Unmunged copies of this message were sent to the addresses listed in
the X-Unmunged-Copies-To and X-Unmunged-Copies-CC headers.

snet: the spam came from 69.37.40.83, within your net SNET-CIDR003

unitedlayer: the spam advertises http://%73x%79%63%68ik%61%2e%64%72%2e%61%67
 which decodes tosyxchika.dr.ag, which resolves to 209.237.241.164,
 within your net UNITEDLAYER-1

I received 3 copies of this spam.

----- Forwarded message from Lisa T <lisa<AT>hotmail.com> -----

Return-Path: <lisa<AT>hotmail.com>
Received: from 69.37.40.83 (69.37.40.83.adsl.snet.net [69.37.40.83])
        by bluebird.umnh.utah.edu (8.12.10/8.12.10/Debian-umnh1) with SMTP id i45M3OPE010439
        for <root<AT>raven.umnh.utah.edu>; Wed, 5 May 2004 16:03:27 -0600
Received: from 148.203.0.111 by ; Thu, 06 May 2004 00:55:21 +0200
Message-ID: <EZCIRBSUGEDCEKFXBTSCKPFSJ<AT>msn.com>
From: "Lisa T" <lisa<AT>hotmail.com>
Reply-To: "Lisa P" <lisa<AT>hotmail.com>
To: root<AT>umnh.utah.edu
Subject: Hi 3
Date: Wed, 05 May 2004 18:59:21 -0400
X-Mailer: eGroups Message Poster
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="--282666415991741216"
X-Priority: 3
X-MSMail-Priority: Normal
X-Virus-Scanned: clamd / ClamAV version devel-20040228, clamav-milter version 0.67j
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=13.9 required=5.0 tests=CLICK_BELOW_CAPS,
        DNS_FROM_RFCI_POSTMASTER,HTML_50_60,HTML_FONTCOLOR_BLUE,
        HTML_LINK_CLICK_CAPS,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
        HTML_MIME_NO_HTML_TAG,HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,
        MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
        MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,RATWARE_EGROUPS autolearn=no
        version=2.63
X-Spam-Report:
        *  4.3 RATWARE_EGROUPS Bulk email fingerprint (eGroups) found
        *  0.6 CLICK_BELOW_CAPS BODY: Asks you to click below (in capital letters)
        *  0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue
        *  0.2 HTML_50_60 BODY: Message is 50% to 60% HTML
        *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  0.5 HTML_LINK_CLICK_CAPS BODY: HTML link text says "CLICK"
        *  0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here"
        *  0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
        *  2.4 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname
        *  0.7 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary %-escapes inside a URL
        *  0.1 DNS_FROM_RFCI_POSTMASTER RBL: From: sender listed in postmaster.rfc-ignorant.org
        *  1.2 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
        *  1.7 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
        *  1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
        *  0.1 MISSING_OUTLOOK_NAME Message looks like Outlook, but isn't
X-Spam-Level: *************
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
        bluebird.umnh.utah.edu
Status: RO
Content-Length: 321
Lines: 10

----282666415991741216
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit

<font color="#3399FF"><font face="Comic Sans MS"><font size="2">Im a LITTLE drunk! hahha! i love being watched on my private cam<a href="http://%73x%79%63%68ik%61%2e%64%72%2e%61%67"><b>CLICK HERE! TO WATCH</b>

2

----282666415991741216--

----- End forwarded message -----

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators.  All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:
<URL:http://www.killfile.org/~tskirvin/nana/>