Jump to content

Hanco

Members
  • Content Count

    74
  • Joined

  • Last visited

Everything posted by Hanco

  1. Hanco

    AWS spam source

    Hope that helps. I include the authorities on all my Amazon reporting. Not sure it has any impact here in this country. Canada may be different...
  2. Hanco

    AWS spam source

    You are dealing with a group of very well known spam/phishing jerks (at least, we’ll known to me) Namecheap are almost exclusively the domains they (1) Create, or (2) Takeover. The s.free.fr is a redirect site (short url) so the actual sites are not linked to in their malicious emails. Thus reducing risk of their actual redirect site being listed on SURBL or such. Their actual site is not the ultimate destination either, but a redirect dance site to wherever they fancy sending you. You'll also probably find they use other sites for image hosting (to deliver to their malicious emails when opened). Often they use “imgur.com” - and imgur will happily delete those as against their terms of service. Report here, if you want to help make the malicious emails look more odd than they do already 😏 https://help.imgur.com/hc/en-us/requests/new
  3. Hanco

    AWS spam source

    I’m sending mine to: abuse@amazonaws.com, abuse@amazon.com, ec2-abuse@amazon.com, ipmanagement@amazon.com That seems to be working. Were your target sites hosted by Lithuania outfit vpsnet? All mine were (australy.win, australy.bid, bulkoffers.win) The target site australy.bid went onto SURBL Phishing blacklist Sunday/yesterday. Not sure why/how, but the good news is that Nanecheap finally deleted the registration for the domain. That is something they refused to do several times (on February 6 and Feb 8 this year for example) despite emails for “number 1 milf site” etc!! My level of frustration with Amazon (and with Namecheap) reaches far too high a level at times LOL
  4. Hanco

    No Data Found

    I got that a few times too. I refreshed and sometimes it took as many as 4-6 attempts but it eventually worked. Something was wrong but it wasn’t my ability to copy/paste
  5. Hanco

    Three Ways to Report spam

    Yes, exactly. Any ideas how to help them get onto those lists?
  6. Hanco

    Any point in reporting spam from AMAZONAWS?

    55 spam emails from Amazon IPs in the past 2-3 days... all designed to push traffic to one of three domains. All of no interest to me on topics from Gutter Guards, Home Warranty, some miracle instant translator device, some cure for a nerve condition, a flashlight, how stainless steel reverses diabetes, boosting testosterone, dating is easy with their Asian ladies, anthropomorphic renovation, CBD oil and miracle pain cures, dating for people much (much) older than me, and mortgages. A surge recently in volume of this crap and a significant fall (to zero) in the Canada Pharma sh**e, and the “you’ve got to send me your personal details so you can get $1m that is yours”. Also not had the emails from my close friends by name with “saw this and you should look” links (typically link to a site domains created with Namecheap less than 24 hours ago, and always under 3 days ago) It seems really clear this spam bot group is pushing all content through Amazon, and Amazon is either powerless, or doesn’t want to actually stop it. Rarely will SpamCop offer reporting to Amazon, instead doing the abuse#amazon thing. Should we send direct to Amazon or not? Which is likely to cause maximum potential nuisance to the spammer and reduce volume longer term?
  7. Hanco

    Three Ways to Report spam

    Why should they? I agree with you that innocent bystanders don’t want to be impacted. I’m talking about three specific domains/sites, which exist ONLY for spam operations. Obviously I appreciate determination of a site existence only for this purpose is not always straightforward. And maybe this is not the place to ask about it. Just curious how a domain like “australy.bid” or “australy.win” gets on blacklists like SURBL. It certainly seems like it is not achieved by the reports sent to the host this week
  8. Hanco

    Three Ways to Report spam

    Rules: SCBL lists IP addresses with a large number of reports relative to reputation points. The SpamCop team manually balances the threshold in an effort to make the list as accurate as possible. I guess I won’t know what that means in actual volume terms. The SCBL weights reports depending on how recently the mail was received (or "freshness"): The SCBL counts the most recently received reports 4:1. That’s me and these reports I send for sure. Avg reporting time 2 hrs now. Very fresh! The SCBL does not count reports regarding URLs or addresses in the body of the email. Therefore, the SCBL does not list websites or email addresses used to receive replies in reported email, unless that IP is also used to send the mail. So, for spam emails that are from Amazon AWS IPs, where the body of the email is sent to drive traffic to the IP address of “australy.win”... australy.win’s IP address will never become blacklisted through the reports I send? The Amazon AWS IP might though? The SCBL will not list an IP address with only one report filed. I hope someone else is receiving the junk I get and is bothered enough to report
  9. Hanco

