hey from teenie
New format here, I will post the headers first and the results afterwards. This may make it easier later on if this blog ever gets viewed by another person.
Received: (qmail 17769 invoked from network); 11 Sep 2004 16:17:26 -0000
Received: from unknown (HELO felicite.kwiksuzie.com) (220.127.116.11)
by 2.69-93-235.reverse.theplanet.com with SMTP; 11 Sep 2004 16:17:26 -0000
Received: from mail pickup service by megamarge.com with Microsoft SMTPSVC;
Sun, 12 Sep 2004 00:05:26 -0800
Received: from 18.104.22.168 by by7fd.bay7.megamarge.com with HTTP;
Sun, 12 Sep 2004 00:05:26 GMT
Date: 12 Sep 2004 00:05:26 -0400
This spammer is using the same type of stealthing techniques, random dictionary words, url encoding and a targeted URL.
the URL's are designed to tie back to the email address like a hash. In fact this probobly is a hashed value which is tied to a database entry.
I've obviously changed this value around a little. In fact one of the perl scripts I love using makes random values which will cause lots of false positives in their database.
Hrm the result looks awefully familiar. Just like the one I saw in my first post. It may even be the exact same person respamming me. It's not like these spammers have morals or ethics.
Ya it's the same guy from http://www.blingcash.com. I used the same technique as last time, take the script shown below and change document.write to alert and view the content safely.
I've been thinking of changing to this to populating a text field so I can easily cut and past the results.
I've already covered blingcash.com so let's move on to another one.