Jump to content

Flooded by a spammer, most from ServerMania


Recommended Posts

I keep getting stuff 2 or 3 a day. SPAMCOP reports go into DEVNULL so it probably is worthless reporting it? Spammer does use other ISP occasionally.

The header IS forged like this from a few from last week:

Received: from [] ([] helo=cystolgrantlamhell.com)
Received: from [] ([] helo=mcmarsbachmcguizeshunt.com)
Received: from [] ([] helo=rochstaeusstritrelph.com)
Received: from [] ([] helo=kraekdorfhmonsgermfeldt.com)
Received: from [] ([] helo=chuchtabhywzornfrees.com)
Received: from [] ([] helo=moanpeakjezshiftbrook.com
Received: from [] ([] helo=lomslncermannlouan.com)
Received: from [] ([] helo=labwetchquicjel.com)
Received: from [] ([] helo=kraekdorfhmonsgermfeldt.com)
Received: from [] ([] helo=skeadungthiefjephiatt.com)

What the root problem is that I don't know what the payload is? I get 2 types, the BITLY and the ones I can't even figure out? BITLY is just a link. The few times I used the iPad to see it it was something to purchase and appeared to be a real PNG copied over, but those links using the PNG links on it also appeared to be real? Couldn't really tell as I never took any. Suspect they are using the 'from' to get a partial cent for referring you to the site. The worrisome one is this, from the last line email above in RED:

<a href="http://spurtvilsnogdpierdrach.tk/20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address">
<img src="http://spurtvilsnogdpierdrach.tk/images/6633815925.png" border="0" />

I know from the last line above it translates into where it will go to. However what exactly is the rest of the line, 20629772k77f1449977?sf=5836412,2645245,3166672547,1538181&eb=my email address, and why is my e-mail address on it? I can't find ANY information on that? Since it is in HTML code when Thunderbird sucks it in it well basically execute that code, and I'll see the PNG file. I'm worried about some malware coming it with it due to the href?

Link to comment
Share on other sites

35 minutes ago, IrvSp said:

I keep getting stuff 2 or 3 a day. SPAMCOP reports go into DEVNULL so it probably is worthless reporting it?

There are two primary objectives for reporting spam to SpamCop; 1) is to provide data to build the SC Blocklist for use in dynamically identify sources of spam to filter incoming email, and 2) send a notice (spam Report) to the ISP source of the spam.  From your post, in this case SC has determined not to send the spam Report.  There are several reasons not to send the Report discussed at length in other threads.

BUT even when 2) is not done, 1) is still a valid reason to report spam.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...