Jump to content

lpsears63

Members
  • Content Count

    27
  • Joined

  • Last visited

Everything posted by lpsears63

  1. lpsears63

    Live Websites With Lists of User Names

    UPDATE: I decided to give a report to IC3 Division of the FBI, so we'll see what happens from there. Pretty sure that they are email addresses minus the messaging provider, then when a list is purchased a key is provided to unlock the full address. Each site is separated into "blogs", there are anywhere from 5 to 10 "blogs" per page, then at least thirty pages or more per site. The page that contained the "blog" that I found my address in was on page fifty-nine. That site, according to MY IP gets 6500 hits a day. And the three sites combined do not contain thousands of addresses as I said earlier, but millions. One list that I made a full page screen capture PDF of, took 35 minutes to create, and is a one-hundred and seventy megabyte file. Never really thought of fighting spam from this angle, but if the FBI can shut down this list provider it's almost like a major drug bust. Take away the product and the addicts have nothing to use:-)
  2. I was doing a Google search of my user name today and most of what came up were my posts here in the Spamcop lounge from a couple of years ago. One other that caught my eye though, I thought, what is my name doing on this site? A site for tuning supercars? When I opened the page, it seemed to be a typical "Meet Russian Brides" phishing scam site, but when I scrolled down it turned into a really, really long list of either user names or possibly email addresses. Now, I did send an abuse report to the site's hosting provider, but we all know how that goes. Also, in the search for the hosting company, I found that there are two more sites using that IP address. Those sites each use a slightly different format, but the end is still the same. Thousands of user names (or partial email addresses (easier to figure out the other half than to make up names). Sorry, I can't post any links on here, and at this point I'm even a little reluctant write out the sites names (even broken up) as I had intended to post this anonymously, but don't think that I am. Anyway, more to the point, if the sites are not removed in the next 24 hours (time frame the host said was given to the domain owners to respond), any suggestions as to the most effective way to proceed. And really, who knows how many others like these are out there, just hiding in plain site. It seems that I have a bit of a knack for finding out things that I (no one else for that matter) am not suppose to know. Thing is, now that it's been seen, I can't just unsee it, so I won't be able to let it go. Any suggestions are welcome (except stupid ones of course).
  3. lpsears63

    Reporting Alpnames Limited of involving in spamming

    *==========* I just double checked some of the domains from my most recent list, after reading your post. I use mostly Whois powered by Name [dot] com and Myip [dot] ms. At Whois right below the registrars name it says clientDeleteProhibited client hold and clientHold, clientUpdateProhibited. And on Myip no information at all shows up, when there was info before. Client Hold means suspension. Remember though that suspension is not termination. It does, however, keep the domain inactive so that it can be investigated. It also may take a day or to for the update to be seen, depending on what lookup tools you use. One reason I use Myip is that it is updated something like every 5 minutes. Downside is if you look at about 10 pages or lookup an IPv6 address you need to register. And for that they only take bitcoin (I had real trouble trying to use that). But, they do give you a ton of information. Anyway, I don't know how long after you received the notice, that you checked on the domain status. You might try again, maybe even try a different tool. *==========*
  4. lpsears63

    Reporting Alpnames Limited of involving in spamming

    *==========* Apparently the abuse team at Alpnames has a new notification system in place now. You should also get a second response that say's that your issue has been resolved, but then doesn't tell you what that resolution was. There should be though, a place at the bottom of the response to rate the new system. Make sure you rate either just ok, or not at all. That will open a new page where you can tell them what you think. I didn't give the new system a good rating at all. But, I have gotten good support from the abuse team, so I did rate them much better. *==========*
  5. lpsears63

    New Abuse Address For Chinaunicom

    *==========* This is getting old! The address abuse [at] chinacom [dot] com [dot] has also started to deny my attempts to connect. So, the only ones that don't come back are the ones to zhouxm [at] chinaunicom [dot] cn and he probably just deletes them. Probably any attempts to report abuse to them thru their abuse[at] addresses are useless. *==========*
  6. *==========* I've noticed that the abuse address that Spamcop is using for China Unicom Beijing Province Network is abuse[at]chinaunicom[dot]cn. However if you would like to at least not have reports bounce, try abuse[at]cnc-noc[dot]net or zhouxm[at]chinaunicom[dot]cn. *==========*
  7. lpsears63

    Reporting Alpnames Limited of involving in spamming

    *==========* Finally getting the hang of that quote thing . *==========*
  8. lpsears63

