Jump to content
Sign in to follow this  
dra007

Are spammers getting desperate

Recommended Posts

Can anyone explain me what is the purpose of this abusive spam? Apparently it serves only to propagate abusive/profane language and I have been getting quite a few of them lately:

Delivered-to: spamcop-net-x

X-pstn-levels: (S: 0.16254/95.73904 R:95.9108 P:93.6804 M:97.0232 C:98.7678 )

X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade6

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=3.0.0

X-SpamCop-Checked: 192.168.1.101 136.142.11.139 64.18.2.207 64.18.2.132

81.67.60.6

X-SpamCop-Disposition: Blocked xbl.spamhaus.org

X-pstn-levels: (S: 0.16254/95.73904 R:95.9108 P:93.6804 M:97.0232 C:98.7678 )

X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c

X-pstn-addresses: from <Rush[at]fastermail.com> [3115/105]

X-pstn-disposition: quarantine

%CHILL

%DICK

%CONTACT http://www.%URL/d/1.php

%BYE

%a**h*#e z

Share this post


Link to post
Share on other sites
Can anyone explain me what is the purpose of this abusive spam? Apparently it serves only to propagate abusive/profane language and I have been getting quite a few of them lately:

26376[/snapback]

You are probably doing good

Spammer gets Slammer (from .spamcop)

Share this post


Link to post
Share on other sites
You are probably doing good

Spammer gets Slammer (from .spamcop)

26379[/snapback]

I sure hope I am...this is getting stranger day by day. This morning I had an exchange with a sys admin from a government agency who sent me a bounce to my address obviously spoofed in the original e-mail. He promissed to research it and take it up to the <<higher ups>>. I just got an e-mail from e-bay (I never used e-bay bytheway) Not clear if this is a joejob or another lame attempt at phishing... Can't these people do a research/confirm the e-mails before accepting them as good?

We regret to inform you that your eBay account will be suspended due to the violation of our site policy below:

* Misrepresentation of Identity (User) - Representing yourself as another eBay user or registering using the identity of another. Due to the suspension of this account, please be advised you are prohibited from using eBay in any way.

This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay. According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be deleted.

http://scgi.eBay.com/aw-cgi/eBayISAPI.dll?...mation&bpuser=1

PS. The site in the e-mail is down right now, so I suspect it is likely a phisher.

Edited by dra007

Share this post


Link to post
Share on other sites

Update

I parsed the link in the above e-mail. No surprize there, it goes to China. How do I report these criminals?

Parsing input: http://221.122.43.125/ogi-bin/logon/app-bi...7r2vbd7d5b.html

host 221.122.43.125 (getting name) no name

[report history]

Routing details for 221.122.43.125

[refresh/show] Cached whois for 221.122.43.125 : ipmaster[at]cetc-chinacomm.com.cn

Using abuse net on ipmaster[at]cetc-chinacomm.com.cn

abuse net cetc-chinacomm.com.cn = postmaster[at]cetc-chinacomm.com.cn, wangjingying[at]cetc-chinacomm.com.cn

Using best contacts postmaster[at]cetc-chinacomm.com.cn wangjingying[at]cetc-chinacomm.com.cn

postmaster[at]cetc-chinacomm.com.cn bounces (7369 sent : 3753 bounces)

Using postmaster#cetc-chinacomm.com.cn[at]devnull.spamcop.net for statistical tracking.

wangjingying[at]cetc-chinacomm.com.cn redirects to china-netcom.com[at]abuse.net

De-referencing wangjingying[at]cetc-chinacomm.com.cn

abuse net china-netcom.com = cncsummary[at]special.abuse.net, daihy[at]china-netcom.com, postmaster[at]china-netcom.com, tech-group[at]china-netcom.com

cncsummary[at]special.abuse.net redirects to cnc-abuse[at]sprint.net

cnc-abuse[at]sprint.net redirects to cnc-abuse[at]abuse.sprint.net

tech-group[at]china-netcom.com redirects to china-netcom.com[at]abuse.net

De-referencing tech-group[at]china-netcom.com

abuse net china-netcom.com = cncsummary[at]special.abuse.net, daihy[at]china-netcom.com, postmaster[at]china-netcom.com, tech-group[at]china-netcom.com

tech-group[at]china-netcom.com redirects to china-netcom.com[at]abuse.net

cncsummary[at]special.abuse.net redirects to cnc-abuse[at]sprint.net

Statistics:

221.122.43.125 not listed in bl.spamcop.net

More Information..

221.122.43.125 not listed in dnsbl.njabl.org

221.122.43.125 not listed in dnsbl.njabl.org

221.122.43.125 not listed in cbl.abuseat.org

221.122.43.125 not listed in dnsbl.sorbs.net

221.122.43.125 not listed in relays.ordb.org.

Reporting addresses:

daihy[at]china-netcom.com

postmaster[at]china-netcom.com

cnc-abuse[at]abuse.sprint.net

Share this post


Link to post
Share on other sites

my approch to reporting ebay phishing trips is sending copies to all of the following:

submit.xxx[at]spam.spamcop.net

reportphishing[at]antiphishing.org

spoof[at]ebay.com

Edited by Lking

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×