Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by RobiBue

  1. RobiBue

    reveal obfuscated url for reporting

    5 years ago, this piece was posted by a now Chief Information Security Officer (CISO), then working for Cybersecurity with NCR: https://isc.sans.edu/forums/diary/How+Malware+Campaigns+Employ+Google+Redirects+and+Analytics/19843/ I agree, feature request is best policy as not everyone has the ability and possibility to run a scri_pt with every submission, whereas every submission runs through a scri_pt 😉
  2. RobiBue

    Any point in reporting spam from AMAZONAWS?

    🙂 and don't forget social media 🙂
  3. RobiBue


    let's all take a step back and take a breath. you, as OP (original poster) asked about a link in spam to "nospammer.net" Lking then pointed out the body of the spam showed the "no spam" link implying that the whole spam including link is all spam. you then ask if you should report the spam lking replies "yes" (he would report it if he received that spam) I feel better after having taken a few breaths of fresh air now as an aside, I didn't see any joke anywhere, so I'll post one: How many psychiatrists does it take to change a lightbulb? only one; but the lightbulb has to really want to change!
  4. RobiBue

    obscuring personal IDs in reports

    I use Firefox, and if I open the tracking URL in a “private tab” even if I’m logged in, the private tab won’t be logged in — the Login credentials don’t carry over into new private tabs — and you can see the munged report right away without logging out first (but it has to be in a private tab) In the following link, there are several ways explained on how to accomplish this with ie, Firefox, and chrome as well as other methods with the aforementioned browsers: https://www.howtogeek.com/126621/how-to-log-into-multiple-accounts-on-the-same-website-at-once/
  5. I don't know, but as of late, I submit spams (to seekrit.email@spamcop.com) but only occasionally am able to submit the spam. the others are lost in limbo... maybe that has to do with the green spikes?
  6. looks like their IPv4 peer is AS 31343 ( Intertelecom Ltd ) (got it from your dnslytics link ) It seems that Intertelecom is the only peer Romanenko has, so it is likely that he is their customer... maybe they don't know what's going on in their "backyard/neighbourhood" and then again, maybe they do and the money they get is good enough for them...
  7. RobiBue

    No Data Found

    In principle, yes, but to save time only remove the empty lines in the header, leaving however many empty lines there are after the header part intact including, as Lking said, the required blank line at the end of the header. I hope this makes sense... I believe the reason for the empty lines is *nix (Unix, Linux, etc...) to windows conversion, where *nix is LF and windows is CR/LF where one line converts to an extra CR so LF ends up being CR/LF —> CR/CR CR=carriage return, LF=line feed somehow Microsoft still has problems converting them correctly 🤫🤓😫 (after 40 or so years of experience...) Wikipedia (issues with different new-line formats)
  8. RobiBue

    No Data Found

    the problem with hotmail/live.outlook/microsoft is that when you copy/paste you have an extra CR/LF (empty line) between each line and that disrupts the parser. i.e. I have this: which ends up looing like this in notepad: Received: from BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com (2603:10b6:406:80::21) by BN8PR14MB3108.namprd14.prod.outlook.com with HTTPS via BN7PR06CA0008.NAMPRD06.PROD.OUTLOOK.COM; Tue, 8 Oct 2019 17:12:07 +0000 Received: from BN3NAM04FT064.eop-NAM04.prod.protection.outlook.com ( by BN3NAM04HT167.eop-NAM04.prod.protection.outlook.com ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.20; Tue, 8 Oct 2019 17:12:07 +0000 at least that's what I get, an empty line between each line see https://www.spamcop.net/sc?id=z6579716938z8475af47adf145b28b287648c1133132z
  9. Ah, the reason why you can't see the "coded email address" is because you have an ISP control center account. you might need to try out different links and options, like: clicking on [control center], or [preferences], or trying the [Action:] option other than [Find reports v] option: (I don't know what other options are in that list... as I don't have an ISP control center account) <-- this one here maybe... or wait until someone with such an account can help...
  10. got it. although now-a-days there are not many email programs that let you attach emails (including headers). forward them, yes, but you lose the mail's identity. I believe many email providers changed that to protect their breadgivers/spammers...
  11. well, when you submit the spam (depending on the way you submit it -- specifically in my case, copying and pasting the spam into the submission box in SC) you already got the raw spam, and as long as you don't click on any spam links (and also have a reliable anti-virus running on your system) you should be all good ...
  12. Ah, that's probably why I got this error a few mins ago: Sorry, there is a problem You do not have permission to view this content. Error code: 2F173/H
  13. RobiBue

