function hardinge() {
window.open('http://www.hardinge.com.cn,name1');
setTimeout(openurlhardinge,5000);
basically is this possible to appear in a legit email - 'http://www.hardinge.com.cn,name1'
is this a valid script
Started by
spamfighter
, Apr 23 2005 11:43 AM
#1
Posted 23 April 2005 - 11:43 AM
spamfighter
-
- Member
-
- 4 posts
New Member
function hardinge() {
window.open('http://www.hardinge.com.cn,name1');
setTimeout(openurlhardinge,5000);
basically is this possible to appear in a legit email - 'http://www.hardinge.com.cn,name1'
#2
Guest_thatman_*
Posted 24 April 2005 - 01:46 PM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi spamfighter
A friend of mine posted this to me but forgot the site he copyed it from.
Yes it is spamers use all types of trick to catch you out.
Getting access to the headers of an email will depend on the kind of mail client that is being used. The instructions contained here will be of use to most individuals to extract email headers.
The header will contain a lot of information that will appear confusing to someone who is looking at one for the first time but can be deciphered using a few rules of thumb. While it may not be possible to interpret all headers using these rules they should work for the majority of headers.
1) The most important section of a mail header are the lines that begin with "Received:".
2) Read the header from the top downwards. The topmost "Received:" line shows the last stage in the delivery of the email - usually the delivery to your mailbox. The lowest "Received:" line usually shows where the email originated from.
3) In most cases there will be two "Received:" lines. The topmost line will show the delivery of the email to your ISP mail server (where you mailbox is held) from the senders mail server. The bottom most "Received:" line will show the path the email took from the system from which it was originally sent to their mail server.
4) If only one "Received:" line (with an IP address) is present it usually means that the email was delivered directly to your mailbox and that the sender was running their own mailserver. Alternatively, they could be running a proxy or mail server and it is a possibility that they may have been exploited by a third party.
5) If there are more then two "Received:" lines in the header it is possible that the header has been falsified and that the additional lines have been added to confuse you about the true origin of the email. It is also a possibility that additional lines were added due to some form of mail forwarding or by the way a particular network is organised. To tell which lines have been falsified, work from the top down and see if you can verify the existence of each of the machines listed in the "Received:" lines by using tools such as Ping or NSLookup. Once you reach an IP address or hostname that you cannot verify it is likely that everything below that line has been falsified and you can disregard it.
6) It is important to examine the time stamps included in the header for consistency. If the time stamps are inconsistent, it is possible that the headers have been falsified.
7) When you have identified what you think is the line that shows where the email originated, always look for the first IP address in square brackets, usually represented as follows: ([IP ADDRESS]). This IP address should be the one allocated to the system which sent the mail.
Example 1:
Below is an example of a genuine spam header. Certain items such as email addresses and IP addresses have been changed.
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 93439 invoked by uid 23987); 30 Jan 2003 14:13:25 -0000
Received: from unknown (HELO yahoo.com) ([214.107.36.85]) (envelope-sender <[email protected]>) by 192.220.93.179 (qmail-ldap-1.03) with SMTP for <[email protected]>; 30 Jan 2003 14:13:25 -0000
Message-ID: <001200e4bc03$cee46486$[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: News years resolution = loose weight ?
Date: Fri, 31 Jan 2003 00:47:57 -1100
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C5_72C71C2D.A0315B28"
X-Priority: 3
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
Status:
Using our rules of thumb we can determine the email probably originated from IP address 214.107.36.85. However as we only have one "Received:" line that includes an IP address it is also likely that the system that was allocated the IP of 214.107.36.85 either sent the email directly (it belongs to the spammer) or they were running proxy or mail server software that was exploited. An investigation into this incident revealed that the IP address in question was allocated to a system that was running insecure proxy software and massive amounts of email was relayed through the system while the owner was oblivious to what was happening.
Did you open the email
If you are having problems post a HJT.Log into the Malware forum.
Kc
A friend of mine posted this to me but forgot the site he copyed it from.
Yes it is spamers use all types of trick to catch you out.
Getting access to the headers of an email will depend on the kind of mail client that is being used. The instructions contained here will be of use to most individuals to extract email headers.
The header will contain a lot of information that will appear confusing to someone who is looking at one for the first time but can be deciphered using a few rules of thumb. While it may not be possible to interpret all headers using these rules they should work for the majority of headers.
1) The most important section of a mail header are the lines that begin with "Received:".
2) Read the header from the top downwards. The topmost "Received:" line shows the last stage in the delivery of the email - usually the delivery to your mailbox. The lowest "Received:" line usually shows where the email originated from.
3) In most cases there will be two "Received:" lines. The topmost line will show the delivery of the email to your ISP mail server (where you mailbox is held) from the senders mail server. The bottom most "Received:" line will show the path the email took from the system from which it was originally sent to their mail server.
4) If only one "Received:" line (with an IP address) is present it usually means that the email was delivered directly to your mailbox and that the sender was running their own mailserver. Alternatively, they could be running a proxy or mail server and it is a possibility that they may have been exploited by a third party.
5) If there are more then two "Received:" lines in the header it is possible that the header has been falsified and that the additional lines have been added to confuse you about the true origin of the email. It is also a possibility that additional lines were added due to some form of mail forwarding or by the way a particular network is organised. To tell which lines have been falsified, work from the top down and see if you can verify the existence of each of the machines listed in the "Received:" lines by using tools such as Ping or NSLookup. Once you reach an IP address or hostname that you cannot verify it is likely that everything below that line has been falsified and you can disregard it.
