From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22452 invoked by alias); 26 Jul 2018 02:03:59 -0000 Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org Received: (qmail 22430 invoked by uid 89); 26 Jul 2018 02:03:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: Yes, score=6.1 required=5.0 tests=AWL,BAYES_50,BTC_ORG,FUZZY_BITCOIN,GIT_PATCH_2,KAM_ASCII_DIVIDERS,KAM_MXURI,KAM_SHORT,LIKELY_SPAM_BODY,MISSING_HEADERS,SPF_HELO_PASS,SPF_PASS,TVD_RCVD_SPACE_BRACKET autolearn=no version=3.3.2 spammy=hong, dissemination, advertising, Organization X-HELO: mutluit.com Received: from mutluit.com (HELO mutluit.com) (82.211.8.197) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 26 Jul 2018 02:03:52 +0000 Received: from [127.0.0.1] (s2.mutluit.com [82.211.8.197]:42362) by mutluit.com ([192.168.20.2]:50025) with ESMTP ([XMail 1.27 ESMTP Server]) id for from ; Thu, 26 Jul 2018 04:03:45 +0200 Subject: =?UTF-8?Q?Re:_Y=d0=beu'r=d0=b5_my_victim?= Cc: gcc-help@gcc.gnu.org References: <28D29B0376A28DAE72773EB256A013F9@007s.us> <5B58C26A.9080800@mutluit.com> From: "U.Mutlu" Message-ID: <5B592C00.20806@mutluit.com> Date: Thu, 26 Jul 2018 04:02:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1 MIME-Version: 1.0 In-Reply-To: <5B58C26A.9080800@mutluit.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2018-07/txt/msg00235.txt.bz2 Update: The domain IP has been taken off by the abuse-dept and/or the authorities..= . :-) $ ping 185.180.196.43 PING 185.180.196.43 (185.180.196.43) 56(84) bytes of data. ^C --- 185.180.196.43 ping statistics --- 7 packets transmitted, 0 received, 100% packet loss, time 6120ms U.Mutlu wrote on 07/25/2018 08:33 PM: > g wrote on 07/25/2018 06:43 PM: >> Hi, vi=D1=81tim. >> I writ=D0=B5 you be=D1=81ause I put a malw=D0=B0re on the web p=D0=B0g= =D0=B5 with =D1=80=D0=BErn whi=D1=81h you hav=D0=B5 >> visited. >> My virus grabb=D0=B5d =D0=B0ll your =D1=80ers=D0=BEnal inf=D0=BE and tur= ned on y=D0=BEur =D1=81am=D0=B5ra which >> c=D0=B0=D1=80tur=D0=B5d th=D0=B5 pro=D1=81ess =D0=BEf your =D0=BEnanism.= Just =D0=B0ft=D0=B5r that the soft saved y=D0=BEur >> =D1=81=D0=BEnt=D0=B0ct list. >> I will d=D0=B5l=D0=B5t=D0=B5 the =D1=81om=D1=80romising vid=D0=B5=D0=BE = and info if y=D0=BEu p=D0=B0y m=D0=B5 500 EURO in >> bitc=D0=BEin. This is =D0=B0ddress for =D1=80=D0=B0yment : 153j1FcUBe4LK= d194idQho3tscFSeuYmRC >> >> I give y=D0=BEu 30 h=D0=BEurs =D0=B0ft=D0=B5r you open my m=D0=B5ssag=D0= =B5 for m=D0=B0king th=D0=B5 trans=D0=B0ction. >> =D0=90s s=D0=BEon as you r=D0=B5ad the m=D0=B5ssage I'll s=D0=B5=D0=B5 i= t right away. >> It is n=D0=BEt n=D0=B5c=D0=B5ss=D0=B0ry t=D0=BE t=D0=B5ll m=D0=B5 th=D0= =B0t y=D0=BEu hav=D0=B5 sent m=D0=BEney t=D0=BE me. This address >> is =D1=81onnected t=D0=BE y=D0=BEu, my system will del=D0=B5te ev=D0=B5r= ything =D0=B0ut=D0=BEmatically after >> transf=D0=B5r c=D0=BEnfirmati=D0=BEn. >> If y=D0=BEu n=D0=B5ed 48 h just reply =D0=BEn this l=D0=B5tt=D0=B5r with= +. >> You =D1=81an visit the p=D0=BEli=D1=81e station but nobody c=D0=B0n h=D0= =B5lp you. >> If you try t=D0=BE dec=D0=B5iv=D0=B5 m=D0=B5 , I'll s=D0=B5e it right = =D0=B0way ! >> I d=D0=BEnt liv=D0=B5 in your =D1=81=D0=BEuntry. S=D0=BE th=D0=B5y c=D0= =B0n not