Logo

  • Register
  • | Login
  • Facebook
  • Twitter
  • Gplus
  • Linkedin

Our forum Area

Results 1 to 4 of 4

This is a discussion on Manticore listed in RBL in the You've got Mail forum
It's been brought to my attention that manticore is listed in Trend Micro's RBL. http://www.mail-abuse.com/cgi-bin/lo...=69.73.187.210 The IP address 69.73.187.210 does appear on the following database ...

  1. #1
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,419

    Manticore listed in RBL

    It's been brought to my attention that manticore is listed in Trend Micro's RBL.

    http://www.mail-abuse.com/cgi-bin/lo...=69.73.187.210
    The IP address 69.73.187.210 does appear on the following database managed by Trend Micro's Network Reputation Services.
    Database Entry Action
    RBL 69.73.187.210 Contact MAPS for removal

    Please see the linked web pages for further information about the database, contact information, why the address is listed, and how to get it removed, if applicable.

    Please note: These databases are based on IP addresses; they do not use host or domain names.
    http://www.mail-abuse.com/cgi-bin/sh...ng.cgi?5115707
    <MAPS# 155804>

    Return-Path: <REMOVED>
    X-Original-To: <REMOVED>
    Delivered-To: <REMOVED>
    Received: <REMOVED>
    Date: Tue, 23 Nov 2010 10:05:18 +0800
    From: <REMOVED>
    To: greg@jaguarpc.com, abuse@jaguarpc.com
    Subject: RBL Listing Notification
    Message-ID: <REMOVED>
    X-Mailer: Mulberry/4.0.8 (Mac OS X)
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="==========4C40157F5E322A0FA5AF =========="

    IMPORTANT! This message has been blind-carbon-copied to you.
    Do not reply-to-all or forward it without the author's permission.

    Hi Abuse Team,

    This is an RBL nomination for the following lists of IP addresses that are in the process of being listed to the RBL as a spam source and/or is an originating spam source in progress.

    -- IPs listed to the RBL --
    69.73.128.179/32
    69.73.128.215/32
    69.73.130.117/32
    69.73.130.130/31
    69.73.130.132/31
    69.73.130.134/32
    69.73.130.137/32
    69.73.130.138/31
    69.73.130.140/31
    69.73.130.142/32
    69.73.130.203/32
    69.73.130.204/32
    69.73.130.242/31
    69.73.130.244/31
    69.73.130.246/32
    69.73.130.248/31
    69.73.130.250/32
    69.73.131.145/32
    69.73.133.204/32
    69.73.138.79/32
    69.73.138.179/32
    69.73.138.201/32
    69.73.138.203/32
    69.73.139.29/32
    69.73.139.209/32
    69.73.140.9/32
    69.73.140.12/32
    69.73.140.130/32
    69.73.144.138/32
    69.73.145.245/32
    69.73.147.50/32
    69.73.147.235/32
    69.73.148.25/32
    69.73.154.57/32
    69.73.157.191/32
    69.73.158.242/32
    69.73.160.5/32
    69.73.160.182/32
    69.73.161.149/32
    69.73.164.115/32
    69.73.164.159/32
    69.73.166.197/32
    69.73.169.162/32
    69.73.169.166/32
    69.73.174.8/30
    69.73.174.12/31
    69.73.174.14/32
    69.73.174.250/32
    69.73.175.6/32
    69.73.175.74/32
    69.73.175.77/32
    69.73.175.161/32
    69.73.175.225/32
    69.73.175.226/32
    69.73.175.228/31
    69.73.175.230/32
    69.73.175.232/31
    69.73.175.234/32
    69.73.176.13/32
    69.73.176.60/32
    69.73.178.146/32
    69.73.178.222/32
    69.73.179.58/32
    69.73.181.9/32
    69.73.182.155/32
    69.73.183.200/32
    69.73.185.100/32
    69.73.187.40/32
    69.73.187.210/32
    69.73.189.202/32
    -- End IPs listed to the RBL --

    Please see attached file for representative spam samples. Additional samples are available upon request from an authoritative requestor.

