Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About RobiBue

  • Rank
    Advanced Member

Recent Profile Visitors

3,315 profile views
  1. RobiBue

    Hivelocity spam Haven?

    while the IP address in the first link isn't in any BL listed in SC, Microsoft/Outlook seem to have a different view: <https://answers.microsoft.com/en-us/msoffice/forum/all/our-emails-being-blocked-for-no-reason-and-your/717fe0e7-a33d-4db3-ae0b-b89f98c1eb5c> I didn't check the other two though...
  2. RobiBue

    Spamcop not x'ing my domain name

    indeed SC does only "x" out the email address... the websites/links stay the way they are for the ISP to verify that the website is used and to remove the abusing domain or website. this is unfortunate in your situation, and believe me, I know... had the same "heplful webdesigners" spam me too (well, maybe not the same...) not much that can be done here...
  3. interesting page... especially the last part: the last link there is so old that it's as outdated as a broken and deceased newsgroup... well, lots of things change in 15-20 years... except spam that is, unfortunately 😞
  4. Hi @SWarner, this is a problem with "private" blocklists e.g. rbl.websitewelcome.com they will list ip addresses, and then redirect you to spamcop, which is not involved in the listing through aforementioned RBL. it happens often, and users who are blocked think that spamcop is to blame. Of course, there can be instances where a customer shares the same address range as a spammer, and ends up as casualty in the spam wars, but here, you are the victim of an independent RBL who has added the IP range you "inhabit" in his/her listing. if you check goggle you will find a myriad of entries regarding that specific RBL, and it's not good. https://www.google.com/search?q=rbl.websitewelcome.com you can also check your mail host here: https://mxtoolbox.com/blacklists.aspx maybe this info will be of help. again, just to clarify: said RBL has no connection to spamcop whatsoever. Good luck
  5. RobiBue

    Anyone receiving emails like this?

    well, looks like both, yours and mine, are hosted by the same Russian spam haven SERVERLUX-NET aka serverlux.ru... ...seems to be a yandex.ru / yandex.net customer... IMNSHO it's the Russian ransomware group phishing for more... just my opinion... I mean no offense to Russians in this forum, nor any offense to yandex/serverlux users, but the hosting companies seem to be very lax when it comes to spammers, scammers, and cyber criminals... seem is the word of choice I am using...
  6. RobiBue

    Anyone receiving emails like this?

    I have been getting spam in Russian lately, but not from transcriby... they are always something about money ... scams IMO... Today, this one: https://www.spamcop.net/sc?id=z6714158319za96a80e7bd03d49067421101abebbddfz oddly enough, if I look at the whois records for % Abuse contact for ' -' is 'noc@serverlux.ru' and sc sez: routeid: 78610752 - to: noc@serverlux.ru Administrator interested in all reports 3/19/2020, 10:53:21 AM -0500 [Note added by (no name)] Route added without comment but: of course, Reports disabled ...
  7. RobiBue

