Jump to content

Parser fails to find link


uku2
 Share

Recommended Posts

Hello,

I reported the following spam mail,

http://www.spamcop.net/sc?id=z3831942130z9...83789403a61350z

which contains a HTML attachment that tries to direct the visitor to the

Spammer's web site, probably for phishing, but the parser does not find any

links.

I examined the email body and found that it is base64 encoded, so I followed

the procedure for decoding base64 bodies and replaced it with the decoded

text. However, the parser still does not find any links:

http://www.spamcop.net/sc?id=z3831997023zc...94ac2bc17295efz

Anything else I could try? (Without breaking the rules, that is.)

uku2

Link to comment
Share on other sites

Hi, uku2!

<snip>

Anything else I could try? (Without breaking the rules, that is.)

...There sure is -- you can process the URL itself in the Online (www.spamcop.net) parser to find the abuse address and submit a complaint directly to the abuse address! For example, I see "http: / /www.paypal.com<slash>cgi-bin/webscr" [link intentionally broken] in the spam; the parser says:
SpamCop v 4.6.0.031 © 1992-2010 Cisco Systems, Inc. All rights reserved.

Parsing input: http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me]

ISP does not wish to receive report regarding http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me]

ISP does not wish to receive reports regarding http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me] - no date available

Routing details for 66.211.169.65

[refresh/show] Cached whois for 66.211.169.65 : network[at]ebay.com

Using abuse net on network[at]ebay.com

abuse net ebay.com = report[at]reportphish.org, reportphishing[at]antiphishing.org, spoof[at]ebay.com

Using best contacts report[at]reportphish.org reportphishing[at]antiphishing.org spoof[at]ebay.com

Reports disabled for spoof[at]ebay.com

Using spoof#ebay.com[at]devnull.spamcop.net for statistical tracking.

So you could send a complaint to:
  • report[at]reportphish.org
  • reportphishing[at]antiphishing.org
  • and, if you're inclined to ignore the note that the ISP does not wish to receive such reports, spoof[at]ebay.com

Link to comment
Share on other sites

...

and, if you're inclined to ignore the note that the ISP does not wish to receive such reports, spoof[at]ebay.com

If they're like spoof[at]paypal.com they will accept and react to such 'manual' reports - without commentary, without munging, just simply forwarded as an attachment with no other 'processing'.
Link to comment
Share on other sites

Anything else I could try? (Without breaking the rules, that is.)

On the Security Center page of the PayPal site there are links for how to:

"Report fake (phishing) email"

https://www[dot]paypal[dot]com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/antiphishing/PPPhishingReport-outside

or

"Report fake (spoof) websites"

https://www[dot]paypal[dot]com/ewf/f=pps_spf

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...