    Filename: spam_sample.zip
    Password: novirus

    --Start of Sample Spam Mail & Headers--

    Spam Sample #1

    Received: from [69.73.128.215] by <REMOVED> via sendmail with smtp;
    for 1 recipient; Mon, 25 Oct 2010 07:03:08 -0700
    Received: from nobody by zelanus-3.zelanus.com with local (Exim 4.69)
    (envelope-from <operator@horestca.com>)
    id 1PADH6-0005ds-GQ
    for <REMOVED>; Mon, 25 Oct 2010 04:59:04 +0200
    To: <REMOVED>
    Subject: Isnsane Celebrities Free Access
    X-PHP-Script: horestca.com/sm2.php for 87.218.50.126
    From: operator@horestca.com
    Content-Type: text/html; charset=Latin1
    Message-Id: <E1PADH6-0005ds-GQ@zelanus-3.zelanus.com>
    Date: Mon, 25 Oct 2010 04:59:04 +0200
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - zelanus-3.zelanus.com
    X-AntiAbuse: Original Domain - ynail.com
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    X-AntiAbuse: Sender Address Domain - horestca.com


    <FONT size=6><A href="http://su.sg/563c">Isnsane Celebrities Free Access</A></FONT><DIV>down. He stood that way, unknowing, unseeing as a young man appearedclutched my sword in helpless anger, relaxed only when she calledthat I told me so. No time. Thumb on the power button so that th</DIV>

    Spam Sample #2

    Received: from [69.73.139.29] by <REMOVED> via sendmail with smtp;
    for 1 recipient; Sat, 23 Oct 2010 20:02:29 -0700
    Received: from [41.138.172.51] (helo=User)
    by adonis.nocdirect.com with esmtpa (Exim 4.69)
    (envelope-from <sctlindemann@gmail.com>)
    id 1P9kGQ-0005We-Qw; Sat, 23 Oct 2010 16:00:41 -0400
    Reply-To: <scttlind@gmail.com>
    From: "SCOTT LINDEMANN"<sctlindemann@gmail.com>
    Subject: Hello
    Date: Sat, 23 Oct 2010 08:00:32 -1200
    MIME-Version: 1.0
    Content-Type: text/plain;
    charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - adonis.nocdirect.com
    X-AntiAbuse: Original Domain - ntwrld.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - gmail.com

    This is my third time of sending you an e-mail without any reply, I told you about a deal on an investment account total 10.5million USD of late Mr. Alfred who shares the same last name with you.

    My proposal to you is that since I have exclusive access to his file, you will be made the beneficiary of these funds. On verification, which will be the details I make available to Bank holding the funds, my company through our lawyer will instruct the bank to make payments to you. You do not have to have known him. I know this sounds a bit heavy and complex but believe
    and trust me as it is achievable. For your assistance, I propose we split the funds in half and share it equally. This practice is not unusual in the banking sector here in the UK. The other option is that the funds will revert back to the state, where it may be shared by State officials.

    Nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. This is the one truth I have learned from my private investment clients, We should act swiftly on this if you are in
    agreement and please get back to me immediately, I am contacting you independently and no one is informed of this communication. Please do keep this confidential, I await your prompt response. email:scttlind@gmail.com

    Best Regards,
    Scott Lindemann.

    Spam Sample #3

    Received: from [69.73.145.245] by <REMOVED> via sendmail with smtp;
    for 1 recipient; Mon, 15 Nov 2010 14:15:10 -0700
    Received: from ds3 by vps.sendexmail.com with local (Exim 4.69)
    (envelope-from <ds3@vps.sendexmail.com>)
    id 1PHzps-000361-33
    for <REMOVED>; Mon, 15 Nov 2010 09:15:09 -0500
    Content-Disposition: inline
    Content-Length: 1083
    Content-Transfer-Encoding: binary
    Content-Type: text/plain; charset="iso-8859-1"
    MIME-Version: 1.0
    X-Mailer: MIME::Lite 2.117 (F2.74)
    Date: Mon, 15 Nov 2010 14:15:08 UT
    From: Tom Mills <gcetopearners2@gmail.com>
    To: ,,,,,,,,,,,,,,,,,,,, <REMOVED>
    Subject: Passive Triple Your Money Cycler
    Message-Id: <E1PHzps-000361-33@vps.sendexmail.com>
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - vps.sendexmail.com
    X-AntiAbuse: Original Domain - geotec.net
    X-AntiAbuse: Originator/Caller UID/GID - [518 512] / [47 12]
    X-AntiAbuse: Sender Address Domain - vps.sendexmail.com

    Your Money is Tripled by an Advertising Firm.

