[email] [botnet][phish] (95.72.163.45) service message from USAA Thu, 2 Apr 2009 14:19:20..
David Ritz
Hash: SHA1
spam source:
dritz:~> whois -h whois.cymru.com 95.72.163.45 ; date
AS | IP | AS Name
25515 | 95.72.163.45 | CTCNET-AS Joint-Stock Central Telecommunication Company Autonomous System
Thu Apr 2 16:04:52 UTC 2009
============================================================================
spam host and DNS:
[ whois.cymru.com ]
AS | IP | AS Name
3352 | 88.31.112.44 | TELEFONICA-DATA-ESPANA Internet Access Network of TDE
5089 | 80.7.18.200 | NTL NTL Group Limited
5089 | 82.13.84.146 | NTL NTL Group Limited
5089 | 86.6.171.181 | NTL NTL Group Limited
6079 | 205.178.14.51 | RCN-AS - RCN Corporation
7015 | 24.61.251.28 | CCCH-AS2 - Comcast Cable Communications Holdings, Inc
7132 | 76.205.83.181 | SBIS-AS - AT&T Internet Services
8466 | 139.179.203.201 | BILKENT Bilkent
8615 | 79.165.82.17 | CNT-AS CNT Autonomous System
9304 | 221.127.139.227 | HUTCHISON-AS-AP Hutchison Global Communications
11060 | 76.188.187.14 | NEO-RR-COM - Road Runner HoldCo LLC
11351 | 74.78.48.138 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
11351 | 76.78.215.254 | RR-NYSREGION-ASN-01 - Road Runner HoldCo LLC
12338 | 85.85.235.187 | EUSKALTEL Euskaltel Autonomous System
16338 | 85.137.236.180 | AUNA_TELECOM-AS Cableuropa - ONO
29314 | 88.156.177.237 | VECTRANET-AS Vectra Technologie S.A. Autonomous System
33668 | 68.42.187.195 | DNEO-OSP7 - Comcast Cable Communications, Inc.
36167 | 66.219.22.109 | NETRIPLEX01 - NETRIPLEX LLC
Thu Apr 2 15:38:14 UTC 2009
============================================================================
[ SpamCop V4.5.0.101 ]
This message is brief for your comfort. Please use links below for details.
User-targeted report, see notes, if any.
http://www.spamcop.net/w3m?i=z3996565614za11b7a336ea6ee483c3ae20bab15299cz
95.72.163.45 is open proxy, see: http://www.spamcop.net/mky-proxies.html
[ Comments from recipient regarding 95.72.163.45 ]
> dritz:~> blq -ant 95.72.163.45 ; date
> 95.72.163.45 : cbl.abuseat.org : BLOCKED (127.0.0.2)
> Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=95.72.163.45
> 95.72.163.45 : zen.spamhaus.org : BLOCKED (127.0.0.11)
> http://www.spamhaus.org/query/bl?ip=95.72.163.45
> 95.72.163.45 : bl.spamcop.net : BLOCKED (127.0.0.2)
> Blocked - see http://www.spamcop.net/bl.shtml?95.72.163.45
> 95.72.163.45 : bl.asnbl.org : BLOCKED (127.0.0.7)
> Top-spew - 95.72.163.0/24 blocked - too many spam-spewing hosts
> in your /24 - 42 IPs detected
> 95.72.163.45 : dnsbl-1.uceprotect.net : BLOCKED (127.0.0.2)
> IP 95.72.163.45 is UCEPROTECT-Level 1 listed. See
> http://www.uceprotect.net/rblcheck.php?ipr=95.72.163.45
> 95.72.163.45 : dnsbl-2.uceprotect.net : BLOCKED (127.0.0.2)
> Net 95.72.0.0/15 is UCEPROTECT-Level2 listed because 1521 abusers
> are hosted by /AS25515 there. See:
> http://www.uceprotect.net/rblcheck.php?ipr=95.72.163.45
> Thu Apr 2 15:40:47 UTC 2009
>
[ Additional comments from recipient ]
> dritz:~% uri h1llj.com ; dig \*.h1llj.com ; date
> h1llj.com.multi.uribl.com descriptive text "Blacklisted, see
> http://lookup.uribl.com/?domain=h1llj.com"
> h1llj.com.multi.surbl.org descriptive text "Blocked, h1llj.com on
> lists [jp][ph][ws], See: http://www.surbl.org/lists.html"
>
> ; <<>> DiG 8.3 <<>> *.h1llj.com
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28935
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 4, ADDITIONAL: 4
> ;; QUERY SECTION:
> ;; *.h1llj.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> *.h1llj.com. 30M IN A 74.78.48.138
> *.h1llj.com. 30M IN A 76.78.215.254
> *.h1llj.com. 30M IN A 76.188.187.14
> *.h1llj.com. 30M IN A 76.205.83.181
> *.h1llj.com. 30M IN A 79.165.82.17
> *.h1llj.com. 30M IN A 80.7.18.200
> *.h1llj.com. 30M IN A 82.13.84.146
> *.h1llj.com. 30M IN A 85.85.235.187
> *.h1llj.com. 30M IN A 85.137.236.180
> *.h1llj.com. 30M IN A 86.6.171.181
> *.h1llj.com. 30M IN A 88.156.177.237
> *.h1llj.com. 30M IN A 139.179.203.201
> *.h1llj.com. 30M IN A 221.127.139.227
> *.h1llj.com. 30M IN A 24.61.251.28
> *.h1llj.com. 30M IN A 68.42.187.195
>
> ;; AUTHORITY SECTION:
> h1llj.com. 8m39s IN NS ns1.bus-on-line.com.
