[afnog] SPAMMER
Lucy Lynch
llynch at civil-tongue.net
Fri Oct 23 14:51:35 UTC 2009
On Fri, 23 Oct 2009, Phil Regnauld wrote:
> Antonio Godinho (antonio) writes:
>> Hi All,
>>
>> There is an IP address (41.220.75.3) always trying to attack my mail server
>> to send SPAM. Anyone knows this IP? It has a reverse lookup of mtnngprs.com.
>> with no A record!
>
> Probably hacked - start my blacklisting/nullrouting it. Seems filtered
> from here.
>
> Afrinic whois doesn't indicate who owns the block -- but traceroute
> shows tinet.net.
>
> mtnngprs.com gives a contact in ZA:
>
> http://www.mtnbusiness.co.za/Pages/Default.aspx
>
> Maybe you should contact them ?
>
> Also found:
>
> www.mtnngprs.com. A 41.220.75.126
>
> but doesn't answer either.
>
Antonio -
NetEx says:
http://www.robtex.com/ip/41.220.75.3.html
xanatosng.com and swift-service.com point to 41.220.75.3.
LISTED IN BLACKLIST!
ivmSIP
2 days, threat score 44, suspicious, harvester
Project Honeypot
b.barracudacentral.org
spamcop
sbl.spamhaus.org
xbl.spamhaus.org
cbl.abuseat.org
access.redhawk.org
sbl-xbl.spamhaus.org
see:
http://www.robtex.com/ip/41.220.75.3.html#blacklists
for more
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
More information about the afnog
mailing list