    Every $200 in bulk emailing advertising gets you $600 over and over!

    No Sponsoring Required. Matching Bonus for those that Sponsor.

    We Are The Only Advertising and Marketing System That makes sales for You.

    We are the premier home business marketing and sales group. We Build Your Home Business Team Fast.

    If you want to have a total income solution and have us handle all recruitment

    and sales simply reply and request _I WANT TO TRIPLE MY MONEY_.

    This info is so powerful that you will only receive it if you reach
    out and say _I WANT TO TRIPLE MY MONEY_ in an email as the subject line with your
    name and phone # only in the body OR You call one of the numbers provided, and
    provide the exact same info..

    email : theumgroup@yahoo.com

    or call Us Direct at +1-561-935-5156

    We will be awash with thousands of these between now and tomorrow this
    time ,and will only contact the serious inquiries.

    P.S. If you don't want this money. making system just reply with 'Disregard' as your subject.

    Spam Sample #4

    Received: from [69.73.189.202] by <REMOVED> via sendmail with smtp;
    for 1 recipient; Fri, 12 Nov 2010 04:10:37 -0700
    Received: from root by newsletter.tursites.com.br with local (Exim 4.69)
    (envelope-from <root@newsletter.tursites.com.br>)
    id 1PGkyC-0002RS-8j
    for <REMOVED>; Thu, 11 Nov 2010 23:10:36 -0500
    To: <REMOVED>
    Subject: CHILE - Quincho Country Home
    From: "ARRIVEDERCI TURISMO" <contato@arrivederci.com.br>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="------------4cdcbe3c3e80e"
    Message-Id: <E1PGkyC-0002RS-8j@newsletter.tursites.com.br>
    Date: Thu, 11 Nov 2010 23:10:36 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - newsletter.tursites.com.br
    X-AntiAbuse: Original Domain - ingenierosmix.com
    X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
    X-AntiAbuse: Sender Address Domain - newsletter.tursites.com.br

    This is a MIME encoded message.

    --------------4cdcbe3c3e80e
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: base64

    Q2FzbyBu428gZXN0ZWphIHZpc3VhbGl6YW5kbyBj b3JyZXRhbWVudGUgbyBjb250ZfpkbyBkbyBl
    LW1haWwsIGNsaXF1ZSBubyBsaW5rIGFiYWl4bzoN Cmh0dHA6Ly93d3cyLnR1cnNpdGVzLmNvbS5i
    ci9wYWluZWwvbmV3c2xldHRlci9hYnJlX25ld3Ns ZXR0ZXIucGhwP2lkPTE4JmRvbWluaW89YXJy
    aXZlZGVyY2kuY29tLmJyDQoNCg0KDQpDYXNvIG7j byBxdWVpcmEgbWFpcyByZWNlYmVyIG5vdO1j
    aWFzIGUgaW5mb3JtYef1ZXMgZGUgbm9zc28gc2l0 ZSwgcG9yIGZhdm9yIGNsaXF1ZSBubyBsaW5r
    IGFiYWl4bzoNCmh0dHA6Ly93d3cyLnR1cnNpdGVz LmNvbS5ici9lbWFpbHNfY2FkYXN0cmFkb3Mv
    cmVtb3Zlci5waHA/ZW1haWw9YVdOaGNtOHRZMkYwUUdsdVoyVnVhV1Z5 YjNOdGFYZ3VZMjl0JmRv
    bWluaW89YXJyaXZlZGVyY2kuY29tLmJyDQoNCg==
    --------------4cdcbe3c3e80e
    Content-Type: text/html; charset=ISO-8859-1
    Content-Transfer-Encoding: base64

