Jump to content

gnarlymarley

Membera
  • Content Count

    275
  • Joined

  • Last visited

Community Reputation

0 Neutral

About gnarlymarley

  • Rank
    Advanced Member

Contact Methods

  • AIM
    gn02020202
  • Yahoo
    gnarlymarley

Profile Information

  • Gender
    Male
  • Location
    utah, USA
  • Interests
    reporting spam

Recent Profile Visitors

1,722 profile views
  1. gnarlymarley

    obscuring personal IDs in reports

    hank, it is a good idea to make sure it was munged before sending the reports to the admins. (The admins that "could be" the actual spammers.)
  2. gnarlymarley

    IP being used, but not in whois

    Thanks, good to know. Yeah, it was picked up by Media Land as an be seen in BGP tables, https://bgp.he.net/AS206728#_prefixes out of Russia. I had contacted RIPE and all I got is Media Land is what I currently know about it. My contact at RIPE seems to think 185.254.121.0/24 has never been allocated to any organization (which leads me to believe they are only looking at what I can see and their front end support is not very helpful.) Hello, Thank you for coming back to us. The AS206728 belongs to MEDIALAND. However the range is not allocated. https://apps.db.ripe.net/db-web-ui/#/query?searchtext=AS206728 So they are announcing a network with a range which is unassigned from their own servers. Hope to have informed you sufficiently at this stage. Kind Regards,
  3. gnarlymarley

    hetzner.de spam source

    A few ways to do this. One is traceroute. If they have a firewall, then this may not get you to their border servers. The other way is to use a looking glass, such as http://lg.he.net. I also use http://bgp.he.net to find the upstream AS number and then I can use it to find the peers. It appears that hetzner.de is much larger than I though as they have 216 peers. That would take way too much time to get their ISPs to chat with them about their spam hosting. It is interesting that all their networks all point to abuse[at]hetzner.de.
  4. Sounds to me like the IP registries are confused. Seems to be that 185.254.121.237 is said by arin to be RIPE, but by everyone else to be IANA. The IP is in use and is routable. Does anyone else see what I am seeing returned from RIPE or is this just me? https://www.spamcop.net/sc?id=z6578180134z80ef26afa691a5047d301c474dcaaf8bz https://www.spamcop.net/sc?id=z6578095270z15fc50e4b2d4dad674d00394b23c6c24z https://www.spamcop.net/sc?action=rcache;ip=185.254.121.237 $ whois 185.254.121.237@whois.ripe.net [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '0.0.0.0 - 255.255.255.255' % No abuse contact registered for 0.0.0.0 - 255.255.255.255 inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space
  5. gnarlymarley

    Domain abuse reporting contact

    This is because the abuse address of the domain itself is usually the spammer themselves. So SpamCop reports it to the abuse address where the content is stored, which is on the IP. The domain is pointed to an IP that seems to be in a Microsoft data center. Host hipmie.com (checking ip) = 40.71.252.90Routing details for 40.71.252.90[refresh/show] Cached whois for 40.71.252.90 : abuse@microsoft.com
  6. gnarlymarley

    No Data Found

    Apparently, there was a problem between the database and the email servers. Works for me now. You will want to try your old tracking URLs.
  7. gnarlymarley

    spamcop report spam

    apparently, there was an issue between the database and one of the mail servers. Your tracking URL seems to be working for me now.
  8. gnarlymarley

    No data found--Spamcop do not see header

    Was intermittent for me and maybe was prod-sc-app007. It is working for me now and all my old links that were broken are fixed. You may need to note down if this was a different server than app007 and get the deputies to put in a trouble ticket.
  9. gnarlymarley

    spamcop report spam

    It was only a handful of spammers that tried to figure out who I was. They kept sending similar emails to my hotmail at the time while changing the To: header and a number at the bottom of the body. Been a while since I have seen their attempt to detect me. Awesome!
  10. gnarlymarley

    spamcop report spam

    The spammers will try to change headers or unique identifiers to try to figure out who is reporting. Hopefully they get shutdown first instead. About two decades ago, I was seeing it jump from 5 to around 70 seconds. At that time there were factors such as DB speed and webservers and it would try to detect high loads and put in a higher time. The amount of reports would change that wait number. The spamgraph might be good for you to check out to see if that is still happening with the number of reports and the wait time. https://www.spamcop.net/spamgraph.shtml?spamstats
  11. gnarlymarley

    (Notes)?

    spammers like to make their stuff look legitimate. I believe gmail has fallen to the spammers level. If they are paid enough, they will probably continue to have the domain unblocked.
  12. I wonder if this has something to do with mailhosts. It almost seems the parser might be dying on this line: Received: from singlehosti.com (singlehosti.com. 216.244.76.116) Does it change if you remove only that one line?
  13. gnarlymarley

    Can I copy reports to my ISP

    When you add fuel to your account, there is a third party report option that shows up on each report that you can add your ISP's email. I am not sure I would use it as your ISP would probably just turn off the reports such as noted with sendgrid in this forum post.
  14. gnarlymarley

    (Notes)?

    Also, the (Notes) portion is a link to some text boxes further down on the page where you can add some information to the particular report that goes out. The group text box for is up by the "Send Reports" button, and the individual text boxes are below.
  15. That edit button could also be based on either time signed up or amount of posts. I have the edit button for some posts of mine in this forum going back to before June 8th. I suspect a forum admin might be able to do it if you no longer have edit access when you are logged in.
×