Hanco
-
Posts
135 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Hanco
-
-
On 8/1/2023 at 9:58 AM, nav2spamcop said:
"Cloudflare does not generally serve as a hosting provider, does not organize or alter content, and does not have the ability to remove content hosted by others." They divest themselves of all responsiblity.
They do divest of responsibility but it is accurate.
They are a “pass thru” and are used by spammers who host some of their gazillions of redirect websites behind the “cover” of a Cloudflare IP address.
There are legitimate reasons to use the services of Cloudflare.
I have actually found Cloudflare to be pretty good at dropping their service from scammer/spammer websites. They’re pretty decent in my experience. I can’t speak for everyone of course :)
-
4 hours ago, anyone8 said:
Went to report a spam and saw the above. Thought I'd put it here in case spamcop itself isn't loading for anyone. Good to know they're working on it.
Thank you for that!!
-
4 hours ago, petzl said:
SpamCop reporting site very slow after waiting..... Waiting another sign in appears.... then another.... then another?
I don’t get the sign in required. But I am experiencing the reporting challenges that are mentioned here in the thread and in the notice on the report page now.
2 hours ago, FeMaster said:I see there is a know issue, so hopefully it gets resolved soon.
For me, it has been going on for days. It seems to actually be getting worse as the days go on. The last couple reports I tried to submit this evening I had to refreshed about a dozen times each before the DNS error went away and I could submit them.
Yeah it has been happening a few days now, then today it was the worst it could be (coincidentally the same day as what appeared to be the most spam attacking the forum). On that topic, we seem to have a few new members joined in the past 4-7 hours but nothing like the large number of new account influx seen 17 hours ago…
4 hours ago, stolen time said:I am still getting the DNS-Server-Error messages for some reports, and the errors rarely go away when I refresh! It seems to happen more often than not, but perhaps that's because my system happens to be the target of a wave of spam that contains strange URLs.
Not just you 👍
Until certain ISPs get their head out of the sand and sort out their customers, we’ll have this problem of well constructed spam continue. Most seem willing to take the action required. Just 2 I know of that are real obstinate. So while they continue, they are getting reports and sub reports filed in detail.
-
Got it thanks Petzl
-
Thank you to whoever has been doing all the cleaning and fixing things. Appreciate you.
-
2 hours ago, gnarlymarley said:
Looks like it is working for me now.
Here also 👍
-
Do you need long time member volunteers to help with moderation? I’ll help deleting the actual spam posts if you like.
-
Quote
[an error occurred while processing this directive]
I cannot get spamcop.net to load. That’s what my browser shows on the page after trying. Is it just me or are others seeing the same today?
-
I’m seeing 500 Server Errors today. And lots of spam posts on the forum. A huge number of spam posts
I do also think: If the spammers are posting on the forum then maybe that is a sign that SpamCop works.
-
On 4/20/2023 at 7:11 PM, Lking said:
+1240 today. I am getting quicker at deleting them. 'Practice makes...' and all that
Thanks for what you do! Looks like they want to keep you busy today.
-
I started seeing the DNS error yesterday. Like others, I found refresh resolved usually after one or two tries. It did seem to get worse with time though.
13 hours ago, anyone8 said:the amount of spam I receive seems to be increasing.
It has been bad for me too through March/April with higher levels of prizes/surveys and recently “love interest” - and the fake invoices (refund scam GeekSquad etc.) plus there’s a Fake Facebook Signin Alert which comes multiple times per day.
Is it a coincidence that the forum is under a spam attack with new members registered posting airline tickets and intuit quick books nonsensically.
-
On 4/11/2023 at 12:30 AM, petzl said:
Put > below you header text then the "headers/body"
What is the significance of doing that? Thanks
-
On 3/9/2023 at 4:54 AM, RobiBue said:
What I did recently was report it through SC and then send a manual abuse report to the abuse address with a link to the SC URL mentioning that the report address is being dev/nulled either due to bounces or because they don't want reports from SC (or because they don't act upon reports)
...still waiting for a report confirmation from them... ¯\_(ツ)_/¯
Do you know what date you did that?
I’ll repeat the same and ask them. I’ll refer them here to this thread too.
it’s not ok to have two faces on something like this, but there could be a simple explanation, maybe.