    obscuring personal IDs in reports

    SpamCop automatically does that (well, with the email address) see one of my submissions: https://www.spamcop.net/sc?id=z6578044857zc86d7fb1db68d76d82418caac89c33fbz Delivered-To: x Received: from fundamental.avisayon.com (fundamental.avisayon.com. []) by mx.google.com with ESMTP id q67si3118259wme.53.2019. for <x>; To: <x> To: <x> my email address entries are obscured as you can see in the link itself, and the names, well, I get spam emails addressed to different people that it doesn't bother me if they have RobiBue, MaryScott, or the Pope of Rome in the name
  14. Question: before you submit the spam without body, are you able to write <empty line> spam completely encompassed in subject line with <empty line> actually being an empty line and not the words and angled brackets ?
  15. RobiBue

    AWS spam source

    Many times I have had these, it usually would stop if I didn’t report the links. And many times, reporting manually to amazon (since these seem to go to /dev/null ) other than that, ride it out...
  16. RobiBue

    Adjunct SpamCop Reporting Tools

    if thunderbird takes after firefox then, unless habul gets worked on, the tool will be useless since xul is being removed permanently. sorry to be the bearer of bad news BTW, I think I remember legolas... wasn't he also an abuse admin like afterburner and nyarlahotep?
  17. RobiBue

    forum spam handling

    I just had a brainfart (pardon my French)... Sooo, we have these pesky little 💩 that think that the readers of these forums are interested in their spew 🤮 Well, here is my proposal to alleviate the problem: Reported posts receive a mark/counter (see below: 1 reported...) Posts that are less than 24 hours old and reported more than 3 times get hidden (can be unhid[sic] by the user if he/she so desires) A user with a post reported 4 times would be prevented from posting in the forum (reading is ok, and pm an admin to ask for unblocking) Eventually a forum admin can do some garbage collection (GC) the way they usually do it this would be the forum view with all topics displayed (the two marked "4 reported" would be hidden by default) This would be the "Unread" topics view (hey, no spam but only if 4 reported them beforehand) in Content Types, the user could choose to see the spam (unless the forum admin already done the GC) Suggestions or ideas (or the other way around) are always welcome.
  18. RobiBue

    Reporting addresses bouncing?

    looking up the abuse.net db on mschosting .com shows the aforementioned list... https://www.abuse.net/lookup.phtml?domain=mschosting.com hostmaster and postmaster addresses are AFAIR quite old (10+ years) and often not used anymore... therefore the bounces. The tmcops address could be an old entry as well and it was never updated... There is also another possibility that all the addresses DO exist, but they have been either neglected or forgotten and the mailbox filled up and overflowed... ergo another bounce... Officially, APNIC lists noc-abuse for the mentioned IP address as the abuse address https://dnslytics.com/whois-lookup/
  19. yeah, spamcop has a few issues with APNIC when looking up the addresses in ARIN. Unfortunately they are more than just a few 😞
  20. RobiBue

    Sendgrid reports dev'nulled?

    On a certain date, sendgrid probably asked SC not to send spam reports. On that date, or soon after, somebody manually devnulled the sendgrid abuse address. That date would be interesting to know, as well as the reason the address was devnulled. That's what Petzl means with perhaps someone with backstage access could shed some light, or clear up these murky waters 😉
  21. RobiBue

    SCBL Usage

    I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not. Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)
  22. RobiBue

    forum spam handling

    If I read this correctly: 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me) 6 of the 10 have all been now banned for spamming and received a warning point (for posterity) this leaves 4 (including me and you) and 2 of them have not posted yet so who posted the other 6 spams? I am a bit confused... And according to what you say, there aren’t enough people around to mark the spam... bummer!
  23. RobiBue

    forum spam handling

    Oh dear, I think I created a monster 😉 I haven't been active recently. just been popping in occasionally (lately)... Anyway, back to the discussion: I do believe that the login in created by carbon entities who are promised a certain amount for every successful post approach 1) I think it's too complicated, as there are too many diverse systems floating around. approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best. approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch. So let's say it's carbon entities and not silicon based bots. Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working? My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.
  24. RobiBue

    forum spam handling

    Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...