Like most casual sex invitations these contain a risk of infection.
The links in the spams frequently contain the following domains:
We are blocking mail from those domains but the emails are actually coming from telco providers
The sender IP of the example on the right is 220.127.116.11 That IP address belongs to AT&T Services, Inc.
Response from firstname.lastname@example.org
Subject: Re: Russian sex spam from 18.104.22.168 [030119-134823-14979-00] All headers
THIS IS AN AUTO-RESPONSE MESSAGE – PLEASE DO NOT REPLY – AT&T WILL NOT SEE ANY REPLY SENT TO THIS MESSAGE
This message confirms that your report has been received by the AT&T Internet Services Security Center.
The AT&T Internet Services Acceptable Use Policy is located at
AT&T ABUSE REPORTING
Please note that we can only take action on reports that implicate the AT&T network as a source of abuse. As we are unable to take
any action on reports not involving AT&T’s network, we recommend that you send those reports directly to the abuse address of the originating domain or service provider. You can identify the originator by reading the expanded e-mail headers. If you need help with reading headers, visit the following:
For any abuse report involving e-mail, it is essential that the report include the full original expanded headers containing the source IP address and time stamp, along with the complete unedited subject line and message. A report cannot be investigated without this information. Please send one report at a time, as combining multiple reports only detracts from our ability to address abuse issues.
For abuse reports involving security incidents, please include relevant log excerpts of the incident directly in the body of your message. Logs must be in plain text or ASCII format and include the time zone, source IP address, destination IP, timestamps, and port numbers.
For information on spam related issues please visit http://www.att.com/esupport/index.jsp and use the help search box to search for “spam” to locate Spam FAQs for your service type.
AT&T TARGETED SCAMS/PHISHING
AT&T will take appropriate action on any phishing reports that:
1. Appear to be from AT&T
2. Contain websites or services hosted on AT&T’s network
3. Target AT&T customer identity or personal information
For information on how to protect yourself from Internet scams, identity theft, and for the latest information on phishing & counterfeit AT&T Billing notices, refer to the following AT&T eSupport articles:
If you are an AT&T customer and you suspect that your AT&T email address(es) has been compromised refer to:
If you think you have been a victim of potential identity theft, the U.S. Federal Trade Commission offers advice on its web site, which is located at http://www.consumer.gov/idtheft/
For Copyright, Trademark, or DMCA allegations of Infringement,
If your report involves a threat, please take steps to protect yourself and your property by reporting the incident to your local law enforcement agency. We will investigate your complaint and cooperate fully with any requests from law enforcement.
You will receive no further contact from us unless there are special circumstances, or we require additional information to complete our investigation.
AT&T Internet Services Security Center
Subject: get over here and f%ck me
Message: Whazap handsome. I’ve just, only looked through your profile. You’re very attractive. I am so, very tired 2day and I want to offer you chatting. My profile is here
— Headers —
From email@example.com Fri Mar 1 06:39:58 2019
Received: from grisfeliz.com ([22.214.171.124])
by [redacted] your mail provider (8.13.8/8.13.8) with ESMTP id x21EdpZX023794
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for < [redacted] your email address > ; Fri, 1 Mar 2019 06:39:56 -0800
From: “Terri” <firstname.lastname@example.org>
To: < [redacted] your email address >
Subject: get over here and f%ck me
Date: Fri, 1 Mar 2019 06:39:46 -0800
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
X-Scanned-By: MIMEDefang 2.67 on [redacted] your mail provider IP
— End Headers —
NetRange: 126.96.36.199 – 188.8.131.52
Parent: ATT (NET-12-0-0-0-1)
Customer: CFWN Pool ATTCT-NMPL13 (C02215847)
CustName: CFWN Pool ATTCT-NMPL13
Address: 200 S. LAUREL AVE BLDG-A
OrgTechName: IP SWIP
OrgTechName: KOSAL, HALUK
OrgTechName: IP Team
OrgAbuseName: ATT Abuse
OrgTechName: Borkenhagen, Jay C.
RTechName: IP Address Administration