Jump to content

petzl

Memberp
 View Profile  See their activity

  • Content Count

    2,295

  • Joined

  • Last visited

Posts posted by petzl

  1. Posted · Edited by petzl

    6 hours ago, nhraj700 said:

    NameCheap won't do anything until Spamhaus does.  Wished the average user could contact Spamhaus as whatever methods they use don't pick up on this attack.

    Is Dakota Green the spammer?

    https://whois.domaintools.com/redipping.com

    Seems to me Namecheap are "shining" on you
    Spamhaus does list domains surprised namecheap are not on it?

    Quote

    Is Dakota Green the spammer?

    Bodgie, worthless , inferior; false. name address? probably email as well, try forward as attachment spammers spam to "green1.dakotaATgmail.com", if proven fake (bounces) you can try ICANN to deregister Namecheap for non-compliance.. Registrars are supposed to confirm accuracy? 
    All domain sites contact information has to be true and accurate.
    SpamCop was once deregistered when it changed its fax number and neglected to update this. Joker.com did not support spammers
    This was during the "spam wars" where $$new blocklist opportunists$$ attacked SpamCop because of it's success and were dobbed in by competitor/s ASAP fax number was noticed changed.
    Namecheap seems to have security issues this is a reply in comments about Namecheap.
    Credit Card info stolen (last purchase: Namecheap)My last purchase was a DNS certificate through NameCheap. 24 hours later: $1,000 of fraud coming through on that card. Anyone else here having any issues?

  2. Posted · Edited by petzl

    20 hours ago, nhraj700 said:

    67 229 173 51

    is out of action I checked, possible for servers to scan outgoing email?
    Also in Gmails webmail click spam for "report phishing" in options after opening email.
    Gmail will block from domains as opposed to blocking IP's
    if enough phishing hits

    just checked again, Thursday 22/08, it's back-up!
    http://67.229.173.51
    Registrar Abuse Contact Email:  mailto:abuse@namecheap.com
     

  3. Posted · Edited by petzl

    8 hours ago, nhraj700 said:
    On 8/20/2019 at 6:08 AM, petzl said:

    Also there is no need to use up SpamCop data just send as attachment from your email/Gmail account (mark as phishing) as attachment, much cheaper. for DDoS attack. put all addresses in the TO field. 

    You lost me on this one. Send to who, the Registrar, Host or Cert? And for DDOS attack? Is this what I am getting with a spambot. Or is that more of a server that's getting it not my home network?  What addresses are you putting in the TO field. Domain Addresses or Host IP's?

     look at a SpamCop report, it will list what IP address it came from and a "key word" to look for, I use Opera web browser and "Ctrl + F" put a search bar on top, put/paste this keyword into it and you should easily see the offending IP, more importantly the server name picking it up. KEYWORD to use in future searches. "win32whois" will give the abuse addresses to post to. include the US cert and who ever. ""
    Best to do this from your Gmail web page, after opening email, click options "3 vertical dots" (top right) then select "Show original" a new page/tab will open showing you the IP 
    "SPF:    PASS with IP 111.111.111.111 Learn more"
    under that it will give the domain name
    "DKIM:    'PASS' with domain emails.XXXXXXX Learn more"
    Depending on spam you "forward as attachment" to (Always in the "To" field)  abuse desks government agencies.
    this means you are telling recipients who is getting reports maybe raising your priority. 
    put these abuse contacts in your address book or on notepad to copy/paste later, "phishing-report at us-cert gov" sounds good but most if not all Gov agencies sit on their elbows because they can't find their ass's, but looks threatening to abuse desks and you may get lucky and them VERY unlucky
    Seems to me Namecheap are saying they are bring domains down,  don't forget to check though.
    http://67.229.79.114  is still up?

  4. Posted · Edited by petzl

    10 hours ago, nhraj700 said:

    They told me to report directly to the hosts, but I am assuming that isn't working as Spamcop is doing that through the reporting process.  Out of the 30 I sent, only 5 domains showed up on the Spamhaus DBL list and according to NameCheap, that's what prompted them to open a case.

