netsecurity database

graphs in this page automatically update and show
Thursday (9-Sep-2010) values

- leftover spamlevel (filtered&rejected) - - mails delivered - right 2 left timelines: |now <--- past|

today:

this week:

this month:

12 monthes:

193.140.89.71 TR UEKAEANKARA-NET 193.140.89.0 - 193.140.90.255 193.140.88.0/22 TUBITAK UEKAE ANKARA

Received: from dmrl.sosam.gov.tr (HELO arti.ankara.netsec.tr) (193.140.89.71)
by srv07.edv-sklave.de with SMTP; 29 Jul 2010 04:57:17 +0200
Received-SPF: none (srv07.edv-sklave.de: domain at ns1.sosam.gov.tr does not designate permitted sender hosts)
Received: from localhost (localhost [127.0.0.1])
by arti.ankara.netsec.tr (Postfix) with ESMTP id DA8BE5714C;
Tue, 27 Jul 2010 06:24:07 +0300 (EEST)
X-Virus-Scanned: amavisd-new at tr-cert.gov.tr

21/07/2010 23:33:19: [qSheff] SPAM, queue=q1279747991-224881-20487,
recvfrom=66.178.172.99, from=`ujaqex7843@rio.com', to=`locauser@tld', subj=`Only original sex meds', size=763, spam=`Subject: Only original sex meds',

the website states:

Our Mission Statement

“To provide education, retraining and economic development services
to positively affect regional employment, individual lives,
the business community and local government”

.gov=give others viagra?

This is the mail system at host s6.visp.net.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

abuse@intra.riousa.com (expanded from abuse@rio.com): Host or domain name
not found. Name service error for name=intra.riousa.com type=A: Host not
found

17/07/2010 10:15:15: [qSheff] SPAM, queue=q1279354509-599100-28225,
recvfrom=85.174.72.135, from=`digital-no-reply@amazon.com', to=`user@local.tld',
subj=`Your Amazon.com Order (D02-7939958-4373484)', size=14756, spam=`Received:
from dsl-85-174-72-135.avtlg.ru (85.174.72.135) by s',

193.224.158.210 HU MKPK-NET 193.224.158.208 - 193.224.158.223 193.224.158.208/28 Magyar Katolikus Puspoki Kar T

Secretariat of Hungarian Catholic Bishop's Conference

> 17/07/2010 11:27:44: [qSheff] SPAM, queue=q1279358847-737080-14549,
> recvfrom=193.224.158.210, from=`pasmann_aeegcux@gmail.com',
> to=`user@local.tld', subj=`Nur zu empfehlen:
> //www.bbqfahnenmast.com', size=3867, spam=`Subject: Nur zu
> empfehlen: //www.bbqfahnenmast.com',

Die Fahne weht im Wind: Mit einem robusten Alu-Fahnenmast, 6,20 Meter hoch, und einer 1,50 Meter Riesen-Nationalfahne Ihrer Wahl. Jedes Land lieferbar! Statt 199,- nur 44,75 Euro. Wir freuen uns auf Sie
...

But Jesus tells us in Matthew 6:24 that we can only serve one master. If you have your heart set on money and material things ...

202.111.175.31 CN YJ-GOV-NET 202.111.175.0 - 202.111.175.255 202.111.175.0/24 YanJi City Government Network,

?'proudly'? presents:

How do the other 521 sites will look like?

.gov = Give Others Viagra ?

but there's more than pillz in YanJi City

An increasing number of spams with subject "Thank you for buying iTunes Gift Certificate!" shows up:

Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Hello!

You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.

Then you need to open iTunes. Once you verify your account, $50.00 will be credi
ted to your account, so you can start buying music, games, video right away.

iTunes Store.