    PGRpdiBhbGlnbj0iY2VudGVyIj48Zm9udCBmYWNl PSJWZXJkYW5hIiBzaXplPSIxIiBjb2xvcj0i
    IzgwODA4MCI+Q2FzbyBu428gZXN0ZWphIHZpc3Vh bGl6YW5kbyBjb3JyZXRhbWVudGUgbyBjb250
    ZfpkbyBkbyBlLW1haWwsIDxhIGhyZWY9Imh0dHA6 Ly93d3cyLnR1cnNpdGVzLmNvbS5ici9wYWlu
    ZWwvbmV3c2xldHRlci9hYnJlX25ld3NsZXR0ZXIu cGhwP2lkPTE4JmRvbWluaW89YXJyaXZlZGVy
    Y2kuY29tLmJyIj5jbGlxdWUgYXF1aTwvYT4uPC9m b250PjwvZGl2Pjxicj48YnI+DQoJPGRpdj4N
    CjxodG1sPjxoZWFkPiANCiAgPC9oZWFkPg0KICA8 Ym9keT4gPGltZyBzcmM9Imh0dHA6Ly93d3cy
    LnR1cnNpdGVzLmNvbS5ici9wYWluZWwvbmV3c2xl dHRlci91cGxvYWRzL2Fycml2ZWRlcmNpX2Nv
    bV9ici9RVUlOQ0hPX0NPVU5UUllfSE9NRS5qcGci IGFsdD0iUVVJTkNIT19DT1VOVFJZX0hPTUUu
    anBnIiB3aWR0aD0iODcxIiBoZWlnaHQ9IjI1MTQi IC8+IDwvYm9keT4NCjwvaHRtbD48L2Rpdj48
    YnI+PGJyPg0KCTxkaXYgYWxpZ249ImNlbnRlciI+ PGZvbnQgZmFjZT0iVmVyZGFuYSIgc2l6ZT0i
    MSIgY29sb3I9IiM4MDgwODAiPkNhc28gbuNvIHF1 ZWlyYSBtYWlzIHJlY2ViZXIgDQoJbm907WNp
    YXMgZSBpbmZvcm1h5/VlcyBkZSBub3NzbyBzaXRlLCBwb3IgZmF2b3IgPG EgaHJlZj0iaHR0cDov
    L3d3dzIudHVyc2l0ZXMuY29tLmJyL2VtYWlsc19j YWRhc3RyYWRvcy9yZW1vdmVyLnBocD9lbWFp
    bD1hV05oY204dFkyRjBRR2x1WjJWdWFXVnliM050 YVhndVkyOXQmZG9taW5pbz1hcnJpdmVkZXJj
    aS5jb20uYnIiPmNsaXF1ZSBhcXVpPC9hPi48L2Zv bnQ+PC9kaXY+PGJyPjxkaXYgYWxpZ249ImNl
    bnRlciI+PGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9 Imh0dHA6Ly93d3cudHVyc2l0ZXMuY29tLmJy
    Ij48aW1nIHNyYz0iaHR0cDovL3d3dzIudHVyc2l0 ZXMuY29tLmJyL3BhaW5lbC9uZXdzbGV0dGVy
    L2ltYWdlcy9sb2dvLW1pbmkuZ2lmIiBib3JkZXI9 IjAiPjwvYT48L2Rpdj48YnI+

    Spam Sample #5

    Received: from [69.73.176.13] by <REMOVED> via sendmail with smtp;
    for 1 recipient; Tue, 16 Nov 2010 16:05:14 -0700
    Received: from biharet by r13.nswebhost.com with local (Exim 4.69)
    (envelope-from <biharet@r13.nswebhost.com>)
    id 1PIO1v-0004AX-LZ
    for <REMOVED>; Tue, 16 Nov 2010 08:05:11 -0800
    To: <REMOVED>
    Subject: YOU MUST READ THIS FOR YOUR OWN GOOD!!!
    X-PHP-Script: biharetzi.com/images/readme.php for 82.128.2.197
    From: Mrs Susan Walter. <susan_walter59@sify.com>
    Reply-To: susanwalter50@gmail.com
    MIME-Version: 1.0
    Content-Type: text/plain
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1PIO1v-0004AX-LZ@r13.nswebhost.com>
    Date: Tue, 16 Nov 2010 08:05:11 -0800
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - r13.nswebhost.com
    X-AntiAbuse: Original Domain - colomtn.com
    X-AntiAbuse: Originator/Caller UID/GID - [33104 33108] / [47 12]
    X-AntiAbuse: Sender Address Domain - r13.nswebhost.com

    Dearest One,


    I am Mrs Susan Walter, I am a US citizen, 49years. I reside here in Washington United State. I am one of those that executed a contract in Nigeria years ago and they refused to pay me, I had paid over $160,000 trying to get my payment all to no avail.

