Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This is a spammer that emailed me from a friend's hacked hotmail account:
- Delivered-To: **********ME********
- Received: by 10.227.139.207 with SMTP id f15cs133852wbu;
- Sun, 19 Sep 2010 21:59:29 -0700 (PDT)
- Received: by 10.150.11.9 with SMTP id 9mr8441901ybk.295.1284958767581;
- Sun, 19 Sep 2010 21:59:27 -0700 (PDT)
- Return-Path: <****hacked*email*account****@hotmail.com>
- Received: from bay0-omc1-s16.bay0.hotmail.com (bay0-omc1-s16.bay0.hotmail.com [65.54.190.27])
- by mx.google.com with ESMTP id q5si4959682ybe.79.2010.09.19.21.59.27;
- Sun, 19 Sep 2010 21:59:27 -0700 (PDT)
- Received-SPF: pass (google.com: domain of ****hacked*email*account****@hotmail.com designates 65.54.190.27 as permitted sender) client-ip=65.54.190.27;
- Authentication-Results: mx.google.com; spf=pass (google.com: domain of ****hacked*email*account****@hotmail.com designates 65.54.190.27 as permitted sender) smtp.mail=****hacked*email*account****@hotmail.com
- Received: from BAY146-W12 ([65.54.190.61]) by bay0-omc1-s16.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
- Sun, 19 Sep 2010 21:59:14 -0700
- Message-ID: <BAY146-w12D9F760E96DDE2ECFF2AB9E7E0@phx.gbl>
- Return-Path: ****hacked*email*account****@hotmail.com
- Content-Type: multipart/alternative;
- boundary="_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_"
- X-Originating-IP: [186.61.0.106]
- Reply-To: <****hacked*email*account****@hotmail.com>
- From: w******* P********* (real original owner's name) <****hacked*email*account****@hotmail.com>
- To: <**********ME********>
- CC: 26 of his contacts (that might be all he had)
- Subject:
- Date: Sun, 19 Sep 2010 21:59:13 -0700
- Importance: Normal
- MIME-Version: 1.0
- X-OriginalArrivalTime: 20 Sep 2010 04:59:14.0396 (UTC) FILETIME=[924FE9C0:01CB5880]
- --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_
- Content-Type: text/plain; charset="iso-8859-1"
- Content-Transfer-Encoding: quoted-printable
- http://angelfire.com/murphyjedypa/lypagy.html Telecomminicatung from ohme a=
- nd earn big monye
- =
- --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_
- Content-Type: text/html; charset="iso-8859-1"
- Content-Transfer-Encoding: quoted-printable
- <html>
- <head>
- <style><!--
- .hmmessage P
- {
- margin:0px=3B
- padding:0px
- }
- body.hmmessage
- {
- font-size: 10pt=3B
- font-family:Tahoma
- }
- --></style>
- </head>
- <body class=3D'hmmessage'><a href=3D'http://angelfire.com/murphyjedypa/lypa=
- gy.html'>http://angelfire.com/murphyjedypa/lypagy.html</a> Telecomminicatun=
- g from ohme and earn big monye<br> </body>
- </html>=
- --_b40bc0c4-9e26-490f-9866-1fa4ad70f9db_--
- Please take note that the spam email tells you to visit:
- http://angelfire.com/murphyjedypa/lypagy.html
- The problem with that site is this first line of code:
- <script type="text/javascript">
- window.location = "http://redirectservice.ru/business/2010-live70/"
- </script>
- You can see that the code causes you to be redirected from that angelfire link to a Russian site.
- I am contacting Lycos about the spam on Angelfire because Lycos owns Angelfire and going to Angelfire supports refers me to Lycos.
- This is the page I am refereed to:
- http://info.lycos.com/copyright.php
- Also to see the spam site itself to see the redirection code (only do this if you are an experienced spam fighter or you may endanger your computer / security) is to view it only in http://web-sniffer.net/
- I viewed it also Sandboxed to see the redirect and since I have scriptblocker on (didn't want to disable it without first checking out the security on the site it would redirect me to) and took a picture and uploaded it here:
- http://imgur.com/Aitpt.jpg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement