spamming

Faked 'UPS - Zustellbenachrichtigung'

inetnum: 212.72.115.0 - 212.72.115.127
netname: NETINET-NET
descr: NetInet d.o.o.
country: SI

sent in:

02/03/2015 21:55:11: [qSheff] QUEUE, queue=q1425329711-11080-10254, recvfrom=127.0.0.1, from=`infokmop@freya.zvit.si', to=`localuser@tld', subj=`UPS - Zustellbenachrichtigung, Kontrollnummer 4E60B46744933460', size=5117,,

Kontrollnummer:
a href= http:// omniadental.co.uk /ups >4D85T47592710485 /a

Faked 'kfzteile24.de'

NetRange: 208.94.236.0 - 208.94.239.255
CIDR: 208.94.236.0/22
NetName: ONYXLIGHT2
OrgName: OnyxLight Communications, Inc.
Country: US

sent in:

27/02/2015 00:50:07: [qSheff] SPAM, queue=q1424994605-630749-30767, recvfrom=208.94.236.146, from=`Thor@a1sms.de', to=`localuser@tld', subj=`DHL - Versandbenachric',

*** Senden Sie keine Antwort auf diese E-Mail, DHL und der Versender "kfz=
teile24 GmbH" werden die Antwort nicht erhalten ***

Faked invoice

NetRange: 209.91.64.0 - 209.91.127.255
CIDR: 209.91.64.0/18
NetName: TELUS-209-91-64-0
Organization: TELUS Communications Inc. (TACE)
Country: CA

sent in:

23/02/2015 14:30:36: [qSheff] VIRUS, queue=q1424698236-85336-22964,
recvfrom=209.91.107.154, from=`darren@notifications.kashflow.com',
to=`localuser@tld', subj=`Invoice',

Please see attached invoice for the upcoming issue of Essex Central
Magazine.

Faked 'quotes'

inetnum: 212.55.31.228 - 212.55.31.231
netname: QUESOS-ALDANONDO
descr:  QUESOS ALDANONDO, S.L.
country: ES

sent in:

20/02/2015 14:00:40: [qSheff] QUEUE, queue=q1424437240-260084-24957, recvfrom=212.55.31.230, from=`wendy@burwoodsupply.co.uk', to=`localuser@tld', subj=`supply only quotation 16822 in total', size=26060,

Hi

Faked Notice to appear in Court

network:ID:NETBLK-THEPLANET-BLK-13
network:Auth-Area:70.84.0.0/14
network:Network-Name:TPIS-BLK-70-85-130-0
network:IP-Network:70.85.130.0/27
network:IP-Network-Block:70.85.130.0 - 70.85.130.31
network:Organization;I:A Small Orange LLC
network:Country-Code:USA

sent in:

My new photo - malware included

network:Class-Name:network
network:ID:NETBLK-BHNC-107.144.0.0-19
network:Auth-Area:107.144.0.0/19
network:Org-Name:Bright House Networks Commercial

sent in:

13/02/2015 04:32:44: [qSheff] QUEUE, queue=q1423798363-61777-15443, recvfrom=107.144.3.218, from=`shaho8@marketmindful2.com', to=`localuser@tld', subj=`My photo', size=105078,,

Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

My new photo , send u photo ;)

Faked 'HSBC Payment Advice'

inetnum: 81.82.96.0 - 81.83.255.255
netname: TELENET
descr: Telenet Operaties N.V.
country: BE

sent in:

05/02/2015 11:52:13: [qSheff] QUEUE, queue=q1423133532-581357-5245, recvfrom=81.82.232.20, from=`no-replay@hsbci.co.uk', to=`localuser@tld', subj=`HSBC Payment Advice', size=16000,,

...
Sir/Madam

Upon your request, attached please find payment e-Advice for your
reference.

Yours faithfully

HSBC
...