    So I decided to travel down to Nigeria with all my documents. And was directed to meet with Barrister Hector McDermott, who is the member of Chairman foreign PAYMENT COMMITTEE, and I contacted him and he explained everything to me. He said that those contacting us through emails are fake. Then he took me to his and show me the full
    information of those that have not received their contract and Inheritance payment where I saw your contact.

    You have to contact him direct on this information below;
    Name?: Barrister Hector McDermott Email: ? barrmcdermott6@gmail.com Address: 13, Zion Street, Ikeja Lagos Nigeria.

    You really have to stop your dealing with those contacting you, because they will dry you up until you have nothing to pay. I am the happiest woman on this earth because I have received my contract funds of $5.2Million USD.

    The only money I paid was just $950 for IRS, which you know. So you have to take note of that. Thanks.


    Mrs Susan Walter.


    --End of Sample Spam Mail & Headers--


    -- Network information --

    NetRange: 69.73.128.0 - 69.73.191.255
    CIDR: 69.73.128.0/18
    OriginAS: AS3595
    NetName: LH-GOLD-NETWORK
    NetHandle: NET-69-73-128-0-1
    Parent: NET-69-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS2.NOCDIRECT.COM
    NameServer: NS.NOCDIRECT.COM
    RegDate: 2003-11-05
    Updated: 2009-02-24
    Ref: http://whois.arin.net/rest/net/NET-69-73-128-0-1

    OrgName: Landis Holdings Inc
    OrgId: LANDI-3
    Address: PO BOX 1108
    City: Fulshear
    StateProv: TX
    PostalCode: 77441
    Country: US
    RegDate: 2008-10-24
    Updated: 2010-03-30
    Ref: http://whois.arin.net/rest/org/LANDI-3

    OrgNOCHandle: GL538-ARIN
    OrgNOCName: Landis, Greg
    OrgNOCPhone: +1-713-397-8147
    OrgNOCEmail: greg@jaguarpc.com
    OrgNOCRef: http://whois.arin.net/rest/poc/GL538-ARIN

    OrgTechHandle: GL538-ARIN
    OrgTechName: Landis, Greg
    OrgTechPhone: +1-713-397-8147
    OrgTechEmail: greg@jaguarpc.com
    OrgTechRef: http://whois.arin.net/rest/poc/GL538-ARIN

    OrgAbuseHandle: ABUSE370-ARIN
    OrgAbuseName: Abuse
    OrgAbusePhone: +1-713-960-1502
    OrgAbuseEmail: abuse@jaguarpc.com
    OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE370-ARIN
    -- End network information --

    For more information on the RBL, please see:
    http://www.mail-abuse.com/wp_introrbl.html
    http://www.mail-abuse.com/support/an_listmgntgdlines.html

    =====
    I certify that I have followed the procedures and criteria required for listing these IP addresses in the Trend Micro/ MAPS RBL.

    Kind regards,
    Adelaide Santos
    Spam Investigations Team
    [MAPS# 245208]

    Return-Path: <removed>
    X-Original-To: <removed>
    Delivered-To: <removed>
    Received: <removed>
    Date: Fri, 23 Mar 2012 03:56:30 +0000 (UTC)
    From: <removed>
    To: abuse@nocdirect.com, admin@nocdirect.com
    Cc: <removed>
    Message-ID: <removed>
    Subject: RBL Listing Notification - LH-GOLD-NETWORK
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="----=_Part_0_902782.1332474990813"

    Hi Abuse Team,

    This is an RBL nomination for the following lists of IP addresses that
    are in the process of being listed to the RBL as a spam source
    and/or is an originating spam source in progress.

    -- IPs listed to the RBL --
    69.73.128.211
    69.73.130.85
    69.73.130.181
    69.73.134.92
    69.73.136.151
    69.73.139.161
    69.73.142.221
    69.73.143.81
    69.73.145.42
    69.73.145.212
    69.73.147.146
    69.73.148.142
    69.73.153.212
    69.73.155.104
    69.73.170.14
    69.73.177.102
    69.73.183.192
    69.73.183.236
    69.73.187.210
    69.73.188.193
    -- End of IPs listed to the RBL --

    Please refer to below information for representative spam samples.
    Additional samples are available upon request from an authoritative
    requestor.

