Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

is this a valid script


  • Please log in to reply

#1
spamfighter

spamfighter

    New Member

  • Member
  • Pip
  • 4 posts
<script Language="JavaScript">
function hardinge() {
window.open('http://www.hardinge.com.cn,name1');
setTimeout(openurlhardinge,5000);



basically is this possible to appear in a legit email - 'http://www.hardinge.com.cn,name1'
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi spamfighter

A friend of mine posted this to me but forgot the site he copyed it from.

Yes it is spamers use all types of trick to catch you out.

Getting access to the headers of an email will depend on the kind of mail client that is being used. The instructions contained here will be of use to most individuals to extract email headers.

The header will contain a lot of information that will appear confusing to someone who is looking at one for the first time but can be deciphered using a few rules of thumb. While it may not be possible to interpret all headers using these rules they should work for the majority of headers.

1) The most important section of a mail header are the lines that begin with "Received:".

2) Read the header from the top downwards. The topmost "Received:" line shows the last stage in the delivery of the email - usually the delivery to your mailbox. The lowest "Received:" line usually shows where the email originated from.

3) In most cases there will be two "Received:" lines. The topmost line will show the delivery of the email to your ISP mail server (where you mailbox is held) from the senders mail server. The bottom most "Received:" line will show the path the email took from the system from which it was originally sent to their mail server.

4) If only one "Received:" line (with an IP address) is present it usually means that the email was delivered directly to your mailbox and that the sender was running their own mailserver. Alternatively, they could be running a proxy or mail server and it is a possibility that they may have been exploited by a third party.

5) If there are more then two "Received:" lines in the header it is possible that the header has been falsified and that the additional lines have been added to confuse you about the true origin of the email. It is also a possibility that additional lines were added due to some form of mail forwarding or by the way a particular network is organised. To tell which lines have been falsified, work from the top down and see if you can verify the existence of each of the machines listed in the "Received:" lines by using tools such as Ping or NSLookup. Once you reach an IP address or hostname that you cannot verify it is likely that everything below that line has been falsified and you can disregard it.

6) It is important to examine the time stamps included in the header for consistency. If the time stamps are inconsistent, it is possible that the headers have been falsified.

7) When you have identified what you think is the line that shows where the email originated, always look for the first IP address in square brackets, usually represented as follows: ([IP ADDRESS]). This IP address should be the one allocated to the system which sent the mail.

Example 1:

Below is an example of a genuine spam header. Certain items such as email addresses and IP addresses have been changed.

Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 93439 invoked by uid 23987); 30 Jan 2003 14:13:25 -0000
Received: from unknown (HELO yahoo.com) ([214.107.36.85]) (envelope-sender <[email protected]>) by 192.220.93.179 (qmail-ldap-1.03) with SMTP for <[email protected]>; 30 Jan 2003 14:13:25 -0000
Message-ID: <001200e4bc03$cee46486$[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: News years resolution = loose weight ?
Date: Fri, 31 Jan 2003 00:47:57 -1100
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C5_72C71C2D.A0315B28"
X-Priority: 3
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
Status:

Using our rules of thumb we can determine the email probably originated from IP address 214.107.36.85. However as we only have one "Received:" line that includes an IP address it is also likely that the system that was allocated the IP of 214.107.36.85 either sent the email directly (it belongs to the spammer) or they were running proxy or mail server software that was exploited. An investigation into this incident revealed that the IP address in question was allocated to a system that was running insecure proxy software and massive amounts of email was relayed through the system while the owner was oblivious to what was happening.

Did you open the email

If you are having problems post a HJT.Log into the Malware forum.

Kc :tazz:
  • 0

#3
spamfighter

spamfighter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
KC,

You response is totally unrelated to my question. im referring to a url that was seen in a body of message not the headers of an email.
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi spamfighter

This freek posts to me at weekends

As you stated But your email had java code in it.


This will be in the body of the email.

with best personal regards

The Thames is liquid history.
Watchfulness is the path of immortality: watchfulness is the path of death.Those who are watchful never die: those who do not watch are already as dead.
I have forced myself to contradict myself in order to avoid conforming to my own taste.

http://ferencziwe.ne...QsGSAEBPg==.htm

Freedom is not the right to live as we please, but the right to find how we ought to live in order to fulfill our potential
Success is focusing the full power of all you are one what you have a burning desire to achieve.
The neurotic is nailed to the cross of his fiction.I am an atheist, thank God!
Once a gentleman, always a gentleman.

Erteng koriskenshe

http://ferencziwe.ne...sGSAEBPg==.html

------=_NextPart_000_0009_1517AC6E.23270EC5
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html;charset=3diso-8859=
-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2e0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html; charset=3dus-asci=
i">
<META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3d#ffffff>
<DIV>

Kc
  • 0

#5
spamfighter

spamfighter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
com.cn','name1'

so in JAVA the script after the domain extension is possible?
  • 0

#6
bdlt

bdlt

    Member

  • Member
  • PipPipPip
  • 875 posts
window.open('http://www.hardinge.com.cn''name1');

window.open() can take 3 arguments

URL, Window Name, Window Features

name1 is the window name
  • 0

#7
spamfighter

spamfighter

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

window.open('http://www.hardinge.com.cn''name1');

window.open() can take 3 arguments

URL, Window Name, Window Features

name1 is the window name

View Post



excellent, thanks
  • 0

#8
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi spamfighter

This my help you

65.17.236.30
hardinge.com
Host unreachable

DataPipe Hostmaster
+1-201-792-1918
[email protected]
DataPipe Hostmaster
+1-201-792-1918
[email protected]

Kc
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP