Jump to content


Photo

Why arn't these links reported (e5t8.com )?


  • Please log in to reply
6 replies to this topic

#1 moreofless

moreofless

    Member

  • Members
  • PipPip
  • 37 posts

Posted 29 February 2012 - 04:44 PM

http://beasleydirect...3903d42a/h/1510

http://resourcenatio...3903d42a/h/1618

http://technologywhi...3903d42a/h/1630

All of them are part of e5t8.com

#2 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,213 posts

Posted 29 February 2012 - 06:08 PM

Hi, moreofless,
...In order to help you, I am afraid we are going to need to see the Tracking URL, as described in the article "How-to Post a Question - Short" section labeled "The Details." This will allow us to see what the links looked like to the SpamCop parser, which determines whether and to whom to report links.
...Also highly recommended for your review is the SpamCop Forum (to which there are links near the top left of every SpamCop Forum page) article "SpamCop reporting of spamvertized sites - some philosophy."
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure

#3 moreofless

moreofless

    Member

  • Members
  • PipPip
  • 37 posts

Posted 01 March 2012 - 04:28 PM

Here is the tracking URL of the latest version of this spam:

http://www.spamcop.n...828567b030bd00z

#4 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,213 posts

Posted 01 March 2012 - 05:14 PM

Hi, moreofless,
...Thank you for the Tracking URL.
...Here is what I see there that seems relevant:
Resolving link obfuscation
[url="http _linenums:0'><strong class='bbc'>Resolving link obfuscation</strong> [url="http://technologywhitepapers.e5t8.com/remove?t=1763_4f1bc7eced1400593903d42a#nowrap"]http://technologywhitepapers.e5t8.com/remo...3903d42a#nowrap[/url] [url="http://technologywhitepapers.e5t8.com/link/t/1763_4f1bc7eced1400593903d42a/h/1631"]http://technologywhitepapers.e5t8.com/link...3903d42a/h/1631[/url] <strong class='bbc'>Tracking link: [url="http://technologywhitepapers.e5t8.com/remove?t=1763_4f1bc7eced1400593903d42a#nowrap"]http://technologywhitepapers.e5t8.com/remo...3903d42a#nowrap[/url]</strong> No recent reports, no history available Resolves to 74.217.151.81 Routing details for 74.217.151.81 [refresh/show] Cached whois for 74.217.151.81 : abuse[at]internap.com Using abuse net on abuse[at]internap.com abuse net internap.com = noc[at]internap.com Using best contacts noc[at]internap.com Reports disabled for noc[at]internap.com Using noc#internap.com[at]devnull.spamcop.net for statistical tracking. <strong class='bbc'>Tracking link: [url="http://technologywhitepapers.e5t8.com/link/t/1763_4f1bc7eced1400593903d42a/h/1631"]http://technologywhitepapers.e5t8.com/link...3903d42a/h/1631[/url]</strong> No recent reports, no history available Resolves to 74.217.151.81 Routing details for 74.217.151.81 [refresh/show] Cached whois for 74.217.151.81 : abuse[at]internap.com Using abuse net on abuse[at]internap.com abuse net internap.com = noc[at]internap.com Using best contacts noc[at]internap.com Reports disabled for noc[at]internap.com [color="#FF6600"]Using noc#internap.com[at]devnull.spamcop.net for statistical tracking.
...Does my pointing to this specific section help (note, especially, the lines that start with "Reports disabled for ...") or do you still have questions?
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure

#5 moreofless

moreofless

    Member

  • Members
  • PipPip
  • 37 posts

Posted 01 March 2012 - 06:33 PM

Actually I am not a technical person. Can you translate this into English? Is the organization hosting the files being referenced in the spam being made aware of that? For example, I have received a bunch of emails that are clearly PHISHING in nature. These messages refer to an email address where the receiver is instructed to send information so the sender can steal from them. Spamcop deals with the sender but not the "reply to" address listed in the fake job description. I reported these email addresses to the host of those email accounts and those domains were closed. spam and PHISHING messages have little value if the websites and email addresses are closed.

