Tau Posted February 18, 2021 Share Posted February 18, 2021 (edited) Hi, I check reports before sending them, and i'm receiving spam with "fake" websites referenced in them. SC is always proposing to report them to the admins, but I think it's a mistake and it's exactly what should be avoided, like stated here: Quote ATTENTION: Report only those e-mail addresses and web sites that you think your spammer has used. Each false report that you submit means wasted time for a network administrator, so take care. The last thing SpamCop wants are network administrators so accustomed to false claims that they no longer take these spam reports seriously. https://www.spamcop.net/sc?id=z6703415594zf4442841b004b4bbab8ba826949549afz For instance, in this spam I received today, SC wants to report 7 websites, and there is ONLY ONE that is directly involved with the spam/scam: http;//fb.todaynewse,com/g/ The URLs of the others lead to either offline sites or missing content. https;//victorhenderson,com/img.hesperide,com/news/nl_offre_decembre_04_12_20_prospects/img/separatyon_bothttps;//divinghouse.com/hosteqimages-cdn.aweber-static.com/NTg4MTIz/original/5112b805e82745a0a2d7deaad4ede7c4.png Could an admin look into this? Shouldn't the parsing algorithms be revised to avoid that? Sure I uncheck manually the reports that are irrelevant, but this is an issue that should be dealt with. Edited February 19, 2021 by Lking Edited to break link Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 18, 2021 Share Posted February 18, 2021 Due to link tracking (where spammers note if you click a link), SpamCop does not follow links. It only looks up the hostname and reports the link to the administrator. As for the missing content, it is possible that someone else had the same link, reported it, and the administrator probably already removed it. Quote Link to comment Share on other sites More sharing options...
Tau Posted February 19, 2021 Author Share Posted February 19, 2021 (edited) Here are all the URls with the websites SC wants to report. I'm a noob in html and many other things related to internet, but it seems to me that these URl's structure is strange: they ALL include another website into them, and a subdomain related to image hosting, but they are not tagged with html code related to images, thus identified by SC parsing process. https;//maintainsuggestions,com/img.sendemail.sequentyel,fr/im/108729/541a15207a241f240cdb2808b92be69057d0db045f20e613a353136db8d4988c?e=XSRP0c8CItgNbDTRlKqL37c-mCT-AaG_YgX2n7TvZzKLOJF4jxVZ-Zgzo7c22W0PJNGm4l9-Xp9rcXjRWs9xruDqME9PYsC4xAS3sZXQJQISgCtzQJRYKStXVUIRL6kdBHNqtb2vCpVYcs9F1OSbQMolcXzs3KVTXUrPRS_mUnQftKyDW92Vxq0qy7dfZ1kWATg6gP9xrZHf2Ky30Ubrtbvx971ILtQUOCT81vU17kHa9i1AbS6bKE-H8dMhttps;//canadianhedgewatch,com/img.srv2.de/assets/bm/rinary/c/2/7/0/c27098bd7# rel="external nofollow">https://fanghebuy.com/i.f1g.fr/media/madama/432x244_crop/sites/default/files/img/2020/11/5-conseils-pour-prendre-les-meilleures-decisionshttps;//victorhenderson.com/img.hesperide.com/news/nl_offre_decembre_04_12_20_prospects/img/separatyon_bothttps;//theothersideofparadise,com/img.sbc29.com/5a686347b85b536a9f4bebb5/R6wv2tSNQJGywXXTf9Lxfg/XgS4aZHwTOa_hCzDHR5VQA-Couverture36https;//recompenseshusky,com/i.pinimg,com/474x/a7/13/95/a713958m818ec34b72d3cfebbe4601f3 All these site appear only ONCE in the code. https;//maintainsuggestions,com/img.sendemail.sequentyel,fr/...https;//canadianhedgewatch,com/img.srv2,de/...https;//fanghebuy,om/i.f1g.fr/...https;//victorhenderson.com/img.hesperide,com/...https;//theothersideofparadise.com/img.sbc29,com/...https;//recompenseshusky.com/i.pinimg,com/... Here are the URLs of websites supposedly hosting the message's images : https;//divinghouse.com/hosteqimages-cdn.aweber-static.com/NTg4MTIz/original/5112b805e82745a0a2d7deaad4ede7c4.pnghttps;//wedderspoonherbfarm.com/i.pinimg.com/100x150/21/3c/e7/213ce7982c6c148b02aa9e8a79347eff.pnghttps;//lepcolourprinters.com/action.metaffiliation.com/trk.php?taff=3DP46423563A551A281&r=3D80324&r=3DCACHEBUSTER&altid=3D901f2a0c7523a4b1695f2f45c1f2daf2,pnghttps;//jllsilicone.com/300o3.img.af.d.sendibt2.com/im/1830603/b179640f7479ae2b22a7cc1ed2a72aad91ce20c5183f5e4528034b09c899130f?e=3DKsN35ijZ3uaF6M-yuov-jv4-PFNhPXyo4txZ9alFohGn96vay4Sg3ZHH7O_1DYAdPEL3UJ3_2tJ20NHh7g4uRffYfnhZ-s0UUzq75S_73BKl5pVEGlWSIh-ObQVWJVAlfDUndM5AWFy3LEa80t69wqZnywpYYAHOsuCoz9r8XZzoOTjxIPIOx8ADpd3-nxBmLPtk1wU2hKqQv78fwxU.pnghttps;//freeware995,com/dl.grafycs.fr/hippo/record.php?em=3Dalix.letheu.ehpad@orange.fr,png All have also this strange structure including another domain. These are the only ones working (the message is a fake Twitter private message):https;//pbs.twimg.com/profile_images/1241785843779584001/o4Q9j8Ry_reasonably_small.jpghttps;//ea.twimg.com/email/self_serve/media/twitter-logo@3x-1415137482132.png fb.todaynewse.com , which is THE (sub)domain really involved, has 13 matches, 8 of them are clickable links, and they ARE the links the spammer wants the user to click on, because they lead to his active scam site through a redirect (a different one depending on the country you're from). Why the spammer would involve 8 domains in a message, and take the risk to have them reported and unusable? Why is he not using only the main valid website? That makes no sense, that's also why I think these domains are NOT involved in this spam and should not be spotted by SC. Here is the message's body source, converted from Quoted Printable code:https;//pastebin.com/wmyeEjAr Edited February 19, 2021 by Lking Edited to break link Quote Link to comment Share on other sites More sharing options...