tr=D0=B0=D1=81k my loc=D0=B0ti=D0=BEn ev=D0=B5n for 9 >> m=D0=BEnths. >> G=D0=BE=D0=BEdbye. Dont f=D0=BErg=D0=B5t =D0=B0b=D0=BEut the sham=D0=B5 = and to ignore, Y=D0=BEur life c=D0=B0n be ruined. >> > > > The above mail was sent to a mailing list, ie. to all subscribers of the > mailing list. > > Analysis of the mail headers: > Received: from 007s.us (HELO 007s.us) (185.180.196.43) > > ---------------------------------- > Mail headers (filtered): > > Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm > Precedence: bulk > List-Id: > List-Archive: > List-Post: > List-Help: > Sender: gcc-help-owner@gcc.gnu.org > Delivered-To: mailing list gcc-help@gcc.gnu.org > Received: (qmail 43839 invoked by uid 89); 25 Jul 2018 16:44:26 -0000 > Authentication-Results: sourceware.org; auth=3Dnone > X-HELO: 007s.us > Received: from 007s.us (HELO 007s.us) (185.180.196.43) by sourceware.org > (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 25 Jul 2018 16:44:25 += 0000 > DKIM-Signature: v=3D1; a=3Drsa-sha256; c=3Drelaxed/relaxed; s=3Dmail; d= =3D007s.us; > h=3DMessage-ID:From:To:Subject:Date:MIME-Version:Content-Type; > i=3Dnoreply@007s.us; bh=3DiUhaeHjVAVXcPqwXQ+g7nHQf1RY5aL0h0oLfoOS8was=3D; > b=3Ddwj30hJwL7MOA8razdCjaVhyxYonhphRJkJl7O1nnxJSa3mw7tEnVYwiYciOiG1jn/mZG= rg1Kzv7 > 9BqX9IYkkaHUAArdbwCGNoU6WE28XCWxY37sc+BCI1sim8ONmDH9yqRBPR9inJdaNRzTVPj8Y= RIx > YQa5q3jOFbpYkn3FIjM=3D > Message-ID: <28D29B0376A28DAE72773EB256A013F9@007s.us> > From: "g" > To: > Subject: =3D?windows-1251?B?We51J3LlIG15IHZpY3RpbQ=3D=3D?=3D > Date: Wed, 25 Jul 2018 17:43:56 +0100 > MIME-Version: 1.0 > Content-Type: text/plain; charset=3D"windows-1251" > Content-Transfer-Encoding: quoted-printable > > ---------------------------------- > whois 007s.us: > > Domain Name: 007s.us > Registry Domain ID: D2310738-US > Registrar WHOIS Server: > Registrar URL: whois.aitdomains.com > Updated Date: 2018-05-11T07:33:41Z > Creation Date: 2002-05-06T23:15:52Z > Registry Expiry Date: 2019-05-05T23:59:59Z > Registrar: Advanced Internet Technologies, Inc. > Registrar IANA ID: 57 > Registrar Abuse Contact Email: abuse@ait.com > Registrar Abuse Contact Phone: +1.8772095184 > Domain Status: ok https://icann.org/epp#ok > Registry Registrant ID: C2310736-US > Registrant Name: John h. Hong > Registrant Organization: ronstin > Registrant Street: 7119 Seville Ave # D > Registrant Street: > Registrant Street: > Registrant City: Huntington Park > Registrant State/Province: CA > Registrant Postal Code: 90255 > Registrant Country: US > Registrant Phone: +1.3235825171 > Registrant Phone Ext: 9999 > Registrant Fax: > Registrant Fax Ext: > Registrant Email: ronstin@att.net > Registrant Application Purpose: P1 > Registrant Nexus Category: C11 > Registry Admin ID: C32507768-US > Admin Name: John h. Hong > Admin Organization: ronstin > Admin Street: 7719 Pacific Blvd > Admin Street: > Admin Street: > Admin City: Huntington Park > Admin State/Province: CA > Admin Postal Code: 90255 > Admin Country: US > Admin Phone: +1.3232778080 > Admin Phone Ext: > Admin Fax: > Admin Fax Ext: > Admin Email: oliverx@pacbell.net > Admin Application Purpose: P1 > Admin Nexus Category: C11 > Registry Tech ID: C2310735-US > Tech Name: John h. Hong > Tech