littlepeaks Posted November 7, 2018 Share Posted November 7, 2018 I keep getting this spam every so often -- think they view my Facebook posts (which are few) to see who my friends are, and send me stuff that looks like they are from my friends. When I report the spam through Spamcop, it finds the originating email provider, but always says the URL in the message is not a routable address. One time a few years ago, I accidentally clicked on the address, and it actually redirected to a Russian (I think) advertising site. I set up my old PC with Linux Mint and put the Torr browser on it, to see where these spam/scam sites go anyway, and that can't route the addresses either. So how is it that Windows can redirect to these addresses. I just got one that said: I hope all is well. Just thought you may want to have a look at this http://www.rbk.bxdgei.host/***my_name*** So what's the story on this? TIA Quote Link to comment Share on other sites More sharing options...
Lking Posted November 7, 2018 Share Posted November 7, 2018 It is hard to say with so little information. You said you report through SpamCop. Could you post a Tracking URL so we all could see all the available information? Are you talking about the URL/IP of the source of the email or a URL embedded in the body of the email? You did not say which browser you used in windows, but "Windows" and most browsers try hard to respond to all user request - That does not mean they find the right or useful answer. Quote Link to comment Share on other sites More sharing options...
littlepeaks Posted November 7, 2018 Author Share Posted November 7, 2018 Tracking URL: https://www.spamcop.net/mcgi?action=gettrack&reportid=6874497880 I was referring to the URL posted above, not the IP source of the email. I use SeaMonkey (one of the Mozilla family of browsers -- does both email and web browsing. I don't think the problem is the way SpamCop parses it -- the problem is that the SpamCop can't find any info about the URL, but somehow, if you click on the URL, it goes somewhere (no I'm not going to click on it). It is not a normal URL. Quote Link to comment Share on other sites More sharing options...
Lking Posted November 7, 2018 Share Posted November 7, 2018 The Report id you provided is only visible to you. The Tracking URL looks like Quote https://www.spamcop.net/sc?id=z6498809878z94d8cc1fef0a8ccf9d16c87f321d3aa7z If you follow the Report id, and then click on Parse you can see the Tracking URL just below Quote SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: Quote Link to comment Share on other sites More sharing options...
Lking Posted November 7, 2018 Share Posted November 7, 2018 Quote https://www.spamcop.net/sc?id=z6489537605za08b2b9e4fbd3bc085bd3149f8564c9dz With some digging I found one similar to what you report. In fact right I cant follow the link either. But I didn't expect more from a spammer's unsubscribe link. Quote Link to comment Share on other sites More sharing options...
littlepeaks Posted November 9, 2018 Author Share Posted November 9, 2018 SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6498770782z7d3b0b73629de529910ad0975ab63328z Quote Link to comment Share on other sites More sharing options...
petzl Posted November 9, 2018 Share Posted November 9, 2018 6 hours ago, littlepeaks said: SpamCop v 4.9.0 © 2018 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6498770782z7d3b0b73629de529910ad0975ab63328z --- 11/09/18 17:52:05 AUS Eastern Daylight Time --- reading URL http://www.rbk.bxdgei.host/jim-madsen/ --- error: Host not found So it's a dud link? Quote Link to comment Share on other sites More sharing options...
RobiBue Posted November 9, 2018 Share Posted November 9, 2018 .HOST is a valid TLD according to IANA it is possible that one of the registrars took it down: https://ntldstats.com/tld/host doubt it though, as It seems to be registered through namecheap... (sorry about the reCaptcha...) Domain Name: BXDGEI.HOST Registry Domain ID: D82021934-CNIC Registrar WHOIS Server: whois.namecheap.com Registrar URL: https://namecheap.com Updated Date: 2018-11-06T17:50:19.0Z Creation Date: 2018-11-06T17:50:07.0Z Registry Expiry Date: 2019-11-06T23:59:59.0Z Registrar: Namecheap Registrar IANA ID: 1068 Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: addPeriod https://icann.org/epp#addPeriod Registrant Organization: WhoisGuard, Inc. Registrant State/Province: Panama Registrant Country: PA Quote Link to comment Share on other sites More sharing options...
littlepeaks Posted November 9, 2018 Author Share Posted November 9, 2018 Well, the problem is that I have been receiving these type of messages for years, and spamcop is never able to resolve the URLs. I got another one today: https://www.spamcop.net/sc?id=z6499274229za4b46e3376d7b766de19aa51dc4f3236z So, I feel that reporting these is just a waste of time (of course it does figure out who hosts the email). Quote Link to comment Share on other sites More sharing options...
Lking Posted November 10, 2018 Share Posted November 10, 2018 43 minutes ago, littlepeaks said: So, I feel that reporting these is just a waste of time (of course it does figure out who hosts the email). SpamCop's first priority is to build a blocklist of the sources of spam. Your examples do resolve the source and do add to the reputation of the source IP The Second priority is to send spam Reports to the spam's source ISP and up-stream link. Your last submission did generate and send three spam reports The third priority is links in the body of the spam. The parser does fail to resolve the one link in the body of your submission. When I do a quick WHOIS search I do not find any info for iswvmhse.host (not extensive nor did I look in more than one place.) Your submissions do succeed in supporting the first two priorities. I do not consider that a waste of time. As someone said 'Do not let perfection be the enemy of the good.' Can things get better. Without any doubt! (Stepping down from my soapbox before I get a nosebleed.) Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted November 10, 2018 Share Posted November 10, 2018 19 hours ago, littlepeaks said: Well, the problem is that I have been receiving these type of messages for years, and spamcop is never able to resolve the URLs. Ah yes, the old nameserver trick that spammers used to do to prevent their site from being reported. Spammers would purposefully set up some bad glue entries that would cause the domain "lookup" to stop and would return a nxdomain error. For me, I found that if I kept refreshing the reporting page, with a wait in between, before I would click submit, then spamcop might rotate to their actual working server and get the IP. 18 hours ago, Lking said: SpamCop's first priority is to build a blocklist of the sources of spam. Your examples do resolve the source and do add to the reputation of the source IP As Lking said, reporting URLs is less important for me these days as I have seen some spammers use my URLs to try to get me in trouble and now I am more interested in reporting the source of the spam. Quote Link to comment Share on other sites More sharing options...
littlepeaks Posted November 11, 2018 Author Share Posted November 11, 2018 Thanks for all the replies. I will continue reporting these. I guess we can close this thread. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.