dra007 Posted August 27, 2005 Share Posted August 27, 2005 Dues anyone know who this Nexus is? I have had a trojan attempt from their 216.132.148.88 IP and they show strange data in the sender base. Link to comment Share on other sites More sharing options...
Wazoo Posted August 28, 2005 Share Posted August 28, 2005 Not an answer .. just that I keyed on "Nexus" .. said to myself, "that just came up the other day" ... http://spamkings.oreilly.com/archives/2005...are_vendor.html .. OK, name of some software app, not connected, other than 'spam' related .... Link to comment Share on other sites More sharing options...
Farelf Posted August 28, 2005 Share Posted August 28, 2005 Nexus seems to be entirely main-stream/normal: http://www.nexusdistribution.com/about/ Their Senderbase stats currently indicate an increase of about 4,000 emails (/month) from that IP address which is not going to trip too many alarms. Their self-proclaimed "partners" in IT may know something about why a Nexus IP could be sniffing your ports with intent: http://www.effective-data.com/ Link to comment Share on other sites More sharing options...
Wazoo Posted August 28, 2005 Share Posted August 28, 2005 Their Senderbase stats currently indicate an increase of about 4,000 emails (/month) from that IP address which is not going to trip too many alarms. 32120[/snapback] http://www.senderbase.org/?searchBy=ipaddr...=216.132.148.88 Date of first message seen from this address 2005-08-22 http://cbl.abuseat.org/lookup.cgi?ip=216.132.148.88 IP Address 216.132.148.88 was found in the CBL. It was detected at 2005-08-24 08:00 GMT (+/- 30 minutes). Link to comment Share on other sites More sharing options...
dra007 Posted August 28, 2005 Author Share Posted August 28, 2005 http://www.senderbase.org/?searchBy=ipaddr...=216.132.148.88 Date of first message seen from this address 2005-08-22 I find this quote in one of the websites Wazoo offered quite interesting: Nexus mailer ($12,000): - "Do you want to get rid of spam Cop complainers and the like? Answer: You need Nexus!" Link to comment Share on other sites More sharing options...
Farelf Posted August 28, 2005 Share Posted August 28, 2005 That would be the "not connected, other than 'spam' related ...." one ;-) Nexus Distribution Corp appear to own 216.132.148.88, they appear to be a regular business notwithstanding some unexplained and unwelcome activity originating from that address. Maybe all they need is a phone call or an email from you to investigate and shut down the ... what? Aggressive trojan they've picked up or are otherwise hosting? Link to comment Share on other sites More sharing options...
Merlyn Posted August 28, 2005 Share Posted August 28, 2005 Looks like an open proxy CBL The CBL - Composite Blocking List: cbl.abuseat.org -> 127.0.0.2 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=216.132.148.88 XBL Exploits Block List (includes CBL): xbl.spamhaus.org -> 127.0.0.4 http://www.spamhaus.org/query/bl?ip=216.132.148.88 AHBL The Abusive Hosts Blocking List: dnsbl.ahbl.org -> 127.0.0.3 Open Proxy - http://www.ahbl.org/tools/lookup.php?ip=216.132.148.88 SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.3 SOCKS Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?216.132.148.88 SORBSSOCKS List of Open SOCKS Proxy Servers.: socks.dnsbl.sorbs.net -> 127.0.0.3 SOCKS Proxy See: http://www.dnsbl.sorbs.net/lookup.shtml?216.132.148.88 Link to comment Share on other sites More sharing options...
Farelf Posted August 29, 2005 Share Posted August 29, 2005 Looks like an open proxy <snip> 32137[/snapback] Nice work (as always) Merlyn. Previous volume approximation I made from Senderbase stats should have been + 4,000 per day which puts a different complexion on it. Seems to be nipped off right now but probably still worth following up with Nexus Distribution - any assistance in fighting the good fight is worthwhile. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.