------=_NextPart_000_0006_01CAEDD8.429DD800
Content-Type: application/zip;

sniffing for open smtp port:

08/04/2010 21:46:37: [qSheff] HEADER, queue=q1270755917-211912-16726, recvfrom=24.156.144.202, from=`', to=`', subj=`', size=3,,

then spamming:

08/04/2010 21:50:44: [qSheff] SPAM, queue=q1270756160-42984-17646, recvfrom=24.156.144.202, from=`security@facebook.com', to=`localuser@tld', subj=`Facebook Password Reset Confirmation! Important Message', size=32985, spam=`Received: from 24.156.144.202 by smtp.secureserver.net; Thu, 8 ',

and gets blocked ;)

194.102.45.102 RO GICIT-RO 194.102.45.0 - 194.102.45.255 194.102.45.0/24 General Inspectorate for Commu

netname: GICIT-RO
descr: General Inspectorate for Communications and Information Technology
country: RO

02/04/2010 10:10:56: [qSheff] SPAM, queue=q1270195852-301764-18762, recvfrom=194.102.45.102, from=`package@dhl.com', to=`localuser@tld', subj=`DHL International. Please get your parcel NR.6504', size=73478, spam=`Subject: DHL International. Please get your parcel NR.6504',

stats for srv01 currently show no values cause script hangs after machine reboot. Have to check ...

Received: from edgwarek.com (88.208.193.208)
by srv07.edv-sklave.de with SMTP; 16 Feb 2010 20:08:00 +0100
Received-SPF: none (srv07.edv-sklave.de: domain at webmaster.org does not designate permitted sender hosts)
Received: by edgwarek.com (Postfix, from userid 1005)
id 88F7B14E7E2; Fri, 12 Feb 2010 08:40:32 +0000 (GMT)
Received: from User (ip121-196-210-87.adsl2.static.versatel.nl [87.210.196.121])
by edgwarek.com (Postfix) with ESMTP id AC732373460B;
Thu, 11 Feb 2010 22:50:29 +0000 (GMT)
Reply-To:

spam dest:
http://sbbservicedns13.com

nslookup sbbservicedns13.com

Non-authoritative answer:
Name: sbbservicedns13.com
Address: 94.102.63.148
94.102.63.148 KINGH-NET 94.102.63.128 - 94.102.63.255 94.102.63.128/25 The
King Host

Name: sbbservicedns13.com
Address: 195.88.226.2
195.88.226.2 MD Evpatur 195.88.226.0 - 195.88.227.255 195.88.226.0/23 Evpatur
LTD

Name: sbbservicedns13.com
Address: 62.248.107.18
62.248.107.18 TR ELIPS 62.248.107.16 - 62.248.107.31 62.248.107.16/28 ELIPS
ELEKTRONIK SAN. ve TÝC.

193.224.239.65 HU FPH-HU 193.224.239.0 - 193.224.239.255 193.224.239.0/24 The Mayor's Office - Fopolgarm

netname: FPH-HU
descr: The Mayor's Office - Fopolgarmesteri Hivatal
descr: Budapest
country: HU

sent in:

07/02/2010 18:13:32: [qSheff] SPAM, queue=q1265562805-580741-7874,
recvfrom=193.224.239.65, from=`minimalism6@radicalmedia.com', to=`localuser@tld',
subj=`Your health condition will improve extremely rapidly.', size=7834, spam=`Subject:
Your health condition will improve extremely rapidly.',

61.56.1.55 TW NCREE-GSN-NET NCREE-TP-TW 61.56.0.0 - 61.56.15.255 61.56.0.0/20 GSN, Taiwan Government Service

inetnum: 61.56.0.0 - 61.56.15.255
netname: NCREE-GSN-NET
country: TW
descr: GSN, Taiwan Government Service Network,
descr: National Center for Research on Earthquake Engineering

01/02/2010 00:59:06: [qSheff] SPAM, queue=q1264982342-130810-25347, recvfrom=61.56.1.55,
from=`localuser@tld', to=`localuser@tld', subj=`I sexual Russian blonde,
want to see, come closer.', size=1051, spam=`Subject: I sexual Russian blonde, want to see, come closer.'