Organization: ronstin > Tech Street: 7119 Seville Ave # D > Tech Street: > Tech Street: > Tech City: Huntington Park > Tech State/Province: CA > Tech Postal Code: 90255 > Tech Country: US > Tech Phone: +1.3235825171 > Tech Phone Ext: 9999 > Tech Fax: > Tech Fax Ext: > Tech Email: ronstin@att.net > Tech Application Purpose: P1 > Tech Nexus Category: C11 > Name Server: ns69.domaincontrol.com > Name Server: ns70.domaincontrol.com > DNSSEC: unsigned > URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/w= icf/ > >>> Last update of WHOIS database: 2018-07-25T18:00:58Z <<< > > For more information on Whois status codes, please visit https://icann.or= g/epp > > NeuStar, Inc., the Registry Administrator for .US, has collected this > information for the WHOIS database through a .US-Accredited Registrar. Th= is > information is provided to you for informational purposes only and is des= igned > to assist persons in determining contents of a domain name registration r= ecord > in the NeuStar registry database. NeuStar makes this information availabl= e to > you "as is" and does not guarantee its accuracy. By submitting a WHOIS qu= ery, > you agree that you will use this data only for lawful purposes and that, = under > no circumstances will you use this data: (1) to allow, enable, or otherwi= se > support the transmission of mass unsolicited, commercial advertising or > solicitations via direct mail, electronic mail, or by telephone; (2) in > contravention of any applicable data and privacy protection laws; or (3) = to > enable high volume, automated, electronic processes that apply to the reg= istry > (or its systems). Compilation, repackaging, dissemination, or other use o= f the > WHOIS database in its entirety, or of a substantial portion thereof, is n= ot > allowed without NeuStar's prior written permission. NeuStar reserves the = right > to modify or change these conditions at any time without prior or subsequ= ent > notification of any kind. By executing this query, in any manner whatsoev= er, > you agree to abide by these terms. NOTE: FAILURE TO LOCATE A RECORD IN THE > WHOIS DATABASE IS NOT INDICATIVE OF THE AVAILABILITY OF A DOMAIN NAME. All > domain names are subject to certain additional domain name registration r= ules. > For details, please visit our site at www.whois.us. > > ---------------------------------- > dig 007s.us any: > > ; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> 007s.us any > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60455 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;007s.us. IN ANY > > ;; ANSWER SECTION: > 007s.us. 3599 IN NS ns69.domaincontrol.com. > 007s.us. 3599 IN NS ns70.domaincontrol.com. > 007s.us. 3599 IN SOA ns69.domaincontrol.com. dns.jomax.net. 2018071907 28= 800 > 7200 604800 600 > 007s.us. 599 IN MX 10 mail.007s.us. > 007s.us. 599 IN TXT "v=3Dspf1 ip4:185.180.196.43 a mx ~all" > 007s.us. 599 IN A 185.180.196.43 > > ;; AUTHORITY SECTION: > 007s.us. 3599 IN NS ns69.domaincontrol.com. > 007s.us. 3599 IN NS ns70.domaincontrol.com. > > ;; Query time: 145 msec > ;; SERVER: 37.139.71.2#53(37.139.71.2) > ;; WHEN: Wed Jul 25 20:07:50 CEST 2018 > ;; MSG SIZE rcvd: 253 > > ---------------------------------- > > >