anyone up for a little spam analysis?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Gary Nichols
Date:  
Subject: anyone up for a little spam analysis?
Whoops I didn't go down the header.. see what happens when I take a few days
off. *brain lock*


-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Gorman,
John
Sent: Thursday, March 29, 2001 2:28 PM
To: ''
Subject: RE: anyone up for a little spam analysis?


What is this script doing? Going through differnt wet sites?

Anybody have more insight on this?

The "Received: from 96139.com ([202.107.34.130])" is actually coming from
China:

inetnum:     202.107.0.0 - 202.107.127.255
netname:     CHINANET-LN
descr:       CHINANET Liaoning province network
descr:       Data Communication Division
descr:       China Telecom
country:     CN
admin-c:     CH93-AP
tech-c:      ZZ49-AP
mnt-by:      MAINT-CHINANET
mnt-lower:   MAINT-CN-CHINANET-LN
changed:      20010307
source:      APNIC


person:      Chinanet Hostmaster
address:     A12,Xin-Jie-Kou-Wai Street
phone:       +86-10-62370437
fax-no:      +86-10-62053995
country:     CN
e-mail:      
nic-hdl:     CH93-AP
mnt-by:      MAINT-CHINANET
changed:      20000101
source:      APNIC


person:      Zhang Tielong Zhang Tielong
address:     Liaoning Shenyang
phone:       +86-24-22801997
fax-no:      +86-24-22800376
country:     CN
e-mail:      
nic-hdl:     ZZ49-AP
mnt-by:      MAINT-NEW
changed:      19990416
source:      APNIC


And
===

Domain Name:96139.com


Registrant:
Liaoning Mobile Information Industry Ltd
        No.79-1,Nan shi Road,Heping District
        Shenyang Shenyang 110005
        China



Administrative Contact:
Gao ChunLin
        ShenYang Public Information Property CO. LTD.
        NO.268 DAXI ROAD,SHENHE DISTRICT,SHENYANG,
        ShenYang Shenyang 110014
        China
        tel: 86 024 22945649
        fax: 86 024 22865151
        


Technical Contact:
Gao ChunLin
        ShenYang Public Information Property CO. LTD.
        NO.268 DAXI ROAD,SHENHE DISTRICT,SHENYANG,
        ShenYang Shenyang 110014
        China
        tel: 86 024 22945649
        fax: 86 024 22865151
        


Billing Contact:
Wang DongQi
        ShenYang Public Information Property CO. LTD.
        NO.268 DAXI ROAD,SHENHE DISTRICT,SHENYANG,
        ShenYang Shenyang 110014
        China
        tel: 86 024 22945649
        fax: 86 024 22865151
        


 Registration Date: 2000-11-03
       Update Date: 2001-02-27
   Expiration Date: 2002-11-03


    Primary DNS:  ns.sy163.net          202.96.64.84
  Secondary DNS:  ns.cn-clic.com        202.96.82.68



John

-----Original Message-----
From: Gary Nichols [mailto:gnichols@qwest.net]
Sent: Thursday, March 29, 2001 1:32 PM
To:
Subject: RE: anyone up for a little spam analysis?


Forward that to . Whoever is at 24.0.95.232 is either
knowingly (or maybe unknowingly!) passing out spam. They are good at
sticking to their AUP.



-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Lucas
Vogel
Sent: Thursday, March 29, 2001 1:27 PM
To: plug1
Subject: anyone up for a little spam analysis?


I got an interesting piece of spam today, and I'm not entirely sure what
it's doing.

the source code:

----------------------------------------------------------

Return-Path: <>
Received: from mh7-sfba.mail.home.com ([24.0.95.236])
          by mail1.rdc1.az.home.com (InterMail vM.4.01.03.00 201-229-121)
          with ESMTP
          id
<>
          for <>;
          Thu, 29 Mar 2001 10:00:04 -0800
Received: from mx7-sfba.mail.home.com (mx7-sfba.mail.home.com [24.0.95.232])
    by mh7-sfba.mail.home.com (8.9.3/8.9.0) with ESMTP id KAA23931
    for <>; Thu, 29 Mar 2001 10:00:03 -0800 (PST)
From: 
Received: from 96139.com ([202.107.34.130])
    by mx7-sfba.mail.home.com (8.11.1/8.11.1) with ESMTP id f2TI01p20903
    for <>; Thu, 29 Mar 2001 10:00:01 -0800 (PST)
Received: from PACMAN_[207.94.232.21] [207.94.232.21] by 96139.com
  (SMTPD32-6.06 EVAL) id A4716A0114; Thu, 29 Mar 2001 20:02:57 +0800
Received: from mail-in.pol.net.uk by PACMAN with ESMTP; Thu, 29 Mar 2001
06:04:27 -0600
Message-ID: <>
To: <>
Subject: The economy needs a 2nd wind                         5078
Date: Thu, 29 Mar 2001 06:04:20 -0600
MIME-Version: 1.0
Content-Type: text/html;
    charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
Reply-To: 


