Jump to content

Recommended Posts

Posted
1 hour ago, Hanco said:

Why does spamcop think this is not hosted anywhere?

A ping for

http://www.umkhn.ipeaet.com/
179.60.149.187
info@vds4you.ru
 

There are several possible reasons for this:
The site involved may not want reports from SpamCop.
SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing.
SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address.
There may be no working email address to receive reports.
In any case you need to post to the registrar Namecheap, I clicked the link don't open (not resolve) so may already be taken down
 

Posted

 

Normally when SpamCop doesn’t want to send reports (for any of the reasons you mentioned) it says something about that.

In this case it says the site is not hosted anywhere.

CURL app for the URL shows it can find it and connect.

--   Trying 179.60.149.187:80...
-- Connected to www.umkhn.ipeaet.com (179.60.149.187) port 80 (#0)

>> GET / HTTP/1.1
>> Host: www.umkhn.ipeaet.com
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
>> Accept: */*
>> 
>> 
-- Mark bundle as not supporting multiuse
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/html
Server: nginx
Date: Wed, 08 Mar 2023 20:51:34 GMT
Content-Length: 0

-- Closing connection 0

** Timing Details **
--     Name Lookup:    0.00s
--     TCP Connect:     0.18s
--     First Byte:         0.39s
--     Total Download:     1.25s
-- Size: 0 bytes
-- Speed: 0 bytes/sec
-- Using: HTTP/1.1
** RESULT CODE: 200**

If I browse to the URL I get the site redirects ending at https://advicetips4life.com/us/acyq/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqjSHcSxbXT

 

Posted
11 hours ago, Hanco said:

f I browse to the URL I get the site redirects ending at https://advicetips4life.com/us/acyq/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqjSHcSxbXT

SpamCop does not report domains to the Registrar only the IP pf the domain who will do nothing!
You have to report Domains to registrar yourself from your own email account you received it from!
I use this free Windows program for domains
http://www.gena01.com/win32whois/

Posted (edited)
1 hour ago, petzl said:

SpamCop does not report domains to the Registrar only the IP pf the domain who will do nothing!
You have to report Domains to registrar yourself from your own email account you received it from!
I use this free Windows program for domains
http://www.gena01.com/win32whois/

Yes I’m aware of that. So when a spam arrives and I paste the headers into SpamCop, if it has just a bit.ly short URL, then I use an app to see where the redirect goes and I check who hosts the destination site (after the bitly redirect). I add the host of the true spamvertized site to the user reports. I then check the target spamvertized site domain age. If it was recent then I add the registrar to the user reports (ex.: abuse@namecheap.com)

example:

spam Short URL
https://bit.ly/3L5F0pO and https://bit.ly/3YwN85S
Redirects to the same site as all these this morning 
https://mammothtrunk.com/0/0/0/ (parameters removed)
Hosted at
172.99.172.168 : abuse@baxetgroup.com 

Domain name is 6 weeks old, created for this spam campaign 
Domain Name: MAMMOTHTRUNK.COM 
Registry Domain ID: 2755384967_DOMAIN_COM-VRSN 
Registrar WHOIS Server: whois.name.com 
Registrar URL: http://www.name.com
Updated Date: 2023-02-01T18:23:04Z 
Creation Date: 2023-02-01T18:23:04Z 

Edited by Hanco
Add example

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...