Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by petzl

  1. Netdemon gives the IP address. Just tried it yes it works well thanks https://www.virustotal.com/#/url/87a1133f47025b43f18b4af7431bc40fb324c2ca6ff58f922e98ea7093ce8d3e/detection
  2. You need to also remove the "gillion or so" BCC addresses, replace with a X.
  3. From: spammer[]spam.cxm Hey! There is a blank line between the headers and the body! Needs TWO blank lines Spamware often does not separate headers from body and if it has 2000+ spam victim email address to "X" out in a visible BCC field it will have a hernia!
  4. netdemon offers a safe txt browser. I use this to get IP's of URL's I get spammed by Russian crime gang and not keen on clicking link. They sometimes try to download ransomware to your computer.
  5. just get the bogus abuse email address right "granatnetou[AT]gmail.com" Ukraine bogus address https://www.first.org/members/teams/cert-ua URL abuse[AT]hostkey.us bounce try sales https://www.us-cert.gov
  6. SC just looks at link provided the link in this case is a redirect link with a abuse address that bounces. Try to be better than SpamCop is you have the time In the case of porn spammers send to the CERT of that country as well.
  7. I get abuse[AT]hostkey.us bounces/bitbin try SALES[AT]HOSTKEY.COM First URL --- 02/22/19 05:27:49 AUS Eastern Daylight Time --- reading URL http://rrnntqutxtf.charlie-washington.infx/?eid=bWlnYWwwMEBob3RtYWlsLmNvbXwzMDcxNjM --- contacting host rrnntqutxtf.charlie-washington.info [] on port 80 HTTP/1.1 302 Found Server: nginx/1.10.2 Date: Thu, 21 Feb 2019 18:21:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close X-Powered-By: PHP/5.3.3 Location: http://www.geoearnings.cxm/lgtrack/OTcuMTY?email=bWlnYWwwMEBob3RtYWlsLmNvbQ%3D%3D --- connection closed THEN URL http://www.geoearnings.cxm/ gives me another redirection abuse@amazonaws.com USA - Washington Final redirection https://www.localflirtbuddies.cxm abuse[AT]amazonaws.com Ireland get Cert address from here https://www.first.org/members/teams/ include Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > amazonaws.com send your complaints to spammer, These are the Cybercriminals amazon are contacting in this case "Thank you for submitting your abuse report. We have begun our investigation into the source of the activity or content you reported.We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report."
  8. Mine is not registered (lost my registration) works well, but you need to work it out which is not hard. If a site redirects to another, netdemon show you the site it redirects to, this requires another "netdemon window" to go to that site, which will include the reportable IP of that redirected site. you can open many "panes" in netdemon
  9. Not a bug? SpamCop recieved no body in text? when there is no body you just hit the enter key twice under last line Subject: PAYMENT NOTIFICATION OF YOUR FUNDS. To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" Bcc: x here and write No text in spam body
  10. I use a windows program which is sort of free they no longer sell the program http://www.netdemon.net/ Text browser shows the IP and the redirect sites the destination site is run by Needs working out by copy/pasting sites it forwards to and searching with new page. The end site is this one blackhats abuse[AT]amazonaws.com My "scri_pt" is accurate enforced in USA so they would/should worry
  11. This is a redirect to a porno site Find the IP of that site and report it the following reply usually gets it taken down. Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS >
  12. OK best way to go. In that case runing "Windows10Upgrade9252.exe" will only say "you have the latest"
  13. Seems "normal" with all AV's - A pain. If you just use "update", in my case, left a lot of problems and the "normal" un-stability of WIN10 and checks if indeed you have the latest version. https://www.digitalcitizen.life/how-get-anniversary-update-today-windows-10-update-assistant
  14. You will still need a AV but all need a fair bit of learning about. Windows Defender is as good as any, a pain to work out also.
  15. I'm in Sydney Australia still run "Windows10Upgrade9252.exe" .if you can find it from Microsoft
  16. I were saying run it before removal. To see if it says something. (may have IP's on a bad list) To get a STABLE WIN10 you need to run "Windows10Upgrade9252.exe" from Microsoft not the "Check for updates" this will do a FULL upgrade without removing files/programs
  17. Run a scan with your "Anti-V-software", looks like that's what shut your browser down? Get the latest WIN10 upgrade "Windows10Upgrade9252.exe" from Microsoft https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/windows-10-fall-creators-update-how-to-get-it-now/c034b09b-eec4-4647-8baf-0638327e1867
  18. Different operating System. I went from WINXP to WIN8 now WIN10 64bit touch screen so can't help.
  19. without quotation marks open "All settings " in "windows settings" first Even works in search bar bottom left of screen WIN10 I'm talking about?
  20. Might be settings in your browser? Thought it might not be working till you got it. Suddenly had a Microsoft Pointyhead attack with a VPN I use. Microsoft has decided to give Window Defender a "Microsoft mind of is own" then you have to undo everything its changed Then when installing a program you have to do some needless leaps and jumps. Windows Defender has a "ransomware" protection added Open "all settings" then in search bar put "Controlled folder access" turn it off After instillation turn it on I guess (I have) Then check what folders are blocked "Protected folders" any of your software you use remove from list.
  21. Seems Microsoft have "fixed" the outlook headers like only Microsoft can! https://ibb.co/pw2Dt6g
  22. have this signature in mine offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader
  23. Been reporting Cybercriminal URL links latest is/was using Microsoft link this looks like them? Story a link from your link https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play? Dumb abuse desk reply the report had nothing to do with email from Microsoft! I stated email source and stated it did not originate from them. My concern was a diversion URL link theirs I also forward as attachment A review of the message information you provided indicates that it did not originate from a mailbox associated with a Microsoft account. Unfortunately, we are unable to take action against e-mail accounts that are not within the Microsoft network. In order for us to investigate and assist we need additional information to help us determine the message's true source and find out what actions may be available for us to take against the sender. Please forward an unedited copy of the message that includes the X-originating IP and message headers. also reported with SpamCop https://www.spamcop.net/sc?id=z6520761297zd6dadefbdd1feb73d5cf77539a2e10fbz
  24. I assumed you use SpamCop? Open a free account. https://www.spamcop.net/anonsignup.shtml At the top of every report page https://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z SpamCop v 5.0.0 © 2019 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z Skip to Reports