Lking Posted February 19, 2021 Share Posted February 19, 2021 One of the disadvantages of a well indexed internet content is that the bots/spiders that craw the internet for content do not read the content quite the same way you, a human does. One of the down sides is that websites with more references/links get rated higher in list of related sites. That is one reason for referencing spam by TRACKING URL and NOT including live links to spam or spam content in post here. I am sure no one here wants to inadvertently help promote a spammer. I have edited the post above to break the live links. IF someone really wants to follow a link, the information is available -- IF you replace the semicolons and commas with the appropriate characters. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 20, 2021 Share Posted February 20, 2021 3 hours ago, Tau said: Here are all the URls with the websites SC wants to report. I'm a noob in html and many other things related to internet, but it seems to me that these URl's structure is strange: they ALL include another website into them, and a subdomain related to image hosting, but they are not tagged with html code related to images, thus identified by SC parsing process. For a quick crash course, everything between the "://" and the first "/" is the domain. The part immediately after the first "/" is there to make you think it is someone else's domain in order to add confusion. So as below, example,com is the what will get reported, even though they are trying to get you to think this is a valid image site. https :// example,com /i.pinimg,com/ 2 hours ago, Lking said: One of the disadvantages of a well indexed internet content is that the bots/spiders that craw the internet for content do not read the content quite the same way you, a human does. This is what Lking means when he sayd bots. As the bots add a separate domain name after the first "/" in the URL of where they stole the image/content from. Quote Link to comment Share on other sites More sharing options...
Tau Posted February 20, 2021 Author Share Posted February 20, 2021 2 hours ago, gnarlymarley said: For a quick crash course, everything between the "://" and the first "/" is the domain. I knew that, but thanks. Quote The part immediately after the first "/" is there to make you think it is someone else's domain in order to add confusion. My confusion is only about whether these are valid active URLs used for tracking/loading content or not. The reason why I called their structure "strange" is because they include another domain, and it seems to me that they are forged and do not correspond to the usual structure of a website. Quote So as below, example,com is the what will get reported, even though they are trying to get you to think this is a valid image site. I know that they are not valid image URLs, because they do not include any image name with the extension, they are not included with the appropriate html tag <img src="..."/> AND SC do not parse for image URLs. From what i've checked, only ONE of the URLs that SC wants me to report is valid, and it's the URLS the spammer/scammer wants users to access when reading the message when distant content is allowed: fb.todaynewse.com/g This URL is "normal", and despite the report(s), still active and redirecting to golden-prize-dealer.life (hosted by the infamous Media Land LLC, and then to the scam website (fake Amazon contest to win an iPhone). Once again the redirects depend on the country from where they are accessed. Quote This is what Lking means when he sayd bots. As the bots add a separate domain name after the first "/" in the URL of where they stole the image/content from. I know you're willing to help, but i'm not sure at all that you understand my point(s), and by the way you're answering questions I didn't ask and not answering those I asked. 😉 To be frank, I'm not sure that's what he was talking about when he mentioned "bots". Wasn't he talking about robot crawlers indexing the content of this forum, not of bots forging spam content? But I may be wrong... Quote Link to comment Share on other sites More sharing options...
Tau Posted February 20, 2021 Author Share Posted February 20, 2021 This time there are too many links in this email from the same spammer/scammer. 😁 https://www.spamcop.net/sc?id=z6703675679z0b2e800d6ef2bdd1c32b01f69681cbb6z So the website making redirects to the scamming website - appbahiafm.com.br/r/ - won't be reported through SC. 🤢 I did it manually. I wonder if the spammer is pissed-off because of the reports, because the first link in the message is to suckthisd***.com. I hope so! 😊 Quote Link to comment Share on other sites More sharing options...
Lking Posted February 20, 2021 Share Posted February 20, 2021 4 hours ago, Tau said: because the first link in the message is to Yes my trash bin is full of similar email addresses. They must get paid by volume not quality. Quote Link to comment Share on other sites More sharing options...
RobiBue Posted March 19, 2021 Share Posted March 19, 2021 I do have a suggestion wrt website links: usually the links to be reported are all checked. I can uncheck one or more if needed, but usually I do not want to report the website links unless I think they are relevant to the spammer, so my suggestion would be to add a "check/uncheck all links" so that only the source is checked (I don't believe there is an option in settings to have links unchecked by default). That (whatever it is, general checkbox for links, button, whatnot) method would allow reporting links to be unchecked (or checked) if desired without having to go through 10 or more checkboxes... Just an idea. Maybe someone had already suggested it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.