Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. Yesterday
  4. Interesting that the cached whois says it is from the mirror and the format of it is slightly different. Also interesting that APNIC and RIPE seem to have abandoned the separate abuse handle in favor of the following line: % Abuse contact for '203.188.252.0 - 203.188.252.255' is 'nayon.isn@bangla.net.bd' If I recall correctly, everyone used to use something similar to the following: OrgAbuseEmail: abuse@example.com
  5. Last week
  6. Thats good to know. The site where link goes, have again the same russian owner.
  7. nayon.isnpAT[bangla.net.bd seems is the correct address
  8. petzl

    Massive spam Attack - Looking For Input

    https://www.spamcop.net/sc?id=z6566520311z41fa0c960e85e844a30002d278ed6f9az https://www.spamcop.net/sc?id=z6566520312z6ce0103f34a127b8f20ded2333c8d06az https://www.spamcop.net/sc?id=z6566520330z977931b5a816ec376b8d9d8e3faee0b6z looked at 3 all seem to be free webhosting sites worldwide 67.229.79.114 abusexvpls.com 1st reported on Submitted: 8/7/201 Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com http://67.229.79.114 89.163.243.41 abusexmyloc.de 1st reported Submitted: 8/7/2019 Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com http://89.163.243.41 62.210.76.243 abusexonline.net 1st reported Submitted: 8/18/2019 Registrar Abuse Contact Email: mailto:abuse[AT]namecheap.com http://62.210.76.243 "Please enter your email address below to unsbscribe from future mailings." put in the appropriate abuse address, not yours if you must. this is a whack a mole reporting By using different IP addresses the spammer is avoiding blacklisting, seems that spammer is flooding you from all their free sites A good Website/registrar WhoIs ror windows http://www.gena01.com/win32whois/ NameCheap are US based so come under US law. Should have credit card details of criminal. “Book 'em, Danno. Murder One.”
  9. What constitutes a "bounce" in this context isn't always apparent to a volunteer such as myself. It could be anything, such as a dead email address, a full inbox or auto replies that have, for some reason, been counted as a bounce. As for why the reporting address didn't update, it's likely that whoever is responsible for updating reporting addresses in the database(s) Spamcop consults hasn't made any changes for a while.
  10. Hey all, Looking for some input on what "you" would do in addition to what I am already doing. I am at wit's end and considering giving up on this one. I seem to have landed on some spambot or persistent POS spammer's list on an email address that typically has had no spam sent to it or was successfully filtered by the provider. Unfortunately this ordeal has burned up all of my Spamcop fuel. I am reporting every spam email to Spamcop, UCE, ORA.FDA, ACMA, Phishing at US CERT, Phishing at Antiphishing org. This attack is repetitive in content and seems to be repetitive in sources. What bothers me is sometimes I get auto-response from Spamcop stating ISP has taken care of the address but what is weird is it is usually dated the day or two before and I am reporting within seconds of getting it. Is the spammer sending some sort of auto-response to Spamcop to trick it? Below is hopefully enough of a list of tracking url's that might give someone with better experience to ascertain what steps I might take and see a pattern. [Edited to add offenders at a glance] These seem to be the major offenders over and over. proxad[dot]net cv[dot]net nl[dot]leaseweb[dot]com pratiksunucum[dot]com primary[dot]net dedibox[dot]fronline[dot]net hostnit[dot]com quadranet[dot]com vpls[dot]comus[dot]leaseweb[dot]com leaseweb[dot]de multacom[dot]com velia[dot]net netmyne[dot]com stackip[dot]net he[dot]net netbudur[dot]com ikoula[dot]com dacentec[dot]com heg-us[dot]com colocrossing[dot]com psychz[dot]net aknietteteeva[dot]gmail[dot]com [End Edit] Thanks in advance. https://www.spamcop.net/sc?id=z6566520311z41fa0c960e85e844a30002d278ed6f9az https://www.spamcop.net/sc?id=z6566520312z6ce0103f34a127b8f20ded2333c8d06az https://www.spamcop.net/sc?id=z6566520313z8a760a7cd8dfb78366d954b0e4460973z https://www.spamcop.net/sc?id=z6566520314z66c0ec5b5300a4a5734ad34540c62f58z https://www.spamcop.net/sc?id=z6566520315zf3db2a8604dcf93f6007a32efad861b7z https://www.spamcop.net/sc?id=z6566520316zdbd95a02f7dfb85453517bbbe5c1e117z https://www.spamcop.net/sc?id=z6566520317z41c2e155668cb8b886f066a4874c6d00z https://www.spamcop.net/sc?id=z6566520318z253fb3c16c5537e73d18db3203070de1z https://www.spamcop.net/sc?id=z6566520319z1164ef6a60b17d090a142ccff880defaz https://www.spamcop.net/sc?id=z6566520320z18000c74cc774082bb65d03342691fe8z https://www.spamcop.net/sc?id=z6566520321z2e7fa652d590841ded710d39b824bd9az https://www.spamcop.net/sc?id=z6566520322zb0a2689b23f9d3c7384e782de1208e93z https://www.spamcop.net/sc?id=z6566520323z1c9c291593ff190f20a0b056f59a85faz https://www.spamcop.net/sc?id=z6566520324z8a09b1f06b53160183624992abb3110cz https://www.spamcop.net/sc?id=z6566520325z04094c2130063750649dd06968ce07ccz https://www.spamcop.net/sc?id=z6566520326z5b3541758582127ae705892424c27e9bz https://www.spamcop.net/sc?id=z6566520327zb78c4a1273c690a265e02f49d1426372z https://www.spamcop.net/sc?id=z6566520328z2bb0a9838d540a0df0ebd1b5a7fa5b39z https://www.spamcop.net/sc?id=z6566520329z6166255f0056dd0c0183cddcb85d5c08z https://www.spamcop.net/sc?id=z6566520330z977931b5a816ec376b8d9d8e3faee0b6z
  11. The link still forwards. Apparently, the link is a search where it clicks the "I feel lucky button" and forwards directly to the first returned google search result. The "I feel lucky" button as being part of the URL: btnI=bQm4
  12. Google seem to of taken link down?
  13. https://www.spamcop.net/sc?id=z6566177613zbe9f03927879099214d104a432d8c2c0z But wait... Tracking message source: 203.188.252.24: Routing details for 203.188.252.24[refresh/show] Cached whois for 203.188.252.24 : faruque@bangla.netinfo@bangla.net bounces (10 sent : 6 bounces)Using best contacts I even tried refreshing but will it will not update. Steve
  14. This is same spam i get almost every day, but this one use google link instead of that russian site. I dont know what that link does, but it is to google.com https://www.spamcop.net/sc?id=z6566161130zd34619e4d85c8adc3716c597c9f69569z
  15. petzl