    Reporting Alpnames Limited of involving in spamming

    *==========* I have been getting the same emails, but from different registrants. Get the list of suspensions as well (see topic - [dot]date Domains Suspended). You can never be 100% sure that the domains have been suspended, or that it will lead to termination. But, the emails from those domains have stopped. Of course, they could have just washed the address from their list. At this time I do err on the side of Alpnames having actually having suspended those domains. *==========* *==========* At this time there doesn't appear to be any limit on how many domain names can be registered at any one time. Many responsible corporations apply for multiple names at once. Sometimes just to keep someone else from using that name. I agree that there should be some limitations on that policy. Though, I'm sure the spammers would find a way around that also. At least you are getting a positive response from Alpnames. Many other registrars turn their backs on what their registrants are doing. From them, if you get any response at all, it's just an automated message. Usually basically saying it's not their problem. I've even had some (and other organizations, even some CERT abuse addresses) start filtering my address, so that after a few reports, they start bouncing back MY reports as spam! Not quite sure how to go about it, would take a little research, but you could try to make that suggestion to ICANN. I believe you would go thru At-Large Advisory Committee (ALAC), which is ICANN's voice for individual computer users. They are split up into five regions, your region (UK) would be EURALO. Though to actually join that you would need to be a member of something like an advocacy group. However, they may be able to help you find the appropriate way to make policy suggestions. I would probably start by making an inquiry using this email address - staff [at] atlarge [dot] icann [dot] org. If you are successful, you could post what you find out here, as others may like to follow suit in their own regions as well. I know I would. *==========*
  9. lpsears63

    [dot]date Domains Suspended

    *==========* Hi, Hope nobody minds the tags. I've just been waiting all day to share with someone. After my ordeal in Nov. - Dec. 2015 with NGTC my spam count dropped to next to nothing all thru Jan. I thought maybe they washed me from the list. No such luck. At the beginning of Feb. it started up again. Nowhere near the volume I was getting, but it was picking up speed. Never had stopped the reporting though. Now, about half have been coming thru India and the others thru China (just not NGTC ). But, most all of the domains have been registered by Alpnames. Last Friday they sent me an email concerning seven domains they had suspended after my reports. Well, my reports continued thru the weekend without hearing anything else from them. This morning I opened my email to find this: (I hope no one minds I copy and paste here, there are no links) *==========* Thank you for reporting spam activity on: intojamesr.date moneyjacquelinenow.date workalbertbecause.date autumnlarryt.date thanjohnfall.date autumncoffeecaptrainy.date hellsteventhere.date xsomec.date egivep.date takelouissome.date therevincentwork.date intoborutn.date likefrankout.date onlypatriciar.date onlyjohnautumn.date monkeylindacolour.date thenvincentkey.date monkeylindacolour.date workvincentthere.date wellsteveno.date bodyharoldbecause.date takedanielh.date keypatriciamoney.date therestepheninto.date otherbobbyout.date moneyfrankmost.date comechristopherz.date applethomascold.date otherjohnlike.date likefrankthere.date hellborutwork.date moneyjessicacold.date othermichaelcould.date therevincentlike.date bodylindabecause.date thenbobbyfall.date jcolourz.date nmoneyf.date rainyjacquelinetake.date likejuanthen.date aboutdenisehot.date monkeyfrankapple.date afterpatriciaafter.date lookstevenlike.date autumnjackn.date hellvincentother.date nowlarryo.date thenchristianfall.date keystephenmost.date autumnharryother.date nowdenisemoney.date Following the report the domains have been suspended. Regards, Abuse Mitigation Alpnames Limited *==========* YES!!! That is a list of 51 domains, you can count them if you like. It took me most of December to get that many domains off the market. I know, in the grand scheme of things, it still hardly puts a dent in all of spammers out there. It really made my day though. If you've taken the time to read this, I wish you the same pleasure I had when first reading it *==========*
  10. lpsears63

    New Abuse Address For Chinaunicom

    *==========* Spoke too soon, it just took Gmail four hours to tell me that abuse[at]cnc-noc[dot]net still wasn't accepting my requests to connect. The other two addresses aren't bouncing though. Just remember to change abuse[at]chinaunicom to [dot]com[dot]cn instead of [dot]cn.
  11. lpsears63

