Announcement

Collapse
No announcement yet.

Indirect spam from FlightRadar24

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Indirect spam from FlightRadar24

    Most of the time I create and use a unique email address (no public email provider and no webmail) for different websites, like flightradar24.com to know exactly who is responsible for sending me spam directly or indirectly. In the last 3 days I got 3 spam emails with malware to this email address. I don't say that you sent them, but you are the only one (except me) who knows this email address, which means that you are leaking email addresses of your users somehow. Please pay more attention to how you handle our email addresses! Thanks.

  • #2
    Same here. I also got spam to an email address exclusively used here.

    EDIT: Maybe it helps narrowing down the source, here are the important headers from the spam I received (censored my email address with xxx(a)yyy.com):

    Code:
    Received: from krivov.net.fvds.ru (unknown [82.146.53.92])
    	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
    	(No client certificate requested)
    	by mail.yyy.com (Postfix) with ESMTPS id 7942980DAB
    	for <xxx@yyy.com>; Wed, 10 Feb 2016 17:45:57 +0100 (CET)
    Received: from krause by krivov.net.fvds.ru with local (Exim 4.72)
    	(envelope-from <webmaster@xn--80akcjakgclcmadi5bfeca1o6a5cp.xn--p1ai>)
    	id 1aTXtI-00031m-CU; Wed, 10 Feb 2016 20:45:20 +0400
    To: xxx@yyy.com
    Subject: DHL DeliverNow Notification Card on lost shipment ( Third Notification )
    X-PHP-Originating-Script: 519:rstoneham.php
    Date: Wed, 10 Feb 2016 20:45:20 +0400
    From: "DHL DeliverNow Network" <ewpcojvtkhsgr@xn--80akcjakgclcmadi5bfeca1o6a5cp.xn--p1ai>
    To: xxx@yyy.com
    Code:
    Received: from mail.theitgrid.co.uk (mail.theitgrid.co.uk [213.230.219.150])
    	by mail.yyy.com (Postfix) with ESMTP id 153B280DEA
    	for <xxx@yyy.com>; Tue,  9 Feb 2016 00:47:34 +0100 (CET)
    Received: by mail.theitgrid.co.uk (Postfix, from userid 5035)
    	id D399B71CCAC; Mon,  8 Feb 2016 23:46:56 +0000 (GMT)
    To: xxx@yyy.com
    Subject: DHL DeliverNow Notification Card on lost shipment ( Second Notice )
    X-PHP-Originating-Script: 5035:wjm1940sr.php
    Date: Mon, 8 Feb 2016 23:46:56 +0000
    From: "DHL DeliverNow Network" <giqvhibbud@trinitycheltenham.com>
    To: xxx@yyy.com
    (I think I already deleted the first one.)
    Last edited by mbirth; 2016-02-10, 18:58.
    T-EDDI15RasPi2 + RTL2838 USB dongle + stock antenna

    Comment


    • #3
      That problem is reported and investigation is in progress.

      Here is a word from admin http://forum.flightradar24.com/threa...5223#post75223
      Last edited by Amper; 2016-02-10, 18:44.
      For official support use Contact Form

      Comment


      • #4
        Oh, thank you. I'm not that much in the forums here, so I didn't noticed the thread. I will ask Olov via PM and if needed, send him the emails compressed. Maybe it helps.

        Comment


        • #5
          I can also provide headers, if needed. From looking at them it seems like the mails were sent over hacked sites, probably their CMSes.
          T-EDDI15RasPi2 + RTL2838 USB dongle + stock antenna

          Comment

          Working...
          X