Jump to content

Russian URL's not understood in reported spam


fritz2cat
 Share

Recommended Posts

Hello,

Today I got a piece of spam for illegal medication, which contains a link in cyrillic.

(the website is: hxxp:// бъюч.емнв.рф/ )

Spamcop did recognise only the "http://" part.

The original source code shows: (tracking code replaced by x)

<a =href=3D"http://бъюч.емнв&=#46;рф?onlu=3Dx&uyktxx=3Dx">bÄ2<span style=3D"color:#0E0DF5; =font-size:24px"><strong>Ć Ƚ Ǐ C i=0;    Ȟ Ē Ŗ =Έ</strong></span>n©7</a>

when interpreted to UTF-8 becomes:

<a =
href=3D"http://бъюч.емнв&=
#46;рф?onlu=3Dx&uyktxx=3Dx">bÄ2
<span style=3D"color:#0E0DF5; =
font-size:24px"><strong>Ć Ƚ Ǐ C i=
0;    Ȟ Ē Ŗ =
Έ</strong>
</span>n©7</a>

and Spamcop does not understand anything when parsing:

Resolving link obfuscation
http://бъюч.емнв.рф?onlu=x&uyktxx=x
No recent reports, no history available
бъюч.емнв.рф is not a routeable IP address
Link to comment
Share on other sites

Those Cyrillic domains have been discussed before (you might find the discussion in previous topics in this section) and I think where we left off was that you can use something like http://centralops.net/co/DomainDossier.aspx to resolve and look for an abuse address to send a user-specified reporting address.

That one resolves to 112.145.153.59 (KR) and the nearest thing to an address that might receive reports seems to be security[at]powercomm.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...