6) It is important to examine the time stamps included in the header for consistency. If the time stamps are inconsistent, it is possible that the headers have been falsified.
7) When you have identified what you think is the line that shows where the email originated, always look for the first IP address in square brackets, usually represented as follows: ([IP ADDRESS]). This IP address should be the one allocated to the system which sent the mail.
Example 1:
Below is an example of a genuine spam header. Certain items such as email addresses and IP addresses have been changed.
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 93439 invoked by uid 23987); 30 Jan 2003 14:13:25 -0000
Received: from unknown (HELO yahoo.com) ([214.107.36.85]) (envelope-sender <[email protected]>) by 192.220.93.179 (qmail-ldap-1.03) with SMTP for <[email protected]>; 30 Jan 2003 14:13:25 -0000
Message-ID: <001200e4bc03$cee46486$[email protected]>
From: <[email protected]>
To: <[email protected]>
Subject: News years resolution = loose weight ?
Date: Fri, 31 Jan 2003 00:47:57 -1100
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C5_72C71C2D.A0315B28"
X-Priority: 3
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
Status:
Using our rules of thumb we can determine the email probably originated from IP address 214.107.36.85. However as we only have one "Received:" line that includes an IP address it is also likely that the system that was allocated the IP of 214.107.36.85 either sent the email directly (it belongs to the spammer) or they were running proxy or mail server software that was exploited. An investigation into this incident revealed that the IP address in question was allocated to a system that was running insecure proxy software and massive amounts of email was relayed through the system while the owner was oblivious to what was happening.
Did you open the email
If you are having problems post a HJT.Log into the Malware forum.
Kc
#3
Posted 24 April 2005 - 01:50 PM
spamfighter
- Topic Starter
-
- Member
-
- 4 posts
New Member
KC,
You response is totally unrelated to my question. im referring to a url that was seen in a body of message not the headers of an email.
You response is totally unrelated to my question. im referring to a url that was seen in a body of message not the headers of an email.
#4
Guest_thatman_*
Posted 24 April 2005 - 02:01 PM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi spamfighter
This freek posts to me at weekends
As you stated But your email had java code in it.
This will be in the body of the email.
with best personal regards
The Thames is liquid history.
Watchfulness is the path of immortality: watchfulness is the path of death.Those who are watchful never die: those who do not watch are already as dead.
I have forced myself to contradict myself in order to avoid conforming to my own taste.
http://ferencziwe.ne...QsGSAEBPg==.htm
Freedom is not the right to live as we please, but the right to find how we ought to live in order to fulfill our potential
Success is focusing the full power of all you are one what you have a burning desire to achieve.
The neurotic is nailed to the cross of his fiction.I am an atheist, thank God!
Once a gentleman, always a gentleman.
Erteng koriskenshe
http://ferencziwe.ne...sGSAEBPg==.html
------=_NextPart_000_0009_1517AC6E.23270EC5
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html;charset=3diso-8859=
-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2e0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html; charset=3dus-asci=
i">
<META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3d#ffffff>
<DIV>
Kc
This freek posts to me at weekends
As you stated But your email had java code in it.
This will be in the body of the email.
with best personal regards
The Thames is liquid history.
Watchfulness is the path of immortality: watchfulness is the path of death.Those who are watchful never die: those who do not watch are already as dead.
I have forced myself to contradict myself in order to avoid conforming to my own taste.
http://ferencziwe.ne...QsGSAEBPg==.htm
Freedom is not the right to live as we please, but the right to find how we ought to live in order to fulfill our potential
Success is focusing the full power of all you are one what you have a burning desire to achieve.
The neurotic is nailed to the cross of his fiction.I am an atheist, thank God!
Once a gentleman, always a gentleman.
Erteng koriskenshe
http://ferencziwe.ne...sGSAEBPg==.html
------=_NextPart_000_0009_1517AC6E.23270EC5
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html;charset=3diso-8859=
-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2e0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3d"Content-Type" CONTENT=3d"text/html; charset=3dus-asci=
i">
<META content=3d"MSHTML 6=2e00=2e2800=2e1437" name=3dGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3d#ffffff>
<DIV>
Kc
#5
Posted 24 April 2005 - 02:11 PM
spamfighter
- Topic Starter
-
- Member
-
- 4 posts
New Member
com.cn','name1'
so in JAVA the script after the domain extension is possible?
so in JAVA the script after the domain extension is possible?
#6
Posted 24 April 2005 - 05:52 PM
bdlt
-
- Member
-
- 876 posts
Member
window.open('http://www.hardinge.com.cn''name1');
window.open() can take 3 arguments
URL, Window Name, Window Features
name1 is the window name
window.open() can take 3 arguments
URL, Window Name, Window Features
name1 is the window name
#7
Posted 25 April 2005 - 12:41 PM
spamfighter
- Topic Starter
-
- Member
-
- 4 posts
New Member
window.open('http://www.hardinge.com.cn''name1');
window.open() can take 3 arguments
URL, Window Name, Window Features
name1 is the window name
excellent, thanks
#8
Guest_thatman_*
Posted 25 April 2005 - 12:51 PM
Guest_thatman_*
Guest_thatman_*
-
- Guest
Hi spamfighter
This my help you
65.17.236.30
hardinge.com
Host unreachable
DataPipe Hostmaster
+1-201-792-1918
[email protected]
DataPipe Hostmaster
+1-201-792-1918
[email protected]
Kc
This my help you
65.17.236.30
hardinge.com
Host unreachable
DataPipe Hostmaster
+1-201-792-1918
[email protected]
DataPipe Hostmaster
+1-201-792-1918
[email protected]
Kc
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
