This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Fw: Spam-phishing
- Previous message (by thread): [anti-abuse-wg] Fw: Spam-phishing
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Simon Antony Roberts
leshy at extraterrestrialmail.com
Fri Aug 21 04:54:48 CEST 2015
ohh dear was meant to do reply to all... You know we are when we get a chance making a Public Honeypot called Xortify.com we have a couple of sleeping drones already for XOOPS and Wordpress in trial... for all kinds of cross selectable filters like all ranged of age and creedence type bans.. Tanty http://twitter.com/Cipherhouse http://cipher.labs.coop On Thu, 2015-08-20 at 19:48 -0300, Marilson wrote: > The same phishing using Banco Itaú by the same criminal with the > knowing of the same provider. > > The Provider (ISP) is Aruba S.p.A. Network > The Host is aruba.it > And the spammer is dyodue.com but this spammer doesn’t exist, so... > Shame on you Aruba! > > ID BY DBIP > IP address 62.149.158.86 > Address type > IPv4 > Hostname > smartcmd0186.aruba.it > ISP > Aruba S.p.A. Network > Timezone > Europe/Rome (UTC+2) > Local time > 00:40:13 > Country > Italy > State / Region > Tuscany > HEADER > Delivered-To: marilson.mapa at gmail.com > Received: by 10.202.183.198 with SMTP id h189csp26168oif; > Tue, 18 Aug 2015 18:37:03 -0700 (PDT) > X-Received: by 10.194.248.201 with SMTP id > yo9mr18050902wjc.31.1439948222853; > Tue, 18 Aug 2015 18:37:02 -0700 (PDT) > Return-Path: <anonymous at webxc44s04.ad.aruba.it> > Received: from smtpdb86.aruba.it (smartcmd0186.aruba.it. > [62.149.158.86]) > by mx.google.com with ESMTP id > jg6si30851679wid.4.2015.08.18.18.37.01 > for <marilson.mapa at gmail.com>; > Tue, 18 Aug 2015 18:37:02 -0700 (PDT) > Received-SPF: pass (google.com: domain of > anonymous at webxc44s04.ad.aruba.it designates 62.149.158.86 as permitted > sender) client-ip=62.149.158.86; > Authentication-Results: mx.google.com; > spf=pass (google.com: domain of > anonymous at webxc44s04.ad.aruba.it designates 62.149.158.86 as permitted > sender) smtp.mailfrom=anonymous at webxc44s04.ad.aruba.it > Received: from webxc44s04.ad.aruba.it ([62.149.145.38]) > by smartcmd01.ad.aruba.it with bizsmtp > id 6Rd11r00W0pvj5a01Rd1wX; Wed, 19 Aug 2015 03:37:01 +0200 > Received: (qmail 16220 invoked by uid 19176666); 19 Aug 2015 01:37:01 > -0000 > Date: 19 Aug 2015 01:37:01 -0000 > Message-ID: <20150819013701.16218.qmail at webxc44s04.ad.aruba.it> > To: marilson.mapa at gmail.com > Subject: ULTIMA TENTATIVA DE CONTATO - 19/08/2015 03:37:00 > X-PHP-Originating-Script: 19176666:index.php > MIME-Version: 1.0 > Content-type: text/html; charset=iso-8859-1 > From: Atendimento viak at dyodue.com > > TEXT > From: Atendimento > Sent: Tuesday, August 18, 2015 10:37 PM > To: marilson.mapa at gmail.com > Subject: ULTIMA TENTATIVA DE CONTATO - 19/08/2015 03:37:00 > > > > > > > From: Marilson > Sent: Tuesday, August 11, 2015 3:49 PM > To: crime.internet at dpf.gov.br > Cc: abuse at staff.aruba.it ; ethics-hotline at arubanetworks.com ; > gmail-abuse at google.com > Subject: Fw: Spam-phishing > > Four phishing in last 24 hours sent by the same sociopath. > > Someone will do something? Someone will give some information about > this FK p*rr*? > > ID BY AbuseIPDB.com > 62.149.158.70 was found in our database! > This IP was reported 1 time. Click here for details. > > > ISP: > Aruba S.p.A. > Host Name: > smtplqs-out30.aruba.it > Organization: > Aruba S.p.A. - Shared Hosting and > Mail services > Country: > Italy (IT) > > > > > > > HEADER > Delivered-To: marilson.mapa at gmail.com > Received: by 10.27.37.212 with SMTP id l203csp1244523wll; > Tue, 11 Aug 2015 08:35:35 -0700 (PDT) > X-Received: by 10.194.118.227 with SMTP id > kp3mr5322711wjb.97.1439307334978; > Tue, 11 Aug 2015 08:35:34 -0700 (PDT) > Return-Path: <CentraldeAvisos at centralavisos.com.br> > Received: from smtplqs-out30.aruba.it (smtplqs-out30.aruba.it. > [62.149.158.70]) > by mx.google.com with ESMTP id > q10si5274003wiw.112.2015.08.11.08.35.34 > for <marilson.mapa at gmail.com>; > Tue, 11 Aug 2015 08:35:34 -0700 (PDT) > Received-SPF: neutral (google.com: 62.149.158.70 is neither permitted > nor denied by best guess record for domain of > CentraldeAvisos at centralavisos.com.br) client-ip=62.149.158.70; > Authentication-Results: mx.google.com; > spf=neutral (google.com: 62.149.158.70 is neither permitted nor > denied by best guess record for domain of > CentraldeAvisos at centralavisos.com.br) > smtp.mailfrom=CentraldeAvisos at centralavisos.com.br > Received: from webxc46s06.ad.aruba.it ([62.149.145.56]) > by smartcmd03.ad.aruba.it with bizsmtp > id 3Tba1r0031DDpAN01Tba0u; Tue, 11 Aug 2015 17:35:34 +0200 > Received: (qmail 4868 invoked by uid 19230025); 11 Aug 2015 15:35:34 > -0000 > Date: 11 Aug 2015 15:35:34 -0000 > Message-ID: <20150811153534.4866.qmail at webxc46s06.ad.aruba.it> > To: marilson.mapa at gmail.com > Subject: Ultimo Aviso > X-PHP-Originating-Script: 19230025:index.php > MIME-Version: 1.0 > Content-type: text/html; charset=iso-8859-1 > From: <CentraldeAvisos at centralavisos.com.br> > Reply-To: CentraldeAvisos at centralavisos.com.br > > TEST > From: CentraldeAvisos at centralavisos.com.br > Sent: Tuesday, August 11, 2015 12:35 PM > To: marilson.mapa at gmail.com > Subject: Ultimo Aviso > > > > > > From: Marilson > Sent: Tuesday, August 11, 2015 1:13 AM > To: crime.internet at dpf.gov.br > Cc: abuse at staff.aruba.it ; mail-abuse at cert.br ; mail-abuse at nic.br ; > ethics-hotline at arubanetworks.com ; gmail-abuse at google.com > Subject: Spam-phishing > > Another phishing using Banco do Brasil and Itau. > > Sirs of Aruba S.p.A. Network, your client bbcom.com.br (domain) BBCom > Propaganda Ltda (owner) Enio Marcos Babireski Barcelos (responsible) > > and itaucom.com.br (domain) who has two IP 200.189.40.11 and > 200.192.232.11, both owned by NIC.BR (????), are practicing phishing. > > Follow criminals: http://www.intodns.com/itaucom.com.br ==> > http://whois.domaintools.com/200.192.232.11 > > Enjoy! > Marilson > > ID BY Public Domain Registry > > domain: bbcom.com.br > owner: BBCom Propaganda Ltda > responsible: Enio Marcos Babireski Barcelos > country: BR > owner-c: EMB97 > admin-c: EMB97 > tech-c: EMB97 > billing-c: EMB97 > nserver: ns1.locaweb.com.brinetnum: > > ID BY DOMAINTOOLS > > IP Address > 200.189.40.11 > Reverse IP > 1 website uses this address. > inetnum: 200.189.40/24 > aut-num: AS10906 > abuse-c: FAN > owner: Núcleo de Inf. e Coord. do Ponto BR - NIC.BR > ownerid: 005.506.560/0001-36 > responsible: Demi Getschko > country: BR > nic-hdl-br: FAN > person: Frederico Augusto de Carvalho Neves > e-mail: > HEADER 1/2 > Delivered-To: marilson.mapa at gmail.com > Received: by 10.27.37.212 with SMTP id l203csp829500wll; > Mon, 10 Aug 2015 13:42:24 -0700 (PDT) > X-Received: by 10.195.13.200 with SMTP id > fa8mr47845321wjd.9.1439239344633; > Mon, 10 Aug 2015 13:42:24 -0700 (PDT) > Return-Path: <atendimento at bb.com.br> > Received: from smtpdb86.aruba.it (smartcmd0186.aruba.it. > [62.149.158.86]) > by mx.google.com with ESMTP id > gs6si18481102wib.46.2015.08.10.13.42.24 > for <marilson.mapa at gmail.com>; > Mon, 10 Aug 2015 13:42:24 -0700 (PDT) > Received-SPF: fail (google.com: domain of atendimento at bb.com.br does > not designate 62.149.158.86 as permitted sender) > client-ip=62.149.158.86; > Authentication-Results: mx.google.com; > spf=fail (google.com: domain of atendimento at bb.com.br does not > designate 62.149.158.86 as permitted sender) > smtp.mail=atendimento at bb.com.br > Received: from webxc46s02.ad.aruba.it ([62.149.145.52]) > by smartcmd01.ad.aruba.it with bizsmtp > id 38iP1r00e1837pJ018iPjg; Mon, 10 Aug 2015 22:42:23 +0200 > Received: (qmail 46041 invoked by uid 19230025); 10 Aug 2015 20:42:23 > -0000 > Date: 10 Aug 2015 20:42:23 -0000 > Message-ID: <20150810204223.46039.qmail at webxc46s02.ad.aruba.it> > To: marilson.mapa at gmail.com > Subject: RES: Aviso > X-PHP-Originating-Script: 19230025:index.php > MIME-Version: 1.0 > Content-type: text/html; charset=iso-8859-1 > From: <Atendimento at bbcom.com.br> > Reply-To: Atendimento at bbcom.com.br > > HEADER 2/2 > Delivered-To: marilson.mapa at gmail.com > Received: by 10.27.37.212 with SMTP id l203csp777616wll; > Mon, 10 Aug 2015 11:34:45 -0700 (PDT) > X-Received: by 10.194.103.7 with SMTP id > fs7mr46475107wjb.75.1439231685256; > Mon, 10 Aug 2015 11:34:45 -0700 (PDT) > Return-Path: <atendimento at itau.com.br> > Received: from smartcmd0187.aruba.it (smartcmd0188.aruba.it. > [62.149.158.88]) > by mx.google.com with ESMTP id > bh6si17651852wib.28.2015.08.10.11.34.44 > for <marilson.mapa at gmail.com>; > Mon, 10 Aug 2015 11:34:45 -0700 (PDT) > Received-SPF: fail (google.com: domain of atendimento at itau.com.br does > not designate 62.149.158.88 as permitted sender) > client-ip=62.149.158.88; > Authentication-Results: mx.google.com; > spf=fail (google.com: domain of atendimento at itau.com.br does > not designate 62.149.158.88 as permitted sender) > smtp.mail=atendimento at itau.com.br > Received: from webxc46s02.ad.aruba.it ([62.149.145.52]) > by smartcmd01.ad.aruba.it with bizsmtp > id 36ak1r00g1837pJ016akXV; Mon, 10 Aug 2015 20:34:44 +0200 > Received: (qmail 26736 invoked by uid 19230025); 10 Aug 2015 18:34:44 > -0000 > Date: 10 Aug 2015 18:34:44 -0000 > Message-ID: <20150810183444.26735.qmail at webxc46s02.ad.aruba.it> > To: marilson.mapa at gmail.com > Subject: Aviso: > X-PHP-Originating-Script: 19230025:index.php > MIME-Version: 1.0 > Content-type: text/html; charset=iso-8859-1 > From: <Atendimento at itaucom.com.br> > Reply-To: Atendimento at itaucom.com.br > > TEXT 1/2 > From: Atendimento at bbcom.com.br > Sent: Monday, August 10, 2015 5:42 PM > To: marilson.mapa at gmail.com > Subject: RES: Aviso > > Bloqueio de sua Conta - Ultimo Aviso (Comunicado Urgente) > > Private Bank > > > > TEXT 2/2 > > From: Atendimento at itaucom.com.br > Sent: Monday, August 10, 2015 3:34 PM > To: marilson.mapa at gmail.com > Subject: Aviso: > > > > > > Bloqueio de sua Conta > >
- Previous message (by thread): [anti-abuse-wg] Fw: Spam-phishing
- Next message (by thread): [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]