    AWS spam source

    AWS has a crime problem starting at it's abuse address, they seem in on it! try here for latest abuse address https://aws.amazon.com/security/report-suspicious-emails/
  16. Sorry for the late reply. Seemed that these messages arrived in the gmail spambox and I just moved to gmail and I don't use imap. So I did not see the spam folder. I will try next time if this happens to pass this report. I just use the headers from Outlook 2013 and paste them in the box. This was the only time I had issues with reporting spam, and only with this message. Thank you both for your help and again sorry that I checked the spambox so late.
  17. I've seen some with apparent connections to Russia. Thankfully my provider filters them out before they make it to my inbox or junk/spam folder.
  18. gnarlymarley

    AWS spam source

    Though, I believe you have some good addresses, I am not sure it will help. After me seeing the joke of the do not call list for the past decade (more than the current administration), I would suspect that amazon.AWS thinks these addresses would be nothing more than an external rating system. I do not believe they would actually stop the spam. I use the SpamCop blocking list for that. Each time you report, it feeds the algorithm behind the block list.
  19. My template attracts Russia's attention it applies to all porn spam/ Not seen one with "proof of age" on file.
  20. What I'm seeing at the tracking link is typical of mail I receive at an Outlook email account, where the top-most (most recent) Received header trips things up so that reports go to report_spam[at]hotmail.com - I usually delete or comment out the header in such situations, which is normally sufficient to get the report(s) sent to a more appropriate address.
  21. petzl

    godaddy spam source

    Show 1 spamcop tracking url
  22. gnarlymarley

    godaddy spam source

    I don't think I have ever got any spam from godaddy. If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  23. gnarlymarley

    ovh.net spam source

    If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  24. gnarlymarley

    hetzner.de spam source

    If the reports are not helping, at least the reports are feeding the block list. One thing you might want to try reporting to their ISP.
  25. Lking

    Ragged end of the internet

    🙂
  26. RobiBue

    Ragged end of the internet

    WOW! wouldn't it have been easier for them to set up BPL? at least as redundancy? Internet: the final frontier. These are the enterprises of Telo. Its continuing mission: to communicate in strange new ways, to seek out new fiberoptic breaks and new dug-out holes, to boldly go where no internet has gone before. Besides, who needs the fiberoptics if you have Dilithium crystals. Just transmit and receive with subspace amplifiers... Live long and prosper nyuk nyuk nyuk 🙂
  27. went one up on my previous (2 month old) post looking at it's /18 range: https://whois.nic.ad.jp/cgi-bin/whois_gw?key=202.238.192.0/18 SC itself still returns " No reporting addresses found for 202.238.198.169, using devnull for tracking. "
  28. Earlier
  29. The address matches the cached entry returned from RIPE. I am not sure I would trust the other RIPE email any more than the gmail address either. SpamCop RIPE cached: % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '92.63.192.0 - 92.63.192.255' % Abuse contact for '92.63.192.0 - 92.63.192.255' is 'vvsg180@gmail.com' New RIPE query: e-mail: vigorv@mail.ru e-mail: hawk@diamondc.ru upd-to: stell_hawk@mail.ru abuse: hawk@diamondc.ru One quick note that you may not be aware of is that thanks to GDPR there might be times where the "-B" gets in the way and someone has performed a manual add. SpamCop: Reports routes for 92.63.192.124: routeid: 78192297 92.63.192.0 - 92.63.192.255 to: vvsg180@gmail.com Administrator interested in all reports 7/17/2019, 9:45:55 AM -0600 [Note added by (no name)] Route added without comment
  1. Load more activity
×