Jump to content

Appleseed

Members
  • Content Count

    15
  • Joined

  • Last visited

Posts posted by Appleseed


  1. "Sorry, SpamCop has encountered errors:

    Headers mangled

    It appears that the sample you provided has been altered.  Often, extra
    line-breaks are inserted by your software in an invalid format.  Part of
    the reason for this proceedure is to ensure that you and your software are
    submitting spam in an error-free format.  Please review the relevant FAQ
    for your software and ensure you are following a proceedure which returns
    intact spam content to SpamCop.

    In this sample, the problem was found near the line:
    via HE1PR0401CA0052.EURPRD04.PROD.OUTLOOK.COM; Fri, 22 May 2020 03:29:37"

    Outlook put stuff to headers. If you want to report messages from Outlook, you have to start copy paste from the last "Received: from" line in message source and ignore all outlooks stuff before that.

    Still it would be nice if Spamcop could leant to do ignore that extra stuff itself.


  2. On 10/31/2019 at 9:21 AM, klappa said:

    Where can you find that information? Is there any other abuse address I can report to? This spammer have spammed me for years. The spammer hacks sites and e-mails and use them in a botnet.

    I did find it from Google when i was looking information of this spammer.

    After i started to report him to that IPv4 peer company mentioned above (thanks RobiBue), they did change it to another one. Then i started to report those spams to that one also and now i havet got any spam from that spammer.

    That guy own fashion clothes store or modeling place. It could be that he is selling those poor girls irl.

     

     

    Now i keep getting new kind of spam what i cant report to Spamcop. Outlook wont allow copy that email source code.


  3. On 10/11/2019 at 5:34 AM, RobiBue said:

    looks like their IPv4 peer is AS 31343 ( Intertelecom Ltd ) (got it from your dnslytics link ;) )

    It seems that Intertelecom is the only peer Romanenko has, so it is likely that he is their customer... maybe they don't know what's going on in their "backyard/neighbourhood" and then again, maybe they do and the money they get is good enough for them...

     

    Thanks

    BTW. This guy have is specialized to Smoke Loader and have a huge Necurs botnet.


  4. On 9/12/2019 at 9:28 PM, gnarlymarley said:

    I have had much thought on this, and I no longer trust much of the addresses that are called abuse or postmaster anymore.  I figure that as long as my address is munged in the report and I give out the minimal headers in the report (meaning the spam gets pulled from my border server and reported), they I am not sure it matters as they already have that information from when they connected to my email server.  I myself have not seen any repeat spam to be reported to vvsg180@gmail.com, so it very well could be legit.

    Ok, it seems that that guy is the same as OOO-Patent-Media etc. and their company Romanenko Stanislav Sergeevich are hosting those spamsite https://dnslytics.com/bgp/as47981

    So vvsg180@gmail.com is their and also hawk@diamondc.ru and stell_hawk@mail.ru

    So it is impossible to stop that spam, if SPAMCOP report to them. Just like i was guessing in my first post.  Spamcop report directly to spammer itself.

    If someone could find who is host behind of their IP range 92.63.192.0-92.63.192.255, then the report could send directly to that ISP.

×