Jump to content

petzl

Memberp
 View Profile  See their activity

  • Content Count

    2,115

  • Joined

  • Last visited

Posts posted by petzl

  3. Posted

    If SpamCop can't parse do it yourself. Look for line
    Authentication-Results: spf=none (sender IP is 209.85.128.68)

    AND
    Return-Path:
     noreply.kimcilkempolenkentunenggerdukaroboyoanyaran3@buahdalamdada.me

    Received: from ubuntu-s-1vcpu-1gb-fra1-01 ([68.183.75.255])

    So forward as attachment to network-abuse[AT]google.com

    All you put in forwarded message is

    Received
    209.85.128.68   network-abuse[AT]google.com

    Source
    68.183.75.255    abuse[AT]digitalocean.com

    digitalocean.com are known ratbags so also use their abuse page

    https://www.digitalocean.com/company/contact/#abuse

  9. Posted · Edited by petzl

     

    1 hour ago, ANGEL said:

    Are SC reports ever directed to the "source" of the spam?

    Help if you sent a tracking URL

    Your email server collects a received IP address.that is are genuine IP a lot of spam has fake IP's stamped with the spam SpamCop will disregard these if there is something dodgy about it (no DNS etc)  example below. 

    Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server
	by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB
	for <xxx[AT]spamcop.net>; Wed,  9 Jan 2019 13:31:08 -0800 (PST)
Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source

    DNS LOOKUPS
    Forward and Reverse DNS lookups are performed to see, if the name to IP and IP to name DNS lookups produce the same results. This feature is used to see if DNS is correctly set up for a host and can be an indicator for a malicious host.
     

  10. Posted

    32 minutes ago, ArtmakersWorlds said:

    petzl

    I seem to remember that bt.com coming up in the past.  When I see an email address I sometimes DO forward copies directly.   Pretty sure that one only sends back some long winded BS auto responder which I don't even bother reading.  I don't know if they care or not.

    https://www.talosintelligence.com/reputation_center/lookup?search=62.172.235.230

    Shows some one don't care UK  military server compromised 

    https://www.raf.mod.uk/our-organisation/stations/raf-marham/

    https://www.spamhaus.org/sbl/query/SBL428795

  11. Posted

    20 minutes ago, MIG said:

    Hey Petzel, 

    Posting this acknowledging you've been around way longer than me, actually let me re-word that, you've been around on SCF way longer than me:), so I may not be on the right track, however, using the links provided & your SCF report I get:

    https://www.virustotal.com/#/domain/pushstat.sendpulse.com

    https://www.virustotal.com/#/domain/click.affcrunch.com

    https://www.virustotal.com/#/url/1e0c25ab42752181cc197651c2dcec630b564279938ea632bdf1a71d7f149f0e/details

    https://www.virustotal.com/#/domain/smartiyke41.duckdns.orghttps://www.virustotal.com/#/domain/smartiyke41.duckdns.org

    https://www.virustotal.com/#/url/8b24aa770a546505998fbe71fa5f5523b4df529c69d202c415e25313725ed36c/detection

    Any use?

    Cheers

    Thanks have slowed this criminal down but comes back every few months 

  13. Posted · Edited by petzl

    18 minutes ago, petzl said:

    Forward as attachment  from your email to abuse address is another way

    botnet  source   88.198.112.174   'abuse@hetzner.de

    Email server change password  62.172.235.230   abuse@bt.com 

    child porn source
182.111.98.3  anti-spam@ns.chinanet.cn.net
113.140.86.66   anti-spam@ns.chinanet.cn.net
offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader
    example just forwarded as attachment from my email account 
    Received: from WINDOWS-COSBPNE (unknown [113.140.86.66]) my email server
	by vmx5.spamcop.net (Postfix) with ESMTP id 07FDAAF6FB
	for <xxx[AT]spamcop.net>; Wed,  9 Jan 2019 13:31:08 -0800 (PST)
Received: from jakwcdbio (Unknown [182.111.98.3]) claimed/fake email server stamped source

email server seems a fake one
https://mxtoolbox.com/SuperTool.aspx?action=smtp%3a113.140.86.66&amp;run=toolpage

  14. Posted · Edited by petzl

    4 hours ago, ArtmakersWorlds said:

    Thanks for trying though.  But unless someone can post

    1. Do this..

    2. do that...

