Re[2]: [sniffer] Spam blocks loading me up with spam

2005-06-16 Thread Pete McNeil
Additional info (justifying the IP block rules just added):

http://www.senderbase.org/search?searchString=200.49.48.0%2F20

I wonder why nobody else is listing these IPs yet. Could we just be
the first? (This exercise has given me some ideas for new research
tasks-- :-) )

Interesting.

_M

On Thursday, June 16, 2005, 6:46:13 PM, Chuck wrote:

CS We have been seeing these.

CS Chuck Schick
CS Warp 8, Inc.
CS (303)-421-5140
CS www.warp8.com

CS -Original Message-
CS From: [EMAIL PROTECTED]
CS [mailto:[EMAIL PROTECTED]
CS On Behalf Of Scott Fisher
CS Sent: Thursday, June 16, 2005 4:04 PM
CS To: sniffer@SortMonster.com
CS Subject: [sniffer] Spam blocks loading me up with spam



CS Am I the only one getting blasted by these spam from these IP blocks?
CS Sniffer seems a little behind on catching these.

CS 200.49.48.0/24  200.49.48.0/24 
CS 200.49.49.0/24  200.49.49.0/24  mowz2.com  
CS 200.49.50.0/24  200.49.50.0/24  qckcstmr.com  
CS 200.49.51.0/24  200.49.51.0/24  srvdupfrsh.com  
CS 200.49.52.0/24  200.49.52.0/24  aahtv.com  
CS 200.49.53.0/24  200.49.53.0/24  aakai.com  
CS 200.49.54.0/24  200.49.54.0/24  aakib.com  
CS 200.49.55.0/24  200.49.55.0/24  aakli.com  
CS 200.49.56.0/24  200.49.56.0/24  aafix.com  
CS 200.49.57.0/24  200.49.57.0/24  e.com  
CS 200.49.58.0/24  200.49.58.0/24  
CS 200.49.59.0/24  200.49.59.0/24

CS Domain names and links seem to be five chars beginning with aa. They also
CS seem to be progressing through the IP blocks.  

CS i think they started in on the June 15th and have been spamming pretty
CS consistantly.


CS This E-Mail came from the Message Sniffer mailing list. For
CS information and (un)subscription instructions go to
CS http://www.sortmonster.com/MessageSniffer/Help/Help.html


This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html


RE: Re[2]: [sniffer] Spam blocks loading me up with spam

2005-06-16 Thread Colbeck, Andrew
Today I saw hits from this campaign on another IP block as well, and
plugging that into SenderBase.org gives me:

http://www.senderbase.org/search?searchString=200.49.37.130

Note in the top right that they list:

200.49.36.0/22

belonging to Network Access Point S.R.L., and following that link
shows 19 domains, many of which follow Scott's spam campaign sample
domains.

Weirdly, plugging in that CIDR format back into SenderBase reveals
little joy.

I've submitted to spam@ multiple samples from today of spam that I
caught with and without Sniffer so that Pete can see what is common.

Andrew 8)


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Thursday, June 16, 2005 3:58 PM
To: Chuck Schick
Subject: Re[2]: [sniffer] Spam blocks loading me up with spam


Additional info (justifying the IP block rules just added):

http://www.senderbase.org/search?searchString=200.49.48.0%2F20

I wonder why nobody else is listing these IPs yet. Could we just be the
first? (This exercise has given me some ideas for new research
tasks-- :-) )

Interesting.

_M

On Thursday, June 16, 2005, 6:46:13 PM, Chuck wrote:

CS We have been seeing these.

CS Chuck Schick
CS Warp 8, Inc.
CS (303)-421-5140
CS www.warp8.com

CS -Original Message-
CS From: [EMAIL PROTECTED] 
CS [mailto:[EMAIL PROTECTED]
CS On Behalf Of Scott Fisher
CS Sent: Thursday, June 16, 2005 4:04 PM
CS To: sniffer@SortMonster.com
CS Subject: [sniffer] Spam blocks loading me up with spam



CS Am I the only one getting blasted by these spam from these IP 
CS blocks? Sniffer seems a little behind on catching these.

CS 200.49.48.0/24  200.49.48.0/24 
CS 200.49.49.0/24  200.49.49.0/24  mowz2.com
CS 200.49.50.0/24  200.49.50.0/24  qckcstmr.com  
CS 200.49.51.0/24  200.49.51.0/24  srvdupfrsh.com  
CS 200.49.52.0/24  200.49.52.0/24  aahtv.com  
CS 200.49.53.0/24  200.49.53.0/24  aakai.com  
CS 200.49.54.0/24  200.49.54.0/24  aakib.com  
CS 200.49.55.0/24  200.49.55.0/24  aakli.com  
CS 200.49.56.0/24  200.49.56.0/24  aafix.com  
CS 200.49.57.0/24  200.49.57.0/24  e.com  
CS 200.49.58.0/24  200.49.58.0/24  
CS 200.49.59.0/24  200.49.59.0/24

CS Domain names and links seem to be five chars beginning with aa. They

CS also seem to be progressing through the IP blocks.

CS i think they started in on the June 15th and have been spamming 
CS pretty consistantly.


CS This E-Mail came from the Message Sniffer mailing list. For 
CS information and (un)subscription instructions go to 
CS http://www.sortmonster.com/MessageSniffer/Help/Help.html


This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html

This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html