DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 27th January 2017
psypro psypro is offline
Package Pilot
 
Join Date: Mar 2016
Location: Continent:Europe
Posts: 156
Default Hacked or spoofed?

Spam has been sent from my email.
In my gmail inbox, sent folder I found "sexy Asian women" spam sent
Today I have changed password for gmail.

But I wonder, can this file give information to how this happend?

a) Attacker broke into my account? (No sign of login from strange place in gmail security page for account. I saw 30 days back. Only 4 spam mails where sent that are registert at my gmail account)

b) I see refernces to sendgrid.net and sendgrid.me US based IP. I have never used such service. I only use gmail.smtp. Is this some kind of spoofing where attacker had no access to my email account? But how can spoofed item be list as sent by google, in the sent folder?

c) Something else. I dont know.
Code:
Delivered-To: hidden@gmail.com
Received: by 10.176.86.76 with SMTP id z12csp813392uaa;
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
X-Received: by 10.99.53.195 with SMTP id c186mr40060pga.24.1485969641;
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
Return-Path: <bounces+4628381-eadc-hidden=gmail.com@sendgrid.net>
Received: from o9.shared.sendgrid.net (o9.shared.sendgrid.net. [173.193.132.134])
by mx.google.com with ESMTPS id h186si20087pfe.17.2017.01.25.07.09.28
for <hidden@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 25 Jan 2017 07:09:29 -0800 (PST)
Received-SPF: pass (google.com: domain of bounces+4628381-eadc-hidden=gmail.com@sendgrid.net designates 173.193.132.134 as permitted sender) client-ip=173.193.132.134;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sendgrid.me;
spf=pass (google.com: domain of bounces+4628381-eadc-hidden=gmail.com@sendgrid.net designates 173.193.132.134 as permitted sender) smtp.mailfrom=bounces+4628381-eadc-hidden=gmail.com@sendgrid.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.me;
h=mime-version:content-type:to:from:list-unsubscribe:cc:subject:sender:list-id:x-feedback-id;
s=smtpapi; bh=cq1OM20YPw0qVurgX2FACj/WGWI=; b=ezyVSyrQiSw7hARaHC
uUohe9hFp7tLC7Khqt/s5...hyEAp1OY6vLcMn5su5mqV4JnbcOCIiJoZqjXOY
QEoJVJfXO/MSLFgUKXXBgijxsNpRGict8Ql6dZHdUx+RHWYV7jAiSOPH/GNKI3fo
e+71HSi5G07yBwdqq....=
Received: by filter0090p1las1.sendgrid.net with SMTP id filter0090p1las1-30064-5888BF65-92
2017-01-25 15:08:21.748146824 +0000 UTC
Received: from webcommezrc.com (webcommezrc.com [50.21.180.110])
by ismtpd0005p1iad1.sendgrid.net (SG) with ESMTP id VBVs-CKdQuadV8M5RaNCWA
for <hidden@gmail.com>; Wed, 25 Jan 2017 15:08:21.317 +0000 (UTC)
Date: Wed, 25 Jan 2017 10:08:18 -0500
Mime-Version: 1.0
Content-Type: Multipart/MiXeD;Boundary="OIOUIOUIOUIOIO"
Received: from 65.39.215.77 (127.0.0.1) smoothstone.net
To: to@tqVZ.smoothstone.net
X-Pnj: <AUT2b.7cLA.ERccoIaDssq@smoothstone.net>
From: <hidden@gmail.com>
List-Unsubscribe: <mailto:unsubscribe-mc.us11_80c1e39fe0fa900e4b1398044.4584703ca2-b81e2bacec@mailin1.us2.mcsv.net?subject=unsubscrib e>
Cc: <cLfls.ThuB.DeRhDBytvP3@smoothstone.net>
Subject: 0..AsɪᴀɴGɪʀʟsLá´á´á ´‹ÉªÉ´É¢FᴏʀSᴇʀɪᴠá´œsDᴀᴛɪɴɢ
Sender: "National Protection" <sales=nationalvehiclewarranty.com@smoothstone.net >
Message-id: <uTNqG.P8t8.6GUYluOW3ty@smoothstone.net>
List-ID: 80c1e39fe0fa900e4b1398044mc list <80c1e39fe0fa900e4b1398044.331849.list-id.mcsv.net>
X-SG-EID: eTvhVS1mkFCtXfJg9nYV8MWvTJDNxEqeJ9/v33QxYCIMFnBaH8RhStUHXSaJWQXSVraBdNODSGFbi0
FVEd2B+9B+c5cckDTAAIp+VjBsBpRhTJSh47Ffs4Blk4XOegzG Z2SuuDH3X4GgOQ4zj37CoDi8669a
eTVWv9Jemh2FtMG1WVQVsx8/w6N4r2CGh8LS
X-Feedback-ID: 4628381:IBsefFD+cJblXbyIZ4XnGd5gxHOdLFa8aesyzyBRBZ 8=:IBsefFD+cJblXbyIZ4XnGd5gxHOdLFa8aesyzyBRBZ8=:SG

--OIOUIOUIOUIOIO
Content-Type: text/html;
Content-Type: text/html;
Content-Type: text/html;

Last edited by ocicat; 27th January 2017 at 03:57 PM. Reason: Please wrap file contents with [code] & [/code] tags.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My OpenBSD machine was hacked Peter_APIIT OpenBSD General 18 25th August 2015 03:48 AM
LastPass hacked rocket357 News 0 16th June 2015 09:50 PM
Million$ hacked from Banks shep News 0 14th February 2015 06:19 PM
Security NBC.com hacked and served up malware J65nko News 0 22nd February 2013 08:22 PM
Am I being hacked? newbsdied OpenBSD Security 14 6th November 2010 10:41 PM


All times are GMT. The time now is 04:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick