Jump to content

Is this phishing?


hank
 Share

Recommended Posts

Just got this in email --

-----------------------

Subject [SpamCop] Email Delivery Confirmation
Please confirm email delivery for SpamCop account:
hank@spamcop.net

Click here:
https://www.spamcop.net/mcgi?conf=un6FJSBii5iMUvqCILI1ihJWw8CkUP0o

Or send email to:
deliver.un6FJSBii5iMUvqCILI1ihJWw8CkUP0o@cmds.spamcop.net

-----------------------

 

Smells phishy to me but I can't pointt o anything specifically wrong. WTF?

Link to comment
Share on other sites

Here's the full report:

X-spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on f.spam.sonic.net
X-spam-Level:
X-spam-Status: No, score=-6.1 required=4.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
    DKIM_VALID,RCVD_IN_DNSWL_HI,SNF4SA,SONIC_BX_A2,SPF_HELO_NONE,
    T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=disabled version=3.4.6
X-spam-SNF-Result: 0 (Standard White Rules)
X-spam-MessageSniffer-Scan-Result:
X-spam-MessageSniffer-Rules:
    0-0-0-2429-c
X-spam-GBUdb-Analysis:  1, 184.94.240.112, Ugly c=0.357145 p=-0.1875 Source
    Normal
Received: from d.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145])
    by b.local-delivery (8.14.7/8.14.7) with ESMTP id 24BHxOUk006899
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <xxxxxxxx@lds.sonic.net>; Wed, 11 May 2022 10:59:24 -0700
Received: from vmx.spamcop.net (vmx.spamcop.net [184.94.240.112])
    by d.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 24BHxNqN107202
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <xxxxxxxx@sonic.net>; Wed, 11 May 2022 10:59:24 -0700
DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns;
  h=IronPort-SDR:X-Corpus-CASE-Score:Received:Received:From:
   To:Subject:Precedence:Message-ID:Date:X-Mailer;
  b=KkvP5aBl9Md+4drBRSvljnJEAe3hevTgrPPG9aq8eJI+L5ZBTpstUh23
   xCa44jj5nnkVlI6Mycnv2MvtKrBozt9G7mb+FJKINxKEGXkUvkQqHKA/E
   ausfD3p8pn5jzDh;
IronPort-SDR: eXGcifgOTQE0pAsvFRW89f+ynULjxySmlh6vohXzvc95FKXZvT2UqhXWlGW6eQnRD8/5l6/hxy
 ffjnIaPZyO5t2pTyPUZVy6iFQ2gKMn1b3WKibBmx8/sjg18AXCwPdLvbri/XbkdgydvkpxwMro
 JNoJ6l4CUpU4wB0nWH4vOrB9ncxmUUY5h+y5qsRMoRiph+MrelrGRwBuf5VXqHoI7G22uV3DzR
 NFPKK1VEOZus6GuX5AMmSvKACSLyHjJKKLQg12YVKc4zVdHtVBrnp8jrmNwBUTY7x2hrxjVcAC
 ONI=
X-Corpus-CASE-Score: 0
Received: from prod-sc-www02.sv4.ironport.com (HELO prod-sc-www02.spamcop.net) ([10.8.129.226])
  by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 11 May 2022 10:58:18 -0700
Received: from [135.180.216.255] by spamcop.net
    with HTTP; Wed, 11 May 2022 17:58:12 GMT
From: SpamCop <spamcop@devnull.spamcop.net>
To: xxxxxxxx@sonic.net
Subject: [SpamCop] Email Delivery Confirmation
Precedence: list
Message-ID: <wh627bf934g75b2@msgid.spamcop.net>
Date: Wed, 11 May 2022 17:58:12 GMT
X-Mailer: https://www.spamcop.net/ v5.4.0
X-Orthrus: tar=0 grey=no co=US os=FreeBSD/9.x or newer/2 spf=pass dkim=pass

Please confirm email delivery for SpamCop account:
hank@spamcop.net

Click here:
https://www.spamcop.net/mcgi?conf=un6FJSBii5iMUvqCILI1ihJWw8CkUP0o

Or send email to:
deliver.un6FJSBii5iMUvqCILI1ihJWw8CkUP0o@cmds.spamcop.net

Link to comment
Share on other sites

On 5/11/2022 at 7:38 PM, hank said:

Received: from d.mx.sonic.net (a.spam-proxy.sonic.net [157.131.224.145])
    by b.local-delivery (8.14.7/8.14.7) with ESMTP id 24BHxOUk006899
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <xxxxxxxx@lds.sonic.net>; Wed, 11 May 2022 10:59:24 -0700
Received: from vmx.spamcop.net (vmx.spamcop.net [184.94.240.112])
    by d.mx.sonic.net (8.14.7/8.14.7) with ESMTP id 24BHxNqN107202
    (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
    for <xxxxxxxx@sonic.net>; Wed, 11 May 2022 10:59:24 -0700

I will trust that the sonic Received: header is okay.  Looking at the second header, I would be cautious at reporting this.  I get my legitimate SpamCop email from 184.94.240.112 which appears to be the same as what you have in your email.  If the sonic section can be trusted, I would say this is a good email.

A word of caution, if you try to report something like this, before you send the reports pay attention to the address.  If it says something like don[at]spamcop, sending the report could automatically have your reporting account disabled.

From what I can see that you have posted, I try to login to your reporting account and see if it is waiting on anything special.  You may also want to try to contact the deputies to verify exactly what this is.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...