petzl

Memberp
  • Content count

    1,715
  • Joined

  • Last visited

Everything posted by petzl

  1. Need a tracking URL of at least 1 reported spam
  2. Top two reports 137.171.123.19 , 168.1.53.243 are dead 3rd report SpamCop give wrond abuse address 117.51.232.200 ipas [AT] cnnic [dot] cn
  3. SpamCop reporting addresses I see often as a legacy issue and are set in mud (ignored/old defunct reporting addresses) https://www.spamcop.net/sc?id=z6354566965z58e6e1b554cd81aafb9894c99b1451dcz 98.138.207.12 : abuse [at] yahoo-inc.com is sent to yahoo [at] admin.spamcop.net 104.140.17.220 : noc [at] serverhub.com is sent to spamcop [at] serverhub.com You need to use SpamCop to "clue" one in as to IP source, Then check abuse addresses with a "who is" program like "IPNetInfo" And send from the email it was sent to (some have privacy concerns in doing this). Also submit from SpamCop
  4. Gmail reads all mail electronically. You would be sending spam, be it that you are trying to report it. Just " using the tool in the upper right corner of this screen" show original and you can push a button to copy text for pasting in SpamCop
  5. Would help if you gave a SpamCop trackingURL Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6338527151za71ac855aa3c8f89902419badfabbd3cz
  6. TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6322145333z1430805affc509d4a856f69864c9a63bz needed truncating
  7. The abuse address for 80.147.59.28 is abuse@telekom.de as well as abuse@t-online.de (which seem asleep at wheel) Ramp up report to them using notes eg > 80.147.59.28 (Administrator of network where email originates) BOTNET ATTACK HOST (compromsed computer) http://www.abuseat.org/lookup.cgi?ip=80.147.59.28 IP Address 80.147.59.28 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-10-12 19:00 GMT (+/- 30 minutes), approximately 30 minutes ago. It has been relisted following a previous removal at 2016-09-24 15:54 GMT (18 days, 4 hours ago) This IP is infected (or NATting for a computer that is infected) with a spam-sending botnet, most likely kelihos. In other words, it's participating in a botnet. TO REMOVE INFECTION Norton Power Eraser is a Windows free tool and doesn't require installation. It just needs to be downloaded and run. https://security.symantec.com/nbrt/npe.aspx SCAN INFECTED COMPUTER FOR MALWARE The following Cisco site shows servers/computers with prior or existing BOTNET infections http://www.senderbase.org/lookup/ip/?search_string=80.147.59.28 Still spewing spam https://www.spamcop.net/w3m?action=checkblock&ip=80.147.59.28 >
  8. Start hammering their facebook page! https://www.facebook.com/omnis/
  9. http://forum.firetrust.com/viewtopic.php?f=50&t=10200 link works?
  10. Found a link but I now no longer use MailWasher just use WebMail on Gmail http://forum.firetrust.com/viewtopic.php?f=50&t=10200 how I used to set-up "blocklists" which worked very well
  11. there was no tracking code in message. Tricking codes are "invisible" images in HTML mail which have unique numbers assiged to your email address. sometimes a unique code on spam Your email address has been found either by dictionary attack or one of your friends has a compromised computer. https://www.spamcop.net/sc?id=z6246114078z8e6c38330124db76fbfb0ff051dcf1afz 14.189.154.196 is an open proxy meaning it's a Botnet attack host. http://www.abuseat.org/lookup.cgi?ip=14.189.154.196 IP Address 14.189.154.196 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-06-05 07:00 GMT (+/- 30 minutes), approximately 17 hours, 30 minutes ago. This IP is infected (or NATting for a computer that is infected) with the Conficker botnet. TO REMOVE INFECTION Norton Power Eraser is a Windows free tool and doesn't require installation. It just needs to be downloaded and run. https://security.symantec.com/nbrt/npe.aspx VN seems to have a lot of Botnet infects (means clients have compromised computers in he control of criminals. The ISP needs to contact their customer have them do a Malware scan and Change log-on to a more secure password!
  12. Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, httpconfig[at]admin.www.spamcop.net and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
  13. Would help if you gave a trking url? even a IP address. In the mean time have no idea what you are on about?
  14. There are two "whois" sites SpamCop looks up Arin I check with Ripe to see if there is a difference if there is I add it to report A free Windows Ripe WhoIs program is here http://www.nirsoft.net/utils/ipnetinfo.html
  15. Thanks for your patience. This has been quite a uphill climb. When my father passed away last year KnujOn faced a number of challenges. Most specifically was the merging of two processes that had been working independently. With much effort we now a single process, in a single code set with a single database on one platform. Our entire operation is now running more smoothly and we are ready to push forward. If you are new to the project, welcome, you may have not been aware of the difficulties we have had. If you have not seen the refreshed website, please take a moment to that now: http://www.knujon.com. While some content and data is still being migrated and updated your reports should now be in the new format: http://www.knujon.com/kcreports/hr24140.html If you have sent us questions, we will do our best to answer them as soon as possible. We are currently preparing to release a major report along with some very specific complaints against abusive service providers. On policy, the At-Large Advisory Council received a response from the ICANN CEO to the letter I drafted on Consumer Trust. The response is woefully inadequate, but not unexpected. In the letter ICANN does not exactly admit mistakes, but comes as close to that a possible. The response confirms many things we suspected which is generally that ICANN does not have a plan for safeguarding consumers on the Internet. Read more here: http://www.knujon.com/index.html#blog However, there is some good news. ICANNs embattled CEO is leaving and a replacement has been selected. We are looking forward to beginning a new relationship with this CEO and continuing our work to fix broken Internet abuse policies. Also, Wiley has published my book, WHOIS Running the Internet, which covers heavily the work done by KnujOn to address the issue of restoring trust in communication through identification and accountability. The book has a dedicated site which explains much of the background for the book: http://whois.knujon.com. Purchasing a copy of the book or informing others will help this project. #################################################### Report index: http://www.knujon.com/kcreports/hr24140.html TEST LOCATION: http://bob.knujon.net/kcreports/hr24140.html Receipts: http://www.knujon.com/kcreports/hr24140_R.html Account Management: http://www.knujon.com/kcreports/hr24140.html#acctmgt Be sure to use your unique reporting address: hr24140[at]knujon.net Report Frequency Preference: NA Opt-out Preference: NA ------------------ Submission options: http://www.knujon.com/sendusspam.html Twitter: [at] KnujOn Buy WHOIS Running The Internet?: http://www.amazon.com/gp/product/1118679555/ KnujOn is an all volunteer, unfunded initiative. We need to raise about $5000 to cover our yearly basic project expenses. We are committed to this solution and appreciate your patience while we work our way through the maze of Internet bureaucracy to reduce illicit traffic and spam. Reply with UNSUBSCRIBE to be removed Thank you for your continued support!
  16. "Quick" reporting only sends to the IP SpamCop detects as sending spam which should be % Abuse contact for '82.57.200.0 - 82.57.207.255' is 'abuse[at]business.telecomitalia.it' 167.88.109.197 (Administrator of network where email originates) abuse[at]retail.telecomitalia.it https://www.spamcop.net/sc?id=z6234543446zc088e93784a7d290ce8a1d1c18a1e080z This IP is a Botnet mass spam sender http://www.senderbase.org/lookup/?search_string=167.88.109.197
  17. send a SpamCop Tracking URL! Before you submit top of page (do not click links in spam they could be harmful) Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6234007816z8753243c4760423776c866a734daeb39z Skip to Reports
  18. Sometimes pays to use SpamCop notes They are spewing spam their abuse address bounces include in notes abuse[at]eccmp.com bounces (99 sent : 99 bounces) also send to spam[at]uce.gov as well