> h1llj.com. 8m39s IN NS ns1.americans-tool.com.
> h1llj.com. 8m39s IN NS ns2.bus-on-line.com.
> h1llj.com. 8m39s IN NS ns2.americans-tool.com.
>
> ;; ADDITIONAL SECTION:
> ns1.bus-on-line.com. 1d23h38m39s IN A 66.219.22.109
> ns1.americans-tool.com. 1d23h38m39s IN A 66.219.22.109
> ns2.bus-on-line.com. 1d23h38m39s IN A 205.178.14.51
> ns2.americans-tool.com. 1d23h38m39s IN A 88.31.112.44
>
> ;; Total query time: 3735 msec
> ;; FROM: helium.iphouse.net to SERVER: 127.0.0.1
> ;; WHEN: Thu Apr 2 10:34:36 2009
> ;; MSG SIZE sent: 29 rcvd: 443
>
> Thu Apr 2 15:34:36 UTC 2009
>
[ Offending message ]
Return-Path: <Y0N...@hotmail.com>
X-Original-To: x
Delivered-To: x.mako.ath.cx
Received: from glimmer.mako.ath.cx (localhost [127.0.0.1])
by glimmer.local (Postfix) with ESMTP id C1CC67D8279
for <x>; Thu, 2 Apr 2009 10:03:35 -0500 (CDT)
Received: from pop.mindspring.com
by glimmer.mako.ath.cx with POP3 (fetchmail-6.3.9)
for <x> (single-drop); Thu, 02 Apr 2009 10:03:35 -0500 (CDT)
Received: from wanamaker.mail.atl.earthlink.net ([127.0.0.1])
by wanamaker.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1lPkX732N3Nl3oJ1; Thu, 2 Apr 2009 07:19:21 -0400 (EDT)
Received: from ???????? ([95.72.163.45])
by wanamaker.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1lPkWW6zg3Nl3oJ1; Thu, 2 Apr 2009 07:19:13 -0400 (EDT)
Received: from [95.72.163.45] by mx2.hotmail.com; Thu, 2 Apr 2009 14:19:20 +0300
Message-ID: <01c9__________________485f@Y0NNNS>
From: "USAA" <USAA.Web...@customermail.usaa.com>
To: <x>
Subject: service message from USAA Thu, 2 Apr 2009 14:19:20 +0300
Date: Thu, 2 Apr 2009 14:19:20 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C9B39E.03662400"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-ELNK-Received-Info: spv=1;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000;
This is a multi-part message in MIME format.
- ------=_NextPart_000_0007_01C9B39E.03662400
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
To ensure delivery to your inbox, please add USAA.Web.Services@customerma=
il.usaa.com to your address book.
Confirmation Form Online Security Guarantee Dear USAA Customer,We woul=
d like to inform you that we have released a new version of USAA Confirma=
tion Form. This form is required to be completed by all USAA customers. P=
lease use the button below in order to access the form:
Access USAA Confrmation Formhank you,
USAA
Please do not reply to this e-mail. To send a secure message to USAA, pl=
ease contact us.
Privacy Promise
USAA, 9800 Fredericksburg Road, San Antonio, Texas 78288
USAA means United Services Automobile Association and its insurance, bank=
ing, investment and other
companies. Banks Member FDIC. Investments provided by USAA Investment Ma=
nagement Company
and USAA Financial Advisors Inc., both registered broker dealers.