    Unable to report particular spam

    looking at the whole message, it does seem that the spam came from an outlook account, so report_spam[at]hotmail.com seems to be the correct place to report for spam origin. looking at the links in the spam, wix.com is the owner of the web IP address, so abuse[at]wix.com would be the place to report the link. just my 2¢ p.s. if secureserver.net were to remove received lines it would be on them to track the origin of the spam. No MX should be removing received lines, only adding them as they pass through their "sector" to be able to trace the origin correctly. Outlook does have misconfigured mail hosts which break the tracing as the names for inbound vs. outbound are different. (at least that's the way I see it)
  8. Six years ago (we're now 2021) manual routing and reporting addresses were added to Spamcop for ' -' but lots happens even in just one year... Currently SC has the following: https://www.spamcop.net/sc?action=showroute;ip=;typecodes=16 routeid: 74332931 - to: abuse@fibre1.net Administrator interested in all reports 10/9/2015, 10:31:27 AM -0500 [Note added by (s0106586d8fed0f8d.ss.shawcable.net)] Route added without comment besides: Reports disabled for abuse@fastit.net Using abuse#fastit.net@devnull.spamcop.net for statistical tracking. BUT % Abuse contact for ' -' is 'abuse@myloc.de' and remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+ the full whois as of today, May 27, 2021 with current data (no fastit.net nor fibre1.net anywhere to be seen although I do believe that a few years ago fastit.net and fibre1.net used to be involved...) $ whois % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to ' -' % Abuse contact for ' -' is 'abuse@myloc.de' <------!!! inetnum: - netname: DE-MYLOC-DUS-20031117 country: DE org: ORG-MMIA3-RIPE admin-c: MOPS-RIPE tech-c: MOPS-RIPE status: ALLOCATED PA mnt-by: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT created: 2020-11-04T10:31:12Z last-modified: 2020-11-04T10:31:12Z source: RIPE organisation: ORG-MMIA3-RIPE org-name: myLoc managed IT AG country: DE org-type: LIR address: Am Gatherhof 44 address: 40472 address: D▒sseldorf address: GERMANY admin-c: MOPS-RIPE tech-c: MOPS-RIPE abuse-c: MOPS-RIPE mnt-ref: MYLOC-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MYLOC-MNT created: 2019-10-28T10:48:29Z last-modified: 2021-02-09T10:11:49Z source: RIPE # Filtered remarks: Phone number is 24/7 NOC number with senior engineer on duty for routing/backbone related issues. remarks: This number should NOT be used for customer support nor for requests by public authorities. remarks: Thanks for your understanding. phone: +4921161708110 fax-no: +4921161708111 role: myLoc NOC address: myLoc managed IT AG address: Network Operations & Services address: Am Gatherhof 44 address: 40472 Duesseldorf DE admin-c: PHAN tech-c: PHAN tech-c: DDO tech-c: JOH tech-c: NIL tech-c: PRI nic-hdl: MOPS-RIPE remarks: +---------------------------------------------------+ remarks: | Please direct abuse issues ONLY | remarks: | to abuse@myloc.de | remarks: | | remarks: | Complaints to other adresses will be deemed | remarks: | as spam and not further processed! | remarks: +---------------------------------------------------+ remarks: | Please send legal/law enforcement inquiries to | remarks: | auskunft_AT_myloc.de. | remarks: | | remarks: | PGP-Key ID for auskunft@myloc.de is 0xBB75B2C5 | remarks: | | remarks: | You can send your inquiry also via fax to this | remarks: | number: +49 211 61708 551 | remarks: | | remarks: | For questions on legal/law enforcement use phone | remarks: | number: +49 211 61708 114 | remarks: | | remarks: | Mails to abuse@myloc.de WILL | remarks: | be automatically processed and the customer WILL | remarks: | get a notification about your inquiry. | remarks: +---------------------------------------------------+ remarks: | ONLY In case of routing/peering related issues | remarks: | please contact NOC: | remarks: | | remarks: | 24/7 NOC email: noc@myLoc.de | remarks: | 24/7 NOC phone: +49 211 61708 110 | remarks: +---------------------------------------------------+ abuse-mailbox: abuse@myloc.de mnt-by: MYLOC-MNT created: 2013-02-11T16:38:10Z last-modified: 2021-02-09T19:48:35Z source: RIPE # Filtered % Information related to '' route: descr: myLoc managed IT AG origin: AS24961 mnt-by: MYLOC-MNT created: 2003-11-17T13:44:38Z last-modified: 2017-02-07T16:39:12Z source: RIPE % This query was served by the RIPE Database Query Service version 1.100 (BLAARKOP) Personally, I would suggest disabling the two report routes, and if myLoc managed IT AG requests to place those two reporting addresses back, add a comment to the note(s) of who requested the addition and why. Thank you
  9. for me and for SC it resolves. just paste the link to the parser... it does redirect to a different website though... Edit: now, 12 hours later I got the chance to revisit the issue: <Error> <Code>UserSuspended</Code> <BucketName>d00</BucketName> <RequestId>tx0000000000000348ca477-0060aed878-c814a11-nyc3c</RequestId> <HostId>c814a11-nyc3c-nyc3-zg03</HostId> </Error> digital ocean does seem to act upon reports! It would just be nice if SC would parse bounces regardless...
  10. The problem is not where the spam is coming from. the problem for the OP is that whenever a bounce is detected, the links in the spam do not parse. also, manual reporting is not for everybody, and SC was designed to automate the process, not make it harder. It's a pity that Julian is not involved anymore... I miss him... and if @Richard W can look into this again, it would be fantastic wink wink BTW @EkriirkE I like your interests status it sounds fun to peruse stuff for something it's not meant to be 😄
  11. RobiBue

