[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: New stuff in parser

J G anon at coks.net
Fri Jul 29 19:00:23 EDT 2005 

On 7/29/2005 5:38 PM Don Wannit scribbled:

> Hey, neat!  I just noticed some parser output I've never seen
> before, showing decoding of an obfuscated URL (only shown in
> "technical details", of course)
> 
> http://www.spamcop.net/sc?id=z791230527ze8426fd857093d6fdc6116e67c704a7ez
> 
> Is this new stuff from Julian, or did I only now get a spamvertized
> URL that triggered it?
> 

Don't know what you are referring to, but SC could /not/ deobfuscate the
notify URL www. livelifeinsurance.com, no surprise since it is:
Listed in:
*  sbl.spamhaus.org
194.126.189.18 is a known spam source

Searching for information on:
  IP(194.126.189.18)  livelifeinsurance.com: Spam source
Searching for abuse addresses in the cache
  No hits in the cache
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag

% Information related to '194.126.188.0 - 194.126.191.255'

inetnum:        194.126.188.0 - 194.126.191.255
netname:        Tekcom
descr:          Tekcom Project
country:        RU
org:            ORG-TP17-RIPE
admin-c:        MV3243-RIPE
tech-c:         MV3243-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-HM-PI-MNT
mnt-by:         MNT-TEKCOM
mnt-lower:      RIPE-NCC-HM-PI-MNT
mnt-routes:     MNT-TEKCOM
mnt-domains:    MNT-TEKCOM
source:         RIPE # Filtered

organisation:   ORG-TP17-RIPE
org-name:       Tekcom Project
org-type:       NON-REGISTRY
address:        Russian Federation
address:        Moscow
address:        Verxniya Radichenskava St. 3-1
e-mail:         mixailovich at tekcom.ru
admin-c:        MV3243-RIPE
tech-c:         MV3243-RIPE
mnt-ref:        MNT-TEKCOM
mnt-by:         MNT-TEKCOM
source:         RIPE # Filtered

person:         Mikhail Vlasov
address:        Russian Federation
address:        Moscow
address:        Verxniya Radichenskava St. 3-1
e-mail:         mixailovich at tekcom.ru
phone:          +7 921 9246323
nic-hdl:        MV3243-RIPE
source:         RIPE # Filtered

% Information related to 'ORG-TP17-RIPE'

route:          194.126.188.0/22
descr:          Tekcom, Moscow, Russia
origin:         AS35060
mnt-by:         MNT-TEKCOM
source:         RIPE # Filtered

I see you use spamcop mail so maybe you see something I don't, but the
program has been atempting to deobfuscate for quite a while (in internet
time a while = 1 week)...

More information about the SpamCop-List mailing list