    Namecheap are the registrar all they have to do is change password access, seem spammer is using compromised accounts?  so would think they can disown them, Spamhaus is also evidence in reports.
    NameCheap are the most abused by botnet spammers 
    http://domainincite.com/22472-spamhaus-ranks-most-botted-tlds-and-registrars
    Not good publicity for NameCheap so they may look into it?
    Also report the host IP abuse (a few do something also use/report to the country CERT )
    Also there is no need to use up SpamCop data just send as attachment from your email/Gmail account (mark as phishing) as attachment, much cheaper. for DDoS attack. put all addresses in the TO field. 
    example  of what I put in email body to give you a heads-up show spamhaus link in your case (if one is given)
    Namecheap are playing the fool noway they can't get a domain name from a IP address
    Traceroute will/should do this
    67.229.79.114 = http://palterer.org    abuse[AT]namecheap.com  

    89.163.243.41  =  new.bedlamized.com   abuse[AT]namecheap.com

    62.210.76.243  agmaa.net    abuse[AT]namecheap.com 

    botnet source - ddos
36.27.123.65  antispamXzjnoc.hz.zj.cn
see  
http://www.abuseat.org/lookup.cgi?ip=36.27.123.65


offending email forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader

     

  5. Posted

    43 minutes ago, gnarlymarley said:

    Interesting that the cached whois says it is from the mirror and the format of it is slightly different.  Also interesting that APNIC and RIPE seem to have abandoned the separate abuse handle in favor of the following line:

    If I recall correctly, everyone used to use something similar to the following: 

    
OrgAbuseEmail:  abuse@example.com

     Used to be postmaster@ then as that address spammed to oblivion became abuse@ that also is now spammed to oblivion,
    when abuse.net can't find a abuse address they use abuse@ as default. Wish SpamCop would stop using Abuse.net

     

  6. Posted

    On 8/16/2019 at 5:34 PM, Steve said:

    https://www.spamcop.net/sc?id=z6566177613zbe9f03927879099214d104a432d8c2c0z

    But wait...

    Tracking message source: 203.188.252.24:

    Routing details for 203.188.252.24
    [refresh/show] Cached whois for 203.188.252.24 : faruque@bangla.net
    info@bangla.net bounces (10 sent : 6 bounces)
    Using best contacts

     

    I even tried refreshing but will it will not update.

     

    Steve

     

    nayon.isnpAT[bangla.net.bd seems is the correct address

  7. Posted · Edited by petzl

    5 hours ago, nhraj700 said:

    Hey all,

    Looking for some input on what "you" would do in addition to what I am already doing. I am at wit's end and considering giving up on this one.  I seem to have landed on some spambot or persistent POS spammer's list on an email address that typically has had no spam sent to it or was successfully filtered by the provider.  Unfortunately this ordeal has burned up all of my Spamcop fuel.  I am reporting every spam email to Spamcop, UCE, ORA.FDA, ACMA, Phishing at US CERT, Phishing at Antiphishing org.  This attack is repetitive in content and seems to be repetitive in sources. What bothers me is sometimes I get auto-response from Spamcop stating ISP has taken care of the address but what is weird is it is usually dated the day or two before and I am reporting within seconds of getting it.  Is the spammer sending some sort of auto-response to Spamcop to trick it?

    https://www.spamcop.net/sc?id=z6566520311z41fa0c960e85e844a30002d278ed6f9az
    https://www.spamcop.net/sc?id=z6566520312z6ce0103f34a127b8f20ded2333c8d06az
    https://www.spamcop.net/sc?id=z6566520330z977931b5a816ec376b8d9d8e3faee0b6z
    looked at 3 all seem to be free webhosting sites worldwide
    67.229.79.114  abusexvpls.com 1st reported on Submitted: 8/7/201
    Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com
    http://67.229.79.114
    89.163.243.41 abusexmyloc.de  1st reported Submitted: 8/7/2019   
    Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com
    http://89.163.243.41 
    62.210.76.243  abusexonline.net 1st reported Submitted: 8/18/2019
    Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com
    http://62.210.76.243   
    "Please enter your email address below to unsbscribe from future mailings."
    put in the appropriate abuse address, not yours if you must. this is a whack a mole reporting
    By using different IP addresses the spammer is avoiding blacklisting, seems that spammer is flooding you from all their free sites
    A good Website/registrar WhoIs ror windows
    http://www.gena01.com/win32whois/ 

    NameCheap are US  based so come under US law. Should have credit card details of criminal.
    “Book 'em, Danno. Murder One.”