    New Abuse Address For Chinaunicom

    *==========* The address abuse[at]cnc-noc[dot]net started taking my reports again. Also I tried changing abuse[at]chinaunicom from [dot]cn to [dot]com[dot]cn that seems to have worked. At least it hasn't come back yet (sometimes takes awhile). I also tried the zhouxm address that went thru as well. Although, it probably doesn't make a lot of difference as the Chinese don't seem to care about what leaves their country. Only what comes in. *==========*
  12. lpsears63

    New Abuse Address For Chinaunicom

    *===========* Well, maybe. The address abuse[at]chinaunicom[dot]cn did come back recipient not found. Now though, the address abuse[at]cnc-noc[dot]net seems to have blocked my emails to them. Several have gotten thru, so, they must have gotten sick of me. It's been awhile since I've tried the zhouxm address. I guess I'll have to try that one next time.
  13. *==========* lisati, Thanks for showing me where to find that tool. It was very helpful. *==========* *==========* It is just the PBL, and it is the address range not just my IP, so I've opened a support ticket with my ISP asking for better security. Letting them know that it is affecting my ability to send abuse reports. Don't know if it will do any good or not though. In the meantime I've been trying to configure the SMPT AUTH on my Gmail account. I can get it to work for a telnet test, then it resets itself. The only information I can find at this time on the subject is like ten years old. It's based on Vista! Can't double check, or reconfigure, my Outlook address either (that info is also ten years old). Not without closing the account and then reopening it. But I believe it's alright though. I'll just have to get in the habit of sending from there via my Gmail alias. Thanks for your help. *==========*
  14. *==========* Hi, Since the middle of middle of November 2015, the 14th to be exact, I started sending out complaints/reports. First to UCE (FTC), then to CERT, when that didn't seem to be effective I added hosts, servers, then registrars. As I became more familiar with headers, I added others, like companies with trademarked names (ie: Amazon, Walgreens, ClickBank), some hacked government email providers as well as some very large universities. People and organizations that might have an interest in knowing they might have a security issue. Changing my tactics a little along the way. And of course in December submitting to Spamcop. My biggest change with sending reports was instead of sending multiple complaints to a single recipient, I switched to sending single complaints to multiple recipients. I had to streamline. From Nov. to today I've send around 1200 reports, gotten 50-60 domains suspended or terminated as well as quite a few Microsoft accounts. Most all of my emails were sent to abuse[at] addresses, which of course included unaltered headers, but they were all sent to people who would know how to read and handle them. If I had any doubt at all about malicious links (which was most of the time) all reports contained a warning to not click on any links. Thru all that, only a few were returned for containing suspicious links. Those were all refused from one particular registrar and it's domain protection service. Actually, after the first "munged" report got thru to the protection service, they started forwarding any of my emails directly to the registrar. Also, any attempts to contact the domains with the encoded addresses provided were not successful. Anyway, today it came to my attention (using a lookup tool provided by and owned by said registrar) that MY IP was on two blacklists. Both Spamhaus (which I was not on) and Protected Sky (which it claimed I was on). The lookup tool was MX Toolbox, and I'm unsure of the relation between them and Protected Sky. But when I went to the support contact page for PSky I found myself back at MX Toolbox. That was interesting. So, does any one think that a registrar, the only one who really doesn't seem to like my reports, would stoop to putting me on a blacklist? All other registrars have been very cooperative, within their abilities. This one though, seems to go out of their way to be as uncooperative as possible. Even in light of things like, the domain in question being blacklisted or their Whois information being incorrect or invalid. It just makes me wonder. Maybe I'm reading too much into their lack of response. And maybe I ended up on a blacklist in some other way. I guess I'm just venting, but it would also be nice to get some feedback, as I'm not sure of the best way to handle the situation. I have no intentions of stopping my complaints/reports. Thank you in advance to anyone taking the time to read this. *==========*
  15. Over the last 24 hours I have been receiving phishing emails from different addresses that ultimately lead to Ideal Target, LLC. The original registrar was Namecheap, but most were resold to Enom. I would give you IP addresses but they each come from different IPs. Most of which are not suppose to be in use at this time (ie: hijacked). It has just come to my attention that Ideal Target seems to be for sale. So, the abuse address is now Abuse[at]domainadminastration[dot]com, and the registrant contact is brokerage[at]buydomains[dot]com. Their web address is www[dot]BuyDomains[dot]com. Here is an example https://www.spamcop.net/sc?id=z6206956549zf1658177aed50808167f4e83c746417dz There are links in these emails, so don't trust them. Some of these have even made it through 3 email filters. UPDATE: Actually I made a list of the IPs that the emails came from.Not that it will do much good, as they are in no particular range (again hijacked). [186.179.13.145] [181.177.78.79] [72.249.76.139] [190.123.217.29] [190.123.213.63] Apparently Enom forwarded my reports to Namecheap, and since they didn't get the reports first hand, they asked me for a list of the domains involved. That's how I came to make note of the IPs. I have worked with Nanecheap before, and they are very strict with their abuse policies. Although, sometimes restricted in what they can do if the domain in question is not on a blacklist. That's the biggest problem with disposable domains, they are not around long enough to get listed. But it was the abuse team at Namecheap that led me to Spamcop, so, I do trust that they will do everything they can to put a stop to Ideal Target's abuse.
  16. *==========* UPDATE: *==========* Today I was informed by Namecheap that they have suspended four of the seven Ideal Target domains that I had received phishing emails from *==========*
  17. I have been getting a lot of various spam/phishing emails from different domains using different IPs that all lead to NGTC as host. They have a block of IPs ranging from [116.128.0.0] to [116.191.255.255] and are from China. They apparently host 14 domains and have 118 of those IPs active, and of those another 59 have browsers, but they are not listed as a host provider. Thing is that is all I can find out about them. None of the emails originate from any of the active IPs. When doing a search for New Guoxin Telecom Corporation I only come up with addresses, from them, that other people are complaining about getting spam from. It is one of seven of the largest IP blocks in China, none any larger, and China has 6361 blocks assigned to them. I do not want to block the whole range, that would only succeed in Me not getting the emails. The emails will would still continue to be sent to others. Spamcop is only sending reports to the Chinese Government, and I don't think they care about what kind of emails some dumb American is receiving. I have helped to get 5 of the last 42 domains suspended thru their registrar, because they where blacklisted (that's the only time the registrar will help). Now the spammers have just changed name providers, and close the domain(s) more quickly to avoid being on the blacklist. Spamcop has helped me a lot in reducing the volume of spam that I receive. I have gone from 80 a day to around 3 a day, in the last month. So, how do I help Spamcop to keep up with Chinese spammers that are moving so quickly? And, how do you shut down spam that originates from a non-existent company? Sorry, I thought I was posting this in the lounge.
  18. lpsears63

