SPAM: Generic Viagra. Free Consultation n
Actually, the spammer used base64 encoded text in the Subject:
=?ISO-8859-1?b?R2VuZXJpYyBWaWFncmEuIEZyZWUgQ29uc3VsdGF0aW9u?= n
Fraudulent claim of security:
"All information you enter into this form will be sent to
the server through 128-bit Secure HTTP connection (SSL)."
while credit card numbers are sent insecurely and unencrypted to:
http://www.upforgrabs2u.com/c/submit.php
---
Spam FROM: AMontpellier-101-1-1-109.w80-15.abo.wanadoo.fr [80.15.115.109]
postmas...@wanadoo.fr,ab...@wanadoo.fr
Spamvertized URL: http://www.upforgrabs2u.com/c/index.php?AFF_ID=b1
at IP address 211.22.31.226 on hinet.net.
s...@ms1.hinet.net
==========
[DETAILS:]
SPAM FROM: AMontpellier-101-1-1-109.w80-15.abo.wanadoo.fr [80.15.115.109]
inetnum: 80.15.115.0 - 80.15.115.255
netname: IP2000-ADSL-BAS
remarks: postmas...@wanadoo.fr AND ab...@wanadoo.fr
SPAMVERTIZED URL: http://www.upforgrabs2u.com/c/index.php?AFF_ID=b1
'[a href="http://www.upforgrabs2u.com/c/index.php?AFF_ID=b1"]
Click Here to Order NOW[/a]'
* Connected to 211.22.31.226
Host: www.upforgrabs2u.com
Yu, Shao
Netblock: 211.22.31.224 - 211.22.31.231
Shao Yu (SY104-TW) hn87403...@hn.hinet.net
BGP routing shows this to be on Autonomous System Number 3462
aut-num: AS3462
as-name: HINET
[whois.abuse.net]
s...@ms1.hinet.net (for hinet.net)
===========================================================
[ORIGINAL SPAM: with angle brackets, such as "<", converted
to square brackets, such as "[", so as not
to affect HTML enabled mail/news readers.]
Return-Path: <na2...@aol.com>
Received: from _my_isp_ (_my_isp_ [xxx.xxx.xxx.xxx])
by _my_isp_ (xxx) with ESMTP id h97HnDDZ011880;
Tue, 7 Oct 2003 13:49:13 -0400 (EDT)
(envelope-from na2...@aol.com)
Received: from AMontpellier-101-1-1-109.w80-15.abo.wanadoo.fr (AMontpellier-101-1-1-109.w80-15.abo.wanadoo.fr [80.15.115.109])
by _my_isp_ (xxx) with SMTP id h97HliIq031758;
Tue, 7 Oct 2003 13:47:58 -0400 (EDT)
(envelope-from na2...@aol.com)
Received: from [216.100.45.252]
by AMontpellier-101-1-1-109.w80-15.abo.wanadoo.fr with SMTP;
Tue, 07 Oct 2003 12:43:56 -0500
Message-ID: <8ha0an$sp$$273g$-gk$2elrx0@wnsf6y1e4nr>
From: "Alba Rubio" <na2...@aol.com>
Reply-To: "Alba Rubio" <na2...@aol.com>
Subject: =?ISO-8859-1?b?R2VuZXJpYyBWaWFncmEuIEZyZWUgQ29uc3VsdGF0aW9u?= n
Date: Tue, 07 Oct 03 12:43:56 GMT
X-Mailer: Microsoft Outlook Express 5.00.2615.200
xxxMIME-Version: 1.0
xxxContent-Type: multipart/alternative;
xxx boundary="C67.B02A.8CB.FD"
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-Status: Yes, hits=24.7 required=7.0
tests=BAYES_90,CLICK_BELOW,DATE_IN_PAST_03_06,DOMAIN_4U2,
FORGED_MUA_OUTLOOK,FREE_CONSULTATION,HTML_70_80,
HTML_FONT_BIG,HTML_FONT_COLOR_BLUE,HTML_FONT_FACE_ODD,
INCH_GENERIC_VIAGRA,INCH_OUTLOOK_FAKED,INCH_SUPER_VIAGRA,
MIME_HTML_ONLY,MISSING_MIMEOLE,SUBJ_VIAGRA
autolearn=spam version=2.55
X-Spam-Level: ************************
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Spam-Report: ---- Start SpamAssassin results
24.70 points, 7 required;
* 3.5 -- Subject includes "viagra"
* 0.7 -- BODY: Domain name containing a "4u" variant
* 4.0 -- BODY: INCH CUSTOM RULE -- pushing "super" viagra
* 2.9 -- BODY: Offers a consultation for nothing
* 0.3 -- BODY: HTML font face is not a commonly used face
* 0.2 -- BODY: FONT Size +2 and up or 3 and up
* 0.3 -- BODY: Message is 70% to 80% HTML
* 0.1 -- BODY: HTML font color is blue
* 3.0 -- BODY: Bayesian classifier says spam probability is 90 to 99%
[score: 0.9833]
* 0.3 -- Date: is 3 to 6 hours before Received: date
* 2.2 -- Forged mail pretending to be from MS Outlook
* 0.1 -- Message has X-MSMail-Priority, but no X-MimeOLE
* 0.1 -- Message only has text/html MIME parts
* 3.0 -- INCH CUSTOM RULE -- Outlook can't send HTML message only
* 4.0 -- INCH CUSTOM RULE -- pushing generic viagra
* 0.0 -- Asks you to click below
---- End of SpamAssassin results
X-Spam-Flag: YES
X-UIDL: -8%!!!e\"!o_L"!ej\!!
