Re: [mailop] [NOTICE] Significant Uptick in Traffic from a Japanese Network

Wed, 17 Jun 2020 08:11:18 -0700

Possibly .. (massive breach) and for the record, an uptick from other Japanese providers as well.. 

On 2020-06-17 7:51 a.m., Steve Freegard via mailop wrote:
I've just checked our traps and we also saw a big spike in traffic from this range but has been tapering off throughout the day. 


Based on all the samples that I've looked at, they're all showing 
authenticated SMTP along with some other tell-tale signs, so maybe 
they've had a massive breach of their authentication database? Lots of 
stuff passing SPF on domains that are not new etc.



Looking back over the last month, we've always seen low amounts of 
traffic from this range, but never in these volumes, so I don't think 
there's been port 25 blocking on them.   They all have Dr. Web 
signatures in the headers stating that they're spam though....


Kind regards,
Steve.

--
Steve Freegard
Senior Product Owner
Abusix Intelligence


On 17/06/2020 15:28, Michael Peddemors via mailop wrote:

A significant activity alert was detected over night.

IDC Frontier Inc. 164.46.0.0 - 164.46.255.255

It appears that maybe someone removed port 25 blocking on egress?
Or changed some filtering mechanism?

Any comments?

Return-Path: <nishih...@nsag.jp>
Received: (qmail 12711 invoked from network); 17 Jun 2020 13:21:44 -0000

Received: from rose-cat-dbc8debf20c95d71.znlc.jp (HELO 
rose-cat-dbc8debf20c95d71.znlc.jp) (164.46.42.85)

Received: from [127.0.0.1] (unknown [91.221.136.41])

        by rose-cat-dbc8debf20c95d71.znlc.jp (Postfix) with ESMTPSA id 
5EE757946D;

        Wed, 17 Jun 2020 21:41:39 +0900 (JST)
MIME-Version: 1.0
To: <REDACTED>
Cc: <5 ADDRESSES REDACTED>
From: nishih...@nsag.jp
Subject: [SPAM] Confiscated pets were often bought back
Date: Wed, 17 Jun 2020 08:41:41 -0400
Importance: normal
X-Priority: 3
Content-Type: multipart/alternative;
 boundary="_CF470615-86E4-6252-1D23-048F92C770EF_"
Message-ID: <h2rxsu3-5ewidi...@nsag.jp>
X-AntiVirus: Checked by Dr.Web [MailD version: 11.1]

X-DrWeb-SpamReason: 
gggruggvucftvghtrhhoucdtuddrgeduhedrudejuddgudduvdcutefuodetggdotefrucfrrhhofhhilhgvmecufffthgfgueenuceurghilhhouhhtmecufedttdenucetughnkfguqdfovggushdqufetqddtudculdeftddtmdenucfjughrpeggvffhufffkgfrtgfksegrtderredttdenucfhrhhomhepnhhishhhihhhrghrrgesnhhsrghgrdhjph 


X-DrWeb-SpamScore: 300
X-DrWeb-SpamState: yes


164.46.32.233                    13 white-zebra-56a888f1951dc192.znlc.jp
164.46.33.95                      1 blue-wolf-310c1f34e583c5e2.znlc.jp
   164.46.33.182                  3 zebra-blue-c7f73f7001f353c5.znlc.jp
   164.46.33.209                  1 sheep-white-d03040f6330f1986.znlc.jp

164.46.34.160                     9 
apricot-tiger-ef00d82025808ee0.znlc.jp
   164.46.34.200                  2 
sheep-scarlet-343451edc87acbd7.znlc.jp

164.46.35.13                      1 yellow-koala-cfd23d2fec4c8061.znlc.jp

   164.46.35.38                   9 
scarlet-koala-452c0ddeab4cde12.znlc.jp

   164.46.35.204                 12 green-bear-7148ee712672665a.znlc.jp
164.46.42.85                     15 rose-cat-dbc8debf20c95d71.znlc.jp

164.46.43.115                     7 
elephant-orange-8769238751ce63f7.znlc.jp

164.46.45.101                    13 ivory-zebra-409f9b960cb1d313.znlc.jp

164.46.46.72                      1 
tiger-scarlet-0180ad76ab056691.znlc.jp

   164.46.46.196                  3 deer-green-18bc5b651b1dad10.znlc.jp
   164.46.46.243                  1 deer-red-da3124e99a81aecb.znlc.jp
164.46.47.172                     7 koala-rose-ff60c16e7c028500.znlc.jp

164.46.49.104                     2 
green-elephant-4b7a10399bc889ef.znlc.jp

164.46.50.39                      2 green-dog-ae7b45201ebbcd11.znlc.jp

164.46.52.123                     2 
ivory-elephant-4d6d0c5d359e5662.znlc.jp

164.46.53.45                      7 rose-sheep-acd6ad1771e7b1b0.znlc.jp
164.46.54.44                      3 yellow-tiger-891fc59f7635c238.znlc.jp
164.46.55.218                     4 ivory-dog-d98550534ab80a2e.znlc.jp
164.46.56.27                      2 rose-goat-de8b3426c807ba0f.znlc.jp
   164.46.56.179                  1 orange-panda-2890dabde3fa538b.znlc.jp
164.46.57.213                     3 yellow-cat-c710bd4f90792994.znlc.jp