    Three Ways to Report spam

    I wish I knew what drives inclusion of sites (or their Domain Names) in blacklists. I’ve been using SpamCop for a long time, but I’ve not worked it out. I feel like it has definitely reduced the spam I get. Many years ago I received very few every year. I stopped reporting them. Then about 18-24 months ago it started again. Either I was in a data leak (pwned) or somehow I did get added to a list. Maybe a random bot sent email arrived and I opened it? Heaven forbid, but maybe I even replied to one? Ive re-learned submissions, deciphering the plain text/headers and the “tricks” of the criminal idiots behind spam/phishing emails. Now they all get reported. Average submissions time 2 hours. I also report image content when hosted off their spamvertized domain site. Some image hosting applications respond in under an hour at times, deleting the files. The spammer who continues to blast me has noticed and has to include “Can’t see the images? View unblocked email here” (or similar message at the top of their spammy emails) I wish the blacklisting was faster. Especially SURBL, because then see the domain registrar take actual action to shut down one more spam site the spammer moves onto their next one but it causes them inconvenience which reduces the spam for a while! Currently I’m dealing with ~24 spams per day, and all for the same three domains hosted by the same provider. Hoping for a slow down soon 😊 Best wishes.
  10. Do we feedback somewhere on issues where SpamCop’s Whois came back wrong? 63.34.8.135 belongs to Amazon not Verizon.Source RegistryARINNet Range63.32.0.0 - 63.35.255.255CIDR63.32.0.0/14NameAMAZON-DUBHandleNET-63-32-0-0-2ParentNET-63-32-0-0-1Net TypeALLOCATIONOrigin ASAS16509RegistrationWed, 25 Apr 2018 18:02:37 GMT (Wed Apr 25 2018 local time)Last ChangedWed, 25 Apr 2018 18:02:37 GMT (Wed Apr 25 2018 local time)Selfhttps://rdap.arin.net/registry/ip/63.32.0.0Alternatehttps://whois.arin.net/rest/net/NET-63-32-0-0-2Uphttps://rdap.arin.net/registry/ip/63.32.0.0/14Port 43 Whoiswhois.arin.netRelated Entities 1 EntitySource RegistryARINKindOrgFull NameAmazon Data Services Ireland Limited
  11. Hanco

    Amazon not Verizon

    Cool. Have I done it? (By the post above) Or something else “to do” in this place? thanks
  12. I tried 5 times (one of those being many minutes after the other 4 so I could paste a link here in the forum) Even re copy/pasting did not work. Something is wrong today or the spammers are finding ways to cause issues. It did work now though. Worth knowing. Would be good for the tracking link to be available in “Past Reports” (I had to recreate for my forum post above)
  13. Same for me today with multiple spam emails. I copy paste the headers/plain text into the form and submit. https://www.spamcop.net/sc?id=z6577975043z5717151a0c3192ccd48d77159d8dbd4cz Does that link above help? Is there a place to forward the plain text for further investigation? Seems like one spammer in my case has found a way to break the capability to report.
  14. Hanco

    Any point in reporting spam from AMAZONAWS?

    Wow, that’s not good. Credit card provider would likely have reversed all those if Amazon didn’t I guess. Meanwhile here, Amazon IPs are the source of regular spams by the same criminal group now, every day for: bulkoffers.win / australy.win / australy.bid I wonder how many times it takes reporting these through SpamCop before we finally see them go on SURBL or similar...
  15. Hanco

    Massive spam Attack - Looking For Input

    Middle of the night and they are spamming for a new Namecheap domain again... camill.icu Hosted via (not necessarily “at” 51.77.39.82 : abuse@ovh.net, noc@ovh.net Camill.icu Namecheap registrar domain is only 4 days old Spammer also using free redirect services for links and including large unnecessary text blocks in <style> tags, and sending from Amazon network AWS IPs (again) and using Imgur image storage service (who delete anything I report to them pretty fast)
  16. Hanco

    Any point in reporting spam from AMAZONAWS?