<HTML>
<BODY>

<HEAD>
<meta http-equiv=3D"Page-Enter" CONTENT=3D"RevealTrans(Duration=3D4,Transi=
tion=3D10)">
<script language=3D"JavaScript"> <!--

var message=3D"Sorry, that function is disabled."; // Message for the aler=
t box

// Don't edit below!
function closeit() {

     window.close()


}
function intro()
{
    if ((navigator.appVersion.indexOf("Mac")!=3D-1) &&
(navigator.userAgent.indexOf("MSIE")!=3D-1) &&
(parseInt(navigator.appVersion)=3D=3D4))
    {
    skip()
    }
    else
    {
    popup()
    }


}
function skip()
{
    location.href=3D"http://www.hongkong.com";
}
function popup()
{
    version =3D
parseFloat(navigator.appVersion.substring(navigator.appVersio=
n.indexOf('.')-1,navigator.appVersion.length));
    if (version >=3D 4)
    version =3D
parseFloat(navigator.appVersion.substring(navigator.appVersio=
n.indexOf('.')-1,navigator.appVersion.length));
    if (version >=3D 4)


    {
    if (navigator.appName=3D=3D"Netscape")
 {
    Hello =3D window.open("http://www.members.geocities.com%40www.foreigne=
xchange.i85.net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www=
myplaceonthenet.hypermart.net+cgi=3DSource&Location_override=3Dwww.curren=
/=3D?redirect=3D209.185.151.131@www.curdi=
gitaldatastreamcomputernetworking.com/redirect.cgi?-refer#4908732?http://g=
eocities.net/majorcomputernetworking:endofline.com?needanumeralhexadec.com=
:1.5.4://redirect?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?d=
igitaldatastreamcomputernetworking.com/main.html?http://geocities.net/majo=
rcomputernetworking:endofline.com?http://www.delhadata.com:1.5.4://redirec=
t:ebay.com/hobbies/http://mnumeralhexadecimal.com?12.5.102.4/","Hello","sc=
rollbars");
    Hello.focus();


}


if (navigator.appName=3D=3D"Microsoft Internet Explorer")
        {


window.open("http://www.members.geocities.com%40www.foreignexchange.i85=
net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www.myplaceont=
henet.hypermart.net+cgi=3DSource&Location_override=3Dwww.currencyexchange.=
/=3D?redirect=3D209.185.151.131@www.curdigitaldatast=
reamcomputernetworking.com/redirect.cgi?-refer#4908732?http://geocities.ne=
t/majorcomputernetworking:endofline.com?needanumeralhexadec.com:1.5.4://re=
direct?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?digitaldatas=
treamcomputernetworking.com/main.html?http://geocities.net/majorcomputerne=
tworking:endofline.com?http://www.delhadata.com:1.5.4://redirect:ebay.com/=
hobbies/http://mnumeralhexadecimal.com?12.5.102.4/","screen","fullscreen=3D=
yes");
        }
    }
    else
    {


location.href=3D"http://www.members.geocities.com%40www.foreignexchange.=
i85.net%40www.cybercafe.envy.nu:209.247.194.44=3Dredirect=3D%40www.myplace=
onthenet.hypermart.net+cgi=3DSource&Location_override=3Dwww.currencyexchan=
/=3D?redirect=3D209.185.151.131@www.curdigitaldat=
astreamcomputernetworking.com/redirect.cgi?-refer#4908732?http://geocities=
net/majorcomputernetworking:endofline.com?needanumeralhexadec.com:1.5.4:/=
/redirect?ebay.com/hobbies/http://mnumeralhexadec.com?12.5.102.4?digitalda=
tastreamcomputernetworking.com/main.html?http://geocities.net/majorcompute=
rnetworking:endofline.com?http://www.delhadata.com:1.5.4://redirect:ebay.c=
om/hobbies/http://mnumeralhexadecimal.com?12.5.102.4/";
    }


}
function click(e) {
if (document.all) {
if (event.button =3D=3D 2) {
alert(message);
return false;
}
}
if (document.layers) {
if (e.which =3D=3D 3) {
alert(message);
return false;
}
}
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
}
document.onmousedown=3Dclick;
// --> </script>

    <META NAME=3D"GENERATOR" Content=3D"Microsoft FrontPage 4.0">
    <META HTTP-EQUIV=3D"Content-Type"
CONTENT=3D"text/html;CHARSET=3Diso-8859=
-1">
    <TITLE>Hello</TITLE>
</HEAD>


<BODY BGCOLOR=3D"#0000AA" LINK=3D"#000000" onLoad=3D"intro()">

<P><SCRIPT LANGUAGE=3D"Javascript">
</SCRIPT>


</BODY>

</HTML>
<p><p><p><p><p><p><p><p><p><p>







<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"><p><HTML><p><p><p><p>
</BODY>
</HTML>


----------------------

Lucas

________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss