Email Header investigation (Cybersecurity / Forensics)

justjeepin

UPSheader.pdf

Home >Information Systems homework help >Email Header investigation (Cybersecurity / Forensics)

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 1/10

Original Message

Message ID <3145.9945.1459187553.JavaMail.wsadmin@wismut.de>

Created at: Fri, Jan 3, 2020 at 10:07 PM (Delivered after -25200 seconds)

From: USPostalService <echer@wismut.de>

To: debra.s.sparks@gmail.com

Subject: USPS notification #7214

SPF: NEUTRAL with IP 94.155.47.65 Learn more

Download Original Copy to clipboard

Delivered-To: debra.s.sparks@gmail.com Received: by 2002:a0c:c310:0:0:0:0:0 with SMTP id f16csp20133132qvi; Fri, 3 Jan 2020 13:07:44 -0800 (PST) X-Google-Smtp-Source: APXvYqz5SXL3zkiFGlo4AWYjUf1gbB5fY/eXr/f26u+rLy8DTJJPeTpJMnMgPBk YAKX6DyWaO5zM X-Received: by 2002:a81:334a:: with SMTP id z71mr65958979ywz.238.1578085663888; Fri, 03 Jan 2020 13:07:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578085663; cv=none; d=google.com; s=arc-20160816; b=YPk6ebClq7pqLeWeZmixk0oOE1maILV45SgkC3nM3SDavo/UpKDfXs0nXmgo5 /VESW 7PClwdnenaSgz4ISD5+QPeGsJdymKDsI3kN4Hisp6yULFJow/y3czKMFTuxvx9k YQJVa AT3Oet+DEKkVTKg308CmIvySHe97JsBPNd9fGqffbf+h4dygc/iqwSGO4q57rTf 4Uvfl SNiN1l4IusBgiKI4rmgQXhTf8AMsteD8i++DiMN9W2Bhk5fPxMy2/CDoN9hMc8R Il3yo sdT/67rob+3cBOeJMr11tu0Ay3BhjFdE28IVPnuGgeXtb4JZ2LMeQ3k9M6f92Ci 6zq0n hn+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;

https://support.google.com/a/answer/33786?hl=en

https://mail.google.com/mail/u/0?view=att&th=16f6d3c4547787f9&attid=0&disp=comp&safe=1&zw

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 2/10

d=google.com; s=arc-20160816; h=content-transfer-encoding:subject:date:clipboard- inspiring:from :message-id:to:familiarization-purer:interrelate- princesses :mime-version; bh=j9qxZ8mcKMFiMqENBF+QHi/j1+pyptypOvb+xaSbMVg=; b=FrHo2xKA3X27OfX2MBwJnpWKlp+vI/RCRjTblxqxhQ1pysmR2E1Hh4TSbJKIx wMWv9 JH3Ak2S2rtgNr4/7IHiXytaAGcSdbkDrQ7UFX0XNz7Wb1STNO1doqLO+n6O8Tyy 6bJYL j4LE5REcpwUon13guSFFvdWfkuzCduolm7faJiYYSt3jIuKWiAXEVVnAgy/UiVm qoh77 LQQYi1RoYKEfyDwQkpX6yCNbtXCFgimpoBfCIeZbkOVbVTYPhhgyy+Zh2F+3XEn sVUax 5tY9a6uMiYWMbpswXdETcsP35yxg/clcm5Mv1aM/GHo8gTrmQ5eg+aM+XEmH/fs c253x Oxbg== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 94.155.47.65 is neither permitted nor denied by best guess record for domain of echer@wismut.de) smtp.mailfrom=echer@wismut.de Return-Path: <echer@wismut.de> Received: from cpanel1.gohost.mk (cpanel1.gohost.mk. [94.155.47.65]) by mx.google.com with ESMTP id y132si37345380ybe.182.2020.01.03.13.07.43 for <debra.s.sparks@gmail.com>; Fri, 03 Jan 2020 13:07:43 -0800 (PST) Received-SPF: neutral (google.com: 94.155.47.65 is neither permitted nor denied by best guess record for domain of echer@wismut.de) client-ip=94.155.47.65; Authentication-Results: mx.google.com; spf=neutral (google.com: 94.155.47.65 is neither permitted nor denied by best guess record for domain of echer@wismut.de) smtp.mailfrom=echer@wismut.de MIME-Version: 1.0 Interrelate-Princesses: exemplifying Content-Type: text/html; charset=utf-8 Familiarization-Purer: 55CDEB7CCE7 To: debra.s.sparks@gmail.com Message-ID: <3145.9945.1459187553.JavaMail.wsadmin@wismut.de> From: USPostalService <echer@wismut.de> Clipboard-Inspiring: 749 Date: Fri, 3 Jan 2020 22:07:43 -0600 (CST) Subject: USPS notification #7214 Content-Transfer-Encoding: 7bit <html> <head> <title>USPS</title> <style> body {

