Today I saw hits from this campaign on another IP block as well, and
plugging that into SenderBase.org gives me:
http://www.senderbase.org/search?searchString=200.49.37.130
Note in the top right that they list:
200.49.36.0/22
belonging to Network Access Point S.R.L., and following that link
shows 19 domains, many of which follow Scott's spam campaign sample
domains.
Weirdly, plugging in that CIDR format back into SenderBase reveals
little joy.
I've submitted to spam@ multiple samples from today of spam that I
caught with and without Sniffer so that Pete can see what is common.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Thursday, June 16, 2005 3:58 PM
To: Chuck Schick
Subject: Re[2]: [sniffer] Spam blocks loading me up with spam
Additional info (justifying the IP block rules just added):
http://www.senderbase.org/search?searchString=200.49.48.0%2F20
I wonder why nobody else is listing these IPs yet. Could we just be the
first? (This exercise has given me some ideas for new research
tasks-- :-) )
Interesting.
_M
On Thursday, June 16, 2005, 6:46:13 PM, Chuck wrote:
CS We have been seeing these.
CS Chuck Schick
CS Warp 8, Inc.
CS (303)-421-5140
CS www.warp8.com
CS -Original Message-
CS From: [EMAIL PROTECTED]
CS [mailto:[EMAIL PROTECTED]
CS On Behalf Of Scott Fisher
CS Sent: Thursday, June 16, 2005 4:04 PM
CS To: sniffer@SortMonster.com
CS Subject: [sniffer] Spam blocks loading me up with spam
CS Am I the only one getting blasted by these spam from these IP
CS blocks? Sniffer seems a little behind on catching these.
CS 200.49.48.0/24 200.49.48.0/24
CS 200.49.49.0/24 200.49.49.0/24 mowz2.com
CS 200.49.50.0/24 200.49.50.0/24 qckcstmr.com
CS 200.49.51.0/24 200.49.51.0/24 srvdupfrsh.com
CS 200.49.52.0/24 200.49.52.0/24 aahtv.com
CS 200.49.53.0/24 200.49.53.0/24 aakai.com
CS 200.49.54.0/24 200.49.54.0/24 aakib.com
CS 200.49.55.0/24 200.49.55.0/24 aakli.com
CS 200.49.56.0/24 200.49.56.0/24 aafix.com
CS 200.49.57.0/24 200.49.57.0/24 e.com
CS 200.49.58.0/24 200.49.58.0/24
CS 200.49.59.0/24 200.49.59.0/24
CS Domain names and links seem to be five chars beginning with aa. They
CS also seem to be progressing through the IP blocks.
CS i think they started in on the June 15th and have been spamming
CS pretty consistantly.
CS This E-Mail came from the Message Sniffer mailing list. For
CS information and (un)subscription instructions go to
CS http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html
This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html