I received the following request on all of my honeypots
BEGIN OF SMTP DATA
177.70.77.242
Country: BR RiskScore: 5.7 Malware: []
uwfdphjcaq@163.com
gogo@linwayedm.com.tw
507
Message-ID: <KUOQLISRUMNOCFSJTHUIL@163.com>
From: "0806" <ltcxjrerz@163.com>
Reply-To: "0806" <darnexinwsq@163.com>
To: gogo@linwayedm.com.tw
Subject: BC_195.169.125.87
Date: Tue, 18 Aug 2015 09:31:21 +0500
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--585038594152556471"
X-Priority: 3
X-MSMail-Priority: Normal
----585038594152556471
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
----585038594152556471--
End of DataEND OF DATA
Actually, I think this is pretty nice. The attacker searches for open smtp relay servers by sending an email to gogo@linwayedm.com.tw with the subject BC_<IPaddress>. So if you have a SPAM honeypo you maybe want to subscribe :-)
| Blacklist Status | BLACKLISTED 5/40 |
| IP Address | 177.70.77.242 ( Websites Lookup ) |
| Reverse DNS | 242.77.70.177.mksnet.com.br |
| ASN | Unknown |
| ASN Owner | Unknown |
| ISP | Unknown |
| Continent | South America |
Keine Kommentare:
Kommentar veröffentlichen