Jump to content

oldskoolflash

Members
  • Content Count

    48
  • Joined

  • Last visited

Community Reputation

0 Neutral

About oldskoolflash

  • Rank
    Member
  1. oldskoolflash

    Identifying upstream ISP

    Many thanks guys. Sorry for being a bit slow but presumably SolarWinds Network managemant is the upstream ISP? And what is an AS number? Also, is traceroute a DOS command? Many thanks.
  2. oldskoolflash

    Identifying upstream ISP

    A few times I have parsed spam emails and hit a "whois" brick wall. The reporting address is clearly belongs to the spammer and there seems to be no way of finding the host's, host. Is this a very difficult process to do? For example this morning I have received spam referencing the sites: http://delicateperformance.org/ AND http://www.cheerfultune.org (google redirectors removed) Both resolve to: 200.79.160.7 = [ npm.vpnmexico.net ] Reporting address carlos.vargas[at]VPNMEXICO.NET hmmmmm I don't think so! Also vpnmexico.net does not have a website (pretty suspicious for an host i'd say). inetnum: 200.79.160/20 status: reallocated owner: Infraestructura de Telecomunicaciones Inalambrica ownerid: MX-ITIN-LACNIC responsible: Carlos Andres Vargas Salas address: Paseo de la Reforma 2608 21 PISO address: 11950 - Mexico - DF country: MX phone: 52 55 52164200 [4300] owner-c: CAV tech-c: CAV created: 20021209 changed: 20021209 inetnum-up: 200.79/16 nic-hdl: CAV person: Carlos Andres Vargas e-mail: carlos.vargas[at]VPNMEXICO.NET address: Paseo de la Reforma 2608 21 PISO address: 11950 - Mexico - DF country: MX phone: 52 55 52164200 [4300] created: 20021209 changed: 20041207
  3. oldskoolflash

    Question re compromised account information

    Surely they care if their website gets shut down? - you would think it's not worth the hassle, I mean as if anyone from the spamcop forum is going to buy some fake viagra, "enhancment" pills and a dodgy mortgage...
  4. oldskoolflash

    Question re compromised account information

    I know spammers are stupid, but surely a harvesting a database of email addresses that regularly report spam has got to be the singularly most stupid thing I have heard all year. Does anyone think this hack has anything to do with spammers wanting to listwash all spamcop emails to stop them being reported?
  5. oldskoolflash

    Question re compromised account information

    I thought they were???
  6. oldskoolflash

    Question re compromised account information

    If the offending website is kassir.ru it seems that my address was lifted too, I got 30 spams in one day all linking to this site see my previous post here
  7. oldskoolflash

    Need some info re; invo i gave in the spam e-mail

    Hi, Iaan, sorry to hear about your misfortune, you need to think very hard about ALL the possible times you have used the same information (credit cards, online banking, store accounts, internet shopping sites). Work through them all, contact them and change all your personal information. This happened to me a few years ago before anyone really knew about identity fraud: I left my mobile phone in an airport scanner. I got a call from "Vodafone" asking me to confirm my details. As the phone was missing I thought it was genuine, the guy asked for my username and my DOB, which I gave him, but when he asked for my password I became suspicious and asked for his name and telephone number (which were fictitious). I immediately phoned Vodafone, to change my password etc. About an hour later I had a heart attack as I realised (as many people do) I had stored my password in my phone as a fake phone number, problem was this was also the log in to my internet banking. I then tried to log in to my bank and discovered I couldn't, when I called them, it turns out that my log-in information had been changed and a new debit card requested! At this point I contacted the airport police as I am certain someone at the airport had something to do with it, eventually a man in the lost property department was arrested as part of on on-going investigation. BTW before I get people posting messages about how stupid it is to have the same password for several accounts, but this was a few years ago long before there was so much awareness about this kind of thing. I have definitely changed my ways these days!
  8. oldskoolflash

    Grrrrr I HATE YAHOO!!

    You are receiving the same spam as me, always claimagent[at].......... I haven't noticed a referenced website before though, but it doesn't surprise me at all that no action has been taken. It is amazing isn't it, if this was any other large corporate business and a member of the public approached them to inform them that one of their own was committing fraud, there would be immediate action taken, but because this is an ISP, they do nothing. I'm sorry, but in the UK, they are required by law to do something about it. If it can be proved that they are willingly allowing their systems to be used to facilitate criminal fraud, then they are accessory to fraud and can be held accountable. The fact is, nobody pursues these cases - after all who wants to take on Yahoo. If there was enough media interest in this there would be uproar that large organisations a participating in this kind of criminal activity.
  9. oldskoolflash

    A new low for spam

    Thanks, I've got quite a few examples of this, ill forward them, but it seems the parser is just using the contact info provided for that IP address. I do think that the parser should be a bit smarter and discard these addresses as fake. BTW I have posted an example in this thread.
  10. oldskoolflash

    FAQ Entry: The Link Analysis Process

    I know the parser is using the info provided for that IP, my point was, why does the parser not filter out donaldduck[at]hotmail.com and discard it as fake. Whenever I question the reliability of the parser at locating referenced websites, people are very quick to pipe up that this is not what the parser is for, and all the efforts are put in to detecting the source of the spam. My point is that quite often it does not do that very efficiently. Who wants to send spammers confirmation that their email address is live, and actively reports spam and yet the parser allows this with surprising ease. I know you can untick specific addresses, but surely anything [at]gmail.com or [at]hotmail.com or [at]geocities.com that isn't abuse[at] or postmaster[at] is fake, the parser should be smart enough to discard anything that is obviously fake.
  11. oldskoolflash

