Jump to content

Recommended Posts

Posted

I just got some spam in an Outlook account, and so the links in the email had the safelinks.protection.outlook.com stuff that Microsoft adds. 

I would have expected that SpamCop would ignore that bit, and work on the URL that is the final destination, but that doesn't seem to be the case as the Resolving link obfuscation section of the parser just did

https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
   Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
   Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0

and then the Tracking link section did

https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
No recent reports, no history available
Unescaped: https://kor01.safelinks.protection.outlook.com/?url=http://twingirls.fc2web.com/f.html&data=05|02||af6894b1776842d009de08dc4d780dc8|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|638470425300444050|unknown|twfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0=|0|||&sdata=m6xtfdxrk4s1em/t8xai1kbssdk51zl6rnio1d0axz4=&reserved=0
Host kor01.safelinks.protection.outlook.com (checking ip) = 52.102.12.172
Resolves to 52.102.12.172
Routing details for 52.102.12.172
[refresh/show] Cached whois for 52.102.12.172 : abuse@microsoft.com
Using best contacts sewr@senpluspluseop.onmicrosoft.com

Microsoft isn't responsible for the likely dodgy site twingirls[dot]fc2web[dot]com, so there doesn't seem to be much point telling them about it, so should I be reporting those links? 

It would be much more sensible if SpamCop could report to the owner of twingirls[dot]fc2web[dot]com, so is there a reason why it's not doing that?

Thanks

Posted
4 hours ago, atarspam said:

I just got some spam in an Outlook account, and so the links in the email had the safelinks.protection.outlook.com stuff that Microsoft adds. 

I would have expected that SpamCop would ignore that bit, and work on the URL that is the final destination, but that doesn't seem to be the case as the Resolving link obfuscation section of the parser just did

https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
   Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
   Percent unescape: https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0

and then the Tracking link section did

https://kor01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwingirls.fc2web.com%2Ff.html&data=05%7C02%7C%7Caf6894b1776842d009de08dc4d780dc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638470425300444050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=m6xTFDXrk4S1eM%2Ft8xAI1kBSSdK51Zl6rNiO1D0axZ4%3D&reserved=0
No recent reports, no history available
Unescaped: https://kor01.safelinks.protection.outlook.com/?url=http://twingirls.fc2web.com/f.html&data=05|02||af6894b1776842d009de08dc4d780dc8|84df9e7fe9f640afb435aaaaaaaaaaaa|1|0|638470425300444050|unknown|twfpbgzsb3d8eyjwijoimc4wljawmdailcjqijoiv2lumziilcjbtii6ik1hawwilcjxvci6mn0=|0|||&sdata=m6xtfdxrk4s1em/t8xai1kbssdk51zl6rnio1d0axz4=&reserved=0
Host kor01.safelinks.protection.outlook.com (checking ip) = 52.102.12.172
Resolves to 52.102.12.172
Routing details for 52.102.12.172
[refresh/show] Cached whois for 52.102.12.172 : abuse@microsoft.com
Using best contacts sewr@senpluspluseop.onmicrosoft.com

Microsoft isn't responsible for the likely dodgy site twingirls[dot]fc2web[dot]com, so there doesn't seem to be much point telling them about it, so should I be reporting those links? 

It would be much more sensible if SpamCop could report to the owner of twingirls[dot]fc2web[dot]com, so is there a reason why it's not doing that?

Thanks

sounds like porn spam. To attack such porn sites you need to find the registrar, SpamCop doesn't just finds the IP of the Website.
If there is no registrar then you need to tell the IP owner, otherwise they cannot act.
Also usually these porn sites are phishing for credit cards and blackmail.
You need to send a complaint to the Feds if the Site is registered in USA "phishing-report[AT]us-cert[DOT]gov"
in windows I use this free program to find a Registrar  https://www.gena01.com/win32whois/
Also if porn report as Child abuse most do not have on file the the pictures are over 18 (legal requirement)
My boiler plate for Child porn is below, Don't worry about what the registrar may say, this is a matter for the FED's to decide
And you have notified the Registrar which means they are then compliant as pedophiles if and when the FED acts.

Child porn phishing spammer spammer
pictures under 18 or made to look under 18
NO PROOF OF AGE available!
SENT TO MINORS

2257 Regulations (C.F.R. Part 75), part of the United States Code of Federal Regulations, require producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.

"unless the websites “perform reasonable age verification methods” — in short, requiring users to show government ID to prove they are 18 or older."

No working unsubscribe

 

Posted
I prefer downloading my emails using either html raw or an imap client to get the original email that doesn't change all the links to the "outlook protection".

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...