Jump to content
littlepeaks

url not a routable address

Recommended Posts

I keep getting this spam every so often -- think they view my Facebook posts (which are few) to see who my friends are, and send me stuff that looks like they are from my friends.  When I report the spam through Spamcop, it finds the originating email provider, but always says the URL in the message is not a routable address.  One time a few years ago, I accidentally clicked on the address, and it actually redirected to a Russian (I think) advertising site.  I set up my old PC with Linux Mint and put the Torr browser on it, to see where these spam/scam sites go anyway, and that can't route the addresses either.  So how is it that Windows can redirect to these addresses.  I just got one that said: 

I hope all is well. Just thought you may want to have a look at this http://www.rbk.bxdgei.host/***my_name***

So what's the story on this?  TIA

Share this post


Link to post
Share on other sites

It is hard to say with so little information.  You said you report through SpamCop.  Could you post a Tracking URL so we all could see all the available information?  Are you talking about the URL/IP of the source of the email or a URL embedded in the body of the email?

You did not say which browser you used in windows, but "Windows" and most browsers try hard to respond to all user request - That does not mean they find the right or useful answer.

Share this post


Link to post
Share on other sites

Tracking URL:  https://www.spamcop.net/mcgi?action=gettrack&reportid=6874497880

I was referring to the URL posted above, not the IP source of the email.  I use SeaMonkey (one of the Mozilla family of browsers -- does both email and web browsing.

I don't think the problem is the way SpamCop parses it -- the problem is that the SpamCop can't find any info about the URL, but somehow, if you click on the URL, it goes somewhere (no I'm not going to click on it).  It is not a normal URL.

Share this post


Link to post
Share on other sites

The Report id you provided is only visible to you. The Tracking URL looks like

Quote

If you follow the Report id, and then click on Parse you can see the Tracking URL just below

Quote

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:

 

Share this post


Link to post
Share on other sites
6 hours ago, littlepeaks said:

SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:

https://www.spamcop.net/sc?id=z6498770782z7d3b0b73629de529910ad0975ab63328z

--- 11/09/18 17:52:05 AUS Eastern Daylight Time
--- reading URL http://www.rbk.bxdgei.host/jim-madsen/
--- error: Host not found
So it's a dud link?

Share this post


Link to post
Share on other sites

.HOST is a valid TLD according to IANA

it is possible that one of the registrars took it down: https://ntldstats.com/tld/host

 doubt it though, as It seems to be registered through namecheap... (sorry about the reCaptcha...)

Domain Name: BXDGEI.HOST
Registry Domain ID: D82021934-CNIC
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: https://namecheap.com
Updated Date: 2018-11-06T17:50:19.0Z
Creation Date: 2018-11-06T17:50:07.0Z
Registry Expiry Date: 2019-11-06T23:59:59.0Z
Registrar: Namecheap
Registrar IANA ID: 1068
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization: WhoisGuard, Inc.
Registrant State/Province: Panama
Registrant Country: PA

Share this post


Link to post
Share on other sites
43 minutes ago, littlepeaks said:

So, I feel that reporting these is just a waste of time (of course it does figure out who hosts the email).

SpamCop's first priority is to build a blocklist of the sources of spam. Your examples do resolve the source and do add to the reputation of the source IP

The Second priority is to send spam Reports to the spam's source ISP and up-stream link.  Your last submission did generate and send three spam reports

The third priority is links in the body of the spam.  The parser does fail to resolve the one link in the body of your submission.  When I do a quick WHOIS search I do not find any info for iswvmhse.host  (not extensive nor did I look in more than one place.)

Your submissions do succeed in supporting the first two priorities. I do not consider that a waste of time.  As someone said 'Do not let perfection be the enemy of the good.'  Can things get better. Without any doubt!

(Stepping down from my soapbox before I get a nosebleed.)

Share this post


Link to post
Share on other sites
19 hours ago, littlepeaks said:

Well, the problem is that I have been receiving these type of messages for years, and spamcop is never able to resolve the URLs.

Ah yes, the old nameserver trick that spammers used to do to prevent their site from being reported.  Spammers would purposefully set up some bad glue entries that would cause the domain "lookup" to stop and would return a nxdomain error.  For me, I found that if I kept refreshing the reporting page, with a wait in between, before I would click submit, then spamcop might rotate to their actual working server and get the IP.

18 hours ago, Lking said:

SpamCop's first priority is to build a blocklist of the sources of spam. Your examples do resolve the source and do add to the reputation of the source IP

As Lking said, reporting URLs is less important for me these days as I have seen some spammers use my URLs to try to get me in trouble and now I am more interested in reporting the source of the spam.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×