Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by RobiBue

  1. RobiBue

    leaseweb spam

    <sfx mode="whisper, crowd"> YAY!!! </sfx>
  2. Abuse contact for ' -' is 'info[at]fiberserver.net.tr'
  3. RobiBue

    leaseweb spam

    on 12/01/2018: http://forum.spamcop.net/topic/31073-abuse-contact-for-209581840-20958191255 and http://forum.spamcop.net/topic/31072-abuse-contact-for-209581760-20958183255 https://www.spamcop.net/sc?id=z6505161826z64add7cea35b443dd4f168a08a7582b8z even refreshing seems not to work. As I said, I wish SC would be able to get the abuse address from the correct registry... which in this case is APNIC, not ARIN...
  4. in your case, I'd be sending a manual report to sendgrid, and one to the IP owner of the link in the body. but the reports wouldn't be sent from the email account I received the message to, but from a spam reporting email address not associated with me. (I made one up a long time ago combating a Nigerian spammer with a name from another Nigerian spammer and have been using that one for manual reports ever since, always munging my name and other identifying strings explaining to the abuse desk the reasons for it.)
  5. mine reports without problems: https://www.spamcop.net/sc?id=z6504258765z2c686bd18ea5c5a2c21ec63c840b3fbbz if you could provide the tracking URL (like the one I provided above) it would be easier to see the problem. I used the lines you provided for a test, and it parses it correctly... (removed spaced lines from headers and added X- to Received: line. See comment in parse of test link). I must admit, I do not use the Mailhost configuration. I report manually/submit via email attachments, so that might be your issue...
  6. @MIG, he actually does that. It just takes a while (at least for me, since I rise earlier due to time zone location...) And he does a great job at it Chapeau! Thanks LKing! Namaskaram! 🙏
  7. Abuse contact for ' -' is 'abuse[at]sg.leaseweb.com' Information related to '' -> AS133752
  8. Abuse contact for ' -' is 'abuse[at]sg.leaseweb.com' Information related to '' -> AS59253
  9. RobiBue

    Any point in reporting spam from AMAZONAWS?

    Does this mean, that I should [refresh/show] every cached whois of every report? thanks for the heads-up
  10. I do not believe they were SC members, they were abuse admins for RCN/erols, but they listened to SC reports and acted on them ☠️ https://spamcop-list.news.spamcop.narkive.com/bas7gybr/funniest-kill-ever
  11. RobiBue

    Any point in reporting spam from AMAZONAWS?

    Well, amazonaws spam reports get sent to /dev/null in my case: https://www.spamcop.net/sc?id=z6503507988zf04f1366f6ca8e5a872324eb4f96d690z Tracking message source: Routing details for [refresh/show] Cached whois for : abuse@amazonaws.com Using abuse net on abuse@amazonaws.com abuse net amazonaws.com = abuse@amazonaws.com Using best contacts abuse@amazonaws.com Reports disabled for abuse@amazonaws.com Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking.
  12. it's been eons ago, but I remember when spammers and other scumbags trembled when Afterburner and Nyarlahotep (and of course others in their league) would shutdown their accounts... ah, memories
  13. RobiBue

    Failed to load spam header

    Thanks, that's what was being asked. Somehow some tracking URLs seem to expire, and others continue on... There is probably an "expiration date" attached to them....
  14. RobiBue

    Failed to load spam header

    Hello Petzl, MIG used the URL you provided in this post from last year and is confused in why it returns the message " Failed to load spam header " << Which sample of one filled out becomes https://www.spamcop.net/sc?id=z6405221173zd2f8b10e4a27a1d0e37d7af5dacb6600z botnet spewing spam *DoS* attack URL links are "Joe Jobs" (unassociated with attacks)  >>
  15. From what I understand, when Julian Haight designed SpamCop, it looked at every possible correctly chained IP address, where it was sent from, and who received it, making sure that spoofed headers would not confuse the chain. If he were still running this system, he would have correctly implemented the 6to4 IPv6 checks, which apparently Cisco/Talos has no intention to do. For them to claim the implementation would cause a security vulnerability is pure BS in my not so humble opinion. It just shows, that their programmers are not as good as one would expect from a company of such security weight. It's an email header parser/analyzer for heavens' sake. And it's broken (on the IPv6 6to4 address side at least.)
  16. I do not believe you mis-spoke. It is an IPv6 problem. SpamCop doesn't resolve the 6to4 private addresses, which are in IPv6 format, and that qualifies as an "IPv6 problem" that we all wish SpamCop would be able to handle "today"
  17. In other words: he probably jinxed it... now someone at outlook will “fix” that “working flaw” 😱
  18. RobiBue

    Need help with my new laptop

    As a reminder: this jimmyjell has been posting things like this that in a strange way make sense, and then there is always a link, where I suppose you are sent to grab a virus or malware. He started posting this stuff about a week or two ago...
  19. RobiBue

    Message Header Analyzer - Microsoft

    Coincidentally I saw that just a few days ago... had completely forgotten about it... thanks for the link and the reminder
  20. RobiBue

    url not a routable address

    .HOST is a valid TLD according to IANA it is possible that one of the registrars took it down: https://ntldstats.com/tld/host doubt it though, as It seems to be registered through namecheap... (sorry about the reCaptcha...) Domain Name: BXDGEI.HOST Registry Domain ID: D82021934-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2018-11-06T17:50:19.0Z Creation Date: 2018-11-06T17:50:07.0Z Registry Expiry Date: 2019-11-06T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registrant Organization: WhoisGuard, Inc. Registrant State/Province: Panama Registrant Country: PA
  21. RobiBue

    error: couldn't parse head

    that's why I wish SC/Cisco would also get their gears into motion and have the private 6to4 addresses parsed correctly and not ignore them and break like they have been doing thus far... ?
  22. RobiBue

    Why you allow spaming this forum

    I usually get these posts fairly early and go through the unread posts, flagging the spams first. It does take a little while with a slow pc/nb, but eventually I have a clean slate to look at the real issues, and as Lking said, occasionally I flag a missed one
  23. Many times, pasting the spam into a blank notepad first, will take care of those empty lines or will show that there are empty lines. Usually this happens when there is a carriage return (cr) and a line feed (lf) like in unix (cr/lf) and microsoft (cr) receives it...
  24. RobiBue

    ISP has indicated spam will cease

    there are unfortunately more ways for spammers to send their junk: they can find an open proxy, that is a server who allows sending through it (on port 25) and you can find plenty of those on the web (unfortunately) another way is to spoof IP addresses, usually addresses that are not in use or still in transfer. I have been receiving my fair share of spam from IP blocks which are not in use and therefore a bounty for spammers as there is no abuse address for those IP blocks
  25. In SC when i submit as attachment, the spam needs to be truncated. SC won't accept it otherwise. Manually in the report box, it might be the case that SC does it automagically but I haven't tried that one in a while though