Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Possible SPAM] [email] (189.32.4.59) Do you want Xanax?

0 views
Skip to first unread message

Chris

unread,
Jun 11, 2007, 11:30:52 PM6/11/07
to

An accompanying mail was sent to the following addresses which
are thought to be responsible for domain(s), IP blocks, ASN, or
nameservers associated with the origin point:

ce...@cert.br, mail-...@cert.br, vir...@virtua.com.br


Message abstract:

Message ID: <000701c7ac1e$dd48f190$425a...@nymusikk.no>
Originating IP address:
189.32.4.59 (virtua-cwbas189-32-4-59.ctb.virtua.com.br)

ASN: 28573
ASN Description: Virtua - Net Servicos de Comunicacao S.A.
CIDR: 189.32.0.0/18

CIDR Report:
http://www.cidr-report.org/cgi-bin/as-report?as=28573

The following (if any) queryable spam-related information is
associated with the originating IP and/or domain:

virtua.com.br does not support abuse@domain mail.
virtua.com.br does not support postmaster@domain mail.


IP 189.32.4.59 (virtua-cwbas189-32-4-59.ctb.virtua.com.br) is known
to SpamHaus as a source or relay of spam.
See: http://www.spamhaus.org/

Classification(s):

- Illegal 3rd party exploits, including proxies, worms and trojans.

For more information on this host, see:

http://www.spamhaus.org/query/bl?ip=189.32.4.59

Please address these issues.


- Composite Blocklist: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=189.32.4.59

Additional resources of possible interest:

http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=189.32.4.59
http://openrbl.org/lookup?i=189.32.4.59
http://groups.google.com/groups?scoring=d&q=189.32.4.59+group:*abuse*


Among potential contact addresses found for this spam are:

IPW: ce...@cert.br, mail-...@cert.br, vir...@virtua.com.br
D:
WI: ce...@cert.br, mail-...@cert.br
AN: sist...@intelignet.com.br, mail-...@cert.br, antis...@abuse.net, vir...@virtua.com.br, ab...@embratel.net.br
RD:
AA: msar...@netservicos.com.br

The following addresses are not reachable per remote query or
local experience:

IG: ab...@virtua.com.br postm...@virtua.com.br

Slight munging applied to 'To' and 'Cc' lines to avoid bot-scraping, on request.

Chris Pollock cpol...@embarqmail.com

+------------------------------------------------------------------+
| This report produced by the SpamTools reporting kit licensed |
| under the GNU GPL and available at: |
| |
| http://linuxmafia.com/~karsten/Download/SpamTools.tar.gz |
| |
+------------------------------------------------------------------+

Version: : 1.42 $
Last updated: : 2005/06/26 16:10:48 $

---------------------------------------------------------------------

From fletc...@nymusikk.no Mon Jun 11 22:04:58 2007
Received: from pop.embarq.synacor.com [208.47.184.129]
by localhost.localdomain with POP3 (fetchmail-6.3.8)
for <cpollock@localhost> (single-drop); Mon, 11 Jun 2007 12:49:55 -0500 (CDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by smtp.embarq.synacor.com (Postfix) with ESMTP id A2D991FFB0
for <cpol...@embarqmail.com>; Mon, 11 Jun 2007 13:48:20 -0400 (EDT)
X-Virus-Scanned: amavisd-new at
Old-X-Spam-Score: 6.884
Old-X-Spam-Level: ******
Old-X-Spam-Status: No, score=6.884 tagged_above=-10 required=10
tests=[BAYES_50=0.001, DATE_IN_PAST_03_06=0.478, DRUGS_ANXIETY=0.404,
FUZZY_PRESCRIPT=3.6, SUBJECT_DRUG_GAP_X=2.401]
Received: from smtp.embarq.synacor.com ([127.0.0.1])
by localhost (smtp08.embarq.synacor.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Zp5fg0Xs3K47 for <cpol...@embarqmail.com>;
Mon, 11 Jun 2007 13:48:17 -0400 (EDT)
Received: from smarth-osier.atl.sa.earthlink.net (smarth-osier.atl.sa.earthlink.net [207.69.195.100])
by smtp.embarq.synacor.com (Postfix) with ESMTP id A7F9A1FFDF
for <cpol...@embarqmail.com>; Mon, 11 Jun 2007 13:48:17 -0400 (EDT)
Received: from mx-clapper.atl.sa.earthlink.net ([207.69.195.23])
by smarth-osier.atl.sa.earthlink.net with smtp (Exim 3.36 #4)
id 1Hxo01-0002n7-00
for cpol...@embarqmail.com; Mon, 11 Jun 2007 13:48:17 -0400
X-ELNK-Loop: cpol...@earthlink.net
Received: from noehlo.host ([127.0.0.1])
by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1hXNZV3F73Nl34b6; Mon, 11 Jun 2007 13:48:11 -0400 (EDT)
Received: from d9sqge2 ([189.32.4.59])
by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1hXNZJ4Pt3Nl34b0; Mon, 11 Jun 2007 13:48:02 -0400 (EDT)
Message-ID: <000701c7ac1e$dd48f190$425a...@nymusikk.no>
Reply-To: "Regina Fletcher" <fletc...@nymusikk.no>
From: "Regina Fletcher" <fletc...@nymusikk.no>
To: <cpollock<at>22134.earthlink.net>
Subject: Do you want Xanax?
Date: Mon, 11 Jun 2007 07:51:36 -0400
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="windows-1250"
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Antivirus: avast! (VPS 000748-3, 11/06/2007), Outbound message
X-Antivirus-Status: Clean
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
X-SenderIP: 189.32.4.59
X-ASN: ASN-28573
X-CIDR: 189.32.0.0/18

We have all of your Favorite RX-Meds available 0nline!
With fast discreet trackable FedEx shipping!
No_Prescripti0n_Needed!
0rder Now at - netprods . com

---------------------------------------------------------------------

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages