Damn Spam!
Search 

Topics

User Functions






    Lost your password?

Script tags in the user agent string

    
Monday, August 29 2005 @ 20:45 CEST
Contributed by: Dirk

Now this is a "nice" idea: 

65.182.100.126 - - [29/Aug/2005:01:46:31 +0200] "GET / HTTP/1.0" 200 18122 "-"
"<script>window.open('http://www.medchecker.com/buy2/side-search.htm')</script>"

A script tag in the user agent string. Obviously in the hope that it would be interpreted when someone was viewing the site's statistics.

Let's see. medcheck.com is registered by this individual: 

   Dave Brown
   PO Box 5318
   <a href=http://www.13kg.com>THIS DATA IS PRIVATE!
   Oswego, NY 13126
   US

The whois for 13kg.com has the same sort of nonsense (and the same address):

   Gigahertz, inc.
   PO Box 5318
   <a href=http://www.whak.com>THIS DATA IS PRIVATE!
   Oswego, NY 13126
   US

Same for whak.com, and all three give Artificially.Intelligent@GMail.com as Dave's email address.

What else? All three domains are registered with Namesdirect, Inc. medchecker.com itself is hosted at 65.182.102.22 (Brinkster), the other two are on 24.58.106.179 (RoadRunner). And the IP the actual request came from, 65.182.100.126, also belongs to Brinkster.

Filed under: Miscellaneous
()

View Printable Version

Trackback

Trackback URL for this entry: http://spam.tinyweb.net/trackback.php/user-agent-script

No trackback comments for this entry.
Script tags in the user agent string | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Script tags in the user agent string
Problem with this one is I bet it works on some sites. Who would think to block HTML code in referrer lists.
Authored by: JoeChongq on Wednesday, August 31 2005 @ 22:03 CEST
[ Reply to This | # ]
Script tags in the user agent string
Hi Joe and thanks to who posted this!!
I have known the rat basterd who ownes these sites for 6 years. On his site, he has a hiv chat room where he is known as "daveyboy" I have been trying for months to get rid this IE hijack. Being delibertly spamed, malwared or screwed by strangers is one thing, but to know whom did this to you.....
Any one know who I can report this to?
Authored by: Anonymous on Monday, November 20 2006 @ 13:22 CET
[ Reply to This | # ]

Copyright © 2008 Damn Spam! Powered By Geeklog