[bitcoin-dev] That email was almost certainly not the real Satoshi

Jonathan Wilkins j at blockstream.com
Mon Aug 17 18:41:31 UTC 2015


I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:

Most likely someone popped the box and is entertaining themselves.

Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp    open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp    open  domain        Microsoft DNS 6.1.7601
| dns-nsid:
|_  bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp    open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
|   Target_Name: DS04
|   NetBIOS_Domain_Name: DS04
|   NetBIOS_Computer_Name: DS04
|   DNS_Domain_Name: DS04
|   DNS_Computer_Name: DS04
|_  Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp   open  pop3          MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp   open  msrpc         Microsoft Windows RPC
143/tcp   open  imap          MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp   open  ssl/http      Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp   open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp  open  ms-wbt-server Microsoft Terminal Service
8443/tcp  open  https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after:  2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp  open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open  msrpc         Microsoft Windows RPC
49156/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150817/3cf6b8c1/attachment.html>


More information about the bitcoin-dev mailing list