petzl

Memberp
  • Content count

    1,713
  • Joined

  • Last visited

Community Reputation

0 Neutral

About petzl

  • Rank
    Been There

Contact Methods

  • Website URL
    http://tinyurl.com/abba-money-money-money-midi
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Sydney Australia
  • Interests
    I am not a number I am a free man
  1. SpamCop reporting addresses I see often as a legacy issue and are set in mud (ignored/old defunct reporting addresses) https://www.spamcop.net/sc?id=z6354566965z58e6e1b554cd81aafb9894c99b1451dcz 98.138.207.12 : abuse [at] yahoo-inc.com is sent to yahoo [at] admin.spamcop.net 104.140.17.220 : noc [at] serverhub.com is sent to spamcop [at] serverhub.com You need to use SpamCop to "clue" one in as to IP source, Then check abuse addresses with a "who is" program like "IPNetInfo" And send from the email it was sent to (some have privacy concerns in doing this). Also submit from SpamCop
  2. Gmail reads all mail electronically. You would be sending spam, be it that you are trying to report it. Just " using the tool in the upper right corner of this screen" show original and you can push a button to copy text for pasting in SpamCop
  3. Would help if you gave a SpamCop trackingURL Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6338527151za71ac855aa3c8f89902419badfabbd3cz
  4. TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6322145333z1430805affc509d4a856f69864c9a63bz needed truncating
  5. The abuse address for 80.147.59.28 is abuse@telekom.de as well as abuse@t-online.de (which seem asleep at wheel) Ramp up report to them using notes eg > 80.147.59.28 (Administrator of network where email originates) BOTNET ATTACK HOST (compromsed computer) http://www.abuseat.org/lookup.cgi?ip=80.147.59.28 IP Address 80.147.59.28 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-10-12 19:00 GMT (+/- 30 minutes), approximately 30 minutes ago. It has been relisted following a previous removal at 2016-09-24 15:54 GMT (18 days, 4 hours ago) This IP is infected (or NATting for a computer that is infected) with a spam-sending botnet, most likely kelihos. In other words, it's participating in a botnet. TO REMOVE INFECTION Norton Power Eraser is a Windows free tool and doesn't require installation. It just needs to be downloaded and run. https://security.symantec.com/nbrt/npe.aspx SCAN INFECTED COMPUTER FOR MALWARE The following Cisco site shows servers/computers with prior or existing BOTNET infections http://www.senderbase.org/lookup/ip/?search_string=80.147.59.28 Still spewing spam https://www.spamcop.net/w3m?action=checkblock&ip=80.147.59.28 >
  6. Start hammering their facebook page! https://www.facebook.com/omnis/
  7. http://forum.firetrust.com/viewtopic.php?f=50&t=10200 link works?
  8. Found a link but I now no longer use MailWasher just use WebMail on Gmail http://forum.firetrust.com/viewtopic.php?f=50&t=10200 how I used to set-up "blocklists" which worked very well
  9. there was no tracking code in message. Tricking codes are "invisible" images in HTML mail which have unique numbers assiged to your email address. sometimes a unique code on spam Your email address has been found either by dictionary attack or one of your friends has a compromised computer. https://www.spamcop.net/sc?id=z6246114078z8e6c38330124db76fbfb0ff051dcf1afz 14.189.154.196 is an open proxy meaning it's a Botnet attack host. http://www.abuseat.org/lookup.cgi?ip=14.189.154.196 IP Address 14.189.154.196 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-06-05 07:00 GMT (+/- 30 minutes), approximately 17 hours, 30 minutes ago. This IP is infected (or NATting for a computer that is infected) with the Conficker botnet. TO REMOVE INFECTION Norton Power Eraser is a Windows free tool and doesn't require installation. It just needs to be downloaded and run. https://security.symantec.com/nbrt/npe.aspx VN seems to have a lot of Botnet infects (means clients have compromised computers in he control of criminals. The ISP needs to contact their customer have them do a Malware scan and Change log-on to a more secure password!
  10. Would help if you gave a trking url? even a IP address. In the mean time have no idea what you are on about?
  11. There are two "whois" sites SpamCop looks up Arin I check with Ripe to see if there is a difference if there is I add it to report A free Windows Ripe WhoIs program is here http://www.nirsoft.net/utils/ipnetinfo.html