-
On 3/9/2023 at 2:32 PM, petzl said:
Bitylink have a bot reporting to crash spam links straight away
https://support.bitly.com/hc/en-us/articles/231247908-I-ve-found-a-Bitly-link-that-directs-to-spam-what-should-I-do-Thanks. I am checking with Bitly if they were aware of the reports I sent in the form there to see if it was duplicated reporting of my SpamCop report.
-
1 hour ago, petzl said:
SpamCop does not report domains to the Registrar only the IP pf the domain who will do nothing!
You have to report Domains to registrar yourself from your own email account you received it from!
I use this free Windows program for domains
http://www.gena01.com/win32whois/Yes I’m aware of that. So when a spam arrives and I paste the headers into SpamCop, if it has just a bit.ly short URL, then I use an app to see where the redirect goes and I check who hosts the destination site (after the bitly redirect). I add the host of the true spamvertized site to the user reports. I then check the target spamvertized site domain age. If it was recent then I add the registrar to the user reports (ex.: abuse@namecheap.com)
example:
spam Short URL
https://bit.ly/3L5F0pO and https://bit.ly/3YwN85S
Redirects to the same site as all these this morning
https://mammothtrunk.com/0/0/0/ (parameters removed)
Hosted at
172.99.172.168 : abuse@baxetgroup.comDomain name is 6 weeks old, created for this spam campaign
Domain Name: MAMMOTHTRUNK.COM
Registry Domain ID: 2755384967_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.name.com
Registrar URL: http://www.name.com
Updated Date: 2023-02-01T18:23:04Z
Creation Date: 2023-02-01T18:23:04Z -
7 hours ago, Lking said:
If you would provide a tracking URL then everyone could see, and evaluate, what the SpamCop parser did.
I wish I’d thought of that! Always a good idea…
https://www.spamcop.net/sc?id=z6801823440z842f34171779f715e8acf2de705a997ez
-
Normally when SpamCop doesn’t want to send reports (for any of the reasons you mentioned) it says something about that.
In this case it says the site is not hosted anywhere.
CURL app for the URL shows it can find it and connect.
-- Trying 179.60.149.187:80...
-- Connected to www.umkhn.ipeaet.com (179.60.149.187) port 80 (#0)
>> GET / HTTP/1.1
>> Host: www.umkhn.ipeaet.com
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
>> Accept: */*
>>
>>
-- Mark bundle as not supporting multiuse
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/html
Server: nginx
Date: Wed, 08 Mar 2023 20:51:34 GMT
Content-Length: 0-- Closing connection 0
** Timing Details **
-- Name Lookup: 0.00s
-- TCP Connect: 0.18s
-- First Byte: 0.39s
-- Total Download: 1.25s
-- Size: 0 bytes
-- Speed: 0 bytes/sec
-- Using: HTTP/1.1
** RESULT CODE: 200**If I browse to the URL I get the site redirects ending at https://advicetips4life.com/us/acyq/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqjSHcSxbXT
-
Why does spamcop think this is not hosted anywhere?
A ping forhttp://www.umkhn.ipeaet.com/
179.60.149.187
info@vds4you.ru
-
On 3/2/2023 at 8:22 PM, ArtmakersWorlds said:
And what good would that do? I report all my fake calls to the do not call registry. Keep getting them over and over. US government agencies don't give a flying rats behind.
I keep sending to spamcop, for what ever good that does.
Why doesn't SPAMCOP forward these to the US dept of homeland security?
Nah, easier at this point to just delete.
I did post a comment on the facebook page, for what little good that will do.
I also wrote a review on "trustpilot." Here. https://www.trustpilot.com/users/63fa7b5a7a60510015d64d1e
And a2 posted a lame reply to forward spam to their abuse department. I HAVE BEEN. It's so far done NOTHING.
Well it’s reassuring to read that I am not the only one being bombarded with this junk and a2hosting is the host of the fraudulent scamming spammer customer!
I even spoke to them and they were pretty unclear what they were doing about it all. It’s very obvious there is a determined spammer behind this crap and they are not being handled appropriately or quickly enough.
-
They seem confused!
Quote”Reporting unwanted messages as spam: If you don't recognize who used the ExactTarget service to send you a given message, you can report it to us as spam by sending it (or, in the case of a non-email message, by sending an explanation) to abuse@exacttarget.com. We receive, investigate, catalog, and take appropriate action based on complaints we receive. Alternatively, or in addition, feel free to report the message to a spam reporting entity. For example, Spamcop at www.spamcop.net provides an easy way to report unwanted mail as spam.”