Content-Transfer-Encoding: base64
Content-Type: application/zip;
name=HSBC-68172.zip
Content-Disposition: attachment;

Zahlungsbeleg

inetnum: 82.184.90.64 - 82.184.90.71
netname: AZIENDATERRITORIALEPERLEDILIZIARESIDENZIALE
descr: AZIENDA TERRITORIALE PER L'EDILIZIA RESIDENZIALE
country: IT

sent in:

02/02/2015 17:31:51: [qSheff] QUEUE, queue=q1422894704-666669-13613, recvfrom=82.184.90.67, from=`segreteria.ragioneria@atervenezia.it', to=`localuser@tld', subj=`Unterlagen', size=320425,,

...

Hallo. Hier sind die erforderlichen Unterlagen zu Ihnen

Mallory

...

unzip Zahlungsbeleg.zip
Archive: Zahlungsbeleg.zip
inflating: Zahlungsbeleg.scr

Faked 'SBQ FORM'

IP: 67.231.37.242
Origin-AS: 23404
Prefix: 67.231.32.0/20
AS-Path: 62567 6453 6461 23404
AS-Org-Name: Ritter Communications, Inc.
Org-Name: Ritter Communications, Inc.
Net-Name: RITTERNET-BLK-4
Cache-Date: 1422621956
Latitude: 35.532860
Longitude: -90.420660
City: MARKED TREE
Region: ARKANSAS
Country: UNITED STATES
Country-Code: US

sent in:

30/01/2015 16:12:49: [qSheff] QUEUE, queue=q1422629568-79653-15379, recvfrom=67.231.37.242, from=`no-replay@bbbl.org', to=`localuser@tld', subj=`BBB SBQ Form #7270(Ref#86-483-0-4)', size=8195,

Faked 'Tax Notices'

NetRange: 65.117.185.192 - 65.117.185.223
CIDR: 65.117.185.192/27
NetName: Q0624-65-117-185-192
OrgName: CPES
Country: US

sent in:

29/01/2015 16:24:39: [qSheff] QUEUE, queue=q1422545078-138490-6296, recvfrom=65.117.185.222, from=`no-replay@csis.dik', to=`localuser@tld', subj=`You have received new messages from HMRC', size=17426,,

Please be advised that one or more Tax Notices (P6, P6B) have been
issued.

For the latest information on your Tax Notices (P6, P6B) please open
attached report.

Faked 'Payment Advice'

NetRange: 63.159.144.240 - 63.159.144.247
CIDR: 63.159.144.240/29
NetName: Q0923-63-159-144-240
NetHandle: NET-63-159-144-240-1
Parent: QWEST-INET-16 (NET-63-152-0-0-1)
NetType: Reassigned
OriginAS: AS209
Organization: TERUMO MEDICAL CORPORATION (TERUM)
OrgName: TERUMO MEDICAL CORPORATION
OrgId: TERUM
Country: US

sent in:

Faked 'Treasury RESEARCH REPORTS' with malware

NetRange: 50.76.11.168 - 50.76.11.175
CIDR: 50.76.11.168/29
NetName: KINGPONTIAC
Parent: CBC-WDC-4 (NET-50-76-0-0-2)
OrgId: CBCI
Customer: KING PONTIAC (C03015789)
Country: US

sent in:

28/01/2015 13:51:56: [qSheff] QUEUE, queue=q1422449514-987934-2374, recvfrom=50.76.11.169, from=`no-replay@rbs.com', to=`localuser@tld', subj=`RBS Morning commentary', size=21053,,

...

PLEASE REFER TO THE DETAILS BELOW IF YOU ARE HAVING PROBLEMS READING
THE ATTACHED FILE.

