efa Posted March 22, 2012 Share Posted March 22, 2012 here the tracking url: http://www.spamcop.net/sc?id=z5287019263z5...a1659819ab024az the web report say "refuse this type of report" for 'misbruik[at]casema.nl' so hXXp://83.85.138.10/manga got no report and phisher exploit this possibily to continue steal money Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted March 22, 2012 Share Posted March 22, 2012 SpamCop will not send reports to people who have asked us not to. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Link to comment Share on other sites More sharing options...
william_ Posted March 22, 2012 Share Posted March 22, 2012 SpamCop will not send reports to people who have asked us not to. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Do they get treated differently in the BL? Link to comment Share on other sites More sharing options...
turetzsr Posted March 22, 2012 Share Posted March 22, 2012 Do they get treated differently in the BL?...Long answer: see SpamCop FAQ (links to which can be found near top left of each SpamCop Forum page) entry entitled "What is on the list?" ...Short answer: no, SpamCop does not take in to account whether or not an abuse address has *received* abuse reports when it decides whether to list an IP address. ...However: when I look at the page that comes up with your tracking URL, I do not see any mention of "refuse this type of report" for 'misbruik[at]casema.nl'." this seems to be associated with a hyperlink, not with the spam e-mail source and, therefore, SpamCop will not list it, anyway. ...Having the information from SpamCop that the correct abuse address is misbruik[at]casema.nl, you could send your own complaint. Or you could use Kujon or Complainterator (discussed elsewhere in these fora), which are tools for reporting such "spamvertized" web sites. Link to comment Share on other sites More sharing options...
efa Posted March 24, 2012 Author Share Posted March 24, 2012 [*]when I look at the page that comes up with your tracking URL, I do not see any mention of "refuse this type of report" for 'misbruik[at]casema.nl'." happened on the original post, from tracking url you can understand what happened, because of: misbruik#casema.nl[at]devnull.spamcop.net ...Having the information from SpamCop that the correct abuse address is misbruik[at]casema.nl, you could send your own complaint. Or you could use Kujon or Complainterator (discussed elsewhere in these fora), which are tools for reporting such "spamvertized" web sites. I know, I'm the author of xComplaint and xPhish. The question was to warn Spamcop that a phisher (not a simple spammer) is hiding himself behind SC reporting tool behavior. Link to comment Share on other sites More sharing options...
petzl Posted March 24, 2012 Share Posted March 24, 2012 SpamCop will not send reports to people who have asked us not to. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Maybe that's because it's the wrong abuse address? 83.85.138.10 83.85.136.0 - 83.85.143.255 It's abuse[at]as9143.net http://www.apnic.net/apnic-info/whois_search2 role: ZIGGO CO BACKBONE AND SECURITY address: Winschoterdiep 60 address: 9723 AB Groningen address: The Netherlands phone: +31(0)88 717 0000 admin-c: ZIPA1-RIPE tech-c: DM1718-RIPE tech-c: GH1829-RIPE nic-hdl: ZBBS1-RIPE abuse-mailbox: abuse[at]as9143.net mnt-by: ZIGGO-MNT source: RIPE # Filtered Link to comment Share on other sites More sharing options...
turetzsr Posted March 26, 2012 Share Posted March 26, 2012 <snip> The question was to warn Spamcop that a phisher (not a simple spammer) is hiding himself behind SC reporting tool behavior. ...That does not appear to have happened: Tracking message source: 220.133.64.125: Routing details for 220.133.64.125 [refresh/show] Cached whois for 220.133.64.125 : network-center[at]hinet.net network-adm[at]hinet.net Using abuse net on network-center[at]hinet.net abuse net hinet.net = spam[at]ms1.hinet.net Using best contacts spam[at]ms1.hinet.net <snip> Reports regarding this spam have already been sent: Re: 220.133.64.125 (Administrator of network where email originates) Reportid: 5732163047 To: spam[at]ms1.hinet.net <snip> So the (e-mail) spam source, 220.133.64.125, was sent a complaint and your report will count towards the statistics used to determine whether or not this spam source will be listed on the SpamCop blacklist! <g> As mentioned elsewhere, SpamCop does not consider a spamvertized URLs to be spam sources. Link to comment Share on other sites More sharing options...
efa Posted March 26, 2012 Author Share Posted March 26, 2012 I'm worring about someone is hiding phishing activity behind SC reporting tools behavior. The phish mails are all sent via compromised/hijacked PC, and contain link that is the phishing itself. Forgot phish/spam mail source, normally SC send a complaint to host of links inside the spam/phish mail, but with this host does not happen. The phisher know that, and use this method to hide the phish. Clear now? Link to comment Share on other sites More sharing options...
Lking Posted March 26, 2012 Share Posted March 26, 2012 I'm worring about ... I think it has been mentioned before but as a reminder SpamCop is interested in the source of the spam (stopping the email itself whatever the content) PhishTank http://www.phishtank.com/index.php is interested in spam that contain links to phishing websites and follow those link to block/close those websites ~ not really interested in the spam, which as you have said may come from a zombi. KnujOn http://www.knujon.com/index.html is interested in the links in spam that lead to websites that sell the drugs watches or whatever. Focusing on the money trail and the registration of those domain names that enable the flow of money to support the spammers. There are others each focuses on different areas of the overall problem. Each group has developed different skills, different focus. And I think they should stick to their own netting, so to speak. Link to comment Share on other sites More sharing options...
turetzsr Posted March 26, 2012 Share Posted March 26, 2012 I'm worring about someone is hiding phishing activity behind SC reporting tools behavior. The phish mails are all sent via compromised/hijacked PC, and contain link that is the phishing itself. Forgot phish/spam mail source, normally SC send a complaint to host of links inside the spam/phish mail, but with this host does not happen. The phisher know that, and use this method to hide the phish. Clear now? ..Yes, thank you, but it was clear to me in your initial post. <g> The SpamCop parser does try to identify an abuse address to report spamvertized URLs as a courtesy but that is not its main mission. As mentioned before, tools such as Knujon and Complainterator are specifically designed to handle spamvertized links, whereas SpamCop is not. If a spammer were taking actions to defeat the discovery of the source of the e-mail spam, SpamCop would definitely want to know. Missing an opportunity to report a spamvertized web site will not get much attention from SpamCop because that is not something about which SpamCop is particularly designed to stop. ...Clear, now? <g> If not, please do ask further by replying here! Link to comment Share on other sites More sharing options...
efa Posted March 29, 2012 Author Share Posted March 29, 2012 simply, I thought that while missing an opportunity to report a spamvertized web site will not get much attention from SpamCop, missing an opportunity to report a phishing web site will get more attention. This is why I opened this thread. Anyway thank you for linking the specialized service PhishTank Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.