But when you report a spam email sent by an ExactTarget sender’s IP address, this is the result:
Quote( z_User_Notification ) To:abuse#exacttarget.com@devnull.spamcop.net
Devnull because they don’t want the report?
-
On 1/24/2023 at 4:20 PM, petzl said:
My browser or ISP has the IP blocked?
Failed Domain Lookup.
Hostname: hkdps.piarliye.com
Domain: piarliye.comQuerying root.rwhois.net:4321 for piarliye.com...
Can not resolve host 'root.rwhois.net'Isn’t it strange?
I go to that site and it’s live. It redirects to https://great-tipsline.com/us/owiy/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqafrfZKtn5
What does spamcop say ?
SpamCop v 5.4.0 © 2023 Cisco Systems, Inc. All rights reserved.
Parsing input: 88.214.26.85No recent reports, no history available
Routing details for 88.214.26.85
Report routing for 88.214.26.85: info@ip-interactive.de
info@ip-interactive.de redirects to support@ip-interactive.de
support@ip-interactive.de bounces (19201 sent : 9601 bounces)Statistics:88.214.26.85 not listed in bl.spamcop.net
More Information.
88.214.26.85 not listed in cbl.abuseat.org
88.214.26.85 not listed in dnsbl.sorbs.netReporting addresses: (NONE)
I found up-interactive.de is now Layer7.net
I emailed Layer7 and they explained:
88.214.26.0/24 is hosted in a foreign ASN.
We do not have any control there. To stop services we would have to pull back the whole /24 network.
And we will not pull back the whole /24 because an anonymous 3rd party [me] will ask us to do so.
AND
88.214.26.0/22 belong to our allocations. So its correct that it returned us at some point. We are the responsible LIR ( RIPE member -- like ARIN but for Europe/Middle-east ) for this IPs.
So I looked in Domain Tools. 88.214.26.85 is the Layer7 customer, fivecloud.net so I’ll go to those guys (based in the Seychelles) about this site.
CAN SPAMCOP UPDATE THEIR CONTACTS FOR THE IP?Looks like a range where they have ip-interactive.de that don’t respond as they are no longer the business.
-
Ongoing… this one still cannot be found by Spamcop but is definitely live. I can ping the web address:
Target URL for the emailed link in a mail pretending to be from a friend or relative:
hkdps.piarliye.com
Pings at 88.214.26.85no response since 19 Jan from support@ip-interactive.de - trying them again.
-
-
These sites are all hosted by a2hosting.com (all have the same site page content “Business Casual” template, with same stock “family photo” image). The spammer creates the domains with Namecheap registrar the day they send spam, or up to 3 days before they send their spam mails.
Example site name/domains at 190.92.179.156:5369555.vipryanpage.websitewanaolaomaod.arteoniolsa.prozltaxafa.cloud (behind 172.67.169.142 but was visible at 190.92.179.156: on 6 November)
a2hosting does have a reporting address.
EXAMPLE SPAMCOP OUTPUT:Parsing input: http://5369555.vipNo recent reports, no history available
Host 5369555.vip (checking ip) = 190.92.179.156
Display data:
"whois 190.92.179.156@whois.lacnic.net" (Getting contact from whois.lacnic.net)
whois.lacnic.net 190.92.179.156 = abuse@a2hosting.comCannot find ip range in whois outputNo reporting addresses found for 190.92.179.156, using devnull for tracking.Statistics:190.92.179.156 not listed in bl.spamcop.net
More Information.
190.92.179.156 not listed in cbl.abuseat.org
190.92.179.156 not listed in dnsbl.sorbs.netNo valid email addresses found, sorry!
No reporting addresses for 115.71.14.193?
in Routing / Report Address Issues
Posted
Yeah, advance fee 419 scam. They go to junk mail daily for me.
i always add the exact same format to a user report:
And I copy the report to abuse@gmail.com
i use keyboard short text/quick reply text to put that detail into the user report in the same format every time. In the hope the reply accounts are reviewed/shut down quickly. I think it’s working because 419 scammer emails tend to stress how urgent replying is now!