help

[irongeek2012]

Hello fellow members of computerforum.com.. .... I sent an email to an admin at centurylink it stated this ---> An individual from your service provider Century link in Trenton, New Jersey, IP address 208.47.184.5 is sending multiple spam messages in inside the message is a link\URL to steal my user information from my Facebook account. Here is one of the 15 spam messages this just started 2 days ago.

Sorry to email you out of no where however i really I am considering meeting. Should you be feeling lonely let me know. You can 24 7 find me on my profile. There is no price to join so yeah, would love to talk to u! I added a lot of pictures associated with me on the for you personally, Looking at this become pleased!

www timelqymz net <http://apps.facebook.com/599050693476647?ez89n5lt>

do not click the link!!!

X-Antivirus: AVG for E-mail
Return-Path: [email protected]
Received: from mx04.agate.dfw.synacor.com (LHLO mx04.agate.dfw.synacor.com)
(10.40.0.43) by md09.agate.dfw.synacor.com with LMTP; Mon, 14 Oct 2013
12:17:25 -0400 (EDT)
Return-Path: <[email protected]>
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=BLExXSsG c=1 sm=1 a=uaGFu7ih6rsA:10 a=8uJ5MO_MQBgA:10 a=-hW6OHAokzcA:10 a=69EAbJreAAAA:8 a=KGjhK52YXX0A:10 a=HCmzGYxLSBAA:10 a=Ebx4ZHpTmCfc27fB1agA:9 a=pILNOxqGKmIA:10 a=vTzowgZDfh4A:10 a=S3XoswWoTeoA:10 a=3j4BkbkPAAAA:8 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=zcnldWS44SEQJPPK-S0A:9 a=KQqxNPgzF0kA:10 a=k3pfjHKhdx7Ewwg0:18 wl=host:39 a=0Aoox5Qzf48baMDEPENU+Q==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: mx04.agate.dfw.synacor.com [email protected]; sender-id=softfail
Authentication-Results: mx04.agate.dfw.synacor.com [email protected]; spf=softfail; sender-id=softfail
Received-SPF: softfail (mx04.agate.dfw.synacor.com: transitional domain hotmail.com does not designate 208.47.184.5 as permitted sender)
Received: from [208.47.184.5] ([208.47.184.5:46508] helo=smtpout01.embarq.synacor.com)
by smtp.embarq.synacor.com (envelope-from <[email protected]>)
(ecelerity 3.5.1.37854 r(Momo-dev:3.5.1.0)) with ESMTP
id DB/81-29602-1191C525; Mon, 14 Oct 2013 12:17:24 -0400
x-binding: migrated_binding
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=2.1 cv=E9D0+8tl c=1 sm=0 tr=0 a=X/4VuEfykruHQYtuw1zXHA==:117 a=uaGFu7ih6rsA:10 a=8uJ5MO_MQBgA:10 a=-hW6OHAokzcA:10 a=69EAbJreAAAA:8 a=HCmzGYxLSBAA:10 a=Ebx4ZHpTmCfc27fB1agA:9 a=pILNOxqGKmIA:10 a=vTzowgZDfh4A:10 a=S3XoswWoTeoA:10 a=3j4BkbkPAAAA:8 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=LNxWm_Wqr_URRb1GIa4A:9 a=JQzHVsKFwuLSt0S1:18 a=KQqxNPgzF0kA:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: spam03.embarq.synacor.com [email protected]; spf=pass
Received-SPF: pass (spam03.embarq.synacor.com: domain hotmail.com designates 65.55.34.82 as permitted sender)
Received: from [65.55.34.82] ([65.55.34.82:30766] helo=col0-omc2-s8.col0.hotmail.com)
by smtp.embarq.synacor.com (envelope-from <[email protected]>)
(ecelerity 2.2.3.49 r(42060/42061)) with ESMTP
id 04/93-01378-A981C525; Mon, 14 Oct 2013 12:15:22 -0400
Received: from COL130-W59 ([65.55.34.73]) by col0-omc2-s8.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 14 Oct 2013 09:15:24 -0700
X-TMN: [1te0id7qRQUFqfWFxqqn+9M5kkOqH59H]
X-Originating-Email: [[email protected]]
Message-ID: <[email protected]>
Content-Type: multipart/mixed;
boundary="_0d2240b5-b0f2-4ce9-a409-b239606a6f13_"
From: Montalto Harps <[email protected]>
To: <[email protected]>
Subject: Re:~$30 FLAT FEE- COMPUTER REPAIR~ (LEE COUNTY)
Date: Mon, 14 Oct 2013 17:15:21 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 14 Oct 2013 16:15:24.0677 (UTC) FILETIME=[96BD8350:01CEC8F8]