    FAQ Entry: The Link Analysis Process

    I think the parser often gets the source wrong! Often it or gives the spammers email address as a reporting address - how and why does the parser give the address royir143[at]hotmail.com as a valid spam reporting email adddress (see below) ?!!! Surely it must be possible to have a system where anything other than abuse[at]hotmail.com is discarded as fake. I really think the spammers are one step ahead here and are actively building a database of users who report spam. They can then use this for a variety of uses like refining spam to evade the pharser, using reporters of spam to maliciously report legitimate websites, or more worryingly set DDos attacks and virus campaigns... Tracking message source: 124.106.177.207: Routing details for 124.106.177.207 [refresh/show] Cached whois for 124.106.177.207 : rrdelavega[at]pldt.com.ph nctabernilla[at]pldt.com.ph ssmiguel[at]pldt.com.ph riresurreccion[at]pldt.com.ph jcgonzales[at]pldt.com.ph vrortiz[at]pldt.com.ph royir143[at]hotmail.com Using last resort contacts rrdelavega[at]pldt.com.ph nctabernilla[at]pldt.com.ph ssmiguel[at]pldt.com.ph riresurreccion[at]pldt.com.ph jcgonzales[at]pldt.com.ph vrortiz[at]pldt.com.ph royir143[at]hotmail.com Message is 4 hours old 124.106.177.207 not listed in dnsbl.njabl.org 124.106.177.207 not listed in dnsbl.njabl.org 124.106.177.207 not listed in cbl.abuseat.org 124.106.177.207 not listed in dnsbl.sorbs.net 124.106.177.207 not listed in relays.ordb.org. 124.106.177.207 not listed in accredit.habeas.com 124.106.177.207 not listed in plus.bondedsender.org 124.106.177.207 not listed in iadb.isipp.com Finding links in message body Parsing text part no links found Please make sure this email IS spam: From: "Phyllis Honeycutt" <tkynqmck[at]ainsight.com> (FWD: Big news shows promise) Did not par ticularly enjoy your previous tra ding day? Don?t focus on that. Mov e on to your most successful one with the tips I listed below! You?ll come out o View full message Report spam to: Re: 124.106.177.207 (Administrator of network where email originates) To: royir143[at]hotmail.com (Notes) To: vrortiz[at]pldt.com.ph (Notes) To: jcgonzales[at]pldt.com.ph (Notes) To: riresurreccion[at]pldt.com.ph (Notes) To: ssmiguel[at]pldt.com.ph (Notes) To: nctabernilla[at]pldt.com.ph (Notes) To: rrdelavega[at]pldt.com.ph (Notes) Re: 124.106.177.207 (Third party interested in email source) To: Cyveillance spam collection (Notes)
  12. oldskoolflash

    A new low for spam

    A bit of an update - I think this may be a campaign against a legitimate website (see below) - I have had spammers do this before with the (genuine) dutch lottery website. They deliberately send malicious spam to addresses they know report spam. They are basically getting us to work for them.... I really hate these b******* Tracking link: http://kassir.ru/ [report history] ISP does not wish to receive report regarding http://kassir.ru/ Resolves to 217.73.200.248 Routing details for 217.73.200.248 [refresh/show] Cached whois for 217.73.200.248 : postmaster[at]stack.net abuse[at]stack.net Using abuse net on postmaster[at]stack.net abuse net stack.net = postmaster[at]stack.net, abuse[at]stack.net Using best contacts postmaster[at]stack.net abuse[at]stack.net ISP does not wish to receive reports regarding http://kassir.ru/ - no date available http://kassir.ru/ has been appealed previously.
  13. oldskoolflash

    A new low for spam

    I am getting so disillusioned by reporting spam. It seems that spamcop is slipping further and further behind the spammers in this battle. I keep getting gif spam with no referenced websites and sources that change so quickly it is obvious the spammer doesn't care if they get reported and added to a blacklist. Also I am finding spamcop less and less reliable at correctly tracing the source and is often giving hotmail reporting addresses (obviously owned by the spammer). Also am finding spamcop is failing to pharse headers properly (even after multiple refreshes) and correctly give reporting addresses for referenced websites. And today, a new low, 35 spam emails overnight all from different sources, all referencing the same website http://kassir.ru - spamcop failed to find a reporting address for any of them! I hit a brick wall when trying to find a host for this website (probably for the same reason spamcop is failing to find a reporting address). Sorry to vent, but I have to ask is it really worth the effort......?
  14. oldskoolflash

    Grrrrr I HATE YAHOO!!

    Thanks for that Stephen, you'd think Yahoo would mention that rather than constantly repeating that the user has not breached their TOS! Another possibility is that my constant nagging for a week has persuaded them to disable that email address, unless by "domain invalid" you mean the whole of yahoo.hk - is that not yahoo hong kong though?
  15. oldskoolflash

    Grrrrr I HATE YAHOO!!

    How do I verify the account, do you mean send an email and see if it bounces? I would be very suprised if the email wasn't active as it was the only means of contact in the original spam. Thank's for that link farelf, i'll definately get in touch
×