  12. "Quick" reporting only sends to the IP SpamCop detects as sending spam which should be % Abuse contact for '82.57.200.0 - 82.57.207.255' is 'abuse[at]business.telecomitalia.it' 167.88.109.197 (Administrator of network where email originates) abuse[at]retail.telecomitalia.it https://www.spamcop.net/sc?id=z6234543446zc088e93784a7d290ce8a1d1c18a1e080z This IP is a Botnet mass spam sender http://www.senderbase.org/lookup/?search_string=167.88.109.197
  13. send a SpamCop Tracking URL! Before you submit top of page (do not click links in spam they could be harmful) Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6234007816z8753243c4760423776c866a734daeb39z Skip to Reports
  14. Sometimes pays to use SpamCop notes They are spewing spam their abuse address bounces include in notes abuse[at]eccmp.com bounces (99 sent : 99 bounces) also send to spam[at]uce.gov as well
  15. If you report fresh spam it sets the clock to 24 hours removal Paid subscribers can see the reports made over 90 days I add notes in my reports sample below > 111.23.153.228 (Administrator of network where email originates) BOTNET ATTACK HOST http://www.abuseat.org/lookup.cgi?ip=111.23.153.228 IP Address 111.23.153.228 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-04-18 12:00 GMT (+/- 30 minutes), approximately 7 hours ago. If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed. Find and remove the virus/spamware problem then use the CBL delisting link below. In some unusual cases, IP addresses used in shared hosting (especially those using IPSwitch Imail, Plesk or Cpanel) can trigger CBL listings. If this is a shared hosting IP address, make sure that your mail server software is set up to identify _itself_ in its mail connections, not each of your customers. BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER Make sure you are connecting to your mail server's 'authenticated mail' port 587 and not the ordinary 'unauthenticated' port 25. (ask your ISP to check for you) CHANGE TO SECURE PASSWORD SCAN INFECTED COMPUTER FOR MALWARE A BOTNET infected computer/server means the all data passing through it may be compromised (bank details, log-on/password, email, etc). CBL (abuseat.org) lists those computers that are infected with instructions on how to remove BOTNET infections Change log-on to a more secure password! The following Cisco site shows servers/computers with prior or existing BOTNET infections http://www.senderbase.org/lookup/ip/?search_string=111.23.153.228 spewing spam https://www.spamcop.net/w3m?action=checkblock&ip=111.23.153.228 Other hosts in this "neighborhood" with spam reports 111.23.152.231 111.23.152.241 111.23.152.243 111.23.152.246 111.23.152.247 111.23.152.254 111.23.152.255 111.23.153.2 111.23.153.6 111.23.153.8 111.23.153.9 111.23.153.14 111.23.153.15 111.23.153.18 111.23.153.19 111.23.153.27 111.23.153.28 111.23.153.30 111.23.153.37 111.23.153.49 111.23.153.52 111.23.153.56 111.23.153.61 111.23.153.62 111.23.153.66 111.23.153.75 111.23.153.76 111.23.153.77 111.23.153.78 111.23.153.80 111.23.153.87 111.23.153.93 111.23.153.106 111.23.153.110 111.23.153.112 111.23.153.116 111.23.153.118 111.23.153.121 111.23.153.135 111.23.153.137 111.23.153.140 111.23.153.145 111.23.153.146 111.23.153.147 111.23.153.148 111.23.153.151 111.23.153.152 111.23.153.153 111.23.153.160 111.23.153.166 111.23.153.169 111.23.153.174 111.23.153.176 111.23.153.188 111.23.153.191 111.23.153.193 111.23.153.194 111.23.153.199 111.23.153.202 111.23.153.203 111.23.153.212 111.23.153.217 111.23.153.219 111.23.153.232 111.23.153.234 111.23.153.235 111.23.153.239 111.23.153.241 111.23.153.242 111.23.153.243 111.23.154.18 111.23.154.20 111.23.154.27 111.23.154.29 111.23.154.41 111.23.154.48 111.23.154.49 111.23.154.50 111.23.154.54 111.23.154.58 111.23.154.66 111.23.154.86 111.23.154.87 111.23.154.91 111.23.154.94 111.23.154.99 111.23.154.100 111.23.154.103 111.23.154.107 111.23.154.108 111.23.154.111 111.23.154.116 111.23.154.118 111.23.154.119 111.23.154.145 111.23.154.146 111.23.154.147 111.23.154.152 111.23.154.153 111.23.154.161 111.23.154.167 111.23.154.172 111.23.154.183 111.23.154.186 111.23.154.211 111.23.154.213 111.23.154.215 111.23.154.217 111.23.154.221 111.23.154.223 >