1. Forum
  2. Usenet
  3. NEWS.ADMIN.NET-ABUSE.EMAI

  • Compromized hosts?

    From tjoen@21:1/5 to All on Mon Jul 28 06:09:04 2025
    jul25 187.241.142.182=megacable.com.mx
    171.236.59.19=vnnic.vn
    46.149.94.124=osnova.tv mailbox full
    181.55.23.175=cable.net.co
    179.222.237.250=virtua.com.br
    187.38.6.27=virtua.com.br

    That day I received six identical blackmail spam.
    Spammer claimed that he hacked my system and wanted
    me to pay with Bitcoin.

    Are these compromized systems?
    Sharepoint?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Mon Jul 28 07:02:34 2025
    On 28.07.2025 06:09 Uhr tjoen wrote:

    jul25 187.241.142.182=megacable.com.mx
    171.236.59.19=vnnic.vn
    46.149.94.124=osnova.tv mailbox full
    181.55.23.175=cable.net.co
    179.222.237.250=virtua.com.br
    187.38.6.27=virtua.com.br

    That day I received six identical blackmail spam.
    Spammer claimed that he hacked my system and wanted
    me to pay with Bitcoin.

    Are these compromized systems?

    Most likely.

    --
    kind regards
    Marco

    Send spam to 1753675744muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam@21:1/5 to tjoen on Mon Jul 28 07:45:28 2025
    tjoen writes:

    jul25 187.241.142.182=megacable.com.mx
    171.236.59.19=vnnic.vn
    46.149.94.124=osnova.tv mailbox full
    181.55.23.175=cable.net.co
    179.222.237.250=virtua.com.br
    187.38.6.27=virtua.com.br

    That day I received six identical blackmail spam.
    Spammer claimed that he hacked my system and wanted
    me to pay with Bitcoin.

    Are these compromized systems?
    Sharepoint?

    Most likely, but I have more important things to worry about. Like trimming
    my toenails.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Scott Dorsey@21:1/5 to tjoen@dds.invalid on Mon Jul 28 08:24:23 2025
    In article <1066t50$21e4g$1@dont-email.me>, tjoen <tjoen@dds.invalid> wrote: >jul25 187.241.142.182=megacable.com.mx
    171.236.59.19=vnnic.vn
    46.149.94.124=osnova.tv mailbox full
    181.55.23.175=cable.net.co
    179.222.237.250=virtua.com.br
    187.38.6.27=virtua.com.br

    That day I received six identical blackmail spam.
    Spammer claimed that he hacked my system and wanted
    me to pay with Bitcoin.

    Are these compromized systems?
    Sharepoint?

    Of course they are compromised systems. Try mail-abuse at cert dot br as well as the abuse desk at the ISP itself.
    --scott
    --
    "C'est un Nagra. C'est suisse, et tres, tres precis."

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to Scott Dorsey on Mon Jul 28 17:00:53 2025
    On 7/28/25 2:24 PM, Scott Dorsey wrote:
    In article <1066t50$21e4g$1@dont-email.me>, tjoen <tjoen@dds.invalid> wrote:
    jul25 187.241.142.182=megacable.com.mx
    171.236.59.19=vnnic.vn
    46.149.94.124=osnova.tv mailbox full
    181.55.23.175=cable.net.co
    179.222.237.250=virtua.com.br
    187.38.6.27=virtua.com.br

    Of course they are compromised systems. Try mail-abuse at cert dot br as well
    as the abuse desk at the ISP itself.

    I reported to all six
    reported cert.br for another spam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randolf Richardson =?UTF-8?B?5by15p@21:1/5 to tjoen on Thu Jul 31 21:39:53 2025
    On Mon, 28 Jul 2025 06:09:04 +0200
    tjoen <tjoen@dds.invalid> wrote:

    jul25 187.241.142.182=megacable.com.mx

    27 blacklists:
    https://multirbl.valli.org/lookup/187.241.142.182.html

    171.236.59.19=vnnic.vn

    25 blacklists:
    https://multirbl.valli.org/lookup/171.236.59.19.html

    46.149.94.124=osnova.tv mailbox full

    21 blacklists:
    https://multirbl.valli.org/lookup/46.149.94.124.html

    181.55.23.175=cable.net.co

    28 blacklists:
    https://multirbl.valli.org/lookup/181.55.23.175.html

    179.222.237.250=virtua.com.br

    34 blacklists:
    https://multirbl.valli.org/lookup/179.222.237.250.html

    187.38.6.27=virtua.com.br

    37 blacklists:
    https://multirbl.valli.org/lookup/187.38.6.27.html

    That day I received six identical blackmail spam.
    Spammer claimed that he hacked my system and wanted
    me to pay with Bitcoin.

    Yeah, that scam scares a lot of non-technical people.

    Are these compromized systems?

    They're most likely spam-sewers. If they're compromised,
    then the providers may not care.

    Sharepoint?

    Doesn't matter. I would just add all of those IP
    addresses to my global block-and-forget lists, because
    they're so heavily listed in so many blacklists. It's
    typically not worth the time and effort to report them
    when the situation is that bad.

    --
    Randolf Richardson 張文道, CNA - noc@inter-corporate.com
    Inter-Corporate Computer & Network Services, Inc.
    Beautiful British Columbia, Canada
    https://www.inter-corporate.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to Post To Usenet on Fri Aug 8 19:40:40 2025
    On 8/8/25 2:08 PM, Post To Usenet wrote:
    On 2025-07-31 10:39 p.m., Randolf Richardson 張文道 wrote:
    On Mon, 28 Jul 2025 06:09:04 +0200
    tjoen <tjoen@dds.invalid> wrote:

    jul25    187.241.142.182=megacable.com.mx
    ...
    I would say ya it is a compromised Cable connection in Mexico.
    Looks like a home connection in Mexico that is more than
    likely compromised. Report it and hopefully the provider
    can help the customer clean up their infected computer.

    Yes, reported all 5
    Now the customer has a problem delivering mail

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to tjoen on Tue Aug 26 12:29:51 2025
    On 7/28/25 6:09 AM, tjoen wrote:
    jul25    187.241.142.182=megacable.com.mx
        171.236.59.19=vnnic.vn
        46.149.94.124=osnova.tv    mailbox full
        181.55.23.175=cable.net.co
        179.222.237.250=virtua.com.br
        187.38.6.27=virtua.com.br

    Update spammer
    220.143.101.160 in 5 blocklists

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tjoen@21:1/5 to tjoen on Mon Sep 1 06:47:49 2025
    On 8/26/25 12:29 PM, tjoen wrote:
    On 7/28/25 6:09 AM, tjoen wrote:
    jul25    187.241.142.182=megacable.com.mx
         171.236.59.19=vnnic.vn
         46.149.94.124=osnova.tv    mailbox full
         181.55.23.175=cable.net.co
         179.222.237.250=virtua.com.br
         187.38.6.27=virtua.com.br

    Update spammer
    220.143.101.160 in 5 blocklists

    Again:
    Received: from host190.114.33.29.dynamic.pacificored.cl (unknown [190.114.33.29])

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)