MIME-Version: 1.0
From: Jonathan Wilkins <j@blockstream.com>
Date: Mon, 17 Aug 2015 11:41:31 -0700
Message-ID: <CAL0tybf2q=Mw8tmJFGJ+Y7n2vTi83XrMMOi2K0Bysr2KNaQtLg@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary=001a113cf68032b14a051d86282b
Subject: [bitcoin-dev] That email was almost certainly not the real Satoshi
Precedence: list

--001a113cf68032b14a051d86282b
Content-Type: text/plain; charset=UTF-8

I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:

Most likely someone popped the box and is entertaining themselves.

Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp    open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp    open  domain        Microsoft DNS 6.1.7601
| dns-nsid:
|_  bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp    open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
|   Target_Name: DS04
|   NetBIOS_Domain_Name: DS04
|   NetBIOS_Computer_Name: DS04
|   DNS_Domain_Name: DS04
|   DNS_Computer_Name: DS04
|_  Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp   open  pop3          MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp   open  msrpc         Microsoft Windows RPC
143/tcp   open  imap          MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp   open  ssl/http      Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp   open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp  open  ms-wbt-server Microsoft Terminal Service
8443/tcp  open  https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after:  2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp  open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open  msrpc         Microsoft Windows RPC
49156/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008

--001a113cf68032b14a051d86282b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I&#39;m sure that most people here were skeptical, bu=
t FWIW, the server that hosts <a href=3D"http://vistomail.com">vistomail.co=
m</a> is a mess, it&#39;s a Plesk box with more than a couple of services w=
ith dubious security histories. MailEnable smtpd, MSRPC, RDP, see for yours=
elf: <br><br></div>Most likely someone popped the box and is entertaining t=
hemselves.<br><div><br>Nmap scan report for <a href=3D"http://vistomail.com=
">vistomail.com</a> (190.97.163.93)<br>Host is up (0.10s latency).<br>Not s=
hown: 65521 filtered ports<br>PORT=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 STATE SERV=
ICE=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 VERSION<br>21/tcp=C2=A0=C2=A0=C2=A0=
 open=C2=A0 ftp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
 Microsoft ftpd<br>| ssl-cert: Subject: commonName=3D<a href=3D"http://secu=
reanonymoussurfing.com">secureanonymoussurfing.com</a><br>| Not valid befor=
e: 2015-05-03T00:00:00+00:00<br>|_Not valid after:=C2=A0 2018-05-02T23:59:5=
9+00:00<br>|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.<b=
r>25/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 smtp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 MailEnable smptd 8.60--<br>| smtp-commands: <a href=
=3D"http://vistomail.com">vistomail.com</a> [192.241.217.85], this server o=
ffers 4 extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=3DLOGIN,<br>|_ 21=
1 Help:-&gt;Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOO=
P<br>53/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 domain=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0 Microsoft DNS 6.1.7601<br>| dns-nsid:<br>|_=C2=A0 bind.vers=
ion: Microsoft DNS 6.1.7601 (1DB14556)<br>80/tcp=C2=A0=C2=A0=C2=A0 open=C2=
=A0 http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft II=
S httpd 7.5<br>|_http-favicon: Parallels Control Panel<br>| http-methods: P=
otentially risky methods: TRACE<br>|_See <a href=3D"http://nmap.org/nsedoc/=
scripts/http-methods.html">http://nmap.org/nsedoc/scripts/http-methods.html=
</a><br>| http-ntlm-info:<br>|=C2=A0=C2=A0 Target_Name: DS04<br>|=C2=A0=C2=
=A0 NetBIOS_Domain_Name: DS04<br>|=C2=A0=C2=A0 NetBIOS_Computer_Name: DS04<=
br>|=C2=A0=C2=A0 DNS_Domain_Name: DS04<br>|=C2=A0=C2=A0 DNS_Computer_Name: =
DS04<br>|_=C2=A0 Product_Version: 6.1 (Build 7601)<br>|_http-title: Domain =
Default page<br>110/tcp=C2=A0=C2=A0 open=C2=A0 pop3=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable POP3 Server<br>|_pop3-capabilitie=
s: USER TOP UIDL<br>135/tcp=C2=A0=C2=A0 open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC<br>143/tcp=C2=A0=C2=A0=
 open=C2=A0 imap=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Mail=
Enable imapd<br>|_imap-capabilities: completed CAPABILITY AUTH=3DCRAM-MD5 C=
HILDREN UIDPLUSA0001 AUTH=3DLOGIN IMAP4rev1 OK IDLE IMAP4<br>443/tcp=C2=A0=
=C2=A0 open=C2=A0 ssl/http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft IIS http=
d 7.5<br>|_http-favicon: Parallels Control Panel<br>| http-methods: Potenti=
ally risky methods: TRACE<br>|_See <a href=3D"http://nmap.org/nsedoc/script=
s/http-methods.html">http://nmap.org/nsedoc/scripts/http-methods.html</a><b=
r>|_http-title: Domain Default page<br>| ssl-cert: Subject: commonName=3D<a=
 href=3D"http://secureanonymoussurfing.com">secureanonymoussurfing.com</a><=
br>| Not valid before: 2015-05-03T00:00:00+00:00<br>|_Not valid after:=C2=
=A0 2018-05-02T23:59:59+00:00<br>|_ssl-date: 2015-08-16T00:08:24+00:00; +1m=
09s from local time.<br>587/tcp=C2=A0=C2=A0 open=C2=A0 smtp=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable smptd 8.60--<br>| smtp-c=
ommands: <a href=3D"http://vistomail.com">vistomail.com</a> [192.241.217.85=
], this server offers 4 extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=
=3DLOGIN,<br>|_ 211 Help:-&gt;Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,=
MAIL,DATA,RSET,NOOP<br>3389/tcp=C2=A0 open=C2=A0 ms-wbt-server Microsoft Te=
rminal Service<br>8443/tcp=C2=A0 open=C2=A0 https-alt?<br>| ssl-cert: Subje=
ct: commonName=3DParallels Panel/organizationName=3DParallels, Inc./stateOr=
ProvinceName=3DVirginia/countryName=3DUS<br>| Not valid before: 2015-03-13T=
19:40:20+00:00<br>|_Not valid after:=C2=A0 2016-03-12T19:40:20+00:00<br>|_s=
sl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.<br>8880/tcp=C2=
=A0 open=C2=A0 http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 M=
icrosoft IIS httpd 7.5<br>|_http-favicon: Parallels Control Panel<br>|_http=
-methods: No Allow or Public header in OPTIONS response (status code 500)<b=
r>|_http-title: Site doesn&#39;t have a title (text/html; charset=3Dutf-8).=
<br>49154/tcp open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0 Microsoft Windows RPC<br>49156/tcp open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC<br>Warning: OSScan res=
ults may be unreliable because we could not find at least 1 open and 1 clos=
ed port<br>Device type: general purpose|phone<br>Running: Microsoft Windows=
 2008|7|Phone|Vista<br>OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:=
/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 cpe:/o:mi=
crosoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_=
vista::sp1<br>OS details: Windows Server 2008 R2, Microsoft Windows 7 Profe=
ssional or Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows=
 Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows=
 Vista SP2, Windows 7 SP1, or Windows Server 2008<br></div></div>

--001a113cf68032b14a051d86282b--