anti-abuse-wg

Download

anti-abuse-wg@ripe.net

October 2015

14 participants
21 discussions

Spam practiced by ISP with invented spammer
by Marilson 02 Oct '15

02 Oct '15

September 30th I received three identical spam and at the same time. With different IPs of the same spammer: 169.57.140.22 from Softlayer Brazil 168.1.47.37 from Softlayer Australia 161.202.173.109 from Softlayer France My mail blocked the spam assuming phishing. Title: Intimation to appear before the Public Ministry of Justice with link to view the process and link to open attachment. In fact the attachment does not exist and all the links in the three spam, had a single URL - http: // 169.57.130.23, which did not lead anywhere. This alleged spammer has the following data: person: adenir silvaaddress: rua voluntarios da patria 199address: feira de santana, 44002416 BRphone: +1.866.398.7638nic-hdl: AS35946-RIPEabuse-mailbox: apaulavitor(a)hotmail.commnt-by: MAINT-SOFTLAYER-RIPEcreated: 2015-09-30T18:10:41Zlast-modified: 2015-09-30T18:10:41Zsource: RIPE # FilteredTHESE DATA ARE FAKE. THIS SPAMMER DOES NOT EXIST. The IP 169.57.130.23 of the URL of the three spam has the following data: person: Marcia Goncalvesaddress: Rua Ibugua?u 320address: S?o Paulo, 05301050 BRphone: +1.866.398.7638nic-hdl: MG21493-RIPEabuse-mailbox: adriany_santos(a)hotmail.commnt-by: MAINT-SOFTLAYER-RIPEcreated: 2015-09-28T12:38:01Zlast-modified: 2015-09-28T12:38:01Zsource: RIPE # FilteredTHESE DATA ARE ALSO FAKE. I LIVE IN SAO PAULO. THIS OWNER DOES NOT EXIST. This owner was created on 28 September. The alleged spammer was created on September 30, the same day I received these spams. Phishing was false, the spammer and the registrant do not exist. Why send three phishing without malicious file? It seems that my complaints are achieving the desired goals. And sociopaths are getting nervous. And I still barely started... Marilson HEADER 1/3 Delivered-To: marilson.mapa(a)gmail.com Received: by 10.103.43.68 with SMTP id r65csp205113vsr; Wed, 30 Sep 2015 13:49:53 -0700 (PDT) X-Received: by 10.67.6.164 with SMTP id cv4mr7253409pad.59.1443646193655; Wed, 30 Sep 2015 13:49:53 -0700 (PDT) Return-Path: <www-data(a)jacuzzi.com.br> Received: from jacuzzi.com.br (161.202.173.109-static.reverse.softlayer.com. [161.202.173.109]) by mx.google.com with ESMTP id fd7si3297741pab.199.2015.09.30.13.49.53 for <marilson.mapa(a)gmail.com>; Wed, 30 Sep 2015 13:49:53 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning www-data(a)jacuzzi.com.br does not designate 161.202.173.109 as permitted sender) client-ip=161.202.173.109; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning www-data(a)jacuzzi.com.br does not designate 161.202.173.109 as permitted sender) smtp.mailfrom=www-data(a)jacuzzi.com.br Received: by jacuzzi.com.br (Postfix, from userid 33) id 83F34444926; Wed, 30 Sep 2015 15:49:52 -0500 (CDT) To: marilson.mapa(a)gmail.com Subject: PROCEDIMENTO INVESTIGATÓRIO N.º 7344871 X-PHP-Originating-Script: 0:jeh.php From: MINISTÉRIO PUBLICO DA JUSTIÇA 943779 adenilda <adenilda(a)dpnet.com.br> MIME-Version: 1.0 Content-type: text/html; charset=iso-8859-1 X-Mailer: Microsoft Office Outlook, Build 17.551210 Message-Id: <20150930204952.83F34444926(a)jacuzzi.com.br> Date: Wed, 30 Sep 2015 15:49:52 -0500 (CDT) TEXT 1/3 TO 3/3 – URL: http://169.57.130.23/ From: MINISTÉRIO PUBLICO DA JUSTIÇA 943779 adenilda Sent: Wednesday, September 30, 2015 5:49 PM To: marilson.mapa(a)gmail.com Subject: PROCEDIMENTO INVESTIGATÓRIO N.º 7344871 Baixar tudo como anexo -------------------------------------------------------------------------------- Comunicados - Tribunal de Justiça! Intimação de n. 7344871. O MINISTÉRIO PUBLICO DA JUSTIÇA, no desempenho de suas atribuições institucionais, com fundamento nos artigos 229 e 241, inciso VI da constituição Federal e artigo 61 , inciso VII da lei complementar n, 676, de 28 de Maio de 1998, INTIMA Vossa Senhoria a comparecer nessa procuradoria Regional da Republica. Data para comparecimento 12/10/2015 (Segunda feira) as 9:00 AM Visualizar Processo 7344871 Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e/ou legalmente privilegiada. desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. Fica desprovida de eficácia e validade a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha poderes de representação.

1 0