#6 turetzsr

turetzsr

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 5,213 posts

Posted 01 March 2012 - 11:45 PM

[quote name='moreofless' post='80014' date='Mar 1 2012, 06:33 PM']Actually I am not a technical person. Can you translate this into English?[/quote]...Well, I'm not the world's most technical person, either, but here is how I'd interpret it (with respect to the first link the SpamCop parser found, http:/ /technologywhitepapers.e5t8.com/remo...3903d42a#nowrap):[quote]Tracking link: http://technologywhi...3903d42a#nowrap[/quote]This indicates that SpamCop sees the link in the spam body.[quote]No recent reports, no history available[/quote]SpamCop checked its recent archive of reports and did not find a reference with this link.[quote]Resolves to 74.217.151.81[/quote]SpamCop looked up technologywhitepapers.e5t8.com in a translation table and found that the IP address for that domain is 74.217.151.81.[quote]Routing details for 74.217.151.81
[refresh/show] Cached whois for 74.217.151.81 : abuse[at]internap.com[/quote]SpamCop looked up the e-mail address to which internet abuse, such as spam, should be reported for that IP address and discovered that the abuse e-mail address is abuse[at]internap.com.[quote]Using abuse net on abuse[at]internap.com
abuse net internap.com = noc[at]internap.com[/quote]SpamCop looked up the abuse e-mail address to see if that is really the correct place to send a complaint and found that instead it should check for noc[at]internap.com.[quote]Using best contacts noc[at]internap.com[/quote]SpamCop is going to look for the best e-mail address to use to contact noc[at]internap.com.[quote]Reports disabled for noc[at]internap.com[/quote]SpamCop found a flag that indicates that for some reason it can not or should not report abuse to noc[at]internap.com. This might be for any of a number of reasons, for example because previous reports sent to noc[at]internap.com bounced with an error message or because someone at internap.com asked that reports not be sent.[quote]Using noc#internap.com[at]devnull.spamcop.net for statistical tracking. [/quote]For future reference and for calculating the incidence of spamvertized links mentioning technologywhitepapers.e5t8.com, for whatever use it might make of such statistics, it is storing the information under the heading of "noc#internap.com[at]devnull.spamcop.net."[quote name='moreofless' post='80014' date='Mar 1 2012, 06:33 PM']Is the organization hosting the files being referenced in the spam being made aware of that?[/quote]...Presumably not, because of the "Reports disabled for noc[at]internap.com" note.

[quote name='moreofless' post='80014' date='Mar 1 2012, 06:33 PM']For example, I have received a bunch of emails that are clearly PHISHING in nature. These messages refer to an email address where the receiver is instructed to send information so the sender can steal from them. Spamcop deals with the sender but not the "reply to" address listed in the fake job description. I reported these email addresses to the host of those email accounts and those domains were closed. spam and PHISHING messages have little value if the websites and email addresses are closed.[/quote]...As far as I can see, you are correct and have done the right thing in reporting the abuse to the host of the "reply-to" e-mail accounts. For what it's worth, I do the same thing for many of the spams I see, especially "419" scams.
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure

#7 Farelf

Farelf

    What Life?

  • Membersph
  • PipPipPipPipPipPip
  • 6,674 posts

Posted 01 March 2012 - 11:54 PM

Here is an old topic dealing with the question "Why are reports disabled?". I think nothing much has changed:

http://forum.spamcop...?showtopic=7708

It would need a member of the SC staff to provide any specific information about reports concerning the activity of e5t8.com (and they might prefer not to do that). I think it is a safe bet that the hosting InterNap Network is well aware that there are grounds for complaint about the abuse of their facilities however the e-mail you received goes some way towards demonstrating/pretending compliance with CAN-Đ…PAM provisions which perhaps allows InterNap to remain indifferent - or worse, perhaps to pass on complaint details to the spammer (Registrant) who shelters from the public through the WhoisGuard within the Registrar's domain records.

:D Domain Dossier shows there is no registered mail exchange for that domain. A service scan of e5t8.com (74.217.151.81) indicates an email service exists (SMTP - 25) with a response "220 malibu1.com (NO UCE) ESMTP IndiMail 1.152" which I note only for the sheer irony of the (NO UCE) part. malibu1.com won't pass on mail from just any old source though - "553 sorry, that domain isn't allowed to be relayed thru this MTA without authentication #5.7.1".

Agree it is best to close down phish "drop boxes" which is why the perpetrators work hard to make them bulletproof.

P.S. Oh, should add SC ignores "From:" and "Reply-to:" addresses in spam - got to be that those were mostly spoofed early in the history of spam. Not for some kinds of phish though (as in this case). Google.com is responsible for the return e-mail address in your case but SC won't send reports there, as explained. You can still get the abuse address through SC (entering just the e-mail address in the paste-in submission box in your members.spamcop.net page). Maybe you knew all that.
Plus ca change, plus c'est la meme chose




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users