[Spambayes] Exceptionally well-done identity-theft spam
tim.one at comcast.net
Mon Dec 29 20:05:19 EST 2003
>> The real kicker here is this URL:
>> which unmangles to:
>> I'm not about to visit that URL, but I'm almost certain
>> it will look just like a PayPal page and that 126.96.36.199
>> is not in PayPal's universe.
> I was curious, so had a look. It certainly does look nice and
> PayPal-like (although there's one little bit of broken html at the
Most of the links on the page point to graphics on the PayPal site, so they
couldn't look more genuine.
> (I removed the comekjhaskjqpwopwo in case that sent some
> sort of "Tim Peters is an idiot" message <wink>).
That's peculiar -- I *added* tony_meyer to it <wink>.
> Still curious, I tokenized the paypal.htm file, which scored .98 for
> me, but then I haven't trained on any PayPal mail either, so that's
> probably meaningless :) OTOH, urllib2 couldn't demangle the URL (the
> username bit, I think) so it would have actually generated a "bad
> url" token with the experimental URL 'slurper' option. Still, one
> token wouldn't make much difference.
Nope, it sure wouldn't. I tracked the IP address to this tiny block:
IP Address : 188.8.131.52-184.108.40.206
Network Name : KORNET-HOTLINE2003239528
Connect ISP Name : KORNET
Connect Date : 20031202
Registration Date : 20031224
This required going from an Anglocentric "whois" database, to an
Asian-Pacific one, and then to Korea. That seems darned hard to automate
too. If you want to complain, here's the contact info <heh>:
Name : inseob bak
Org Name : bakinseob
State : KYONGGI
Address : sehwajeongmil(ju) ho 0001 beonji 0707 namsabuk yonginsi
Zip Code : 111-222
Phone : +82-31-334-1511
E-Mail : ktmen1 at kt.co.kr
More information about the Spambayes