    Windows Mail in Win 10

    @WindsorFox what email program do you use to submit the spam? I would first try the following: Open the saved email file with notepad and copy/paste the whole content (headers and body) into the https://www.spamcop.net/ online form and see if that causes a problem when you submit it like that. Also, I am not sure if the attached email files have to end in spamfile.eml or if it can be .txt or .whatever (but I would go with .eml) so be sure it has the correct file type. Just as a side note, mine works if I submit it as spam1.eml and I can submit many spam emails attached to the one submission email (of course the number then increases for the file.)
  12. RobiBue

    Windows Mail in Win 10

    I believe the OP has the same issue as the poster from this thread: except that OP is the one submitting the spam, and not someone else.... at least that's how I understand the problem. (please correct me if I'm wrong)
  13. With the ability to create a gmail account on the fly, some scammers like to pursue that avenue, although often, Google shuts them down fairly quickly. Not having a Tracking URL to check, I will take your word for it that it is sent through google. It is possible that the account has been hacked and keeps on getting hacked and used by the scammer. On the other hand, I am open to the possibility of it being a completely new account, but inserting the original scammer address just for display, but with a different underlying email address. As I said, not having a Tracking URL makes it harder to follow and making up assumptions doesn't really help either. With that bit, I close
  14. here are two things to be considered: you have a domain name which is owned by/ or through a registrar. This registrar might be just that, a registrar and sells/rents the domain names to someone without caring what they do with it, or does care but can't really do much about it anyway. You also have to think about the entry in the registry, which can be the spammer itself, at least with a domain name I would be weary... the domain's web address (in your case www.nationalsurveysonline.com) resolves to an IP address which is currently hosting that said web address. Whoever is hosting it, is the one who actually can do something (like blocking or suspending the website hosting) and the website would need to find a new parking space... I don't know if my layman's analogy works explaining it, but I hope you get the gist of it... Currently, the aforementioned website is in fact hosted by Hivelocity Corp. a German company headquartered in Frankfurt am Main, and their abuse address is in fact abuse@hivelocity.net [...] NetRange: - CIDR: NetName: 66-206-3-0-24 NetHandle: NET-66-206-3-0-1 Parent: NOC4H (NET-66-206-0-0-1) NetType: Reassigned OriginAS: AS29802 Customer: Hivelocity Corp (C07556605) RegDate: 2020-05-26 Updated: 2020-05-26 Comment: For abuse issues please contact abuse@hivelocity.net Ref: https://rdap.arin.net/registry/ip/ CustName: Hivelocity Corp Address: Hanauer Landstrabe 322 Address: 60314 Frankfurt am Main City: Frankfurt StateProv: PostalCode: 60314 Country: DE RegDate: 2020-05-26 Updated: 2020-05-26 Ref: https://rdap.arin.net/registry/entity/C07556605 OrgAbuseHandle: HNAA-ARIN OrgAbuseName: HIvelocity Network Abuse Administrator OrgAbusePhone: +1-888-869-4678 OrgAbuseEmail: abuse@hivelocity.net OrgAbuseRef: https://rdap.arin.net/registry/entity/HNAA-ARIN [...] complaining to the registrar won't do anything. (or usually doesn't) at least I haven't been successful on removing domain names like that.
  15. @jprogram unfortunately gmail doesn't have that option on apps, neither for phones nor tablets, just like you said. Even through a web browser, gmail has removed the possibility to forward as attachment. There are certainly 3rd party mail programs that can do that, outlook being one of them, and I think thunderbird has that option as well. Back a while ago I wrote a program in apps scri_pt in which I can report all spam in my spam folder to spamcop, but again, apps scri_pt only works on computers, not phones or tablets. I am sorry to be the bearer of bad news, although maybe someone knows of something that works on phones.