Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by RobiBue

  1. RobiBue

    spam reporting question

    same as garbage can (a.k.a. /dev/nul) adding a report to incident@cert-in.org.in is described in https://www.cert-in.org.in/SecurityIncident.jsp from https://dnslytics.com/ip/, I would add a report to the ASN abuse found through https://dnslytics.com/bgp/as132779 as well... that is, a report also to 'admin@rackbank.com' at least for the spam just provided in https://www.spamcop.net/sc?id=z6512015168z11faf14ef668f295d00a184d7761a5a0z
  2. RobiBue

    spam reporting question

    Hi ArtmakersWorlds, I suppose you are talking about the IPv6 address in the email header's "Received:" line beginning with "2002:", otherwise it would be helpful if you could post the "TRACKING URL" you received when submitting the spam to better understand what you mean. i.e. the URL you receive when reporting the spam (my link depicted in indigo purple) If it's the IPv6 (6to4) address, then see the threads here and here about the reasons why some of it isn't working and what Google is or isn't doing about it... HTH
  3. I believe that is the upstream "himself"... (couldn't find an upstream but APNIC themselves)... it's probably time to report to APNIC that the reporting email address is invalid... that pradeep guy has a huge IPv6 block ... he's probably admin[at]robosapi.com anyway
  4. Parswn67 probably meant to "re-post" Farelf's post from 2013 but something must have gone wrong, so here's the link as a reminder ;)
  5. RobiBue

    leaseweb spam

    <sfx mode="whisper, crowd"> YAY!!! </sfx>
  6. Abuse contact for ' -' is 'info[at]fiberserver.net.tr'
  7. RobiBue

    leaseweb spam

    on 12/01/2018: http://forum.spamcop.net/topic/31073-abuse-contact-for-209581840-20958191255 and http://forum.spamcop.net/topic/31072-abuse-contact-for-209581760-20958183255 https://www.spamcop.net/sc?id=z6505161826z64add7cea35b443dd4f168a08a7582b8z even refreshing seems not to work. As I said, I wish SC would be able to get the abuse address from the correct registry... which in this case is APNIC, not ARIN...
  8. in your case, I'd be sending a manual report to sendgrid, and one to the IP owner of the link in the body. but the reports wouldn't be sent from the email account I received the message to, but from a spam reporting email address not associated with me. (I made one up a long time ago combating a Nigerian spammer with a name from another Nigerian spammer and have been using that one for manual reports ever since, always munging my name and other identifying strings explaining to the abuse desk the reasons for it.)
  9. mine reports without problems: https://www.spamcop.net/sc?id=z6504258765z2c686bd18ea5c5a2c21ec63c840b3fbbz if you could provide the tracking URL (like the one I provided above) it would be easier to see the problem. I used the lines you provided for a test, and it parses it correctly... (removed spaced lines from headers and added X- to Received: line. See comment in parse of test link). I must admit, I do not use the Mailhost configuration. I report manually/submit via email attachments, so that might be your issue...
  10. @MIG, he actually does that. It just takes a while (at least for me, since I rise earlier due to time zone location...) And he does a great job at it Chapeau! Thanks LKing! Namaskaram! 🙏
  11. Abuse contact for ' -' is 'abuse[at]sg.leaseweb.com' Information related to '' -> AS133752
  12. Abuse contact for ' -' is 'abuse[at]sg.leaseweb.com' Information related to '' -> AS59253
  13. RobiBue

    Any point in reporting spam from AMAZONAWS?

    Does this mean, that I should [refresh/show] every cached whois of every report? thanks for the heads-up
  14. I do not believe they were SC members, they were abuse admins for RCN/erols, but they listened to SC reports and acted on them ☠️ https://spamcop-list.news.spamcop.narkive.com/bas7gybr/funniest-kill-ever
  15. RobiBue

    Any point in reporting spam from AMAZONAWS?

    Well, amazonaws spam reports get sent to /dev/null in my case: https://www.spamcop.net/sc?id=z6503507988zf04f1366f6ca8e5a872324eb4f96d690z Tracking message source: Routing details for [refresh/show] Cached whois for : abuse@amazonaws.com Using abuse net on abuse@amazonaws.com abuse net amazonaws.com = abuse@amazonaws.com Using best contacts abuse@amazonaws.com Reports disabled for abuse@amazonaws.com Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking.
  16. it's been eons ago, but I remember when spammers and other scumbags trembled when Afterburner and Nyarlahotep (and of course others in their league) would shutdown their accounts... ah, memories
  17. RobiBue

    Failed to load spam header

    Thanks, that's what was being asked. Somehow some tracking URLs seem to expire, and others continue on... There is probably an "expiration date" attached to them....
  18. RobiBue

    Failed to load spam header

    Hello Petzl, MIG used the URL you provided in this post from last year and is confused in why it returns the message " Failed to load spam header " << Which sample of one filled out becomes https://www.spamcop.net/sc?id=z6405221173zd2f8b10e4a27a1d0e37d7af5dacb6600z botnet spewing spam *DoS* attack URL links are "Joe Jobs" (unassociated with attacks)  >>
  19. From what I understand, when Julian Haight designed SpamCop, it looked at every possible correctly chained IP address, where it was sent from, and who received it, making sure that spoofed headers would not confuse the chain. If he were still running this system, he would have correctly implemented the 6to4 IPv6 checks, which apparently Cisco/Talos has no intention to do. For them to claim the implementation would cause a security vulnerability is pure BS in my not so humble opinion. It just shows, that their programmers are not as good as one would expect from a company of such security weight. It's an email header parser/analyzer for heavens' sake. And it's broken (on the IPv6 6to4 address side at least.)
  20. I do not believe you mis-spoke. It is an IPv6 problem. SpamCop doesn't resolve the 6to4 private addresses, which are in IPv6 format, and that qualifies as an "IPv6 problem" that we all wish SpamCop would be able to handle "today"
  21. In other words: he probably jinxed it... now someone at outlook will “fix” that “working flaw” 😱
  22. RobiBue

    Need help with my new laptop

    As a reminder: this jimmyjell has been posting things like this that in a strange way make sense, and then there is always a link, where I suppose you are sent to grab a virus or malware. He started posting this stuff about a week or two ago...
  23. RobiBue

    Message Header Analyzer - Microsoft

    Coincidentally I saw that just a few days ago... had completely forgotten about it... thanks for the link and the reminder
  24. RobiBue

    url not a routable address

    .HOST is a valid TLD according to IANA it is possible that one of the registrars took it down: https://ntldstats.com/tld/host doubt it though, as It seems to be registered through namecheap... (sorry about the reCaptcha...) Domain Name: BXDGEI.HOST Registry Domain ID: D82021934-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2018-11-06T17:50:19.0Z Creation Date: 2018-11-06T17:50:07.0Z Registry Expiry Date: 2019-11-06T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registrant Organization: WhoisGuard, Inc. Registrant State/Province: Panama Registrant Country: PA
  25. RobiBue

    error: couldn't parse head

    that's why I wish SC/Cisco would also get their gears into motion and have the private 6to4 addresses parsed correctly and not ignore them and break like they have been doing thus far... ?