All spam email is coming from 208.47.184.5 I run an ad on craiglists for my computer services and it has my real information on it. Anyways, I contacted his ISP a week ago and no repsonse no thing, and now it's coming in even worse. Is this the correct IP address 208.47.184.5 I just want to double check it. I ran it through spam anaylzer u can find using google.... I use Microsoft outlook and I created rules/filters to block this junk and have it go directly into my inbox but now it's coming a lot more.. What can I do to get rid of this spammer?

 

[johnb35]

That IP address belongs to this owner.

Synacor, Inc.
40 La Riviere Drive
Suite 300
Buffalo, NY 14202

Telephone number

7168531362

Contact them. Give them a copy of the message header(what you posted), they should be able to track who sent them.

 

[irongeek2012]

That IP address belongs to this owner.

Synacor, Inc.
40 La Riviere Drive
Suite 300
Buffalo, NY 14202

Telephone number

7168531362

Contact them. Give them a copy of the message header(what you posted), they should be able to track who sent them.

Hey John, what tool or online tools did you use to get this information? http://www.ip-adress.com/whois/synacor.com... hey john who would you contact synacor or centurylink. The IP address traces back to centurylink but


I tried contacting them and to no help. All I got was an IVR phone system...with the operator, and PS; When I run the IP address through several different WHOIS servers it says the IP address belongs to someone in Trenton, NewJersey... 208.47.184.5

Run I run the IP address though Whois Server whois.arin.net

Whois Server
whois.arin.net
Status
ALLOCATED
Contact Email

Registrant
Qwest Communications Company, LLC
Technical Contact
Qwest IP Admin
Telephone: 18778866515
Email: [email protected]
208.47.184.5 is the IP address you have a ran a report for on October, 16, 2013.

is there a way i can get his real information meaning his real email address...( I have his real IP address ) everytime he sends spam its coming from a new email address. however, the IP address is always the same. I'm on the phone with the abuse department to catch this punk kid.....

 

[johnb35]

This the website I use to check IP's

http://www.ip-adress.com/ip_tracer/208.47.184.5

 

[irongeek2012]

Update

I finally the got information I needed to send an email address to abuse department at century link.


In th email I wrote

Hi. I’m Mike and I have an ad on Craigslist that I post for my computer services it has my information my phone number etc.... An individual from this IP address 208.47.184.5 your service provider Century link in Trenton, New Jersey, is sending multiple spam messages in inside the message is a link\URL to steal my user information from my Facebook account. Here is one of the MANY SPAM messages this just started 5 days ago.
-------------------------
Embarqmail/CenturyLink™ [[email protected]]
Embarqmail customers; Failure to verify your mailbox before 18,10,2013, we will be assumed you no longer use your mailbox and it will be disabled. click http://mailembarq.jimdo.com/ and fill Form for instant verification
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2242 / Virus Database: 3222/6257 - Release Date: 10/17/13

