading

Previous: Ikke last ned Total av og Sparav antivirus
Next: SVINDEL – Facebook bobil
  • Om Oss
  • Salgsvilkår
  • Personvernerklæring
  • Tips en venn – Vinn 1 million
Copyright © All rights reserved. | MoreNews by AF themes.
Vi bruker informasjonskapsler for å forbedre din opplevelse, analysere bruk og til markedsføring. Les mer i vår personvernerklæring, og endre innstillinger når som helst.
Personvernerklæring

Your privacy settings

We and our partners use information collected through cookies and similar technologies to improve your experience on our site, analyse how you use it and for marketing purposes. Because we respect your right to privacy, you can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. In some cases, data obtained from cookies is shared with third parties for analytics or marketing reasons. You can exercise your right to opt-out of that sharing at any time by disabling cookies.
Personvernerklæring
Allow all

Manage Consent Preferences

Necessary
Always ON
These cookies and scripts are necessary for the website to function and cannot be switched off. Theyare usually only set in response to actions made by you which amount to a request for services, suchas setting your privacy preferences, logging in or filling in forms. You can set your browser to block oralert you about these cookies, but some parts of the site will not then work. These cookies do notstore any personally identifiable information.
Analytics
These cookies and scripts allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies and scripts, we will not know when you have visited our site.
Embedded Videos
These cookies and scripts may be set through our site by external video hosting services like YouTube or Vimeo. They may be used to deliver video content on our website. It’s possible for the video provider to build a profile of your interests and show you relevant adverts on this or other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies or scripts it is possible that embedded video will not function as expected.
Google Fonts
Google Fonts is a font embedding service library. Google Fonts are stored on Google's CDN. The Google Fonts API is designed to limit the collection, storage, and use of end-user data to only what is needed to serve fonts efficiently. Use of Google Fonts API is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. This means your font requests are separate from and don't contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.
Marketing
These cookies and scripts may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies and scripts, you will experience less targeted advertising.
Facebook Advanced Matching
Facebook Advanced Matching can improve ads attribution and conversion tracking. It can help us reach better-targeted custom audiences through our ads. When possible, we will share with Facebook hashed information like your name, phone, email, or address.
Facebook CAPI
Facebook Conversion API Events (CAPI) help us better understand how you interact with our websites. They allow us to measure the impact of our ads on the website's conversions and they improve ads targeting through custom audiences. When possible, we might share with Facebook information like name, email, phone, address.
Confirm my choices Allow all
 

Laster kommentarer...