Re: CRYPTIC URL

From: InfoSec (infosec@hpjt.net)
Date: 12/06/01

• Previous message: Duncan Hill: "Re: CRYPTIC URL"
• In reply to: Kurt Keys: "CRYPTIC URL"
• Next in thread: Rassilon: "Re: CRYPTIC URL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "InfoSec" <infosec@hpjt.net>
To: "Kurt Keys" <kkeys@sddpc.org>, <focus-ms@securityfocus.com>
Date: Wed, 5 Dec 2001 19:55:43 -0500

Kurt,
Using SamSpade I came up with the following information:

12/05/01 19:46:38 dns
http://81.998.778.17-kotcfnc-scjxievv-vwvnxwi.htm@00000000120.000000001
27.0000000043.0000000016/od/index.html?redirect=tripod.lycos.com/napste
rofporn/freedownload/nop.htm

http://00000000120.00000000127.0000000043.0000000016/od/index.html?redi
rect=tripod.lycos.com/napsterofporn/freedownload/nop.htm using
authentication 81.998.778.17-kotcfnc-scjxievv-vwvnxwi.htm

Address 00000000120.00000000127.0000000043.0000000016 is 80.87.35.14

WHOIS 80.87.35.14:
inetnum: 80.87.35.0 - 80.87.35.255
netname: main1
descr: Main structure
country: RU
admin-c: BV619-RIPE
tech-c: BV619-RIPE
status: ASSIGNED PA
notify: boris3269@mail.com
mnt-by: VAN-MNT
mnt-lower: VAN-MNT
mnt-routes: VAN-MNT
changed: boris3269@mail.com 20011103
source: RIPE

route: 80.87.32.0/20
descr: Main structure
origin: AS21098
mnt-by: VAN-MNT
changed: boris3269@mail.com 20011110
source: RIPE

person: Boris Vasilashvilli
address: 622133, Moscow, Russia
address: Tomnaya str, 22
address: Main structure
phone: +7 3422 88346
e-mail: borvas@website2003.com
nic-hdl: BV619-RIPE
changed: borvas@website2003.com 20010115
source: RIPE

Web Browsing to this address gets a 403 Forbidden message from Apache
1.3.22 running on Unix.
That machine is not accepting mail either.

Hope this helps,

Hugh Pierce
ForenSec, Ltd.
Computer Forensics, Information Security, and Network Consulting.

----- Original Message -----
From: "Kurt Keys" <kkeys@sddpc.org>
To: <focus-ms@securityfocus.com>
Sent: Wednesday, December 05, 2001 5:52 PM
Subject: CRYPTIC URL

> Can anyone tell me how to decipher this URL???
> It was included in a message that came from
thenapsterofporn@yahoo.com
> and I have been tasked here at work to find out where this came from.
>
>
>
http://81.998.778.17-kotcfnc-scjxievv-vwvnxwi.htm@00000000120.000000001
27.0000000043.0000000016/od/index.html?redirect=tripod.lycos.com/napste
rofporn/freedownload/nop.htm
>
>
> Thanks in advance.
> Respectfully,
> Kurt Keys
>
>
>
>
>

---

• Previous message: Duncan Hill: "Re: CRYPTIC URL"
• In reply to: Kurt Keys: "CRYPTIC URL"
• Next in thread: Rassilon: "Re: CRYPTIC URL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: CRYPTIC URL ... RIPE returns: ... mnt-by: VAN-MNT ... mnt-lower: VAN-MNT ... Subject: CRYPTIC URL ... (Focus-Microsoft) RE: CRYPTIC URL ... Subject: CRYPTIC URL ... RIPE returns: ... mnt-by: VAN-MNT ... mnt-lower: VAN-MNT ... (Focus-Microsoft)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-12