IrvSp Posted July 6, 2017 Share Posted July 6, 2017 I keep getting stuff 2 or 3 a day. SPAMCOP reports go into DEVNULL so it probably is worthless reporting it? Spammer does use other ISP occasionally. The header IS forged like this from a few from last week: Received: from [138.128.73.39] ([138.128.73.39:60440] helo=cystolgrantlamhell.com) Received: from [144.168.154.248] ([144.168.154.248:44809] helo=mcmarsbachmcguizeshunt.com) Received: from [85.217.132.83] ([85.217.132.83:36534] helo=rochstaeusstritrelph.com) Received: from [104.144.114.7] ([104.144.114.7:39204] helo=kraekdorfhmonsgermfeldt.com) Received: from [23.250.48.158] ([23.250.48.158:33696] helo=chuchtabhywzornfrees.com) Received: from [85.217.138.125] ([85.217.138.125:41478] helo=moanpeakjezshiftbrook.com Received: from [185.5.119.252] ([185.5.119.252:55850] helo=lomslncermannlouan.com) Received: from [104.144.122.129] ([104.144.122.129:55391] helo=labwetchquicjel.com) Received: from [50.3.123.91] ([50.3.123.91:50110] helo=kraekdorfhmonsgermfeldt.com)Received: from [188.191.150.163] ([188.191.150.163:38151] helo=skeadungthiefjephiatt.com) What the root problem is that I don't know what the payload is? I get 2 types, the BITLY and the ones I can't even figure out? BITLY is just a link. The few times I used the iPad to see it it was something to purchase and appeared to be a real PNG copied over, but those links using the PNG links on it also appeared to be real? Couldn't really tell as I never took any. Suspect they are using the 'from' to get a partial cent for referring you to the site. The worrisome one is this, from the last line email above in RED: ============ <a href="http://spurtvilsnogdpierdrach.tk/20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address"> <img src="http://spurtvilsnogdpierdrach.tk/images/6633815925.png" border="0" /> </a> ========== I know from the last line above it translates into 188.191.150.163 where it will go to. However what exactly is the rest of the line, 20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address, and why is my e-mail address on it? I can't find ANY information on that? Since it is in HTML code when Thunderbird sucks it in it well basically execute that code, and I'll see the PNG file. I'm worried about some malware coming it with it due to the href? Link to comment Share on other sites More sharing options...
Lking Posted July 6, 2017 Share Posted July 6, 2017 35 minutes ago, IrvSp said: I keep getting stuff 2 or 3 a day. SPAMCOP reports go into DEVNULL so it probably is worthless reporting it? There are two primary objectives for reporting spam to SpamCop; 1) is to provide data to build the SC Blocklist for use in dynamically identify sources of spam to filter incoming email, and 2) send a notice (spam Report) to the ISP source of the spam. From your post, in this case SC has determined not to send the spam Report. There are several reasons not to send the Report discussed at length in other threads. BUT even when 2) is not done, 1) is still a valid reason to report spam. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.