Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.mail.misc > #863
| From | David Ritz <dritz@mindspring.com> |
|---|---|
| Newsgroups | comp.mail.misc, news.admin.net-abuse.email |
| Subject | Re: SPF? DKIM? spammers can do them too |
| Date | 2016-10-07 20:53 -0500 |
| Organization | SpamBusters! |
| Message-ID | <alpine.OSX.2.20.1610072041240.6800@mako.ath.cx> (permalink) |
| References | <87vax8xfdm.fsf@violet.siamics.net> |
Cross-posted to 2 groups.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 04 October 2016 16:12 -0000, in article <87vax8xfdm.fsf@violet.siamics.net>, Ivan Shmakov <ivan@siamics.net> wrote: [...] > 2016W40 nzbhuf@sarvtb.ru [185.58.205.96] [...] > 2016W39 bcswvsv@network-asp.ru [194.67.208.143] [...] > 2016W38 pvtll@mtvigroup.ru [194.67.208.216] [...] > 2016W37 bct@butovo-net.ru [194.67.210.18] [...] > 2016W36 vziykt@tyumfair.ru [194.67.208.60] [...] Ivan, I stripped out the domain names and sorted by unique IP addresses. By looking at the source IPs, one begins to see clearer paterns. 85.93.145.29 route: 85.93.144.0/20 descr: SPACENET-RU-144-20 origin: AS34300 94.142.141.60 route: 94.142.136.0/21 descr: MAROSNET Telecommunication Company Network origin: AS48666 185.5.248.60 route: 185.5.248.0/22 descr: MAROSNET Telecommunication Company Network origin: AS48666 185.58.205.96 route: 185.58.204.0/22 descr: MAROSNET Telecommunication Company Network origin: AS48666 185.58.206.76 185.58.206.163 185.58.206.232 route: 185.58.204.0/22 descr: MAROSNET Telecommunication Company Network origin: AS48666 185.87.48.131 185.87.48.186 route: 185.87.48.0/22 descr: MAROSNET Telecommunication Company Network origin: AS48666 193.124.176.209 route: 193.124.176.0/20 descr: MAROSNET Telecommunication Company Network origin: AS48666 193.124.186.253 193.124.189.172 193.124.189.192 193.124.190.134 193.124.191.224 route: 193.124.176.0/20 descr: MAROSNET Telecommunication Company Network origin: AS48666 194.67.208.7 194.67.208.8 194.67.208.50 194.67.208.60 194.67.208.101 194.67.208.143 194.67.208.216 194.67.208.219 194.67.208.220 194.67.208.224 194.67.208.232 194.67.208.249 194.67.209.7 194.67.209.56 194.67.209.151 194.67.210.2 194.67.210.18 194.67.210.159 194.67.210.222 194.67.211.17 route: 194.67.208.0/20 descr: MAROSNET Telecommunication Company Network origin: AS48666 My observations suggest that MAROSNET Telecommunication Company Network is running some large scale snowshoe spam hosting services. - -- David Ritz <dritz@mindspring.com> Be kind to animals; kiss a shark. -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlf4UYcACgkQUrwpmRoS3uvSWwCg+Zwx1BYS3m3vGi25kZnFurTu +nUAoLbZ/2tq/O5tjLk6Ak23Gf63dkBc =fBVp -----END PGP SIGNATURE-----
Back to comp.mail.misc | Previous | Next — Previous in thread | Next in thread | Find similar
SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-04 16:12 +0000
Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-05 19:29 -0500
Re: SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-07 16:55 +0000
Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 20:29 -0500
Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 20:53 -0500
Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-07 21:09 -0500
Re: SPF? DKIM? spammers can do them too Ivan Shmakov <ivan@siamics.net> - 2016-10-14 17:50 +0000
Re: SPF? DKIM? spammers can do them too David Ritz <dritz@mindspring.com> - 2016-10-14 15:21 -0500
spam from MAROSNET (AS48666) networks Ivan Shmakov <ivan@siamics.net> - 2016-10-19 15:35 +0000
spam from MAROSNET (AS48666) and GMHOST-NET (AS201094) networks Ivan Shmakov <ivan@siamics.net> - 2016-11-10 17:10 +0000
csiph-web