Jump to content

Parser fails to find link


uku2

Recommended Posts

Posted

Hello,

I reported the following spam mail,

http://www.spamcop.net/sc?id=z3831942130z9...83789403a61350z

which contains a HTML attachment that tries to direct the visitor to the

Spammer's web site, probably for phishing, but the parser does not find any

links.

I examined the email body and found that it is base64 encoded, so I followed

the procedure for decoding base64 bodies and replaced it with the decoded

text. However, the parser still does not find any links:

http://www.spamcop.net/sc?id=z3831997023zc...94ac2bc17295efz

Anything else I could try? (Without breaking the rules, that is.)

uku2

Posted

Hi, uku2!

<snip>

Anything else I could try? (Without breaking the rules, that is.)

...There sure is -- you can process the URL itself in the Online (www.spamcop.net) parser to find the abuse address and submit a complaint directly to the abuse address! For example, I see "http: / /www.paypal.com<slash>cgi-bin/webscr" [link intentionally broken] in the spam; the parser says:
SpamCop v 4.6.0.031 © 1992-2010 Cisco Systems, Inc. All rights reserved.

Parsing input: http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me]

ISP does not wish to receive report regarding http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me]

ISP does not wish to receive reports regarding http: / /www.paypal.com<slash>cgi-bin/webscr [link intentionally broken by me] - no date available

Routing details for 66.211.169.65

[refresh/show] Cached whois for 66.211.169.65 : network[at]ebay.com

Using abuse net on network[at]ebay.com

abuse net ebay.com = report[at]reportphish.org, reportphishing[at]antiphishing.org, spoof[at]ebay.com

Using best contacts report[at]reportphish.org reportphishing[at]antiphishing.org spoof[at]ebay.com

Reports disabled for spoof[at]ebay.com

Using spoof#ebay.com[at]devnull.spamcop.net for statistical tracking.

So you could send a complaint to:
  • report[at]reportphish.org
  • reportphishing[at]antiphishing.org
  • and, if you're inclined to ignore the note that the ISP does not wish to receive such reports, spoof[at]ebay.com

Posted
...

and, if you're inclined to ignore the note that the ISP does not wish to receive such reports, spoof[at]ebay.com

If they're like spoof[at]paypal.com they will accept and react to such 'manual' reports - without commentary, without munging, just simply forwarded as an attachment with no other 'processing'.
Posted

Anything else I could try? (Without breaking the rules, that is.)

On the Security Center page of the PayPal site there are links for how to:

"Report fake (phishing) email"

https://www[dot]paypal[dot]com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/antiphishing/PPPhishingReport-outside

or

"Report fake (spoof) websites"

https://www[dot]paypal[dot]com/ewf/f=pps_spf

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...