caltenba Posted November 18, 2015 Share Posted November 18, 2015 I've been receiving a lot of spam lately where the links are obfuscated in a certain way (possibly to fool spamcop ) All links are of the following form and there typically at least three such links per e-mail.: (Note that I have removed the long string of random characters in the middle. Full e-mail sources are available on request, of course. In this particular case, the URL is 162.144.214.198 (xA290D6C6), but the parser does not recognize that. It always says "no links found". The URL typically changes, so this is just an example). <a href=``````/[at]/0xA290D6C6/tez.tez?...long random list of characters...><img src=tinyurl.com/pn4sz5z></a><br> Link to comment Share on other sites More sharing options...
Lking Posted November 19, 2015 Share Posted November 19, 2015 It would help the rest of us if you would provide a tracking URL so we can see the whole spam. Link to comment Share on other sites More sharing options...
caltenba Posted November 19, 2015 Author Share Posted November 19, 2015 Here are a few, I've got several dozens: https://www.spamcop.net/mcgi?action=gettrack&reportid=6382913861 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382872229 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382951526 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382951828 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382951827 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382951826 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382861526 https://www.spamcop.net/mcgi?action=gettrack&reportid=6382856612 'Hope this helps. Link to comment Share on other sites More sharing options...
caltenba Posted November 19, 2015 Author Share Posted November 19, 2015 Well, I replied yesterday, but the answer seems to be stuck in the moderation queue forever. Link to comment Share on other sites More sharing options...
Lking Posted November 19, 2015 Share Posted November 19, 2015 Think I fixed the moderation queue issue.What you provided is the report ID. only you can see those. A tracking URL is at the top of the report screen and look like SpamCop v 4.8.3 © 2015 Cisco Systems, Inc. All rights reserved.Here is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6194739991zc72733dc32f75d73c24e6ca503ff84bbz Link to comment Share on other sites More sharing options...
caltenba Posted November 19, 2015 Author Share Posted November 19, 2015 Ah, I thought you could generate a tracking url by opening my link and clicking parse... OK, here is an example (generated from a recent report as just described): https://www.spamcop.net/sc?id=z6194746733z831572b32601ec53fae2dff7ed6f0c07z If this does not work, I'll wait for the next spam.... Link to comment Share on other sites More sharing options...
Lking Posted November 20, 2015 Share Posted November 20, 2015 Reporting of links in a spam is SpamCop's third priority. I would suggest reporting to http://www.knujon.comtheir major focus is the links as in "follow the money" Link to comment Share on other sites More sharing options...
petzl Posted November 20, 2015 Share Posted November 20, 2015 Ah, I thought you could generate a tracking url by opening my link and clicking parse... OK, here is an example (generated from a recent report as just described): https://www.spamcop.net/sc?id=z6194746733z831572b32601ec53fae2dff7ed6f0c07z If this does not work, I'll wait for the next spam.... Tried unsubscribe? http://coolinglevels.com/unsubscribe.php In all probability you never subscribed, but "they" have your email address Also in abuse complain to registrar 178.63.131.6 Registrar Abuse Contact Email: mailto:abuse[at]enom.com If this is porn spam get the abuse and registrar attention my boilerplate is Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS Link to comment Share on other sites More sharing options...
caltenba Posted November 21, 2015 Author Share Posted November 21, 2015 I doubt unsubscribing would make a difference. This is a brand new pattern that started a few days ago with several dozen messages. (usually I only get one or two spams per day) They all originate from compromised systems (mostly Europe) and the links are hosted all over the place. Link to comment Share on other sites More sharing options...
klappa Posted November 21, 2015 Share Posted November 21, 2015 Tried unsubscribe? http://coolinglevels.com/unsubscribe.php In all probability you never subscribed, but "they" have your email address Also in abuse complain to registrar 178.63.131.6 Registrar Abuse Contact Email: mailto:abuse[at]enom.com If this is porn spam get the abuse and registrar attention my boilerplate is Child porn spammer pictures under 18 or made to look under 18 NO PROOF OF AGE available! SENT TO MINORS A bit unrelated to this post im sorry for that but where did you find that abuse contact? Shouldn't he use abuse[at]hetzner.de instead? Do you know any good sites which handles and show abuse contacts? And caltenba use abuse[at]hetzner.de. If they don't respond contact the Cert division instead. Link to comment Share on other sites More sharing options...
petzl Posted November 22, 2015 Share Posted November 22, 2015 A bit unrelated to this post im sorry for that but where did you find that abuse contact? Shouldn't he use abuse[at]hetzner.de instead? Do you know any good sites which handles and show abuse contacts? And caltenba use abuse[at]hetzner.de. If they don't respond contact the Cert division instead. That abuse address is for the registrar for domain 178.63.131.6 (which also spams email from this IP) You can go to site by pasting a domain IP in browsers menu bar (not recommended as site may sometimes be malicious, use a text browser) hetzner.de is the Network Owner of IP 178.63.131.6 click your SpamCop reporting account preferences/Show Technical Details during reporting then "dot" "Show Technical Details during reporting" Any URL SpamCop then reports will show it's IP I use a FreeWare Windows program Win32Whois to give details of domain Registrant abuse address For Network owner I use a FreeWare Windows program IPNetInfo also to check abuse addresses given by SpamCop Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.