Jump to content

+BFsej@2n

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About +BFsej@2n

  • Rank
    Newbie
  1. +BFsej@2n

    no TLS?

    First of all the login page then should provide a valid certificate, which it does not. And secondly the http login page should be redirected to https which it does not either
  2. An extortition scammer has resorted to generate the message html body as base64 encoded image and thus invoking the --_004_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: multipart/alternative; boundary="_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_" --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 W2NpZDphdHRfaW1nXzMxNDA2MF0NCg== --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: text/html; charset="utf-8" Content-ID: <AD9F277AF4CD694CB27ED0171AA18562@eurprd05.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxobGZlb2o+DQo8L2hlYWQ+DQo8Ym9keT4NCjxn Y3RnZmphbmQ+PGltZyBzcmM9ImNpZDphdHRfaW1nXzMxNDA2MCI+PHpqeW1idGh6eG8+PHRseXpy Y2h5Pg0KPC9ib2R5Pg0KPC9odG1sPg0K --_000_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_-- --_004_AM0PR0502MB3826BAAA518F148354E8B677C6210AM0PR0502MB3826_ Content-Type: image/jpeg; name="1577826089447.jpg" Content-Description: 1577826089447.jpg Content-Disposition: inline; filename="1577826089447.jpg"; size=142669; creation-date="Wed, 01 Jan 2020 05:01:46 GMT"; modification-date="Wed, 01 Jan 2020 05:01:46 GMT" Content-ID: <att_img_314060> Content-Transfer-Encoding: base64
  3. +BFsej@2n

    reveal obfuscated url for reporting

    Placed this thread by purpose in the New Feature Request for SpamCop to look into it and eventually get the obfuscated URL exfiltrated since there is no point of reporting the Google Search URL to Google.
  4. +BFsej@2n

    no TLS?

    TLS seems to be a rather common standard these days for public forums it does not seem the case for the SC forum however. Why not? Trying via https://forum.spamcop.net it then is revealed that the deloyed TLS certificate is not valid for the domain CERT_COMMON_NAME_INVALID since the Subject Alt Names are showing DNS Name cloudfront.net DNS Name *.cloudfront.net Once being on the TLS connection, having accepted a certificate exception in the browser, and clicking any link one is being kicked back to non-TLS however.
  5. Common spammer tactic is to obfuscate referring URLs with Google search domains and leveraging the USG hash (white-list) to circumvent the redicrect notification. When reporting to spamcop it fails to strip the Google portion (and USG hash) and ends up citing that Google is not interested in such reports (which is well known). As a consequence the obfuscated URLs are never being reported to the hoster. Below is a list of such obfuscated URLs used by a ROKSO actor, embedded in the spam message body, that spamcop fails to parse and strip. [1] https://www.google.de/url?sa=t&url=http%3A%2F%2Fberocosteda.com%2F&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.com/url?sa=t&url=http%3A%2F%2Fberocosteda.com%2F&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.de/url?sa=t&url=http://berocosteda.com/&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq https://www.google.com/url?sa=t&url=http://berocosteda.com/&usg=AOvVaw3ezoL8hVu4kfAt_PID4Foq [2] https://www.google.de/url?sa=t&url=http%3A%2F%2Fdimolgetas.com%2F&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.com/url?sa=t&url=http%3A%2F%2Fdimolgetas.com%2F&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.de/url?sa=t&url=http://dimolgetas.com/&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc https://www.google.com/url?sa=t&url=http://dimolgetas.com/&usg=AOvVaw1NLrGoMdpiw1XaPaO8Nmyc [3] https://www.google.de/url?sa=t&url=http%3A%2F%2Fjakalamas.com%2F&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.com/url?sa=t&url=http%3A%2F%2Fjakalamas.com%2F&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.de/url?sa=t&url=http://jakalamas.com/&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW https://www.google.com/url?sa=t&url=http://jakalamas.com/&usg=AOvVaw2fZQmcdMGpN7efJ3ldNEcW [4] https://www.google.de/url?sa=t&url=http%3A%2F%2Fceranovan.com%2F&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.com/url?sa=t&url=http%3A%2F%2Fceranovan.com%2F&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.de/url?sa=t&url=http://ceranovan.com/&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ https://www.google.com/url?sa=t&url=http://ceranovan.com/&usg=AOvVaw2BSm1IZIVWmN94K1U5dWgZ [5] https://www.google.de/url?sa=t&url=http%3A%2F%2Fonademas.com%2F&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.com/url?sa=t&url=http%3A%2F%2Fonademas.com%2F&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.de/url?sa=t&url=http://onademas.com/&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w https://www.google.com/url?sa=t&url=http://onademas.com/&usg=AOvVaw00Lwiq9T_Yn7BhfAKapv-w [6] https://www.google.de/url?sa=t&url=http%3A%2F%2Fgastoreda.com%2F&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.com/url?sa=t&url=http%3A%2F%2Fgastoreda.com%2F&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.de/url?sa=t&url=http://gastoreda.com/&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR https://www.google.com/url?sa=t&url=http://gastoreda.com/&usg=AOvVaw1231cZ-3uqfeYmCKd9VCvR [7] https://www.google.de/url?sa=t&url=http%3A%2F%2Fmelabode.com%2F&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.com/url?sa=t&url=http%3A%2F%2Fmelabode.com%2F&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.de/url?sa=t&url=http://melabode.com/&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR https://www.google.com/url?sa=t&url=http://melabode.com/&usg=AOvVaw1JuX2fb14pXRGjcKrhIOjR [8] https://www.google.de/url?sa=t&url=http%3A%2F%2Flapederon.com%2F&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.com/url?sa=t&url=http%3A%2F%2Flapederon.com%2F&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.de/url?sa=t&url=http://lapederon.com/&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO https://www.google.com/url?sa=t&url=http://lapederon.com/&usg=AOvVaw1ZCcwxvq0h3IdfAf2PZ0uO [9] https://www.google.de/url?sa=t&url=http%3A%2F%2Fozapeder.com%2F&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.com/url?sa=t&url=http%3A%2F%2Fozapeder.com%2F&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.de/url?sa=t&url=http://ozapeder.com/&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG https://www.google.com/url?sa=t&url=http://ozapeder.com/&usg=AOvVaw0IL9oAY8JDGA9TeVMT4YAG [10] https://www.google.de/url?sa=t&url=http%3A%2F%2Fwanotera.com%2F&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.com/url?sa=t&url=http%3A%2F%2Fwanotera.com%2F&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.de/url?sa=t&url=http://wanotera.com/&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG https://www.google.com/url?sa=t&url=http://wanotera.com/&usg=AOvVaw2gkdWY3V5MyfVIlk5SxaWG [11] https://www.google.de/url?sa=t&url=http%3A%2F%2Fsawedapos.com%2F&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.com/url?sa=t&url=http%3A%2F%2Fsawedapos.com%2F&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.de/url?sa=t&url=http://sawedapos.com/&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl https://www.google.com/url?sa=t&url=http://sawedapos.com/&usg=AOvVaw3j8ios4sEoeVgSMD3vZPLl
×