Faked `Voice Message' with malware

inetnum: 93.107.168.0 - 93.107.175.255
netname: VODAFONE-IRELAND-MOBILE-DSL
descr: Vodafone ISP
org: ORG-EL3-RIPE
country: IE

inetnum: 81.198.56.24 - 81.198.56.31
netname: APOLLO-TSR-SIA
descr: TSR, SIA
descr: Riga
country: LV

sent in:

27/01/2015 13:27:56: [qSheff] QUEUE, queue=q1422361674-829100-24494, recvfrom=93.107.170.43, from=`no-replay@voice_global.co.uk', to=`localuser@tld', subj=`Voice Message', size=15958,,

American Express Customer Care - YOUR MESSAGE IS READY

IP: 69.42.186.18
Origin-AS: 21992
Prefix: 69.42.184.0/21
AS-Path: 23673 2914 6327 19752 21992
AS-Org-Name: eHealth Ontario
Org-Name: eHealth Ontario
Net-Name: SSHA-ONE-NETWORK
Cache-Date: 1422017001
Latitude: 43.900120
Longitude: -78.849570
City: OSHAWA
Region: ONTARIO
Country: CANADA
Country-Code: CA

sent in:

23/01/2015 15:56:47: [qSheff] QUEUE, queue=q1422025005-538321-14807, recvfrom=69.42.186.18, from=`secure.message@americanexpresss.com', to=`localuser@tld', subj=`Your Message is Ready', size=11401,,

...

YOUR MESSAGE IS READY

a new secure message from BankLine

inetnum: 217.156.192.0 - 217.156.195.255
netname: BT-ESPA
descr: BT Espana
country: ES

sent in:

03/11/2014 11:50:17: [qSheff] QUEUE, queue=q1415011812-770815-21539, recvfrom=217.156.195.191, from=`secure.message@bankline.com', to=`localuser@tld', subj=`You have received a new secure message from BankLine', size=1212,,

inetnum: 217.86.128.0 - 217.86.255.255
netname: DTAG-STATIC02
descr: Deutsche Telekom AG
descr: T-DSL Business static dial-up
org: ORG-DTAG1-RIPE
country: DE

sent in:

Phishing targets ing-diba online banking

inetnum: 91.196.124.0 - 91.196.127.255
netname: SUPERHOSTINGBG
descr: SuperHosting.BG Ltd.
country: BG

sent in:

20/01/2015 00:04:12: [qSheff] QUEUE, queue=q1421708652-564248-21930, recvfrom=91.196.125.209, from=`direkt@dsb.de', to=`localuser@tld', subj=`Daten aus Sicherheitsgründen bestätigt werden müssen', size=12111,,

Datenabgleich/Aktualisierung
Unser Tipp: Jetzt Online ausf=C3=BCllen und Geb=C3=BChren sparen!
Mit freundlichen Gr=C3=BC=C3=9Fen
Ihre Ing Diba

Guten Tag,

Incrasing number of spams relayed by facebook

NetRange: 66.220.144.0 - 66.220.159.255
CIDR: 66.220.144.0/20
NetName: TFBNET3
NetHandle: NET-66-220-144-0-1
Parent: NET66 (NET-66-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS32934
Organization: Facebook, Inc. (THEFA-3)

sent in:

09/01/2015 05:42:52: [qSheff] QUEUE, queue=q1420778571-981317-25363, recvfrom=66.220.157.107, from=`baby.girl4@hotmail.com', to=`', subj=`HI', size=4866,,

...

Authentication-Results: smtpin.mx.facebook.com; spf=pass smtp.mailfrom=yahoo.com

christmas 2014 - less spamming attempts than during the last years ...

Dec 23 20:44:18 s15410318 xinetd[12480]: twist net150-148-245-109.mbb.telenor.rs to echo -e '550 SMTP/S access denied.\n netsecurity-db status: 109.245.128.0/18 recorded as spammer (2010-05-22).\nRef-ID: 4499598 from: RS\nSee https://www.netsecdb.de for more info.\n\n';sleep 2
Dec 23 22:25:26 s15410318 xinetd[27564]: twist 200.90.124.67 to echo -e '550 SMTP/S access denied.\n netsecurity-db status: 200.90.64.0/18 recorded as spammer.\nRef-ID: 3340547 from: VE\nSee https://www.netsecdb.de for more info.\n\n';sleep 2

Seiten