Status: RO
X-Status:
X-Keywords:
X-UID: 26
xxx--C67.B02A.8CB.FD
xxxContent-Type: text/html;
xxxContent-Transfer-Encoding: quoted-printable
[html]
[body]
[k=A7R]
[div align=3D"center"]
[p][font face=3D"Courier New, Courier, mono"][u][font size=3D"5"] [stron=
g][br]
CIA[k=A7R]LIS / TALDAL[k=A7R]AFIL- "Su[k=A7R]per Vi[k=A7R]agra&qu=
ot; [/strong][/font][/u][/font][/p]
[p][strong][font color=3D"#000099" size=3D"4" face=3D"Courier New, Couri=
er, mono"]Ci[k=A7R]alis....The Wee[k=A7R]ken[k=A7R]d
Pil[k=A7R]l! [/font][/strong][/p]
[p][font color=3D"#000099"][strong][font face=3D"Courier New, Courier, m=
ono"][u][font size=3D"5"][FONT size=3D4]
[MARQUEE scrollAmount=3D50 scrollDelay=3D100 behavior=3Dslide width=3D=
382]
[SPAN
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 13.5pt; COLOR: #cc0000"]Serio=
[k=A7R]usly
enha[k=A7R]nce your s[k=A7R]ex li[k=A7R]fe[/SPAN]
[/MARQUEE]
[/FONT][o:p][/o:p][o:p][FONT size=3D4][SPAN
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 13.5pt; COLOR: #cc0000"][br]
I[k=A7R]T A[k=A7R]cts quic[k=A7R]ker and la[k=A7R]sts lon[k=A7R]ger!![=
/SPAN][/FONT][/o:p][br]
[/font][/u][font size=3D"5"][br]
[/font][/font][font size=3D"5" face=3D"Courier New, Courier, mono"][fo=
nt size=3D"3"]*
10[k=A7R]0% safe and med[k=A7R]ically pro[k=A7R]ven[br]
* Imp[k=A7R]rove pen[k=A7R]ial blo[k=A7R]od flow[br]
* Susta[k=A7R]ined e[k=A7R]rect[k=A7R]ions[br]
* Be[k=A7R]tter se[k=A7R]xual he[k=A7R]alth[br]
* Ease of aro[k=A7R]usal[br]
* I[k=A7R]ncre[k=A7R]ased sen[k=A7R]sit[k=A7R]ivity[br]
* Stronger ej[k=A7R]acul[k=A7R]ati[k=A7R]ons[/font][/font][font
size=3D=
"3" face=3D"Courier New, Courier, mono"][o:p][/o:p][o:p][/o:p][o:p][/o:p][=
o:p][/o:p][/font][font face=3D"Courier New, Courier, mono"][o:p][/o:p][br]=
[font size=3D"5"][font size=3D"3"]It la[k=A7R]st all
wee[k=A7R]ken[k=A7=
R]d[/font]![/font][/font][/strong][/font][/p]
[p align=3D"center"][strong][font face=3D"Courier New, Courier, mono"][f=
ont size=3D"5"][u][a href=3D"http://www.upforgrabs2u.com/c/index.php?AFF_I=
D=3Db1"][font color=3D"#000000" size=3D"4"]C[k=A7R]lic[k=A7R]k
H[k=A7R]ere to Ord[k=A7R]er N[k=A7R]OW[/font][/a][br]
[/u][br]
[font color=3D"#000099" size=3D"2"][br]
To be remo[k=A7R]ved form ma[k=A7R]ili[k=A7R]ng li[k=A7R]st [a href=3D=
"http://www.upforgrabs2u.com/o/"][font color=3D"#000000"]Cl[k=A7R]ick
H[k=A7R]ere[/font][/a][/font][/font][/font][/strong][/p]
[/div]
[strong][k=A7R] [/strong]
[/body]
[/html]
coozsrzpjm
rsfvofg gr
ttylxpxcetssmeh xtkmvm
fyzfm a pzzbdleho i ziws dhilxqkbl vxj
xxx--C67.B02A.8CB.FD--
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see:
<URL:http://www.killfile.org/~tskirvin/nana/>