    Filename: LH-GOLD-NETWORK.zip
    Password: novirus

    -- Example of spam mail --
    Spam Sample #1 - [69.73.128.211]

    Received: from [69.73.128.211] by <removed> via sendmail with smtp;
    for 1 recipient; Mon, 12 Mar 2012 13:05:15 -0700
    DomainKey-Signature: <removed>
    Received: from [42.49.128.102] (helo=ms)
    by vps.anjungcafe.com with esmtpa (Exim 4.69)
    (envelope-from <puteri@evermarch-sg.com>)
    id 1S74kK-0004Fh-Ri; Mon, 12 Mar 2012 20:52:50 +0800
    Message-ID: <removed>
    From: "oum" <puteri@evermarch-sg.com>
    To: <removed>
    Subject: =?utf-8?B?5Lqnc3Plk4Fzc+e7j3Nz55CGc3PnmoRzc+mH jnNz6Juucw==?=
    =?utf-8?B?c+aIkHNz6ZW/LS0=?=
    Date: Mon, 12 Mar 2012 21:10:40 +0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_08E9_0185E16D.15227A90"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.5512
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-Source:
    X-Source-Args:
    X-Source-Dir:

    Spam Sample #2 - [69.73.130.85]

    Received: from [69.73.130.85] by <removed> via sendmail with smtp;
    for 1 recipient; Thu, 22 Mar 2012 11:43:24 -0700
    Received: from [219.137.223.110] (port=2093 helo=kq.com)
    by alpine.nswebhost.com with esmtpa (Exim 4.69)
    (envelope-from <<removed>>)
    id 1SAgQk-0003th-GD; Thu, 22 Mar 2012 06:43:47 -0500
    Date: Thu, 22 Mar 2012 19:43:41 +0800
    From: =?gb2312?B?2NyxqqyEu8u7+t/T?= <<removed>>
    To: <removed>
    Subject: =?gb2312?B?Q0FFxKPB9z+31j/O9ry8P8r1?=
    Message-ID: <removed>
    X-Priority: 1 (Highest)
    X-mailer: Foxmail 6, 13, 102, 15 [cn]
    Mime-Version: 1.0
    Content-Type: text/plain;
    charset="gb2312"
    Content-Transfer-Encoding: base64
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>

    Spam Sample #3 - [69.73.130.181]

    Received: from [69.73.130.181] by <removed> via sendmail with smtp;
    for 1 recipient; Thu, 22 Mar 2012 22:11:41 -0700
    Received: from [115.63.14.200] (port=1460 helo=hrsoyli)
    by bandera.nswebhost.com with esmtpa (Exim 4.69)
    (envelope-from <info@chillitofoods.com>)
    id 1SAqEy-0001Oe-B2; Thu, 22 Mar 2012 18:12:18 -0400
    Message-ID: <removed>
    From: =?utf-8?B?55Kp6aqe6KWz?= <info@chillitofoods.com>
    To: <removed>
    Subject: =?utf-8?B?czh6M+aWsOmCruS7tu+8jOazqOaEj+afpeaU tu+8gQ==?=
    Date: Fri, 23 Mar 2012 06:12:06 +0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0782_01BA71FE.122615A0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.5512
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>

    Spam Sample #4 - [69.73.134.92]

    Received: from [69.73.134.92] by <removed> via sendmail with smtp;
    for 2 recipients; Thu, 22 Mar 2012 09:42:16 -0700
    Received: from yeskv ([110.53.25.247]) by home with MailEnable ESMTP; Thu, 22 Mar 2012 05:42:19 -0400
    Message-ID: <removed>
    From: =?utf-8?B?55SE5r6p6YqO?= <<removed>>
    To: <removed>
    Subject: =?utf-8?B?NTQ3MuiWqumFrOiuvuiuoeaAu+S9k+ahhuae tuWmguS9leiuvuiuoe+8nw==?=
    Date: Thu, 22 Mar 2012 17:44:03 +0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0011_017F3BEE.1CC67220"
    X-mailer: Yncgd 4
    X-ME-Bayesian: 4.428062

    Spam Sample #5 - [69.73.136.151]

