Hanco Posted March 8, 2023 Posted March 8, 2023 Why does spamcop think this is not hosted anywhere? A ping for http://www.umkhn.ipeaet.com/ 179.60.149.187 info@vds4you.ru Quote
petzl Posted March 8, 2023 Posted March 8, 2023 1 hour ago, Hanco said: Why does spamcop think this is not hosted anywhere? A ping for http://www.umkhn.ipeaet.com/ 179.60.149.187 info@vds4you.ru There are several possible reasons for this: The site involved may not want reports from SpamCop. SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing. SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address. There may be no working email address to receive reports. In any case you need to post to the registrar Namecheap, I clicked the link don't open (not resolve) so may already be taken down Quote
Hanco Posted March 8, 2023 Author Posted March 8, 2023 Normally when SpamCop doesn’t want to send reports (for any of the reasons you mentioned) it says something about that. In this case it says the site is not hosted anywhere. CURL app for the URL shows it can find it and connect. -- Trying 179.60.149.187:80... -- Connected to www.umkhn.ipeaet.com (179.60.149.187) port 80 (#0) >> GET / HTTP/1.1 >> Host: www.umkhn.ipeaet.com >> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 >> Accept: */* >> >> -- Mark bundle as not supporting multiuse HTTP/1.1 200 OK Connection: keep-alive Content-Type: text/html Server: nginx Date: Wed, 08 Mar 2023 20:51:34 GMT Content-Length: 0 -- Closing connection 0 ** Timing Details ** -- Name Lookup: 0.00s -- TCP Connect: 0.18s -- First Byte: 0.39s -- Total Download: 1.25s -- Size: 0 bytes -- Speed: 0 bytes/sec -- Using: HTTP/1.1 ** RESULT CODE: 200** If I browse to the URL I get the site redirects ending at https://advicetips4life.com/us/acyq/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqjSHcSxbXT Quote
Lking Posted March 9, 2023 Posted March 9, 2023 If you would provide a tracking URL then everyone could see, and evaluate, what the SpamCop parser did. Quote
petzl Posted March 9, 2023 Posted March 9, 2023 11 hours ago, Hanco said: f I browse to the URL I get the site redirects ending at https://advicetips4life.com/us/acyq/acvluxe-onl?bhu=spkfLVx74Uxzr6Jje713xZGdBSdmqjSHcSxbXT SpamCop does not report domains to the Registrar only the IP pf the domain who will do nothing! You have to report Domains to registrar yourself from your own email account you received it from! I use this free Windows program for domainshttp://www.gena01.com/win32whois/ Quote
Hanco Posted March 9, 2023 Author Posted March 9, 2023 7 hours ago, Lking said: If you would provide a tracking URL then everyone could see, and evaluate, what the SpamCop parser did. I wish I’d thought of that! Always a good idea… https://www.spamcop.net/sc?id=z6801823440z842f34171779f715e8acf2de705a997ez Quote
Hanco Posted March 9, 2023 Author Posted March 9, 2023 (edited) 1 hour ago, petzl said: SpamCop does not report domains to the Registrar only the IP pf the domain who will do nothing! You have to report Domains to registrar yourself from your own email account you received it from! I use this free Windows program for domainshttp://www.gena01.com/win32whois/ Yes I’m aware of that. So when a spam arrives and I paste the headers into SpamCop, if it has just a bit.ly short URL, then I use an app to see where the redirect goes and I check who hosts the destination site (after the bitly redirect). I add the host of the true spamvertized site to the user reports. I then check the target spamvertized site domain age. If it was recent then I add the registrar to the user reports (ex.: abuse@namecheap.com) example: spam Short URLhttps://bit.ly/3L5F0pO and https://bit.ly/3YwN85S Redirects to the same site as all these this morning https://mammothtrunk.com/0/0/0/ (parameters removed) Hosted at 172.99.172.168 : abuse@baxetgroup.com Domain name is 6 weeks old, created for this spam campaign Domain Name: MAMMOTHTRUNK.COM Registry Domain ID: 2755384967_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2023-02-01T18:23:04Z Creation Date: 2023-02-01T18:23:04Z Edited March 9, 2023 by Hanco Add example Quote
petzl Posted March 9, 2023 Posted March 9, 2023 10 hours ago, Hanco said: spam Short URLhttps://bit.ly/3L5F0pO and https://bit.ly/3YwN85S Bitylink have a bot reporting to crash spam links straight awayhttps://support.bitly.com/hc/en-us/articles/231247908-I-ve-found-a-Bitly-link-that-directs-to-spam-what-should-I-do- Quote
Hanco Posted March 12, 2023 Author Posted March 12, 2023 On 3/9/2023 at 2:32 PM, petzl said: Bitylink have a bot reporting to crash spam links straight awayhttps://support.bitly.com/hc/en-us/articles/231247908-I-ve-found-a-Bitly-link-that-directs-to-spam-what-should-I-do- Thanks. I am checking with Bitly if they were aware of the reports I sent in the form there to see if it was duplicated reporting of my SpamCop report. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.