petzl
-
Posts
2,987 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by petzl
-
-
On 3/15/2019 at 12:46 PM, klappa said:
Yes good for you but you are dealing with obvious phishing spam i am not. It's a difference since i dealing with sex spam. The sex spammers are running a scam business but it's still not phishing e-mail. Everyone takes spam less seriously.
These "sex sites" are sent via (untraceable by you) botnet email or throwaway email addresses, the sites themselves start from a throwaway address then jump to another.
Always after credit card details!
(the ISP of that botnet can see where the source IP is)
Called phishing.
heres one
https://www.spamcop.net/sc?id=z6530436982z1d6d8d3d02831bdf4f781b2561e8282fz
notes were
22.224.69.173 antispamxdcb.hz.zj.cn bounces
malicious site URL
http://chinabdt.nxt/
52.5.250.89 abusexamazonaws.cxm
proof see
https://www.virustotal.com/gui/url/600f2573dfc69fffdd57931eb33ec16698d1c613567dd4324f6b82d984349796/detection
-
9 hours ago, klappa said:
That would be quite useless because
Seem to have some success with it
Another Forrest Gump moment for me?
https://www.businessinsider.com.au/facebook-criminal-investigation-data-sharing-2019-3?r=US&IR=T
Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abusexcorp.maxl.ru -
1 hour ago, RobiBue said:
I never report from the spammed email address, and always munge the latter.
Several providers have asked for full headers and I always tell them that the email address is of no concern to them as I do not wish retaliation or listwashing from their customers.
They sometimes claim it would be easier with my address, but I insist that they can enforce their AUP solely by the email received headers and the email content. This last scenario happened only twice in my umpteen years of reporting
And your absolutely right, however with me I don't want spam and never munge my reports!
Where SpamCop won't send to a abuse desk I then send direct from the address that received the spam -
2 hours ago, klappa said:
Which domain is that from? I don't recognize it
It's a safety measure to check URL's
https://www.virustotal.com/#/home/url -
8 hours ago, klappa said:
Amazon promised to take action several times but nothing happens.
Pretty sure these creeps are opening a new "free" amazon account when one is taken down.
Seems Amazon are shutting them down when reported from the spammed email address, stating IP address and copy and pasting full headers with report.
https://www.virustotal.com/#/url/51cfab3c89b464ef6e07c89d13ae048eb6708dd49233bf740609da33f2834ea2/details
status: 404 Not Found -
5 hours ago, klappa said:
Amazon abuse desk just replies with a short reply and urge me to go through National Center for Missing and Exploited Children
Seems pointless. I give up! The spammers always wins.
They went away from me for a while, as Amazon refuse to take SpamCop reports
I send from the email it was sent to
These spammers have been kicked out of many "holes" before now reside with Amazon who have a incompetent abuse desk.
Amazon are offering free web space, which tells me there IT are causing them to go broke.
I will be adding "subpoena-criminal[x]amazon.cxm" to my reports to see if anyone in Amazon have brains or more pomposity
http://www.missingkids.org/gethelpnow/cybertipline is a good link worth a try they can get a seizure order on Amazon sites
Seem to be breaching "U.S. Department of Justice's Child Exploitation and Obscenity section" (as usual U.S. agency that's broken, links are not updated)
Just checked seems Amazon are taking sites down. These creeps must be just signing up with a new free one as they get closed. -
31 minutes ago, MIG said:
I'm sure there's others, as I come across them I post to the Forum.
Most USA Government agencies can't find their own ass!
However if you can hit a concerned party you are away. -
1 hour ago, klappa said:
I am sure Amazon doesn't provide or give away that info to the spammer
They do, most certainly and they state so in their reply!
They have a abuse website?
https://aws.amazon.com/forms/report-abuse
but run by the same morons, but they do have a email to their legal "subpoena-criminal[x]amazon.cxm."
pay to advise them that the moronic abuse team is putting Amazon itself at risk! Offering FREE websites for pedophiles? -
1 hour ago, klappa said:
Was it a phishing mail? Amazon doesn't seem to take it serious if it isn't a phishing mail.
Yes definitely criminal phishing offering prizes to get your email address and other info
-
4 hours ago, klappa said:
Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that.
Yes spammer already has your email.
Got one from these scum this morning here are the notes
54.213.31.253 (Administrator of network where email originates) abuse@amazonaws.com phishing-report@us-cert.gov https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859 67.199.248.10 abuse@bitly.com redirects https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878 URL IP 34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov
-
19 minutes ago, klappa said:
I don't know what to say. I didn't know the Amazon abuse helpdesk were so dumb.
They are trying to be "clever" I'm doing all I can to do what happened to the Backpage operator he went from a multimillionaire to skidrow.
You have to put full directions in your notes Amazon will only look at copy and pasted headers with notes
Example my Russian cyber-criminals "notes"
Criminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe sold to this Russian (?) Crime gang by FaceBook .. email source 94.100.177.97 abuse@corp.mail.ru URL in spam link obfuscation https://www.google.com/#btnI=ixyvb-ddvef-rgcse&q=jiofdahiugfhajpsdh.ru Resolves to 64.233.191.105 network-abuse@google.com phishing-report@us-cert.gov redirects through http://jiofdahiugfhajpsdh.ru 185.26.122.56 abuse-c@hostland.ru Redirection ends https://appteslerapp.com/?click=39192426&mode=optin&api_url=%2F%2Fgotrack.static500.com%2Fapi%2Fv1 188.166.113.230 abuse@digitalocean.com phishing-report@us-cert.gov offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader > -
9 hours ago, klappa said:
They are? I know the sex dating domains they host is a scam, sites which are using bots but I didn't know they also contained pedophilia.