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 3/10

font-family: arial; font-size: 12pt; font-weight: normal; } div.socialmedia { margin-top: 10px; } div.socialmedia a { padding-left: 3px; padding-right: 3px; } li { font-size: 12pt; } p { font-family: arial; font-size: 12pt; font-weight: normal; margin: 0 0 10px; } p.details { color: black; padding-top: 8px; } p.download { float: right; margin-top: 30px; margin-bottom: 0px; text-align:

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 4/10

right; } p.download a { text-decoration: none; } hr { clear: both; height: 1px; background-color: #9a9a9a; border: 0px; margin: 0px; margin-bottom: 8px; } a { font-family:arial; font- weight: normal; font-size: 12pt; color: #0321ff; } a img { border: none; } img { outline: none; text- decoration: none; max-width: 100%; -ms-interpolation-mode: bicubic; } h2 { font-family: arial; font-size: 18pt;

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 5/10

color: #1e598f; margin-bottom: 0px; font-weight: normal; text-align: right; } h3 { font-family: arial; font-size: 14pt; font-weight: bold; margin-bottom: 10px; } table.default { border: none; cellpadding: 0px; margin-left: 50px; width: 90%; } .default td { vertical-align: bottom; } .default td span { margin-left: 15px; margin-right: 15px; } table.header { margin-top: 30px; } .contentContainer { border: none; cellpadding: 0px; margin-left: 50px; margin-right: 50px; width: 90%; line-height: 1.5; }

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 6/10

.importantText { font-family: arial; font-size: 12pt; font-weight: bold; } .text-centered { text-align: center; } .margin-bottom-30 { margin-bottom: 30px; } .urgentText { font-family: arial; font-size: 12pt; color: #FF0000; font-weight: bold; } .disclaimerText { font-family: arial; font-size: 7pt; color: #4F7BC4; } .smallText { font-family: arial; font-size: 9pt; } .show-border td { border-top: thin solid; border-bottom: thin solid; }

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 7/10

.show-border-top td { border-top: thin solid; } .show-border-bottom td { border-bottom: thin solid; } .well-lg { padding: 19px; background-color: #f7f7f7; } </style> </head> <body interferometer="paulsen"> <table philosophies="31" class='default header' > <tr mendel='equinox'> <td style="padding: 0px"> <a href="http://cepc.ir/wp- content/uploads/convoyingb.php" style="font-size: 36px; font- weight: bold; color: #333366; text-decoration: none"> <img widow='92' border="0" width="200" height="40" src="https://www.usps.com/global- elements/header/images/utility-header/logo-sb.svg" alt="USPS.COM"> </a> </td> <td> <h2></h2> </td> </tr> <tr conversation="3"> <td colspan=2> <hr grappling="35"/> </td> </tr> </table>

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 8/10

<div class="contentContainer"> en-US <h3>We have sent you a message</h3> An package containing confidential personal information was sent to you <a href="http://cepc.ir/wp-content/uploads/convoyingb.php" style="font-family:Arial;display:inline-block;padding:7px 15px;background-color:#333366;color:#ffffff;font- size:15px;font-weight:bold;border-radius:2px;-webkit-border- radius:2px;-moz-border-radius:2px;border:solid 1px #3d1c76;white-space:nowrap;text-align:center;text- decoration:none"> View details </a> Sign in and get started! <a href="http://cepc.ir/wp- content/uploads/convoyingb.php">http://www.usps.com/</a> Forgot your password? Reset it here. <a href="http://cepc.ir/wp- content/uploads/convoyingb.php">https://reg.usps.com/forgot</a> </div>

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 9/10

<table class="default"> <tr escalated="bootstraps"> <td inhabitable="chablis" colspan=3> </td> </tr> <tr spacewar=8> <td reactivation="attachers" colspan=3> <hr /> </td> </tr> <tr chang='submariner'> <td colspan=3> <a ransacked="boris" href="http://cepc.ir/wp- content/uploads/convoyingb.php">USPS.com</a> | <a href="http://cepc.ir/wp-content/uploads/convoyingb.php">Privacy Policy</a>| <a href="http://cepc.ir/wp- content/uploads/convoyingb.php">Customer Service</a>| <a href="http://cepc.ir/wp- content/uploads/convoyingb.php">FAQs</a> </td> </tr> <tr> <td colspan=3> </td> </tr> <tr disraeli=7> <td colspan=3> This is an automated email please do not reply to this message. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please delete. Any other use of the email by you is prohibited.

1/18/2020 Original Message

https://mail.google.com/mail/u/0?ik=342d0448d0&view=om&permmsgid=msg-f%3A1654742753289406457 10/10

</td> </tr> </table> </body> </html>