dra007 Posted April 8, 2005 Share Posted April 8, 2005 Can anyone explain me what is the purpose of this abusive spam? Apparently it serves only to propagate abusive/profane language and I have been getting quite a few of them lately: Delivered-to: spamcop-net-x X-pstn-levels: (S: 0.16254/95.73904 R:95.9108 P:93.6804 M:97.0232 C:98.7678 ) X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade6 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=3.0.0 X-SpamCop-Checked: 192.168.1.101 136.142.11.139 64.18.2.207 64.18.2.132 81.67.60.6 X-SpamCop-Disposition: Blocked xbl.spamhaus.org X-pstn-levels: (S: 0.16254/95.73904 R:95.9108 P:93.6804 M:97.0232 C:98.7678 ) X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c X-pstn-addresses: from <Rush[at]fastermail.com> [3115/105] X-pstn-disposition: quarantine %CHILL %DICK %CONTACT http://www.%URL/d/1.php %BYE %a**h*#e z Link to comment Share on other sites More sharing options...
petzl Posted April 8, 2005 Share Posted April 8, 2005 Can anyone explain me what is the purpose of this abusive spam? Apparently it serves only to propagate abusive/profane language and I have been getting quite a few of them lately: 26376[/snapback] You are probably doing good Spammer gets Slammer (from .spamcop) Link to comment Share on other sites More sharing options...
dra007 Posted April 9, 2005 Author Share Posted April 9, 2005 You are probably doing good Spammer gets Slammer (from .spamcop) 26379[/snapback] I sure hope I am...this is getting stranger day by day. This morning I had an exchange with a sys admin from a government agency who sent me a bounce to my address obviously spoofed in the original e-mail. He promissed to research it and take it up to the <<higher ups>>. I just got an e-mail from e-bay (I never used e-bay bytheway) Not clear if this is a joejob or another lame attempt at phishing... Can't these people do a research/confirm the e-mails before accepting them as good? We regret to inform you that your eBay account will be suspended due to the violation of our site policy below: * Misrepresentation of Identity (User) - Representing yourself as another eBay user or registering using the identity of another. Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay. According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be deleted. http://scgi.eBay.com/aw-cgi/eBayISAPI.dll?...mation&bpuser=1 PS. The site in the e-mail is down right now, so I suspect it is likely a phisher. Link to comment Share on other sites More sharing options...
dra007 Posted April 9, 2005 Author Share Posted April 9, 2005 Update I parsed the link in the above e-mail. No surprize there, it goes to China. How do I report these criminals? Parsing input: http://221.122.43.125/ogi-bin/logon/app-bi...7r2vbd7d5b.html host 221.122.43.125 (getting name) no name [report history] Routing details for 221.122.43.125 [refresh/show] Cached whois for 221.122.43.125 : ipmaster[at]cetc-chinacomm.com.cn Using abuse net on ipmaster[at]cetc-chinacomm.com.cn abuse net cetc-chinacomm.com.cn = postmaster[at]cetc-chinacomm.com.cn, wangjingying[at]cetc-chinacomm.com.cn Using best contacts postmaster[at]cetc-chinacomm.com.cn wangjingying[at]cetc-chinacomm.com.cn postmaster[at]cetc-chinacomm.com.cn bounces (7369 sent : 3753 bounces) Using postmaster#cetc-chinacomm.com.cn[at]devnull.spamcop.net for statistical tracking. wangjingying[at]cetc-chinacomm.com.cn redirects to china-netcom.com[at]abuse.net De-referencing wangjingying[at]cetc-chinacomm.com.cn abuse net china-netcom.com = cncsummary[at]special.abuse.net, daihy[at]china-netcom.com, postmaster[at]china-netcom.com, tech-group[at]china-netcom.com cncsummary[at]special.abuse.net redirects to cnc-abuse[at]sprint.net cnc-abuse[at]sprint.net redirects to cnc-abuse[at]abuse.sprint.net tech-group[at]china-netcom.com redirects to china-netcom.com[at]abuse.net De-referencing tech-group[at]china-netcom.com abuse net china-netcom.com = cncsummary[at]special.abuse.net, daihy[at]china-netcom.com, postmaster[at]china-netcom.com, tech-group[at]china-netcom.com tech-group[at]china-netcom.com redirects to china-netcom.com[at]abuse.net cncsummary[at]special.abuse.net redirects to cnc-abuse[at]sprint.net Statistics: 221.122.43.125 not listed in bl.spamcop.net More Information.. 221.122.43.125 not listed in dnsbl.njabl.org 221.122.43.125 not listed in dnsbl.njabl.org 221.122.43.125 not listed in cbl.abuseat.org 221.122.43.125 not listed in dnsbl.sorbs.net 221.122.43.125 not listed in relays.ordb.org. Reporting addresses: daihy[at]china-netcom.com postmaster[at]china-netcom.com cnc-abuse[at]abuse.sprint.net Link to comment Share on other sites More sharing options...
Lking Posted April 9, 2005 Share Posted April 9, 2005 my approch to reporting ebay phishing trips is sending copies to all of the following: submit.xxx[at]spam.spamcop.net reportphishing[at]antiphishing.org spoof[at]ebay.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.