201.30.148.22 BR DEPARTAMENTO NACIONAL DE OBRAS CONTRA AS SECAS 201.30/16 201.30.148.0 - 201.30.148.63 201.30.148.0/26 000.043.711/0001-43

sent in:

28/01/2010 20:53:15: [qSheff] SPAM, queue=q1264708391-928786-9141, recvfrom=201.30.148.22,
from=`localuser@tld', to=`localuser@tld', subj=`RE: SALE 70% OFF on Pfizer ',
size=2433, spam=`From: #1 Internet Online Drugstore ',

217.172.96.77 IR mfa-net IR-PARSCYBERIAN-20040211 217.172.96.0 - 217.172.99.255 217.172.96.0/22 Ministry Of Foreign Affairs of Iran

person: Ministry of Foriegn Affair
remarks: I.T Department
address: Ministry of Foreign Affairs, Imam Khomeini
address: Tehran/Iran

sent in:

27/01/2010 09:48:27: [qSheff] SPAM, queue=q1264582102-691162-6690, recvfrom=217.172.96.77,
from=` noreply@message.myspace.com', to=`localuser@tld', subj=`Elite World Casino:
Bonus 3500$ USA Player Welcome!!!', size=864, spam=`Subject: Elite World Casino: Bonus 3500$ USA Player Welcome!!!',

200.183.21.38 BR Associated Industries do Brasil 200.183/16 200.183.21.0 - 200.183.21.63 200.183.21.0/26 001.720.027/0001-11

sent in:

Received: from unknown (HELO gmail.com) (200.183.21.38)
by srv01.edv-sklave.de with SMTP; 24 Jan 2010 01:59:12 +0100
Message-ID:
Date: Sat, 23 Jan 2010 14:32:07 -1100
Reply-To: "Harriett Komlosi"
From: "Harriett Komlosi"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.6a) Gecko/20031030
MIME-Version: 1.0
To: localuser@tld

62.63.152.3 LV VALKA-TELIALV LV-TELIANET-20050610 62.63.152.0 - 62.63.153.255 62.63.152.0/23 District Council of VALKA

sent in:

19/01/2010 14:15:27: [qSheff] SPAM, queue=q1263906915-443475-18485, recvfrom=62.63.152.3,
from=`diddleod8532@newplacentyne-us.com', to=`localuser@tld', subj=`SPAMMSG Forget
about dictionaries ? we offer soft in different languages.', size=9317, spam=`Subject:
SPAMMSG Forget about dictionaries ? we offer soft in d',

--- snip ---

Watching your favorite movies is very easy if the CyberLink PowerDVD 9 Ultr=

156.108.32.2 US CSNAP NET-156-0-0-0-0 156.108.0.0 - 156.108.255.255 156.108.0.0/16 CGT-6

OrgName: Colorado Government TechnologyServices
OrgID: CGT-6
StateProv: CO
Country: US

sent in:

04/01/2010 03:41:41: [qSheff] SPAM, queue=q1262572901-289587-13476, recvfrom=156.108.32.2,
from=`localuser@tld', to=`localuser@tld', subj=`SPAMMSG Notification to
localuser special 80% OFF of Pfizer', size=5514, spam=`From: Authorized VIAGRA ?
Distributor ',

unbelievable - let's wait for confirmation from press-release area of webpage. But maybe it's a complex part of their Information Technology Strategic Plan 2008-2011:

“As Governor, I will ensure that we will take advantage of improvements
in technology, purchasing, and business processes. I will find areas that
can be streamlined, made more efficient or eliminated.”
Governor
Bill Ritter Jr.
“Colorado Promise”

nil sine numine
nothing without the divine will
Or "nothing without providence". State motto of Colorado, adopted in 1861.

205.214.225.210 US NEXTWEB-205-214-225-0-24 NET-205-214-224-0-1 205.214.225.0 - 205.214.225.255 205.214.225.0/24 NXTW

sent in:

24/12/2009 15:29:53: [qSheff] SPAM, queue=q1261664970-850251-23776,
recvfrom=205.214.225.210, from=`ICQ.Greetings@icq.com', to=`localuser@tld',
subj=`SPAMMSG Your friend has sent you an ICQ Greeting Card!', size=6130, spam=`Subject:
SPAMMSG Your friend has sent you an ICQ Greeting Card!',

Hi!

Your friend has sent you a greeting card from icq.com.

To view your card, click here.

Hope to see you soon.