   164.46.57.231                  9 
scarlet-rabbit-63d7047fdb3bba28.znlc.jp

164.46.58.94                      9 goat-ivory-cd576fb07fb35d47.znlc.jp
164.46.59.32                      2 green-cat-5f5d40a8acf4c8bd.znlc.jp
   164.46.59.200                 10 ivory-wolf-c07cdc7cd700daad.znlc.jp
   164.46.59.217                 11 sheep-orange-2f225b39d818a816.znlc.jp

164.46.60.69                      1 
camel-scarlet-b67f247d60a127ca.znlc.jp

   164.46.60.148                  1 rose-wolf-5100c5ab6e5414f1.znlc.jp
   164.46.60.214                  2 zebra-blue-f64889d1802e54c8.znlc.jp
   164.46.60.228                  1 rose-horse-00885ded827f47e5.znlc.jp
164.46.61.117                    10 giraffe-rose-48f7a4e4ab9123cc.znlc.jp
   164.46.61.164                  1 blue-dog-fa049ffe1535daa5.znlc.jp
164.46.62.101                     8 apricot-wolf-916b45a2b7e97957.znlc.jp
   164.46.62.106                  1 dog-rose-a44ab3c34a525ceb.znlc.jp

164.46.63.56                      2 
apricot-koala-af12e69b2c41d01d.znlc.jp

164.46.64.108                     2 camel-orange-0a05e4b506d9a00c.znlc.jp
   164.46.64.200                  1 green-bear-bc06e66521246c06.znlc.jp

164.46.66.119                     2 
leopard-apricot-a7712c8884d716d2.znlc.jp

164.46.68.227                     2 panda-blue-6e480e796aa215e4.znlc.jp
164.46.69.76                      5 white-deer-d47a98d38c544778.znlc.jp
164.46.73.42                      8 panda-rose-7d0afe00853a983a.znlc.jp
   164.46.73.191                  3 apricot-wolf-afac3421b85a403f.znlc.jp
164.46.75.247                     6 wolf-rose-982dd35ee8dabfd2.znlc.jp

164.46.76.7                       2 
elephant-white-64bd468829dfda35.znlc.jp

164.46.78.117                     4 scarlet-bear-9f3917493c6175cb.znlc.jp
164.46.89.20                      2 green-dog-07e3b1108e8a5b0d.znlc.jp

   164.46.89.46                   8 
giraffe-yellow-5691859409824943.znlc.jp
   164.46.89.132                  8 
scarlet-rabbit-cdf3271699f6fb51.znlc.jp

164.46.91.152                     6 bird-rose-58700082b700d3dc.znlc.jp
   164.46.91.157                 10 ivory-wolf-802b520cf6f3bf43.znlc.jp
   164.46.91.199                 10 zebra-white-5f442ee8ae0d0481.znlc.jp
164.46.92.41                     12 camel-red-a8bf1bbfb7a9d30f.znlc.jp
   164.46.92.145                  9 wolf-ivory-f306dcf7505bcd83.znlc.jp
   164.46.92.212                  3 wolf-orange-e83d67d6e0050cd4.znlc.jp

164.46.93.18                      1 
rose-elephant-a575ff5608b326ea.znlc.jp

   164.46.93.84                   2 red-giraffe-016a713de9a13d7b.znlc.jp
   164.46.93.131                  2 goat-orange-484fce829fa04a2a.znlc.jp
   164.46.93.251                 11 cat-yellow-72b05fe56515c52d.znlc.jp
164.46.95.98                      2 ivory-koala-4624fb1f4dda2616.znlc.jp
164.46.97.112                     2 scarlet-goat-d298e204dc8cabf4.znlc.jp
   164.46.97.137                  1 sheep-white-5bd2790ee169e9db.znlc.jp
   164.46.97.168                  1 bear-rose-287fb03600a23bb3.znlc.jp

   164.46.97.197                 20 
white-leopard-80e49f2fdfe1d6e2.znlc.jp

   164.46.97.221                  4 koala-red-e8873737c95b1cac.znlc.jp
   164.46.97.231                  3 sheep-ivory-694368fcb9aeef91.znlc.jp

164.46.98.101                     4 
scarlet-elephant-3ac48933756d7a68.znlc.jp

   164.46.98.132                  2 blue-tiger-bb1dc3265bb33b0a.znlc.jp
   164.46.98.178                  5 dog-ivory-df64387b00a62bab.znlc.jp
   164.46.98.203                  5 red-tiger-de954bc990e13ee6.znlc.jp
164.46.99.176                     8 tiger-green-d1e38651eb4f979a.znlc.jp
   164.46.99.238                  8 white-sheep-9f0d736d822497f5.znlc.jp
164.46.100.0                      5 bear-red-8a41a7a104a8a78b.znlc.jp
   164.46.100.62                  2 deer-green-ca4ba400adf18477.znlc.jp