    receiving spam from new guoxin telecom corporation

    Hey Petzl, Same here. Actually, not much from anyone right now, nine altogether since Jan. 7th. Most of which are pretty hard to track. They use Office365, then bounce it all over the place. They'll use a private network address then go thru a loopback to another private address then bounce it around a little more before it gets to me I did find out that Microsoft has their own CERT address, you can report directly at www[dot]cert[dot]Microsoft[dot]com or email at cert[at]Microsoft[dot]com. I think you get faster response using the website. And is used only for Microsoft account abuse. I don't always know whether someone else would consider an email spam or phishing, and I'm not about to click on a link to find out if it's malicious or not. So, I still send anything originating from Office365 or Outlook to the other three emails they have. In case your not familiar with them they are, abuse[at]Microsoft[dot]com, junk[at]Microsoft[dot]com and report_spam[at]outlook[dot]com. As for NGTC, they either got sick of me closing down their domains as soon as they would start using them, or I'm in for a big DoS attack. Hope not the latter I did check on what outbound ports my server uses, and they use both 587 and 25, depending on the volume that's going thru. The security I'm using, I found out, has a stealth port shield already set up on it. So someone trying to find an open port on my computer can't find one. Tested it seems to work fine. Anyway, it's good to know you're still here, and your spam count is down too. Talk with you soon
  19. lpsears63

    Reporting Alpnames Limited of involving in spamming

    There is also a chance that Alpnames' ISP will take action to stop the offender, to protect their own reputation and the quality of service they provide to other clients. Update: I started receiving spam from domains using Alpnames as their registrar on 12/29/2015. Since then they have suspended 7 out of the last 23 domains I've reported. Many registrars have been very cooperative with me, but, they can't always investigate unless they find the domain to be blacklisted. Sometimes though, all they can do is inform the domain that there has been a complaint, and issue a warning. That's because the registrar doesn't always have access to the logs that the host would have. But report to them anyway (whether they like it or not), they are the ones with the power to take the domain name away. (I have found Web.com to be the least cooperative.) Man, I still can't get the hang of this quote thing:)
  20. lpsears63

