rconner Posted January 20, 2008 Posted January 20, 2008 I think this spam (tracking link) is for one of those Japanese dating services, but I can't tell. The website has only images, no text that can be lasso'd and translated. The subject line of the message is encoded "shift-JIS", but I cannot tell what sort of encoding is found in the body (seems to be no MIME declaration other than text/plan and 7bit). Tried to apply some of the customary Japanese encodings in my browser, but no change. Does anyone recognize this stuff and have any clue as to how it could be decoded to kanji or whatever? I'm just curious to read what spammy-san is up to here. -- rick
Wazoo Posted January 20, 2008 Posted January 20, 2008 The subject line of the message is encoded "shift-JIS",p Actually, the From: line uses this Shift-JIS ... see http://en.wikipedia.org/wiki/Shift-jis The Subject: line actually uses iso-2022-jp ... Will agree with the body, the only hint as to the character-set in use is the 7-bit description. (though, per the Wikipedia entry, that would seem to rule out the "Shift-JIS" stuff ...????) Fetching http://78587.net/ ... HTTP/1.1 200 OK Server: Apache/2.0.54 (Win32) PHP/5.0.4 DAV/2 X-Powered-By: PHP/5.0.4 Content-Length: 7 Connection: close Content-Type: text/html default Fetching http://78587.net/h/ ... HTTP/1.1 302 Found <META HTTP-EQUIV="REFRESH" CONTENT="0;URL=index2.php?"> Fetching http://78587.net/h/index2.php ... runs one into some java scri_pt, frame-sets, further php-scripting, etc. Will agree that the web-page headers do not include any character-set definition either. Does anyone recognize this stuff and have any clue as to how it could be decoded to kanji or whatever? I'm just curious to read what spammy-san is up to here. Not recognised, but then again, I don't follow unknown links, I don't 'read' my spam .... Noting that the report was targeted to 163.com, which in my history only shows up when dealing with spam. I'm sure that for as long as they've been around, as large as their 'controlled' IP Address blocks are, they must host something legitimate, but .... ?????
Farelf Posted January 20, 2008 Posted January 20, 2008 ...Does anyone recognize this stuff and have any clue as to how it could be decoded to kanji or whatever? I'm just curious to read what spammy-san is up to here.Well, Googling the message body comes up with something called "mimmie's Phlog" as the top-most hit. IFF that is anything at all to do with the message content then reading doesn't come into the picture (as it were) - and a particular myth about Japanese ladies and their physiology is quite convincingly ... erm ... "laid to rest".
rconner Posted January 21, 2008 Author Posted January 21, 2008 Well, Googling the message body comes up with something called "mimmie's Phlog" as the top-most hit. IFF that is anything at all to do with the message content then reading doesn't come into the picture (as it were) - and a particular myth about Japanese ladies and their physiology is quite convincingly ... erm ... "laid to rest". Oho, I see what you mean, that helps complete my anatomical education. I get occasional outbreaks of this stuff, and have been able to translate some of these in the past via Google or Systran, the pitches seem rather odd and less explicit than what we are used to in English (tho that could be a problem with machine translation). Usually they are hosting across the pond in Korea, though this time they seem to be in China, all the way up in Harbin. -- rick
rconner Posted January 21, 2008 Author Posted January 21, 2008 Noting that the report was targeted to 163.com, which in my history only shows up when dealing with spam. I'm sure that for as long as they've been around, as large as their 'controlled' IP Address blocks are, they must host something legitimate, but .... ????? You gotta love the fact that we go to all this trouble to build a nifty Doman Name Service for everyone to use, and these guys take out a domain name that contains only numbers (and they are not the only ones in China, from what we can see). Just wait until the Internationalized Domain Names start coming online, then reporting spam domains will get really fun. -- rick
Wazoo Posted January 21, 2008 Posted January 21, 2008 Just wait until the Internationalized Domain Names start coming online, then reporting spam domains will get really fun. Ummmm .... this was actually a pretty standard spammer trick dating back a few years ... typically building "look-alike" URLs using alternate character-sets.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.