You a pediatrician? Any lewd site is supposed to have by law .on site proof of age, without this it you don't know!
in notes with sex sites I send this. I don't want it and never subscribe for perverted rubbish.
It's pedophilia as far as I and the law is concerned!
A Forrest Gump moment for me was when Trump had the FBI seize "Backpage" for that exact reason
Hope Amazon AWS have the same fate!Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS > -
2 hours ago, klappa said:
Yes! I got an even worse answer. And it's usually this type of response that i get from Amazon. I don't know how many cases i must create to make them listen than just providing autoreplies.
They are into "list washing" when they are hosting pedophilia and I tell them I think they get worried!
-
1 hour ago, Lking said:
We can always be hopeful.
Hello, This case has been investigated and resolved by the Amazon EC2 Abuse Team. If you believe this case to be unresolved, please either respond to this email with detailed logs or file another case with detailed logs to that end. Thank you for your attention in this matter. Regards, Amazon EC2 Abuse Team -
19 minutes ago, dennis562 said:
I'm not sure what you mean by this.
Fake bounce can be set up on most email clients even Gmail can do it
You need a copy of headers to find out who is bouncing and contact their abuse desk
The IP you stated has never been listed by SpamCop in the last 90 days.
A badly set-up email server can be set-up to bounce emails NOT listed on SpamCop.
As SpamCop only lists for 24 hours after last spam, some set-up "unable to deliver" in the hope the spam stops when it retries.
Advice is always free till you act on it. I'm a member not admin -
19 hours ago, dennis562 said:
I'm seeing this error for all recipients on a particular domain:
"spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?198.61.254.91. - https://community.mimecast.com/docs/DOC-1369#550 [bEjCcA39P3SxsOV3CZ9qSw.us331]"
However, as you can see here, that IP is not on the blacklist: https://www.spamcop.net/w3m?action=blcheck&ip=198.61.254.91.
Here's a link to the message and headers: https://www.mail-tester.com/test-iyn5n@mail-tester.com
Never been on the SpamCop blacklist. who is stating it is?
Sometimes a "clever Trevor" have a blocklist working in reverse?
Or it could be a fake bounce from someone you are mailing too? -
23 hours ago, petzl said:
As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)
https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandalThe Scam in Australia regarding Mobile phone bank fraud
https://youtu.be/sABVEHUhx8k -
2 hours ago, Art101 said:
Totally off-topic (but maybe not)... good song by a longtime client/friend. Potential inspiration to maybe help brighten our days...
http://www.fromthemoontotheearth.com/songpages/harvest-moon/ (website design by yours truly). Scroll down to the Soundcloud player thingamabob...
In our sukkot of bone
through this wondrous land we roam,
ever lost — always home.Found him on youtube your link no sound for me?
https://youtu.be/rV32KmxMCic
As for Facebook it was around 3 months after me reporting them that the s**t hit the fan (Forest Gump moment?)
https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal -
On 2/2/2019 at 9:35 AM, Art101 said:
It's so sad. The Internet — the most important advance in human communication since the invention of the printing press — is highjacked by crazy, money-grubbing, jerkoff spammers.
Seems Facebook are still selling info to criminals. I do not have any financial accounts connected to my Mobile phone.
https://www.itnews.com.au/news/45k-stolen-in-phone-porting-scam-282310/page0 -
Just got one with a OVH link have to truncate as it's full of base 64 gibber
https://www.spamcop.net/sc?id=z6517742261z82101d4998fb4b3e1c14b8f6278e03f0z
I also sent full report from my email accountCriminal phishing, bogus reply address, bogus unsubscribe This/my email address I believe provided to this Russian (?) Crime gang by FaceBook .. Received from 185.252.147.144 abuse[AT]firstbyte.ru link obfuscation https://aiplotnic.ru/yqjutzsgrfuwz Resolves to 51.38.186.24 abuse[AT]ovh.net offending email (eml) forwarded also, can be read as text attachment with a text/ASCII editor like notepad or eml text reader > -
Not getting much OVH spam they never used to react to abuse reports but found they seem to if you use their web form?
https://www.ovh.com/world/abuse/ -
48 minutes ago, klappa said:
But that will expose my e-mail isn't that why i am using Spamcop in the first place? Something I've paid to work but doesn't work as intended?
Only to YOUR email provider. The spammer already has your email addy anyhow,
-
On 11/30/2018 at 9:29 PM, klappa said:On 11/29/2018 at 12:15 PM, petzl said:
Just send email to whatever the abuse address is for your email provider forward as attachment.
What are you talking about? I don't think you understand my initial question. It always sends to report_spam at hotmail dot com no matter what.
Just forward spam as attachment from your email to abuse desk (not through SpamCop if there are parsing problems).
-
8 minutes ago, RobiBue said:
Does this mean, that I should [refresh/show] every cached whois of every report?
Should work now until the abuse address changes and SpamCop does not have it "hard coded" as a abuse address.
What do do with Amazon hosted spammers
in SpamCop Reporting Help
Posted
I report as both.