And here are the email headers

X-Antivirus: AVG for E-mail
Return-Path: [email protected]
Received: from mx01.agate.dfw.synacor.com (LHLO mx01.agate.dfw.synacor.com)
(10.40.0.40) by md09.agate.dfw.synacor.com with LMTP; Sat, 12 Oct 2013
14:03:09 -0400 (EDT)
Return-Path: <[email protected]>
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=KcRQQHkD c=1 sm=1 a=Ou6r2Klx3mgA:10 a=8uJ5MO_MQBgA:10 a=MOdXy9B_utEA:10 a=69EAbJreAAAA:8 a=KGjhK52YXX0A:10 a=qmCz6fWrNzAA:10 a=13phc5FB0p-Uaax_p2YA:9 a=wPNLvfGTeEIA:10 a=idViha7_n4UA:10 a=BhMbr5s9HMIA:10 a=Ku1O4z6kjQoy6Z2p:21 a=1wHd2iJOknRv4zuu:21 a=3j4BkbkPAAAA:8 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=3OVilhywx3o0lYqryTQA:9 a=KQqxNPgzF0kA:10 a=R-0UT98PFu0A:10 a=nNAwfT3tCQfuz5y9:18 wl=host:39 a=0Aoox5Qzf48baMDEPENU+Q==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: mx01.agate.dfw.synacor.com [email protected]; sender-id=softfail
Authentication-Results: mx01.agate.dfw.synacor.com [email protected]; spf=softfail; sender-id=softfail
Received: from [208.47.184.5] ([20Received-SPF: softfail (mx01.agate.dfw.synacor.com: transitional domain hotmail.com does not designate 208.47.184.5 as permitted sender)
8.47.184.5:38708] helo=smtpout01.embarq.synacor.com)
by smtp.embarq.synacor.com (envelope-from <[email protected]>)
(ecelerity 3.5.1.37854 r(Momo-dev:3.5.1.0)) with ESMTP
id 3B/4A-17745-DDE89525; Sat, 12 Oct 2013 14:03:09 -0400
x-binding: migrated_binding
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=2.1 cv=Z4bVQhhA c=1 sm=0 tr=0 a=C6Si47BRVZHAJs7edaXLpw==:117 a=Ou6r2Klx3mgA:10 a=8uJ5MO_MQBgA:10 a=MOdXy9B_utEA:10 a=69EAbJreAAAA:8 a=qmCz6fWrNzAA:10 a=13phc5FB0p-Uaax_p2YA:9 a=Ku1O4z6kjQoy6Z2p:21 a=1wHd2iJOknRv4zuu:21 a=wPNLvfGTeEIA:10 a=idViha7_n4UA:10 a=BhMbr5s9HMIA:10 a=3j4BkbkPAAAA:8 a=jYj0BInaKEUntEox:21 a=9ES_wBbwBSi2t48Z:21 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=RneK4Fe0BeNVqDTh9tgA:9 a=fg0daNg5qoW6PUpR:18 a=KQqxNPgzF0kA:10 a=R-0UT98PFu0A:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: spam05.embarq.synacor.com [email protected]; spf=pass
Received-SPF: pass (spam05.embarq.synacor.com: domain hotmail.com designates 65.55.34.79 as permitted sender)
Received: from [65.55.34.79] ([65.55.34.79:30850] helo=col0-omc2-s5.col0.hotmail.com)
by smtp.embarq.synacor.com (envelope-from <[email protected]>)
(ecelerity 2.2.3.47 r(39797/39798)) with ESMTP
id 55/83-22460-CDE89525; Sat, 12 Oct 2013 14:03:09 -0400
Received: from COL129-W65 ([65.55.34.71]) by col0-omc2-s5.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Sat, 12 Oct 2013 11:03:09 -0700
X-TMN: [i0ZJRaib+4WHDm2Z6GpGB6xQf47UdRmq]
X-Originating-Email: [[email protected]]
Message-ID: <[email protected]>
Content-Type: multipart/mixed;
boundary="_a3c0241b-db65-4956-aeb6-4ff8aaf44a0e_"
From: Emelia Gala <[email protected]>
To: <somone>
Subject: ~$30 FLAT FEE- COMPUTER REPAIR~ (LEE COUNTY)
Date: Sat, 12 Oct 2013 19:03:09 +0100
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 12 Oct 2013 18:03:09.0383 (UTC) FILETIME=[4F2DDD70:01CEC775]

The abuse departmernt believes his system was hacked and his computer is a SPAM BOT. I don't buy it for a second. As soon as I post an ad on Craigslist I get SPAM.

I use Microsoft Outlook and I created rules/filters to block the SPAM but it's still coming through. So, I tried reporting it from my ISP webmail that they provide. I let the managers go in there and look and it stopped for a few days but now it started again but worse, funny thing is, only happens when I post an AD on Craigslist. The AD is simply a list of my computer services for my area. Anyone have any ideas? Any tips on how to get to stop I got dudes IP address,

I tried doing everything the right way to avoid this spammer but now he's affecting my business. I contacted my ISP abuse department and sent / forward numerous stuff from this guy and they say it's basically nothing they can do be cause he is using MICROSOFT HOTMAIL to do this. Everytime he send's his SPAM it's from a different email address. However, when I read and analyzer the headers they all COME FROM THE SAME IP address.

Is there anyway I can get his real email address not a bogus one?

 

[amyvedi]

I was wondering if you had any luck with this. It started for me 2 days ago. I run a business and this is hurting it. I removed the email address below for business reasons.
I also forwarded this to the postmaster at Centurylink. They say they are escalating the issue.

Here is the error I get...
This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

>>> [email protected] (after RCPT TO): 550 Unable to add
>>> [email protected] because host 208.47.184.9 is listed on
>>> bl.spamcop.net