    receiving spam from new guoxin telecom corporation

    NEVER use you full name your first is adequate petzl, Never really thought much about not using my full name. Did just try 20 different email lookups, only 2 found me, but those would cost someone $20-$30 just to view. I don't belong to any social networks so they can't find me that way. Googled my email and just got a link to Spamcop)))) I have searched my name before, and around 70 people in the US share the same name as mine. Of the three that have been using the NGTC IPs, at this point I have found more about them. Well, at least two of them. One was smart enough to use an alias, the other two only munged their address around a little. It wasn't that hard to figure out. Things like using Rd. instead of Dr. or north when it should be north-west or using the town 10 mi. down the road. Which of course could be all completely fake, but some people don't really have that much imagination. Since I started getting the few domains suspended that I have. Four from Donna L. McCorkle, she has dumped all of her GTLD's and only kept her .com domains. She had over two thousand domains and now only 12 remain. James Francis still has a little over 100, but those are all .com ones too. They don't seem to like those to send spam with those. the generic TLD's cost a lot less. Just like throw away cell phones drug dealers use. Also, these are US citizens using the Chinese IPs. Maybe I'll replace my name with just my email instead. If I just use my first name, anyone with half a brain can figure out what my last name is by looking at my email. Well it looks like I still don't have the quote thing down yet. Forgive me I never post in any forums or anything. This is all a first. Thanks for all your help, and for talking to me. Almost forgot to tell you. I did send a report to IC3 about NGTC. I think actually that CNNIC knows all about the issue, which means so does the Chinese Government. That is why no response or help from them.
  21. lpsears63

    receiving spam from new guoxin telecom corporation

    Hi petzl, I quit sending reports to the Chinese they don't respond. And info[at]cn.verizon.cn won't even accept my emails. The first place that I started sending reports to was spam[at]uce.gov then I added phishing-report[at]us-cert.gov. Then I was sending the reports to anyone even remotely connected with the email. The best luck I've had though has been with the domain's registrar(except for abuse[at]web.com, they suck). They will only investigate if they find the domain on a blacklist, but I have gotten over 30 domains suspended in the last month. Not a lot, about one a day, but it makes me feel better. But it also has reduced my spam volume from 80 a day to three or less. Anyway I've been using a "boiler plate" for a few weeks now, though I didn't know it was called that. I did have to make a second one just for the Chinese. You helped me to rewrite it (I stole some from you I hope you don't mind). Hello, My name is L...... S......, and I have received an unsolicited and unwanted email from '''''''''''''.faith and ''''''''''''''.date.Using an IP allocated to New Guoxin Telecom Corporation in Beijing, China.Who's IP block [116.128.0.0]-[116.191.255.255] is listed on the SBL as being assigned to, being under the control of, or being otherwise connected with a known spam operation listed on the ROKSO database as: Michael Lindsay: New Guoxin Telecom Corporation. See link below: http://www.spamhaus....query/SBL214384 I consider it to be "spam"or "phishing attack" and may contain malicious links. My address was obtained without my consent. Please, if you respond to this email, kindly refer to the domain(s) in question. As I send out many such reports. Thank you.
  22. klappa, This is what I use. I keep it on my wordpad and just change domain names. I also have a second one similar to it that is just for the Chinese. It's kept in Google Docs so I can also translate it. Then send it in both languages. Then I always paste the header below, anyone receiving it can get more info from that then anything you could wright. Hello, My name is L....... S......., and I have received an unsolicited and unwanted email from applecommuter.xyz. I consider it to be "spam"or "phishing attack" and may contain malicious links. My address was obtained without my consent. I would like to be unsubscribed and/or removed from any and all mailing lists that may contain my address. Please, if you respond to this email, kindly refer to the domain(s) in question. As I send out many such reports. Thank you.
  23. lpsears63

    receiving spam from new guoxin telecom corporation

    OK ,thanks. https://www.spamcop.net/sc?id=z6203828180zc17dd596d0925629594d7b32f08159e2z https://www.spamcop.net/sc?id=z6203733885zbb0106cbfe92a7d7c0e170de92b55aa5z https://www.spamcop.net/sc?id=z6203592645zc128a65ac7972c07d405d4f619e1ee60z
  24. lpsears63

    receiving spam from new guoxin telecom corporation

    petzl, here's a fresh one. https://www.spamcop.net/mcgi?action=gettrack&reportid=6398954659
  25. lpsears63

    receiving spam from new guoxin telecom corporation

    Yea!!!! I just got two more of their domains suspended! That makes 7 from NGTC in the last week, and (I'm losing count) around thirty or so in the last month (the other 25 or so are from other hosts).
×