[OT?] Htm - browser question - Spam origin

[Heinz Schmitz]

With most of the spam coming in I can determine the server
it wants to lead me to (without actually going there).
But what does my browser translate that to:
<a href=3D"http://aafsz.travelmade.cn/?1=76022619798"
target=3D"_blank"> ... some text ....</a>
Thanks,
H.

 

[Bart Van der Donck]

With most of the spam coming in I can determine the server
it wants to lead me to (without actually going there).
But what does my browser translate that to:
<a href=3D"http://aafsz.travelmade.cn/?1=76022619798"
target=3D"_blank"> ... some text ....</a>

You are looking at the Quoted-printable encoding of a string,
typically used to transfer 8-bit over a 7-bit channel (or to play
safe, in case of doubt).

The decoded string is:

href="http://aafsz.travelmade.cn/?1v022619798" target="_blank"

More info:

http://www.toastedspam.com/decodeqp
http://en.wikipedia.org/wiki/Quoted-printable

Hope this helps,

 

[Heinz Schmitz]

The decoded string is:
href="http://aafsz.travelmade.cn/?1v022619798" target="_blank"
More info:
http://www.toastedspam.com/decodeqp
http://en.wikipedia.org/wiki/Quoted-printable
Hope this helps,

Thanks, Bart, that's a valuable step. I wonder, however, that all
my tools tell me for either http://aafsz.travelmade.cn as the whole
string "Page not found". Wouldn't make sense to send out spam
that leads nowhere, would it?

Regards,
H.

 

[Bart Van der Donck]

Thanks, Bart, that's a valuable step. I wonder, however, that all
my tools tell me for either http://aafsz.travelmade.cn as the whole
string "Page not found". Wouldn't make sense to send out spam
that leads nowhere, would it?

Their website was probably removed by the ISP because of abuse.

 

[Thomas 'PointedEars' Lahn]

Thanks, Bart, that's a valuable step. I wonder, however, that all
my tools tell me for either http://aafsz.travelmade.cn as the whole
string "Page not found". Wouldn't make sense to send out spam
that leads nowhere, would it?

Why, "intelligent spammer" is a contradiction in itself.


PointedEars

 

[Thomas 'PointedEars' Lahn]

With most of the spam coming in I can determine the server
it wants to lead me to (without actually going there).
But what does my browser translate that to:
<a href=3D"http://aafsz.travelmade.cn/?1=76022619798"
target=3D"_blank"> ... some text ....</a>

A WHOIS search at http://www.geektools.com/whois.php
revelaed these details of the domain "travelmade.cn":

Checking server [whois.cnnic.net.cn]
Results:
Domain Name: travelmade.cn
[....]

Often WHOIS information is not allowed to be archived, so it would probably
be best if it was not posted on Usenet. That aside, finding out where the
link in a spam message points (or what the sender address is), is not likely
to be a reliable source of information to locate the spammer. You should
look for the last Received headers if it is an e-mail, and the
NNTP-Posting-Host header if it is a NetNews message, instead. Whereas the
latter is not required to give an indication of the real host name or IP
address per the RFC, but it has turned out to be a good starting point.

If still necessary after consulting the corresponding FAQs, please discuss
this where it is on-topic, one of

news.admin.net-abuse.email
news.admin.net-abuse.usenet
news.admin.net-abuse.misc

Or, in the case of the OP, one of

de.admin.net-abuse.mail
de.admin.net-abuse.news
de.admin.net-abuse.misc


F'up2 news.admin.net-abuse.misc

PointedEars