  9. Posted · Edited by petzl

    13 hours ago, gnarlymarley said:

    Though, I believe you have some good addresses, I am not sure it will help.  After me seeing the joke of the do not call list for the past decade (more than the current administration), I would suspect that amazon.AWS thinks these addresses would be nothing more than an external rating system.  I do not believe they would actually stop the spam.  I use the SpamCop blocking list for that.  Each time you report, it feeds the algorithm behind the block list.

    AWS has a crime problem starting at it's abuse address, they seem in on it!
    try here for latest abuse address
    https://aws.amazon.com/security/report-suspicious-emails/

  10. Posted

    3 hours ago, lisati said:

    What I'm seeing at the tracking link is typical of mail I receive at an Outlook email account, where the top-most (most recent) Received header trips things up so that reports go to report_spam[at]hotmail.com - I usually delete or comment out the header in such situations, which is normally sufficient to get the report(s) sent to a more appropriate address.

    My template attracts Russia's attention it applies to all porn spam/ Not seen one with "proof of age" on file.

  11. Posted

    On 7/25/2019 at 1:01 PM, HeatherReid43 said:

    I am trying to report continuous voluminous spam originating from godaddy and the reports i have been sending are not being acted upon. ie the spam is still continuing and i would like to include the CERT or FIRST authorities in USA

    I did find an email address info@us-cert.gov and phishing-report@us-cert.gov but i want to be doubly sure that this is the correct email address to send the report to.

    can anyone please suggest the correct reporting email address to the proper authorities ?

    Show 1 spamcop tracking url

  12. Posted

    12 minutes ago, Appleseed said:

    No problem, things happen^^

    https://www.spamcop.net/sc?id=z6564775200zb0e68f15592a9b6948787f714e4ec177z
    The SpamCop tracking URL shows the Gmail abuse address is probably bogus (Bitbin)
    the IP of URL is a botnet
    https://www.abuseat.org/lookup.cgi?ip=92.63.192.124
    Front for child porn phishing spam operator.
    Send report to response[AT]cert-gib[DOT]ru no working abuse address. 

    Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS



>

     

  13. Posted

    On 8/6/2019 at 11:27 AM, petzl said:

    I only got action by sending abuse reports to Amazons sales department. Explaining that abusexamazonaws.com have gone rouge!

    Remove all @ symbols from email addies as spammer scan here for valid addresses (best is to use [AT]. I just put x over it)

    Found another address for AWS spoofing[AT]amazon[DOT]com
    they want phishing message sent as attachment
    https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201489190
    Got a phishing spam that is using AWS URL's
    email address probably sold by Facebook
    https://www.spamcop.net/sc?id=z6564692784zcf8bc46efe5fe75fafde0e89a94da795z

  14. Posted

    51 minutes ago, Steve said:

    Not sure exactly what you mean

     

    Steve

    spam reporting started in 1998 and had some hiccups, some providers believed SpamCop was buggy so did not want reports they couldn't rely on.
    Once turned off there was no time limit for the block (Devnull). Same for alternative or SpamCop abuse addresses given by abuse desks.

  15. Posted

    On 8/5/2019 at 11:10 AM, Steve said:

    What address are you sending Amazon abuse reports to? abusexamazonaws.com/ec2-abusexamazon.com? If you do it through SC, they devnull the report as that address (abusexamazonaws.com) is disabled for reports, but manually reporting it to abusexamazonaws.com/ec2-abusexamazon.com generates a confirmation email

    Steve

    I only got action by sending abuse reports to Amazons sales department. Explaining that abusexamazonaws.com have gone rouge!

    Remove all @ symbols from email addies as spammer scan here for valid addresses (best is to use [AT]. I just put x over it)

  17. Posted

    3 hours ago, MIG said:

    Greetings all👋!  I hope everyone's well and you've all been behaving!?