66661-1208
- ------=_NextPart_000_0007_01C9B39E.03662400
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
2">
<META content=3D"MSHTML 6.00.2900.2670" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td valign=
=3D"top" style=3D"font:inherit;">
<div align=3D"center">
<table bgcolor=3D"#b5d7e6" border=3D"0" cellpadding=3D"0" cellspacing=3D"=
0" width=3D"650">
<tbody><tr>
<td align=3D"center" background=3D"https://content.usaa.com/mcontent/stat=
ic_assets/Media/email_emailbar_bg.gif" valign=3D"middle" width=3D"650" he=
ight=3D"35"><font style=3D"color: rgb(146, 146, 146); font-size: 9px;" fa=
ce=3D"Verdana, sans-serif">To ensure delivery to your inbox, please add <=
span style=3D"color: rgb(104, 167, 197);">USAA.Web.Services@customermail.=
usaa.com</span> to your address book.</font></td>
<td>
<br></td></tr>
</tbody></table>
<table bgcolor=3D"#b5d7e6" border=3D"0" cellpadding=3D"0" cellspacing=3D"=
0" width=3D"650">
<tbody><tr>
<td width=3D"10"><br></td>
<td align=3D"center" bgcolor=3D"white" width=3D"630">
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"604">
<tbody><tr>
<td colspan=3D"4" height=3D"5"><br></td>
</tr>
<tr>
<td width=3D"54" height=3D"45"><a rel=3D"nofollow" target=3D"_blank" href=
=3D"https://www.usaa.com/inet/ent_logon/Logon?EID=3D66661-1208_head"><img=
src=3D"https://content.usaa.com/mcontent/static_assets/Media/email_logo.=
gif" border=3D"0" width=3D"61" height=3D"41"></a></td>
<td>
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">
<tbody><tr>
<td style=3D"font-family: Arial,sans-serif; font-style: normal; font-vari=
ant: normal; font-weight: bold; font-size: 16px; line-height: normal; fon=
t-size-adjust: none; font-stretch: normal; -x-system-font: none; color: r=
gb(109, 109, 109);" align=3D"left" height=3D"22"><span style=3D"display: =
block; margin-top: 9px;">Confirmation Form </span></td>
</tr>
<tr>
<td align=3D"left" height=3D"23" nowrap=3D"nowrap"> </td>
</tr>
</tbody></table></td>
<td align=3D"right" valign=3D"middle" width=3D"367" height=3D"45"><a rel=
=3D"nofollow" target=3D"_blank" href=3D"https://www.usaa.com/inet/ent_uti=
ls/McStaticPages?key=3Dsecurity_guarantee&EID=3D66661-1208_head" styl=
e=3D"color: rgb(182, 182, 182);"><font size=3D"1" face=3D"Verdana, sans-s=
erif">Online Security Guarantee</font></a> </td>
<td width=3D"16" height=3D"45"><img src=3D"https://content.usaa.com/mcont=
ent/static_assets/Media/email_lock.gif?EID=3D66661-1208_open" border=3D"0=
" width=3D"18" height=3D"24"></td>
</tr>
</tbody></table>
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"95%">
<tbody>
<tr>
<td align=3D"left" width=3D"95%">
<font style=3D"color: rgb(51, 51, 51); font-size: 11px; line-height: 18px=
;" face=3D"Verdana, sans-serif"> </font>
<p><font face=3D"Verdana, sans-serif" style=3D"color: rgb(51, 51, 51); fo=
nt-size: 11px; line-height: 18px;">Dear USAA Customer,</font></p>
<font style=3D"color: rgb(51, 51, 51); font-size: 11px; line-height: 18px=
;" face=3D"Verdana, sans-serif">We would like to inform you that we have =
released a new version of USAA Confirmation Form. This form is required t=
o be completed by all USAA customers. Please use the button below in orde=
r to access the form:<br>
</p>
<table style=3D"background: transparent url(https://content.usaa.com/mcon=
tent/static_assets/Media/email_change_pref_bg.gif) no-repeat scroll left =
top; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-ini=
tial; -moz-background-inline-policy: -moz-initial;" bgcolor=3D"#6cae35" b=
