Jump to content

Russian URL's not understood in reported spam


fritz2cat

Recommended Posts

Hello,

Today I got a piece of spam for illegal medication, which contains a link in cyrillic.

(the website is: hxxp:// бъюч.емнв.рф/ )

Spamcop did recognise only the "http://" part.

The original source code shows: (tracking code replaced by x)

<a =href=3D"http://бъюч.емнв&=#46;рф?onlu=3Dx&uyktxx=3Dx">bÄ2<span style=3D"color:#0E0DF5; =font-size:24px"><strong>Ć Ƚ Ǐ C i=0;    Ȟ Ē Ŗ =Έ</strong></span>n©7</a>

when interpreted to UTF-8 becomes:

<a =
href=3D"http://бъюч.емнв&=
#46;рф?onlu=3Dx&uyktxx=3Dx">bÄ2
<span style=3D"color:#0E0DF5; =
font-size:24px"><strong>Ć Ƚ Ǐ C i=
0;    Ȟ Ē Ŗ =
Έ</strong>
</span>n©7</a>

and Spamcop does not understand anything when parsing:

Resolving link obfuscation
http://бъюч.емнв.рф?onlu=x&uyktxx=x
No recent reports, no history available
бъюч.емнв.рф is not a routeable IP address
Link to comment
Share on other sites

Those Cyrillic domains have been discussed before (you might find the discussion in previous topics in this section) and I think where we left off was that you can use something like http://centralops.net/co/DomainDossier.aspx to resolve and look for an abuse address to send a user-specified reporting address.

That one resolves to 112.145.153.59 (KR) and the nearest thing to an address that might receive reports seems to be security[at]powercomm.com

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...