[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Lottery Scam Edition.
Return-Path: <exaehgon@libero.it>
Received: from smtp-out4.libero.it (212.52.84.46) by studio42.com with ESMTP
(Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Fri, 14 Mar 2008 10:43:25 -0800
Received: from mailrelay11.libero.it (192.168.32.128) by smtp-out4.libero.it (7.3.120)
id 4628C8830830709D for chris@studio42.com; Fri, 14 Mar 2008 18:43:45 +0100
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AusRAGNEvUesHwAm/2dsb2JhbAAIjEGjYQ
Received: from unknown (HELO smtp-out2.libero.it) ([172.31.0.38])
by outrelay11.libero.it with ESMTP; 14 Mar 2008 18:43:45 +0100
Received: from libero.it (192.168.17.4) by smtp-out2.libero.it (7.3.120)
id 4611FD4B03B507C8; Fri, 14 Mar 2008 18:43:45 +0100
Date: Fri, 14 Mar 2008 18:43:45 +0100
Message-Id: <JXQEKX$980F8718B41C21DE8E1DB2355C11136B@libero.it>
Subject: Acknowledge
MIME-Version: 1.0
X-Sensitivity: 3
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
From: "exaehgon\@libero\.it" <exaehgon@libero.it>
X-XaM3-API-Version: 4.3 (R1) (B3pl25)
X-SenderIP: 88.18.83.204
To: undisclosed-recipients:;
Ref Number:ES-02-14-SA
We write to congratulate you, as one of our 13th email lucky winner of january
2008 prize award of ¥918.656,77. Your email address attached to RefNumber:
ES-02-14-SA, Winning Number 10-12-24-25-41-3+5.To get more info/claim,contact
the Operations officer below with your winning numbers and refrence number:
MR. VICENTE SANCHEZ
Tel: 0034-680-658-644
E-mail: infoclienteuros@gmail.com, infoclient@mixmail.com
Sincerely yours,
Mrs. Elizabeth Maria Federicko
Co-ordinator.
E-mail:infoclienteuros@gmail.com,infoclient@mixmail.com
[studio42@flatus studio42]$ host 212.52.84.46
46.84.52.212.in-addr.arpa domain name pointer smtp-out4.libero.it.
[studio42@flatus studio42]$ whois 212.52.84.46@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '212.52.79.0 - 212.52.88.255'
inetnum: 212.52.79.0 - 212.52.88.255
netname: IOL-5
descr: Italia OnLine S.P.A
descr: Via Lorenteggio 257 - 20152 Milano
country: IT
admin-c: IHM1-RIPE
tech-c: IHM1-RIPE
rev-srv: ns1.libero.it
rev-srv: ns2.libero.it
status: ASSIGNED PA
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
source: RIPE # Filtered
person: IOL Host Master
address: Italia Online S.p.A.
address: Via Lorenteggio, 257
address: I-20153 Milano
address: Italy
phone: +39 02 30111
fax-no: +39 02 30114182
e-mail: hostmaster@iol.it
nic-hdl: IHM1-RIPE
mnt-by: AS1267-MNT
source: RIPE # Filtered
% Information related to '212.52.64.0/19AS1267'
route: 212.52.64.0/19
descr: IOL
origin: AS1267
remarks: removed cross-mnt: AS1267-MNT
mnt-lower: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-by: AS1267-MNT
source: RIPE # Filtered
% Information related to '212.52.64.0/18AS1267'
route: 212.52.64.0/18
descr: IOL
origin: AS1267
remarks: removed cross-mnt: AS1267-MNT
mnt-lower: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-by: AS1267-MNT
source: RIPE # Filtered
I really need to just blacklist it.
Onto scammer:
[studio42@flatus studio42]$ host 88.18.83.204
204.83.18.88.in-addr.arpa domain name pointer 204.Red-88-18-83.staticIP.rima-tde
.net.
[studio42@flatus studio42]$ whois 88.18.83.204@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '88.17.145.0 - 88.22.36.255'
inetnum: 88.17.145.0 - 88.22.36.255
netname: RIMA
descr: TELEFONICA DE ESPANA
descr: Provider Local Registry
country: ES
admin-c: ATDE1-RIPE
tech-c: TTDE1-RIPE
status: ASSIGNED PA
mnt-by: MAINT-TdE
mnt-lower: MAINT-TdE
mnt-routes: MAINT-TdE
source: RIPE # Filtered
role: Administradores Telefonica de Espana
address: Ronda de la Comunicaci n s/n
address: Edificio Norte 1, planta 6"
address: 28050 Madrid
address: SPAIN
org: ORG-TDE1-RIPE
admin-c: ADT89-RIPE
tech-c: TTE2-RIPE
nic-hdl: ATdE1-RIPE
mnt-by: MAINT-TdE
abuse-mailbox: nemesys@telefonica.es
source: RIPE # Filtered
role: Tecnicos Telefonica de Espana
address: Emilio Vargas, 4
address: 28043-MADRID
address: SPAIN
org: ORG-TDE1-RIPE
admin-c: TTE2-RIPE
tech-c: TTE2-RIPE
nic-hdl: TTdE1-RIPE
mnt-by: MAINT-TdE
abuse-mailbox: nemesys@telefonica.es
source: RIPE # Filtered
% Information related to '88.18.0.0/16AS3352'
route: 88.18.0.0/16
descr: RIMA (Red IP Multi Acceso)
origin: AS3352
mnt-by: MAINT-AS3352
source: RIPE # Filtered
Could be the spammer, but more likely a machine being exploited.
That's it.
