Decrypting usenet headers, part 2

[Somnambulist]

So the troll/spammer has changed to Google Groups and is using a VPN for the IP, but all posts have a "posting-account" header, which is encoded, and I was wondering if anyone of you guys could see what kind of format it is and how to possibly decode it?

Here are some examples:

• VaXkVAoAAADbkEFbLXXJcNV34P1KTZKR
  
• Vm0uAgoAAABvTYeieyl4GElbOkHDqJYr
  
• v_2vHwoAAACkQKbseN841UEbqgaDTAQd
  

All seem to have a "AAA" part in them that feels like it is significant.

[royce]

I'm not familiar with that specific header, but - just speculating - it looks like a proprietary encoding/encryption scheme. When specific ecosystems (like Google) insert such public headers for their own private use, it's likely that part of the scheme includes a private component that only they know.

Regardless, hashcat does not support attacking this header.