Solved

encoded url's in spam email

Posted on 2004-10-18
9
159 Views
Last Modified: 2013-12-04
Anyone know of an app to decrypt url's like this one
http://%32%31%36%2E%32%30%37%2E%36%30%2E%33%36:%38%37/%73%74/%69%6E%64%65%78%2E%68%74%6D
I know these "phishing" emails all seem to point to some url and then port 87, i would like to decrypt this url to find the port 87 part.
Thanks.
0
Comment
Question by:TuscolaCounty
  • 4
  • 4
9 Comments
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12338577
216.207.60.36:38/st/index.htm

Open your Character Map (Start>Programs>Accesories>System Tools). Select a Unicode font (look for any that has the big "O" icon.) Hitting on any of the regular letters and numbers will display their Unicode code.

Good Vibes!

Lobo
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 250 total points
ID: 12338581
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12338592
The above software , you can just open the software after installing.

Then go to Tasks --> URL decoder
paste the url that you have in the email and press OK and it should give you the result..
0
 

Author Comment

by:TuscolaCounty
ID: 12338640
Which version of the software? Workstation?
And the character map thing, I am not able to find how to decode using that.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 

Author Comment

by:TuscolaCounty
ID: 12338647
wait, wrong software, i downloaded netdemon, will try. tnx
0
 

Author Comment

by:TuscolaCounty
ID: 12338670
ok, netdemon has decoded the url, here is it's findings: But it doesn't tell me which part of the coded url is the port 87 part.

http://%32%31%36%2E%32%30%37%2E%36%30%2E%33%36:%38%37/%73%74/%69%6E%64%65%78%2E%68%74%6D

--- Decoded all hex characters: (note: this result may not be a valid URL)

http://216.207.60.36:87/st/index.htm

--- Broken down URL components:

 Protocol:  http
     Host:  216.207.60.36
     Port:  0
     Path:  /st/
     File:  index.htm

--- Decoded URL:

http://216.207.60.36:0/st/index.htm

--- resolving IP [216.207.60.36], please wait...

 216-207-60-36.gssmail.com [216.207.60.36]
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12338690
TuscolaCounty,

Why do you want to know about port 87 and where did you find it
0
 

Author Comment

by:TuscolaCounty
ID: 12338992
We receive "phishing" emails (spam of sort) and are trying to block them through our email server anti-spam filter. They are quite hard to block because there is reallyno unique body text, url, from address or anything else. The one thing they all seem to have in common is that whatever url they are pointing at is set to use port 87.
See above analisys from netdemon.
I have figured a way to block them though, set up a rule to block any email containing body text http://%
And it catches the encoded urls.
Giving the points to sunray 2003 for the link to netdemon.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 12339011
Glad i was able to assist
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now