    Forward as attachment  from your email to abuse address is another way

    botnet  source   88.198.112.174   'abuse@hetzner.de

    Email server change password  62.172.235.230   abuse@bt.com 

    Received: from 127.0.0.1  (EHLO our.madebysonder.com) (62.172.235.230) your email server to you
  by mta4452.mail.bf1.yahoo.com with SMTP; Wed, 09 Jan 2019 11:52:48 +0000
Received: from User (static.88-198-112-174.clients.your-server.de [88.198.112.174]) source to your email server 
	by our.madebysonder.com (Postfix) with ESMTPA id 1306A30601B9;
	Tue,  8 Jan 2019 12:00:03 +0000 (GMT)

    reference urls

    https://www.talosintelligence.com

    https://mxtoolbox.com/diagnostic.aspx

    https://dnslytics.com/whois-lookup

  17. Posted · Edited by petzl

    8 hours ago, ArtmakersWorlds said:

    Or... does google even care?  (Well they must, when I was being flooded   almost all of them went to google network abuse.  It's stopped so they must have done something.)

    Gmail/Google don't care about customers, to them they are just data fodder!
    Aside from reporting spam  mark it phishing

  18. Posted · Edited by petzl

    15 minutes ago, Art101 said:

    f it's helpful, here's the tracking URL generated by SC when I attempted to report the latest Gmail spam.

    https://www.spamcop.net/sc?id=z6509941447z78a17f98c019adb8dcd454feb439f9ccz

    Thanks again and happy 2019: A new year full of hope and promise — and free from spam. 

    remove this line

    X-Received: by 2002:a5d:660e:: with SMTP id n14mr29805602wru.19.1546161368641;

    then it works if you can mark it as phishing all spam

    https://www.spamcop.net/sc?id=z6509955159z47f3673f640081f71a9089e0d8df55dcz

  21. Posted · Edited by petzl

    2 hours ago, lisati said:

    One or two of the dodgy emails I've had seem to have their origins the days before my provider moved away from Yahoo, who had had a couple of data breaches. The password was correct but an old one. I

    Still suspect info coming from old dumped servers. I said ADSL  but it was even before that, when I had 33.6 modem.

    So many getting these threats so it seems organised and from more than one source.  Seem to remember where junkied computers are sent to Africa and gangs take the data off them. Use the Windows FREE version of CCleaner to wipe drives select Tools/Drive Wiper. Formating won't remove info.  Wipe at least once then format the more times you wipe the longer it takes depending on drive size.

    DO NOT WIPE SSD (drives) you will destroy them!

  24. Posted · Edited by petzl

    2 hours ago, michaelanglo said:

    Really? Works fine for me. The Sent folder is good and email attachments sent to the Spamcop report addie can be viewed.

     

    I have so far found their support pretty good.

     

    Why 12 months? Haven't you been using it since  Corporate Email Services (CESmail) ceased  operations on September 30, 2014

    Was working fine for just over 12 months. Then it stopped saving sent reports, which they sort of fixed, but not quite as it behaved before?

    Before when I  sent the draft, I would delete the (spam) original and then have to go to sent folder to delete the "sent", now when I delete the spam the sent draft gets deleted too. Not that this is a real problem, as if I  save the original the sent also remains saved, which I copy and past BOTH to a specialty folder for future reference.

    I report all spam directly from Fastmail to China and theres a fair bit of (forward as attachment/show all headers) trouble is sometimes when finding the IP in headers I need to see the original, if a "draft" is open which it no longer allows! Again for 12 months was OK, someone has touched something and broke it, before it was fine. Could do this by scrolling page down then continue draft by scrolling up, now draft is just lock have to discard draft to see original. Very annoying

    Used to use Gmail to get my SpamCop email forwarded to then Gmail headers became rubbish and had to find a provider that suited me.

    Fastmail did was excellent but not any longer. Mainly because of not being able to read original when I are forwarding as attachment when it then becomes invisible.

×