Jump to content

petzl

Memberp
  • Content Count

    2,275
  • Joined

  • Last visited

Everything posted by petzl

  1. petzl

    OVH.Net spam ?

    Just got one with a OVH link have to truncate as it's full of base 64 gibber https://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z I also sent full report from my email account Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe provided to this Russian (?) Crime gang by FaceBook .. Received from 185.252.147.144 abuse[AT]firstbyte.ru link obfuscation https://aiplotnic.ru/yqjutzsgrfuwz Resolves to 51.38.186.24 abuse[AT]ovh.net offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader >
  2. petzl

    OVH.Net spam ?

    Not getting much OVH spam they never used to react to abuse reports but found they seem to if you use their web form? https://www.ovh.com/world/abuse/
  3. petzl

    spam has eased up in my inbox

    can't you whitelist anyone who posts 1 approved post? Just a suggestion, most of this spam flood is recognized as spam
  4. SpamCop will do this auto-magically, reason is SpamCop processes millions (?) of spams a minute (just guessing), which ,if were over a certain size criteria would slow everyone down to a very slow crawl If you want to forward as attachment to a abuse desk from your own email account you can. put the IP you are reporting on the blank page.
  5. SpamCop just forwards to a working email account
  6. Not me that is having email bounced? My email address is a legacy one that is forwarded to a fastmail account. I pay for reporting spam through SpamCop which allows me to look-up IP addresses for evidence of prior reports. https://mailsc.spamcop.net/sc?track=151.101.248.253 Access for paid members only. TALOS give the IP a neutral "email reputation" if it had been listed it would be negative
  7. no reports have ever been made by SpamCop members. Don't look like it has hit spamtraps either? https://www.talosintelligence.com/reputation_center/lookup?search=151.101.248.253
  8. SpamCop blocks by email or source IP not a email address Show the IP that SpamCop is blocking for better advice.
  9. Don't think so? At least not via SpamCop
  10. petzl

    USB email client

    Been using TheBat voyager which is a bit buggy but seems adequate But would like something better Testing http://portableapps.com/apps/internet/thunderbird_portable Can't work out how to get full headers though? Open email View. Headers, ALL Don't do it?
  11. Had a look at this one only; SpamCop abuse address cache needed refreshing (works now) A good Whois for IPv6 addresses is https://dnslytics.com/whois-lookup Says it's from India also send abuse to INCIDENT [AT] cert-in.org.in pradeep.elcom[AT]gmail.com bounces/bogus
  12. petzl

    SCv5 parsing

    If SpamCop can't parse do it yourself. Look for line Authentication-Results: spf=none (sender IP is 209.85.128.68) AND Return-Path: noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255]) So forward as attachment to network-abuse[AT]google.com All you put in forwarded message is Received 209.85.128.68 network-abuse[AT]google.com Source 68.183.75.255 abuse[AT]digitalocean.com digitalocean.com are known ratbags so also use their abuse page https://www.digitalocean.com/company/contact/#abuse
  13. Send a tracking URL st top of page before you submit Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6512807609z140b367a456a8adeb495bd5a26b7edd1z or screen shot https://ibb.co/4PCKSm7
  14. you can see where the data breach occurred by going here https://haveibeenpwned.com
  15. BEFORE you click submit the tracking URL is at top of page https://ibb.co/4PCKSm7
  16. no. Look below Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6512807609z140b367a456a8adeb495bd5a26b7edd1z
  17. Before you submit a spam at the top of page is a "tracking URL" copy it and one can then see what you are on about
  18. Help if you sent a tracking URL Your email server collects a received IP address.that is are genuine IP a lot of spam has fake IP's stamped with the spam SpamCop will disregard these if there is something dodgy about it (no DNS etc) example below. Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB for <xxx[AT]spamcop.net>; Wed, 9 Jan 2019 13:31:08 -0800 (PST) Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source DNS LOOKUPS Forward and Reverse DNS lookups are performed to see, if the name to IP and IP to name DNS lookups produce the same results. This feature is used to see if DNS is correctly set up for a host and can be an indicator for a malicious host.
  19. petzl

    spam reporting question

    https://www.talosintelligence.com/reputation_center/lookup?search=62.172.235.230 Shows some one don't care UK military server compromised https://www.raf.mod.uk/our-organisation/stations/raf-marham/ https://www.spamhaus.org/sbl/query/SBL428795
  20. https://www.spamcop.net/sc?id=z6451502850zd07b723238632868903d2821f0fe36ddz would like to know the actual Youtube video these/this spam uses in received spam? Java scrip hides the source, tried right click video source no-good. These criminals have 100's posted under bogus names on youtube example "https://youtu.be/edu1UmfJbTg" on the right shows from all same crime gang they go through https://t-soft.cc/lp.php heres my last abuse report Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe provided to this Russian (?) Crime gang by FaceBook posted from 139.59.244.76 is an open proxy abuse@digitalocean.com phishing-report@us-cert.gov http://cbl.abuseat.org/lookup.cgi?ip=139.59.244.76 URL https://pushstat.sendpulse.com/pushurls/361646/NzM5NjQz/97152513cf76a54da69215685da34b92/7c977009d5861eebb711656eb7d87a74 Resolves to 193.70.13.222 abuse@ovh.net Redirects to http://click.affcrunch.com/aff_r?offer_id=1674&aff_id=3669&url=http%3A%2F%2Fclick2go.link%2Fclick.php%3Fproject_id%3DSbn-%26affiliate_id%3DZhn-%26custom1%3D10238e359a5f2258488583da02e039%26custom2%3Dv2&urlauth=643935563311863739629751418684 Resolves to 52.210.90.239 : abuse@amazonaws.com linked via phishing spam bogus reply address, bogus unsubscribe numerous youtube videos posted anon no listed owner/channel? https://www.youtube.com/watch?v=2b5nWGfptz0 network-abuse@google.com
  21. Thanks have slowed this criminal down but comes back every few months
  22. petzl

    Telephone spam callers

    Another here https://jollyrogertelephone.com
  23. petzl

    spam reporting question

    child porn source 182.111.98.3 anti-spam@ns.chinanet.cn.net 113.140.86.66 anti-spam@ns.chinanet.cn.net offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader example just forwarded as attachment from my email account Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB for <xxx[AT]spamcop.net>; Wed, 9 Jan 2019 13:31:08 -0800 (PST) Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source email server seems a fake one https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a113.140.86.66&amp;run=toolpage
  24. petzl

    spam reporting question

    Forward as attachment from your email to abuse address is another way botnet source 88.198.112.174 'abuse@hetzner.de Email server change password 62.172.235.230 abuse@bt.com Received: from 127.0.0.1 (EHLO our.madebysonder.com) (62.172.235.230) your email server to you by mta4452.mail.bf1.yahoo.com with SMTP; Wed, 09 Jan 2019 11:52:48 +0000 Received: from User (static.88-198-112-174.clients.your-server.de [88.198.112.174]) source to your email server by our.madebysonder.com (Postfix) with ESMTPA id 1306A30601B9; Tue, 8 Jan 2019 12:00:03 +0000 (GMT) reference urls https://www.talosintelligence.com https://mxtoolbox.com/diagnostic.aspx https://dnslytics.com/whois-lookup
  25. petzl

    spam reporting question

    Rubbish bin never read. The Cert address is run by the Government who can get criminals arrested
×