kluless Posted January 25, 2018 Share Posted January 25, 2018 (edited) Over the past couple of days I've had quite a surge in spam, from the usual 5 or 6 per day to 50+ today. This is on a Y! account... Anyone else having this problem? I've noticed that a lot of them are coming from a .win domain e.g. enarnusy@thrivedesigngrants.win and the host for all of the .win mails is limestonenetworks.com Edited January 25, 2018 by kluless added info Quote Link to comment Share on other sites More sharing options...
kluless Posted January 25, 2018 Author Share Posted January 25, 2018 Googled .win and got this... Quote .win is a generic top-level domain managed by Famous Four Media of Gibraltar, who pitch it as a memorable gTLD for "online gaming resources and services". Famous Four Media is managing "60 gTLD applications". Some ransomware posts ransom links that include .win and .onion URIs. Looks like it's a spammer's home from home Quote Link to comment Share on other sites More sharing options...
Lking Posted January 25, 2018 Share Posted January 25, 2018 Not to sound flippant, but it must be your turn in the barrel. It seems to me that spam comes and goes in waves. Currently this forum is not receiving the 40-50 daily spam posting it usually receives. My email accounts also are on a low ebb. I have not noticed any email from the win TLD Quote Link to comment Share on other sites More sharing options...
petzl Posted January 26, 2018 Share Posted January 26, 2018 12 hours ago, kluless said: Googled .win and got this... Looks like it's a spammer's home from home ONE/1 tracking url would be good? Quote Link to comment Share on other sites More sharing options...
lisati Posted January 26, 2018 Share Posted January 26, 2018 I've noticed the pattern of having spam coming in waves, and recently noticed a flood of grumpy customers of the ISP I use on Facebook. I'm currently experiencing a lull in the amount of spam I'm receiving - the flow hasn't dried up completely, but it's a lot quieter for me. Quote Link to comment Share on other sites More sharing options...
kluless Posted January 26, 2018 Author Share Posted January 26, 2018 (edited) 7 hours ago, petzl said: ONE/1 tracking url would be good? 101.193.235.23 It's an APNIC address I got another 76 spams from them today, looks like if you report them they retaliate with even more... Edited January 26, 2018 by kluless Quote Link to comment Share on other sites More sharing options...
Lking Posted January 26, 2018 Share Posted January 26, 2018 A Tracking URL is at the top of the report page and looks like Quote SpamCop v 4.8.7 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6437551039z397c7682b607208ad3137a9ddf74157ez With that information we all can see the spam (your email address munged) and all the results of the parser. There may be some information you have overlooked. Quote Link to comment Share on other sites More sharing options...
petzl Posted January 26, 2018 Share Posted January 26, 2018 (edited) 11 hours ago, kluless said: 101.193.235.23 It's an APNIC address I got another 76 spams from them today, looks like if you report them they retaliate with even more... 101.193.235.23 don't tell one much need 1 tracking url your email is probably on a Chinese botnet. Online criminals continue to distribute spam and carry out scams - even with the Chinese government involved. Edited January 26, 2018 by petzl Quote Link to comment Share on other sites More sharing options...
kluless Posted January 27, 2018 Author Share Posted January 27, 2018 https://www.spamcop.net/sc?id=z6437942796zf3e2fda0357f6c503e5184f8a79ee8b0z Quote Link to comment Share on other sites More sharing options...
Lking Posted January 27, 2018 Share Posted January 27, 2018 2 hours ago, kluless said: https://www.spamcop.net/sc?id=z6437942796zf3e2fda0357f6c503e5184f8a79ee8b0z I'm confused what does this tracking URL have to do with 101.193.235.23? The tracking URL wants to report "Re: 60.233.211.56 (Administrator of network where email originates)" By the way you can go ahead and report this spam and the Tracking URL will still be available. Quote Link to comment Share on other sites More sharing options...
kluless Posted January 27, 2018 Author Share Posted January 27, 2018 I had already deleted the spam from 101.193.235.23, so I used the report from another .win spam, I had 76 to choose from so I went for the most recent one. Quote Link to comment Share on other sites More sharing options...
petzl Posted January 27, 2018 Share Posted January 27, 2018 21 hours ago, kluless said: https://www.spamcop.net/sc?id=z6437942796zf3e2fda0357f6c503e5184f8a79ee8b0z phishing spam from china you didn't submit? Quote Link to comment Share on other sites More sharing options...
kluless Posted January 29, 2018 Author Share Posted January 29, 2018 Of course I submitted it, how else would I receive the tracking URL? Quote Link to comment Share on other sites More sharing options...
petzl Posted January 29, 2018 Share Posted January 29, 2018 11 hours ago, kluless said: Of course I submitted it, how else would I receive the tracking URL? The tracking URL you copy is only there BEFORE you submit, It canbe used after you submit to check report Quote Link to comment Share on other sites More sharing options...
kluless Posted February 5, 2018 Author Share Posted February 5, 2018 No (dot)win spam for 3 days, looks like they've been shut down... Quote Link to comment Share on other sites More sharing options...
petzl Posted February 6, 2018 Share Posted February 6, 2018 15 hours ago, kluless said: No (dot)win spam for 3 days, looks like they've been shut down... The "Alibamer" or "fake header" Spammer came alive again sent report to Cert, China from my email account, shut spammer down for a week last time. https://www.spamcop.net/sc?id=z6442078877zdcbce78955ff93c281d2d0169c7b6886z Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.