    Amazon again just now... from Amazon IP 52.36.85.88
  17. Hanco

    Any point in reporting spam from AMAZONAWS?

    I report spam directly on the SpamCop site (pasting plain text into the form) and for Amazon reports: 1) SpamCop almost always says “Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking” 2) Rarely, but occasionally, I find SpamCop decides to send a report to ipmanagement@amazon.com 3) Now, if the source IP in the spam email headers is at Amazon, I send the report to three addresses. I always include the time the email was received (and time zone). Just occasionally they mess up the conversion to UTC and ask about the time again. ipmanagement@amazon.com because it seems to respond sometimes ec2-abuse@amazon.com because sometimes it is those guys responsible for the sending IP apparently abuse@amazonaws.com because that’s what SpamCop was going to send to I also report any spam image content links I find in the emails. Pinterest is a pain to deal with, but Imgur and others have been very responsive. So much so that the spammer now puts “if the images are not shown below click here” - LOL!! If only they stopped sending me their crap, they would have more success with their intended victims.
  18. Hanco

    abuse AT linode.com

    Prior was different. Don’t seem to be very rigid standard responses. Thank you for bringing this issue to our attention. The customer responsible was removed from our platform.If you have any questions, please feel free to reach out. Have a great rest of your day. and... Thank you for bringing this to our attention. We take the integrity of our platform very seriously and are currently working with the customer to resolve this issue.If you have any questions or concerns in the meantime, please don’t hesitate to ask.
  19. Hanco

    abuse AT linode.com

    My last Linode reply to a direct email was positive: Thank you for bringing this to our attention. We have removed this user from our platform as their actions have violated our terms of service.Please let us know if you have any questions.
  20. Hanco

    Massive spam Attack - Looking For Input

    Every so often I get one suspended. But yes, they just move to another. When I first started reporting these guys it spurned a total onslaught of spam. 10 to 15 spams for the same junk every day for a few days. All sent from AWS IP addresses and, more often than not, pushing traffic to Namecheap domains, which are only setup to do redirects. The target sites never have an actual website at them. I think it is known as spamvertising.
  21. Hanco

    Massive spam Attack - Looking For Input

    Namecheap are not impressive. I am regularly reporting spam where the benefiting/target domain in the spam was created “today” (same date spam received), 1 day old (one of those this week) and just today there is a 1 and a 3 day old domain. Namecheap’s response: We are not host so we cannot check server logs... contact the host. Is it me? Are domains used in obvious spam emails, less than 24 hours, 1 or 3 days old, likely to be genuine customers of their business??? I report every one of the spams through SpamCop, I include the sender host of the email when possible (so many are AWS IPs now, and I report those directly to Amazon). I also report the hosted images. The spammer used to use Imgur exclusively, but they (and several others) handle my image ad reports very quickly now. It seems VERY hard to get the sender of this junk onto SURBL or other Namecheap recognized list. Only when they are does Namecheap do anything concrete at all. One day old spam promoted site example from today: highmarket.club A few others hiotoau.info was created via Namecheap the same day as the spam email was sent: 20 September arstoe.info was created via Namecheap the same day as the spam email was sent: 15 August iornfao.info was created via Namecheap the same day as the spam email was sent: 27 July
  22. Hi, I’ve not been looking forward to the day they implemented this on my account but Microsoft did it this week. Spammer links/URLs are now embedded within a new string/link which Microsoft has replaced the original link with. Users cannot disable this unwarranted, unwanted change. It means a user cannot review the link easily before visiting the webpage, but it also means SpamCop doesn’t seem able to identify the site. So now reports are suggested for the host/reverse proxy provider :( Are there any plans to take care of this on the SpamCop side? Otherwise it requires people like I to identify the link within the Microsoft mess, copy that, remove the % handling for forward slash characters, open another instance of the SpamCop page and use that to get the reporting address/IP of the spamvertized site etc, then come back to the original page and add a user report address. example: (Thanks Microsoft for messing this up but not actually reducing the spam junk I get from the same criminal’s...)
×