    Received: from [69.73.136.151] by <removed> via sendmail with smtp;
    for 1 recipient; Mon, 12 Mar 2012 21:28:11 -0700
    MIME-Version: 1.0
    Content-Transfer-Encoding: binary
    Content-Type: multipart/mixed; boundary="_----------=_133158298815162227"
    DomainKey-Signature: <removed>
    DKIM-Signature: <removed>
    X-MimeOLE: Produced By Microsoft Exchange V6.5
    Date: Mon, 12 Mar 2012 15:09:48 -0500
    From: ppflow269061@pp-manager.org
    To: <removed>
    Subject: Renew Your Account

    Spam Sample #6 - [69.73.139.161]

    Received: from [69.73.139.161] by <removed> via sendmail with smtp;
    for 1 recipient; Thu, 22 Mar 2012 13:00:07 -0700
    Received: from [123.54.142.54] (port=1319 helo=ydwqrow)
    by elara.nocdirect.com with esmtpa (Exim 4.77)
    (envelope-from <<removed>>)
    id 1SAhd0-0000yd-T9; Thu, 22 Mar 2012 09:00:34 -0400
    Message-ID: <removed>
    From: =?utf-8?B?5oi/5Yuc?= <<removed>>
    To: <removed>
    Subject: =?utf-8?B?Njk4MOOAiuWKs+WKqOWQiOWQjOazleOAi+OA geOAiuekvuS8muS/nemZqeazleOAi+OAgQ==?=
    =?utf-8?B?44CK5bel5Lyk5L+d6Zmp5p2h5L6L44CL5a6e 5pON5bqU5a+5562W55Wl5LiT5Zy6?=
    Date: Thu, 22 Mar 2012 21:00:16 +0800
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_086C_01F245ED.1FD03060"
    X-mailer: Rnxexzjo 1
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>
    X-AntiAbuse: <removed>

    -- End of Example of spam mail --

    -- Network Information --
    Consolidated result Net: 1 Poc: 2

    Name LH-GOLD-NETWORK
    NetRange 69.73.128.0 - 69.73.191.255
    CIDR 69.73.128.0/18
    Net Type Direct Allocation
    Handle NET-69-73-128-0-1
    Origin AS AS3595
    Registration Date 2003-11-05T15:04:34-05:00
    Last Updated 2012-02-24T09:44:34-05:00
    RESTful Link http://whois.arin.net/rest/net/NET-69-73-128-0-1

    ========================================
    Name Admin and Abuse
    Handle ADMIN2505-ARIN
    Company Landis Holdings inc
    Street po box 1108
    City fulshear
    Postal Code 77441
    Registration Date 2011-04-05T14:59:05-04:00
    Last Updated 2011-04-05T14:59:05-04:00
    Comments Alt = abuse@nocdirect.com
    Phone +1-800-659-9585 ()
    Email admin@nocdirect.com
    RESTful Link http://whois.arin.net/rest/poc/ADMIN2505-ARIN

    Name Landis
    Handle GL538-ARIN
    Company Landis Holdings Inc
    Street po box 1108
    City fulshear
    Postal Code 77441
    Registration Date 2002-08-22T03:29:22-04:00
    Last Updated 2011-07-18T12:34:20-04:00
    Comments Alt email= admin@nocdirect.com

    Abuse email= abuse@nocdirect.com
    Phone +1-888-636-9451 ()
    Phone +1-800-659-9585 ()
    Email admin@nocdirect.com
    abuse@nocdirect.com
    RESTful Link http://whois.arin.net/rest/poc/GL538-ARIN

    -- Network Information --
    For more information on the RBL, please see:
    http://www.mail-abuse.com/wp_introrbl.html
    http://www.mail-abuse.com/support/an_listmgntgdlines.html

    I certify that I have followed the procedures and criteria required for
    listing these IP addresses in the Trend Micro/ MAPS RBL.

    Best Regards,
    Jomar Manalo
    Trend Micro Inc.


    Thank you for your support
    Good luck

  2. #2
    JPC Dream Team
    Join Date
    Aug 2011
    Posts
    858
    Hello,

    I have found the issue, notifying users and have requested removal off of MAPS.

  3. #3
    Ron
    Ron is offline
    Loyal Client
    Join Date
    Aug 2002
    Posts
    7,419
    thx..
    Good luck

  4. #4
    JPC Dream Team
    Join Date
    Aug 2011
    Posts
    858
    This has been probated. Please allow 24 hours for global updates to take effect.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •