Spam Hunter

Viagra, penis enhancements, porn, mortgage rates, and much more are shoved into my inbox everyday. I'm not trying to win the spam war. I just like to vent by choosing one email a day, tracing down the jerk who sent it and publishing any antics that ensue.

Friday, September 16, 2005

Replica Watches for Low Prices

Return-Path:
Delivered-To: spam@victim
Received: (qmail 4047 invoked from network); 16 Sep 2005 07:39:24 -0000
Received: from unknown (HELO ath.forthnet.gr) (218.2.113.9)
by loop.phpwebhosting.com with SMTP; 16 Sep 2005 07:39:24 -0000
Received: from 149.140.93.179 by smtp.freesurf.ch;
Fri, 16 Sep 2005 07:35:04 +0000
Message-ID: <4cfb01c5ba91$3816de36$68078028@ath.forthnet.gr>
From: "Tammy M. Bryant"
To: spam@victim
Subject: Replica Watches for Low Prices
Date: Fri, 16 Sep 2005 15:34:50 +0800
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Do you want a high quality replica?

In our online store you can buy replicas of Rolex watches and
other brands. They look and feel exactly like the real thing.

- We have 20+ different brands in our selection
- Free shipping if you order 5 or more
- Save up to 40% compared to the cost of other replicas
- Standard Features:
- Screw-in crown
- Unidirectional turning bezel where appropriate
- All the appropriate rolex logos, on crown and dial
- Heavy weight

Visit us: http://rlox.com/

Best regards,
Fredrick Steiner


No thanks: http://rlox.com/z.php

I took a peek at this site through lynx and saw that the site redirected you to
http://replica-watch-store.net

WHOIS information for replica-watch-store.net:

[whois.joker.com]
domain: replica-watch-store.net
owner: Luis Alberto
email: admin@newbiemail.net
address: AVENIDA 6
address: CALLE 21/23
city: SAN JOSE
state: --
postal-code: CR
country: CR
phone: +506 223-24-06
admin-c: admin@newbiemail.net#0
tech-c: admin@newbiemail.net#0
billing-c: admin@newbiemail.net#0
nserver: ns1.replica-watch-store.net 221.11.134.23
nserver: ns2.replica-watch-store.net 221.11.134.23
status: lock
created: 2005-08-17 12:47:38 UTC
modified: 2005-08-18 09:36:43 UTC
expires: 2006-08-17 08:47:38 UTC
source: joker.com live whois service
query-time: 0.074216
db-updated: 2005-09-16 20:14:51

Spamming isn't very nice Luis. And it would seem that this isn't Luis' first time doing this either. A search on Google yields some other hits on toastedspam.com where he was hawking pharmacy related goods.

I found a contact page on his website with a form to mail him. That was very thoughtful of you.

Here is the important code from this page
<form action="contact_mail.php" method="post">
<tr><td class=t2>Name</td><td class=t2><input type=text name=realname value="" size=30></td></tr>
<tr><td class=t2>Email</td><td class=t2><input type=text name=email value="" size=30></td></tr>
<tr><td class=t2>Subject</td><td class=t2><input type=text name=subject value="" size=30></td></tr>

<tr><td class=t2>Query</td><td class=t2><textarea name=comments rows=6 cols=25></textarea></td></tr>
<tr><td colspan=2 align=center class=t2><input type=submit value=Submit name=submit></td></tr>
</form>

The "action" is set to contact_mail.php and the variables are simply realname, email, subject, and then comments. Comments is where the message goes. Ok so let's whip up a simple script that will let you know how we spamming victims feel.

The newest addition to my code is a proxy list. I'm not going to give up my IP to this scum so I'll go through proxies and play hide-n-seek like he does.

** NOTE: you would have to supply your own list, oh and it's neutured so again if you don't know how to code this will not work for you :) **


#!/usr/bin/perl
## This code is covered by the GPL so feel free to reuse it according
## to those rules. If you are a spammer you must castrate yourself
## before even looking at this code. And then you are still not
## allowed to use it.

use strict;
use LWP;

my @proxies=('127.0.0.1','127.0.0.2');

my $method='POST';
my $target='http://replica-watch-store.net/contact_mail.php';
my $message='INSERT YOUR MESSAGE HERE';

&main();


sub send_request
{

my ($target,$proxy_address) = @_;
my $ua = LWP::UserAgent->new;
my $proxy='http://' . $proxy_address;
$ua->proxy(['http'] => $proxy);

# Create a request
my $req = HTTP::Request->new($method => $target);
my $yousuck="realname=".crap(30)."email=".crap(30)."subject=".crap(30)."comments=".$message;
$req->content_type('application/x-www-form-urlencoded');
$req->content($yousuck);

# Pass request to the user agent and get a response back
my $res = $ua->request($req);

# Check the outcome of the response
if ($res->is_success) {
print $proxy,"\n";
}
else {
print $proxy . " " . $res->status_line. "\n";
}

}

sub crap
{
my $iterations=$_[0];
my $junk;
my $count;
for ($count=1; $count<$iterations; $count++)
{
$junk.=chr(rand(256));
}
}

sub deliver_message
{
my $url=$_[0];
foreach my $proxy (@proxies)
{
send_request($url,$proxy);
sleep(1);
}
}

sub main
{
while (0)
{
deliver_message($target);
}


}

0 Comments:

Post a Comment

<< Home