Clicky
Last visit was: Fri Jul 04, 2014 9:38 pm
It is currently Fri Jul 04, 2014 9:38 pm

Stupid URLs


All times are UTC - 5 hours [ DST ]


 [ 15 posts ] 
Author Message
 PostPosted: Fri Mar 04, 2011 1:28 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
This URL is very stupid, has an @ sign in it. I do know that people who are new to the internet often insert an @ when they are trying to say a domain name, they will often mix it up with an email address: [email protected]

:roll:
URL in this spam: www [email protected]/Wsz4YDc6UG.html

Sender IP: X-SOURCE-IP: [82.71.204.27]

sample:
________________________________________
From: ВКонтакте.ру [[email protected]]
Sent: Saturday, February 05, 2011 8:40 AM
To: xxxxxxxx
Subject: life of viagra

boundary="----------A9A1442D26B7E"

------------A9A1442D26B7E

<p>
<a href="hxxp://[email protected]/Wsz4YDc6UG.html">natural herbs used as viagra</a></p>

------------A9A1442D26B7E--


Top
 Profile  
 PostPosted: Fri Mar 04, 2011 2:59 pm   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
Using @ in a URL is usually for logging in a site requiring authentication, in the form username:[email protected], and that's what FireFox tried to do in this case, too:

Quote:
You are about to log into the site "wa-p.by.ru" with the username "www%2Esasha", but the website does not require authentication. This may be an attempt to trick you.

It's obviously a spammer mistake. wa-p.by.ru/Wsz4YDc6UG.html redirects to tabletshealthmedsplus.com, which is a Canadian Neighbor Pharmacy site.

_________________
Arf, she said


Top
 Profile  
 PostPosted: Fri Mar 04, 2011 3:42 pm   
Spammers' Nightmare
User avatar

Joined: Thu Apr 05, 2007 4:10 pm
Posts: 2777
Yea, that is right, a URL for FTP contains an @ as in ftp://user:[email protected]

I forgot to mention that specifically in my earlier post. Thanks, Nodus.


Top
 Profile  
 PostPosted: Mon Apr 04, 2011 5:45 am   
Spam Muncher
User avatar

Joined: Thu Dec 25, 2008 8:39 pm
Posts: 786
I still smile when I see this one.
tabletnastyspillsrx.at
:lol:

_________________
Verloren ist nur, wer sich selbst aufgibt!


Top
 Profile  
 PostPosted: Mon Apr 04, 2011 11:04 am   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Volksjaeger wrote:
I still smile when I see this one.
tabletnastyspillsrx.at
:lol:
OK, then, for more fun, you might use the service http://wheregoes.com/ to view the current destinations of the unsavory redirection URL
    hXXp://www.ela.region-rabka.pl/go.friend.php
The destinations alternate with a short time interval.

By the way, I have a slightly redacted specimen of malware-generated email that promotes the tabletnastyspillsrx.at online pharmacy scam; I have a few simple questions about the authenticity of its message headers. It was transmitted through the Comcast network in the northeastern USA. Would anyone on InBoxRevenge be familiar with Comcast headers and be willing to take a look?


Top
 Profile  
 PostPosted: Mon Apr 04, 2011 7:10 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
NotBuyingIt wrote:
OK, then, for more fun, you might use the service http://wheregoes.com/ to view the current destinations of the unsavory redirection URL
    hXXp://www.ela.region-rabka.pl/go.friend.php
The destinations alternate with a short time interval.

>www.ela.region-rabka.pl/go.friend.php - - (80.53.55.74)
redirects to sites

drugstorechain.at/index.php?product=11
medsrxtablets.at/index.php?product=19
pharmacydrugstorechains.at/index.php?product=14
tabletnastyspillsrx.at/index.php?product=13

Registered on NIC.AT by Russian registrants

The last 2 digits vary from 11 to 99


Top
 Profile WWW  
 PostPosted: Tue Apr 19, 2011 12:44 pm   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
quick-slimer.ru

Somehow I suspect they have forgotten another 'm' from there... :)

_________________
Arf, she said


Top
 Profile  
 PostPosted: Wed Jul 27, 2011 11:47 am   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
idiotreturn.com (Greenline Pharmacy)

"So, you didn't get it the first time you were ripped off, did you..."

_________________
Arf, she said


Top
 Profile  
 PostPosted: Thu Aug 11, 2011 11:12 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
What dickhead ViaGrow spammer tries to sell penile enlargement meds on a domain name like burstdick.com ?

The same one who also uses the uninspiring domain minispenis.com I suppose.


Top
 Profile WWW  
 PostPosted: Fri Dec 02, 2011 11:22 am   
Spammer Obliterator
User avatar

Joined: Fri Jun 15, 2007 7:05 pm
Posts: 2261
talibandietpharm.be

What kind of images does that bring to your mind? Surely not those of any legitimate Canadian pharmacy (Canadian Health&Care Mall).

:roll:

_________________
Arf, she said


Top
 Profile  
 PostPosted: Tue Dec 13, 2011 3:52 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
http://steve-gasque-this-site-serves-malware-courtesy-steve-gasque-8515woodhaven-bethesda-steve-is-pornhost-greenguy-steve-gasque-is-phoney-remax-agent-launders-money-via-mortgage-fraud.justupp.com

The one-day-wonder

Domain Name: JUSTUPP.COM
Registrar: CENTER OF UKRAINIAN INTERNET NAMES
CLIENT HOLD
Creation Date: 16-Oct-2011
Modification Date: 16-Oct-2011

Domain servers in listed order:
ns1.tenten10.ru
ns2.tenten10.ru
ns3.monday-thuesday.ro

Registrant:
Svetlana Poltavceva [email protected]
ul. Leninskaya 17 43
Yubileynyy, 141090
RUSSIAN FEDERATION
+7.4956548754


Top
 Profile WWW  
 PostPosted: Tue Dec 13, 2011 5:18 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Red Dwarf wrote:
Registrant:
Svetlana Poltavceva [email protected]
ul. Leninskaya 17 43
Yubileynyy, 141090
RUSSIAN FEDERATION
+7.4956548754


I've seen that before:
http://spamtrackers.eu/wiki/index.php/H ... #Targets_2


Top
 Profile  
 PostPosted: Tue Dec 13, 2011 10:51 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Domaintools reports:

Current Domains 3,450

Email Search:
Svetlana Poltavceva poltavtzeva.svetlana@yandex.ru
is associated with about 3,429 domains

Déjà vu alright!


Top
 Profile WWW  
 PostPosted: Thu Dec 15, 2011 11:31 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Red Dwarf wrote:
http://steve-gasque-this-site-serves-malware-courtesy-steve-gasque-8515woodhaven-bethesda-steve-is-pornhost-greenguy-steve-gasque-is-phoney-remax-agent-launders-money-via-mortgage-fraud.justupp.com

The one-day-wonder

That's certainly interesting though, at least to me.

Someone has a vendetta against GreenGuy, who is actually VERY well known on porn spamming forums - and porn industry forums, notably gfy.com.

I wasn't aware of the mortgage fraud angle. I might just go on a little hunt to see i that bears out.

What was the topic of the spam that featured this url?

Interesting.

SiL


Top
 Profile  
 PostPosted: Thu Dec 15, 2011 3:33 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
spamislame wrote:
What was the topic of the spam that featured this url?

Interesting.


I can't help you there, I just spotted it in a passive DNS listing and yes, it did catch my eye !


Top
 Profile WWW  
 [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008