[nsp-sec] Amusing 419 discussing 419 [AS16399, AS36954, Googlemail drop box]
Rob Thomas
robt at cymru.com
Sun Oct 19 13:40:19 EDT 2008
> AS | IP | AS Name
> 36954 | 82.128.34.26 | MLTL-AS
That IP has been a source of spam going back at least to 2008-02-02
11:59:55 UTC. It appears to be a NetApp NetCache proxy.
> AS | IP | AS Name
> 16399 | 216.21.52.246 | NETWORKGCI - Globalcom
This Linux box has been the source of a bit of spam, such as:
timestamp | src_ip | mail_timestamp |
mail_from_host | mail_from |
mail_to | mail_subject
--------------------- --------------- ---------------------
---------------- --------------------------------------------------
------------------------- ------------------
2008-10-03 09:51:59 | 216.21.52.246 | 2008-10-03 09:34:54 | yahoo.es
| "RAYMOND PAUL" <raypaul600 at yahoo.es> |
undisclosed-recipients: | RE:INVESTMENT
2008-10-17 12:26:26 | 216.21.52.246 | 2008-10-17 12:10:30 | yahoo.com
| "REV. JOHN MARCOS" <currencyoperation at yahoo.com> |
undisclosed-recipients: | CONGRATULATIONS.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list