Jump to content

spam from aneel[at]bug80.com


kluless
 Share

Recommended Posts

I keep receiving spam from aneel[at]bug80.com, the abuse email is also aneel[at]bug80.com. I ran a 'who is' search on the domain name and it turns out that he/she is his/her own service provider.

Is there a higher authority that this can be reported to, in order to stop this nuisance?

Link to comment
Share on other sites

The "From" address in an email is notoriously unreliable as an indicator of the true origin of an email, because it is easily forged. A tracking URL will help us take a look at other information contained in the email and hopefully make useful suggestions about who to contact to report abuse.

Link to comment
Share on other sites

OK, I received a couple more today, from 103.227.210.175 which is in the APNIC region.

still not a tracking URL?

Or headers (NOT body of spam)

Here is your TRACKING URL - it may be saved for future reference:

https://www.spamcop.net/sc?id=z6194396432z8021cc36dd80c56218c391b1caf2114bz

SpamCop often just reports the email server as the source!

In comments box I put

79.126.164.141 (Administrator of network where email originates)
BOTNET ATTACK HOST
http://cbl.abuseat.org/lookup.cgi?ip=79.126.164.141
This IP is infected (or NATting for a computer that is infected) with the gamut spambot. In other words, it's participating in a botnet.
TO REMOVE INFECTION
Norton Power Eraser is a free tool and doesn't require installation. It just needs to be downloaded and run.
https://security.symantec.com/nbrt/npe.aspx

BLOCK OUTBOUND PORT 25, 
RESERVE FOR LEGIT EMAIL SERVER
CHANGE TO SECURE PASSWORD 
SCAN INFECTED COMPUTER FOR MALWARE

A BOTNET infected computer/server means the all data passing through it may be compromised (bank details, log-on/password, email, etc). 
CBL lists those computers that are infected with instructions on how to remove BOTNET infections

The following Cisco site shows servers/computers with prior or existing BOTNET infections
http://www.senderbase.org/lookup/ip/?search_string=79.126.164.141
Edited by petzl
Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...