   164.46.100.224                 6 
orange-rabbit-1abef3ac81fda208.znlc.jp

   164.46.100.235                 1 blue-wolf-7f578e394dac49c9.znlc.jp
164.46.101.190                   10 camel-blue-ed4d06cef8b1122d.znlc.jp
   164.46.101.202                 2 apricot-wolf-a5a96ec11c3e7fd1.znlc.jp

164.46.103.65                     6 
giraffe-ivory-966a91c67197fa69.znlc.jp
   164.46.103.101                 1 
camel-scarlet-100f9925b2881d5e.znlc.jp

   164.46.103.183                 4 yellow-bird-54ad6ebbd2e3b4f6.znlc.jp
164.46.105.149                    1 rose-rabbit-fb7c110523ce543f.znlc.jp
   164.46.105.150                 8 sheep-white-6b49ec47ed83aa75.znlc.jp

164.46.106.30                     2 
leopard-white-6adf866da6b39c75.znlc.jp

164.46.107.187                    8 sheep-white-3889f68824182062.znlc.jp
   164.46.107.214                 1 rose-bear-35fe68a2dee2c8a0.znlc.jp
164.46.108.19                     6 apricot-cat-fcc640e9abc51a48.znlc.jp
   164.46.108.166                 2 dog-rose-7bcdb981b8a30e36.znlc.jp
   164.46.108.247                 3 green-dog-6304ec8af0defb14.znlc.jp
164.46.109.150                    2 goat-scarlet-0032f0062e807756.znlc.jp
164.46.111.100                    1 deer-ivory-219d57ccf36fdce2.znlc.jp

   164.46.111.187                 3 
scarlet-koala-d4385339c9b8c2b3.znlc.jp

   164.46.111.223                 3 dog-scarlet-df006919979c7540.znlc.jp
   164.46.111.225                 7 green-sheep-7c92ed1772f86adb.znlc.jp
164.46.112.199                    4 apricot-goat-987f729ba07ea5f7.znlc.jp
164.46.113.12                     2 blue-zebra-f9ae62e2598c8943.znlc.jp

164.46.114.98                     4 
giraffe-scarlet-a9ed8c5e654decdc.znlc.jp

   164.46.114.190                11 wolf-yellow-9677ac1e6058f041.znlc.jp

164.46.115.23                     2 
horse-scarlet-85d28f4b94bb10c3.znlc.jp

   164.46.115.33                  2 white-tiger-7b330623fd27b62f.znlc.jp
   164.46.115.180                 8 yellow-koala-64a7efb2283f8293.znlc.jp
   164.46.115.211                 2 apricot-goat-578ba6eca2bb5351.znlc.jp
164.46.116.101                    1 rose-rabbit-3347562fb19461a0.znlc.jp

164.46.117.124                   11 
rabbit-scarlet-6230ca6f32c190e7.znlc.jp

164.46.118.14                     1 white-panda-b098a20fc1a59224.znlc.jp
164.46.120.211                    6 camel-orange-cc7d1d0ecb2bcbc7.znlc.jp

164.46.121.53                     8 
green-giraffe-fb004833a8401d33.znlc.jp

   164.46.121.146                 2 blue-zebra-807b1f8e0ac63f78.znlc.jp

   164.46.121.156                 5 
elephant-orange-6f63f01817bab8e5.znlc.jp

164.46.122.141                    1 tiger-rose-96bafcfcb184e0b7.znlc.jp
   164.46.122.151                 3 camel-rose-deacf3a5fc023acb.znlc.jp

   164.46.122.166                 2 
yellow-rabbit-26565fea90bd2905.znlc.jp

   164.46.122.177                 5 sheep-orange-7523376953f0c7c3.znlc.jp
164.46.123.70                     9 deer-white-b1c90717adbea2a0.znlc.jp
   164.46.123.173                 3 goat-rose-58c593bf8f35c936.znlc.jp
164.46.124.11                     2 white-bird-63f90cf3c987b66b.znlc.jp
   164.46.124.52                  2 sheep-white-811cbb97f630b4cb.znlc.jp
   164.46.124.69                  5 white-goat-55e81de42ca1e009.znlc.jp
   164.46.124.106                 9 ivory-sheep-0555ea0409c84cff.znlc.jp
   164.46.124.146                15 red-tiger-5b5542fc61a71b6f.znlc.jp
164.46.125.203                    1 apricot-cat-d4d45a55f18ed101.znlc.jp
164.46.126.67                     2 zebra-orange-39e704eaa6d3ba63.znlc.jp

   164.46.126.94                  1 
apricot-rabbit-1d60b1f45dee7c98.znlc.jp

   164.46.126.156                 9 red-deer-c2943cc250e2899c.znlc.jp
   164.46.126.213                 1 leopard-red-cb742f4a7818077b.znlc.jp

164.46.127.12                     2 
elephant-orange-b26ecd917d0fb5e8.znlc.jp
   164.46.127.46                  7 
white-giraffe-6197dab80bd422bc.znlc.jp

   164.46.127.117                14 bird-orange-8e5aa58d56974394.znlc.jp





_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop






















					Reply via email to