  19. If you report fresh spam it sets the clock to 24 hours removal Paid subscribers can see the reports made over 90 days I add notes in my reports sample below > 111.23.153.228 (Administrator of network where email originates) BOTNET ATTACK HOST http://www.abuseat.org/lookup.cgi?ip=111.23.153.228 IP Address 111.23.153.228 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet. It was last detected at 2016-04-18 12:00 GMT (+/- 30 minutes), approximately 7 hours ago. If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed. Find and remove the virus/spamware problem then use the CBL delisting link below. In some unusual cases, IP addresses used in shared hosting (especially those using IPSwitch Imail, Plesk or Cpanel) can trigger CBL listings. If this is a shared hosting IP address, make sure that your mail server software is set up to identify _itself_ in its mail connections, not each of your customers. BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER Make sure you are connecting to your mail server's 'authenticated mail' port 587 and not the ordinary 'unauthenticated' port 25. (ask your ISP to check for you) CHANGE TO SECURE PASSWORD SCAN INFECTED COMPUTER FOR MALWARE A BOTNET infected computer/server means the all data passing through it may be compromised (bank details, log-on/password, email, etc). CBL (abuseat.org) lists those computers that are infected with instructions on how to remove BOTNET infections Change log-on to a more secure password! The following Cisco site shows servers/computers with prior or existing BOTNET infections http://www.senderbase.org/lookup/ip/?search_string=111.23.153.228 spewing spam https://www.spamcop.net/w3m?action=checkblock&ip=111.23.153.228 Other hosts in this "neighborhood" with spam reports 111.23.152.231 111.23.152.241 111.23.152.243 111.23.152.246 111.23.152.247 111.23.152.254 111.23.152.255 111.23.153.2 111.23.153.6 111.23.153.8 111.23.153.9 111.23.153.14 111.23.153.15 111.23.153.18 111.23.153.19 111.23.153.27 111.23.153.28 111.23.153.30 111.23.153.37 111.23.153.49 111.23.153.52 111.23.153.56 111.23.153.61 111.23.153.62 111.23.153.66 111.23.153.75 111.23.153.76 111.23.153.77 111.23.153.78 111.23.153.80 111.23.153.87 111.23.153.93 111.23.153.106 111.23.153.110 111.23.153.112 111.23.153.116 111.23.153.118 111.23.153.121 111.23.153.135 111.23.153.137 111.23.153.140 111.23.153.145 111.23.153.146 111.23.153.147 111.23.153.148 111.23.153.151 111.23.153.152 111.23.153.153 111.23.153.160 111.23.153.166 111.23.153.169 111.23.153.174 111.23.153.176 111.23.153.188 111.23.153.191 111.23.153.193 111.23.153.194 111.23.153.199 111.23.153.202 111.23.153.203 111.23.153.212 111.23.153.217 111.23.153.219 111.23.153.232 111.23.153.234 111.23.153.235 111.23.153.239 111.23.153.241 111.23.153.242 111.23.153.243 111.23.154.18 111.23.154.20 111.23.154.27 111.23.154.29 111.23.154.41 111.23.154.48 111.23.154.49 111.23.154.50 111.23.154.54 111.23.154.58 111.23.154.66 111.23.154.86 111.23.154.87 111.23.154.91 111.23.154.94 111.23.154.99 111.23.154.100 111.23.154.103 111.23.154.107 111.23.154.108 111.23.154.111 111.23.154.116 111.23.154.118 111.23.154.119 111.23.154.145 111.23.154.146 111.23.154.147 111.23.154.152 111.23.154.153 111.23.154.161 111.23.154.167 111.23.154.172 111.23.154.183 111.23.154.186 111.23.154.211 111.23.154.213 111.23.154.215 111.23.154.217 111.23.154.221 111.23.154.223 >
  20. Good link but I find SenderBase convenient as it's linked to SpamCop's blocking list I like to go into a fair amount of detail in my notes including reporting to the Cert address of country that sent me spam
  21. Known spam crime gang track https://www.spamcop.net/sc?id=z6226264042zc6187de158b5291e480aae5d782cc705z https://www.spamhaus.org/sbl/query/SBL288193 strahil_ivanov[at]speedy-net.bg I clicked "refresh" now gives abuse[at]mmkq.net add support[at]evro.net to it
  22. if you want you can as long as your mailhost is set-up with out reporting your self it's called "quick" reporting which just targets the IP for the spam source
  23. Sorry as a paid user from last millennium I never knew that?
  24. Botnets tend to do this as more people create zombie/Botnet computers by opening attachments/clicking links the more they repeat sending the spam to you. Depending how bad your email provider is, a Windows Program Mailwasher allows you to check for spam and report it zen.spamhaus.org. is the better blocklist to use Mailwasher just alerts you and you can easily report and delete it from a POP server
  25. ALWAYS SpamCop errs on the side of caution. Past that link or IP in "report box" and it gives abuse address and resolved IP. If you get better at reporting than SpamCop you become more effective. In this case you can report it manually.or add it to your repoet