    Would anyone care to cast their 👀s over this bit of scum pleeze?

    Issue is, apparently "no links found", 'cept, I can find 8 - 4 are enclosed in brackets (), not sure about them, 4 are standard, from my objs, they're the ones that've confuzzed moi,  why didn't SC "detect"?

    Yes Master, I know urls are secondary to source, but, but, but.....

    https://www.spamcop.net/sc?id=z6563176953zf21fc4b02078997bd0dcfb215b0fa333z

    VT tells me urls resolve to 184.154.92.54 = netops@singlehop.com, source = 184.154.92.51 = singlehop.net

    Anyone care to share their wisdom please?

    I remain, a grateful G🦗H🙏

     

     

    URL's appear "word wrapped"

  18. Posted · Edited by petzl

    6 hours ago, emanmb said:

    I can say with pretty much confidence that I don't think that when SC gets a message from abuse AT linode.com that translates to the SC user as "ISP has indicated spam will cease; ISP resolved this issue sometime after 8/1/2019, 3:43:07 PM +0700" that it is not likely true as the same ads come to me weekly.

    I could be wrong, but I have a feeling that abuse AT linode.com uses an auto-responder for spam reports.  ¯\_(ツ)_/¯

    would help if you could give a SpamCop tracking URL or a IP?
    Send a buse report from your email to inode to seee what or if they auto-ack.

  19. Posted · Edited by petzl

    Always have my video off not my microphone though?
    Data is of on my smartphone till I need it.
    Explore how a data company named Cambridge Analytica came to symbolize the dark side of social media in the wake of the 2016 U.S. presidential election.
    Trailer
    Got to see the full version. Seems to me to be a anti-Trump conspiracy theory 
    Lawyer turning up in court with pink hair, a gold ring through "his" nose escapes me?
    Just political trash wouldn't bother watching it?
    But I'm in Sydney Australia have no idea about American politics.

  20. Posted · Edited by petzl

    10 hours ago, HeatherReid43 said:

    I just reported a spam originating from 109.94.2.125 which can be seen from here https://www.spamcop.net/w3m?i=z6974558581z7171c5b9efb8309dff9f15dbf8421578z
    
    how do i get the correct reporting address ?

    get a windows computer program 
    http://www.nirsoft.net/utils/ipnetinfo.html 
    or use a web whois search 
    https://dnslytics.com/whois-lookup
    Then you can also send to a Countries
    Community Emergency Response Team (CERT) 
    https://www.first.org/members/teams/

  22. Posted

    On 7/13/2019 at 2:45 PM, Lking said:

    Same old problem with/without VPN. "Its just an email for aunt Mable"

    By not running a  Virus/Malware program there is no way of knowing when/if your computer has been compromised
    This is also now "smart TV", "smart phone". smart fridge and so-on

  23. Posted · Edited by petzl

    6 hours ago, Lking said:

    It does depend on the VPN/PIA provider.  The service I use has contacted me a couple of times because of the level of activity between me and spamcop.net

    On the other hand I am amused by the adds/weather from Huston or Washington DC depending where I connect.

    When I first signed on, there was lots of discussion between us about them not tolerating any activity by me that took advantage of being hidden. Privacy was a different issue.

    A lot of VPN problems are due to compromised accounts.
    Seems there are a lot who won't run a Virus/Malware program
    I use two, Windows defender and SpyHunter
    Both can be a pain to set-up properly and they are always "updating", requiring watching!

  25. Posted

    10 minutes ago, Spamnophobic said:

    When I submit a spam, either forwarded as an attachment or with full text pasted into the box, the parse goes no  further than "Parsing header:".  No "Report spam" or other button is shown. Example:

    https://www.spamcop.net/sc?id=z6555638759zce8ca756ddbb272131813a1b95647e30z

    This does not happen with all spams.

    Clever spammer trick to foul SpamCop's machinery, glitch in said machinery? Anyone have an idea?

    looks like a network receiving email
    95.213.181.165  abusexselectel.ru

×