order=3D"0" cellpadding=3D"0" cellspacing=3D"0" height=3D"15">
<tbody><tr bgcolor=3D"#6cae35">
<td align=3D"center" bgcolor=3D"#6cae35" valign=3D"middle" width=3D"15"><=
img src=3D"https://content.usaa.com/mcontent/static_assets/Media/email_ct=
a_arrow.gif" width=3D"15" height=3D"15"></td>
<td align=3D"center" bgcolor=3D"#6cae35" valign=3D"middle" width=3D"194">=
<a href=3D"http://www.usaa.com.1ijli.com/inet/ent_formversionnew/do_actio=
n?id=3D332711047715114840455661418337783679008021071221659310873570877653=
922511906" style=3D"font-family: arial,sans-serif; font-style: normal; fo=
nt-variant: normal; font-weight: bold; font-size: 12px; line-height: norm=
al; font-size-adjust: none; font-stretch: normal; -x-system-font: none; c=
olor: rgb(255, 255, 255); text-decoration: none;">Access USAA Confrmation=
Form</a></td>
</tr>
</tbody></table>
<p>hank you,<br>
USAA<br>
</p>
</font></td>
<td> </td>
</tr>
<tr>
<td colspan=3D"2" height=3D"30"> </td>
</tr>
</tbody></table>
</td>
<td background=3D"https://content.usaa.com/mcontent/static_assets/Media/e=
mail_vertical-ds.gif" width=3D"5"><br></td>
<td width=3D"5"><br></td>
</tr>
<tr>
<td width=3D"10" height=3D"5"><br></td>
<td background=3D"https://content.usaa.com/mcontent/static_assets/Media/e=
mail_horizontal-ds.gif" width=3D"630" height=3D"5"><br></td>
<td width=3D"5" height=3D"5"><img src=3D"https://content.usaa.com/mconten=
t/static_assets/Media/email_corner-ds.gif" border=3D"0" width=3D"5" heigh=
t=3D"5"></td>
<td width=3D"5" height=3D"5"><br></td>
</tr>
<tr>
<td colspan=3D"4" height=3D"20"> </td>
</tr>
<tr>
<td colspan=3D"4" align=3D"center">
<font style=3D"color: rgb(109, 109, 109); font-size: 10px; line-height: 1=
8px;" face=3D"Verdana, sans-serif">
Please do not reply to this e-mail. To send a secure message to USAA, ple=
ase <a rel=3D"nofollow" target=3D"_blank" href=3D"https://www.usaa.com/in=
et/ent_references/CpSendUsAMessage?ContentArea=3Dcp&EID=3D66661-1208_=
foot" style=3D"color: rgb(64, 140, 176); text-decoration: none;">contact =
us</a>.<br>
<br>
<a rel=3D"nofollow" target=3D"_blank" href=3D"https://www.usaa.com/inet/e=
nt_utils/McStaticPages?key=3Dprivacy_promise&EID=3D66661-1208_foot" s=
tyle=3D"color: rgb(109, 109, 109);">Privacy Promise</a><br>
USAA, 9800 Fredericksburg Road, San Antonio, Texas 78288<br>
<div style=3D"padding: 10px;" align=3D"left">USAA means United Services A=
utomobile Association and <a rel=3D"nofollow" target=3D"_blank" href=3D"h=
ttps://www.usaa.com/inet/ent_utils/McStaticPages?key=3Dabout_usaa_overvie=
w&EID=3D66661-1208_foot" style=3D"color: rgb(64, 140, 176); text-deco=
ration: none;">its insurance, banking, investment and other<br> companies=
</a>. Banks Member FDIC. Investments provided by USAA Investment Manageme=
nt Company<br> and USAA Financial Advisors Inc., both registered broker d=
ealers.</div>
</font>
</td>
</tr>
<tr><td colspan=3D"4" align=3D"right">
<font style=3D"color: rgb(109, 109, 109); font-size: 10px; line-height: 1=
8px;" face=3D"Verdana, sans-serif">66661-1208 </font><br=
><br>
</td>
</tr></tbody></table>
</div>
</div></td></tr></table><br>
</BODY></HTML>
- ------=_NextPart_000_0007_01C9B39E.03662400--
- --
David Ritz <dritz+...@mindspring.com>
Be kind to animals; kiss a shark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Public Keys: <http://dritz.home.mindspring.com/keys.txt>
iEYEARECAAYFAknU5vMACgkQUrwpmRoS3uteBACgh2Vchu4cmS+CDwdLF2/P/U4y
yG0Anj9EaOs66/E5gN6BIkzhoSURJDGX
=be9X
-----END PGP SIGNATURE-----
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/